User resource manages Google Workspace Users. User resides under the https://www.googleapis.com/auth/admin.directory.user
client scope.
resource "googleworkspace_schema" "birthday" {
schema_name = "birthday"
fields {
field_name = "birthday"
field_type = "DATE"
}
fields {
field_name = "favorite-numbers"
field_type = "INT64"
multi_valued = true
numeric_indexing_spec {
min_value = 1
max_value = 100
}
}
}
resource "googleworkspace_user" "dwight" {
primary_email = "dwight.schrute@example.com"
password = "34819d7beeabb9260a5c854bc85b3e44"
hash_function = "MD5"
name {
family_name = "Schrute"
given_name = "Dwight"
}
aliases = ["assistant_to_regional_manager@example.com"]
emails {
address = "dwight.schrute.dunder.mifflin@example.com"
type = "work"
}
relations {
type = "assistant"
value = "Michael Scott"
}
addresses {
country = "USA"
country_code = "US"
locality = "Scranton"
po_box = "123"
postal_code = "18508"
region = "PA"
street_address = "123 Dunder Mifflin Pkwy"
type = "work"
}
organizations {
department = "sales"
location = "Scranton"
name = "Dunder Mifflin"
primary = true
symbol = "DUMI"
title = "member"
type = "work"
}
phones {
type = "home"
value = "555-123-7890"
}
phones {
type = "work"
primary = true
value = "555-123-0987"
}
keywords {
type = "occupation"
value = "salesperson"
}
custom_schemas {
schema_name = googleworkspace_schema.birthday.schema_name
schema_values = {
"birthday" = jsonencode("1970-01-20")
"favorite-numbers" = jsonencode([1, 2, 3])
}
}
recovery_email = "dwightkschrute@example.com"
}
name
(Block List, Min: 1, Max: 1) Holds the given and family names of the user, and the read-only fullName value. The maximum number of characters in the givenName and in the familyName values is 60. In addition, name values support unicode/UTF-8 characters, and can contain spaces, letters (a-z), numbers (0-9), dashes (-), forward slashes (/), and periods (.). Maximum allowed data size for this field is 1Kb. (see below for nested schema)primary_email
(String) The user's primary email address. The primaryEmail must be unique and cannot be an alias of another user.addresses
(Block List) A list of the user's addresses. The maximum allowed data size is 10Kb. (see below for nested schema)aliases
(List of String) asps.list of the user's alias email addresses.archived
(Boolean) Indicates if user is archived.change_password_at_next_login
(Boolean) Indicates if the user is forced to change their password at next login. This setting doesn't apply when the user signs in via a third-party identity provider.custom_schemas
(Block List) Custom fields of the user. (see below for nested schema)emails
(Block List) A list of the user's email addresses. The maximum allowed data size is 10Kb. (see below for nested schema)external_ids
(Block List) A list of external IDs for the user, such as an employee or network ID. The maximum allowed data size is 2Kb. (see below for nested schema)hash_function
(String) Stores the hash format of the password property. We recommend sending the password property value as a base 16 bit hexadecimal-encoded hash value. Set the hashFunction values as either the SHA-1, MD5, or crypt hash format.ims
(Block List) The user's Instant Messenger (IM) accounts. A user account can have multiple ims properties. But, only one of these ims properties can be the primary IM contact. The maximum allowed data size is 2Kb. (see below for nested schema)include_in_global_address_list
(Boolean) Defaults to true
. Indicates if the user's profile is visible in the Google Workspace global address list when the contact sharing feature is enabled for the domain.ip_allowlist
(Boolean) If true, the user's IP address is added to the allow list.is_admin
(Boolean) Indicates a user with super admininistrator privileges.keywords
(Block List) A list of the user's keywords. The maximum allowed data size is 1Kb. (see below for nested schema)languages
(Block List) A list of the user's languages. The maximum allowed data size is 1Kb. (see below for nested schema)locations
(Block List) A list of the user's locations. The maximum allowed data size is 10Kb. (see below for nested schema)org_unit_path
(String) The full path of the parent organization associated with the user. If the parent organization is the top-level, it is represented as a forward slash (/).organizations
(Block List) A list of organizations the user belongs to. The maximum allowed data size is 10Kb. (see below for nested schema)password
(String, Sensitive) Stores the password for the user account. A password can contain any combination of ASCII characters. A minimum of 8 characters is required. The maximum length is 100 characters. As the API does not return the value of password, this field is write-only, and the value stored in the state will be what is provided in the configuration. The field is required on create and will be empty on import.phones
(Block List) A list of the user's phone numbers. The maximum allowed data size is 1Kb. (see below for nested schema)posix_accounts
(Block List) A list of POSIX account information for the user. (see below for nested schema)recovery_email
(String) Recovery email of the user.recovery_phone
(String) Recovery phone of the user. The phone number must be in the E.164 format, starting with the plus sign (+). Example: +16506661212.relations
(Block List) A list of the user's relationships to other users. The maximum allowed data size for this field is 2Kb. (see below for nested schema)ssh_public_keys
(Block List) A list of SSH public keys. The maximum allowed data size is 10Kb. (see below for nested schema)suspended
(Boolean) Indicates if user is suspended.timeouts
(Block, Optional) (see below for nested schema)websites
(Block List) A list of the user's websites. The maximum allowed data size is 2Kb. (see below for nested schema)agreed_to_terms
(Boolean) This property is true if the user has completed an initial login and accepted the Terms of Service agreement.creation_time
(String) The time the user's account was created. The value is in ISO 8601 date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example, 2010-04-05T17:30:04+01:00.customer_id
(String) The customer ID to retrieve all account users. You can use the alias my_customer to represent your account's customerId. As a reseller administrator, you can use the resold customer account's customerId. To get a customerId, use the account's primary domain in the domain parameter of a users.list request.deletion_time
(String) The time the user's account was deleted. The value is in ISO 8601 date and time format The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example 2010-04-05T17:30:04+01:00.etag
(String) ETag of the resource.id
(String) The unique ID for the user.is_delegated_admin
(Boolean) Indicates if the user is a delegated administrator.is_enforced_in_2_step_verification
(Boolean) Is 2-step verification enforced.is_enrolled_in_2_step_verification
(Boolean) Is enrolled in 2-step verification.is_mailbox_setup
(Boolean) Indicates if the user's Google mailbox is created. This property is only applicable if the user has been assigned a Gmail license.last_login_time
(String) The last time the user logged into the user's account. The value is in ISO 8601 date and time format. The time is the complete date plus hours, minutes, and seconds in the form YYYY-MM-DDThh:mm:ssTZD. For example, 2010-04-05T17:30:04+01:00.non_editable_aliases
(List of String) asps.list of the user's non-editable alias email addresses. These are typically outside the account's primary domain or sub-domain.suspension_reason
(String) Has the reason a user account is suspended either by the administrator or by Google at the time of suspension. The property is returned only if the suspended property is true.thumbnail_photo_etag
(String) ETag of the user's photothumbnail_photo_url
(String) Photo Url of the user.name
Required:
family_name
(String) The user's last name.Optional:
given_name
(String) The user's first name.Read-Only:
full_name
(String) The user's full name formed by concatenating the first and last name values.addresses
Required:
type
(String) The address type. Acceptable values:
custom
home
other
work
Optional:
country
(String) Countrycountry_code
(String) The country code. Uses the ISO 3166-1 standard.custom_type
(String) If the address type is custom, this property contains the custom value.extended_address
(String) For extended addresses, such as an address that includes a sub-region.formatted
(String) A full and unstructured postal address. This is not synced with the structured address fields.locality
(String) The town or city of the address.po_box
(String) The post office box, if present.postal_code
(String) The ZIP or postal code, if applicable.primary
(Boolean) If this is the user's primary address. The addresses list may contain only one primary address.region
(String) The abbreviated province or state.source_is_structured
(Boolean) Indicates if the user-supplied address was formatted. Formatted addresses are not currently supported.street_address
(String) The street address, such as 1600 Amphitheatre Parkway. Whitespace within the string is ignored; however, newlines are significant.custom_schemas
Required:
schema_name
(String) The name of the schema.schema_values
(Map of String) JSON encoded map that represents key/value pairs that correspond to the given schema.emails
Required:
type
(String) The type of the email account. Acceptable values:
custom
,home
,other
,work
.Optional:
address
(String) The user's email address. Also serves as the email ID. This value can be the user's primary email address or an alias.custom_type
(String) If the value of type is custom, this property contains the custom type string.primary
(Boolean) Defaults to false
. Indicates if this is the user's primary email. Only one entry can be marked as primary.external_ids
Required:
type
(String) The type of external ID. If set to custom, customType must also be set. Acceptable values:
account
custom
customer
login_id
network
organization
value
(String) The value of the ID.Optional:
custom_type
(String) If the external ID type is custom, this property contains the custom value and must be set.ims
Required:
protocol
(String) An IM protocol identifies the IM network. The value can be a custom network or the standard network. Acceptable values:
aim
custom_protocol
gtalk
icq
jabber
msn
net_meeting
qq
skype
yahoo
type
(String) Acceptable values:
custom
home
other
work
Optional:
custom_protocol
(String) If the protocol value is custom_protocol, this property holds the custom protocol's string.custom_type
(String) If the IM type is custom, this property holds the custom type string.im
(String) The user's IM network ID.primary
(Boolean) If this is the user's primary IM. Only one entry in the IM list can have a value of true.keywords
Required:
type
(String) Each entry can have a type which indicates standard type of that entry. For example, keyword could be of type occupation or outlook. In addition to the standard type, an entry can have a custom type and can give it any name. Such types should have the CUSTOM value as type and also have a customType value. Acceptable values:
custom
mission
occupation
outlook
value
(String) Keyword.Optional:
custom_type
(String) Custom Type.languages
Optional:
custom_language
(String) Other language. A user can provide their own language name if there is no corresponding Google III language code. If this is set, LanguageCode can't be set.language_code
(String) Defaults to en
. Language Code. Should be used for storing Google III LanguageCode string representation for language. Illegal values cause SchemaException.preference
(String) Defaults to preferred
. If present, controls whether the specified languageCode is the user's preferred language. Allowed values are preferred
and not_preferred
.locations
Required:
type
(String) The location type. Acceptable values:
custom
default
desk
Optional:
area
(String) Textual location. This is most useful for display purposes to concisely describe the location. For example, Mountain View, CA or Near Seattle.building_id
(String) Building identifier.custom_type
(String) If the location type is custom, this property contains the custom value.desk_code
(String) Most specific textual code of individual desk location.floor_name
(String) Floor name/number.floor_section
(String) Floor section. More specific location within the floor. For example, if a floor is divided into sections A, B, and C, this field would identify one of those values.organizations
Required:
type
(String) The type of organization. Acceptable values:
domain_only
school
unknown
work
.Optional:
cost_center
(String) The cost center of the user's organization.custom_type
(String) If the value of type is custom, this property contains the custom value.department
(String) Specifies the department within the organization, such as sales or engineering.description
(String) The description of the organization.domain
(String) The domain the organization belongs to.full_time_equivalent
(Number) The full-time equivalent millipercent within the organization (100000 = 100%)location
(String) The physical location of the organization. This does not need to be a fully qualified address.name
(String) The name of the organization.primary
(Boolean) Indicates if this is the user's primary organization. A user may only have one primary organization.symbol
(String) Text string symbol of the organization. For example, the text symbol for Google is GOOG.title
(String) The user's title within the organization. For example, member or engineer.phones
Required:
type
(String) The type of phone number. Acceptable values:
assistant
callback
car
company_main
custom
grand_central
home
home_fax
isdn
main
mobile
other
other_fax
pager
radio
telex
tty_tdd
work
work_fax
work_mobile
work_pager
value
(String) A human-readable phone number. It may be in any telephone number format.Optional:
custom_type
(String) If the phone number type is custom, this property contains the custom value and must be set.primary
(Boolean) Indicates if this is the user's primary phone number. A user may only have one primary phone number.posix_accounts
Optional:
account_id
(String) A POSIX account field identifier.gecos
(String) The GECOS (user information) for this account.gid
(String) The default group ID.home_directory
(String) The path to the home directory for this account.operating_system_type
(String) The operating system type for this account. Acceptable values:
linux
unspecified
windows
primary
(Boolean) If this is user's primary account within the SystemId.shell
(String) The path to the login shell for this account.system_id
(String) System identifier for which account Username or Uid apply to.uid
(String) The POSIX compliant user ID.username
(String) The username of the account.relations
Required:
type
(String) The type of relation. Acceptable values:
admin_assistant
assistant
brother
child
custom
domestic_partner
dotted_line_manager
exec_assistant
father
friend
manager
mother
parent
partner
referred_by
relative
sister
spouse
value
(String) The name of the person the user is related to.Optional:
custom_type
(String) If the value of type is custom, this property contains the custom type string.ssh_public_keys
Required:
key
(String) An SSH public key.Optional:
expiration_time_usec
(String) An expiration time in microseconds since epoch.Read-Only:
fingerprint
(String) A SHA-256 fingerprint of the SSH public key.timeouts
Optional:
create
(String)update
(String)websites
Required:
type
(String) The type or purpose of the website. For example, a website could be labeled as home or blog. Alternatively, an entry can have a custom type Custom types must have a customType value. Acceptable values:
app_install_page
blog
custom
ftp
home
home_page
other
profile
reservations
resume
work
value
(String) The URL of the website.Optional:
custom_type
(String) The custom type. Only used if the type is custom.primary
(Boolean) If this is user's primary website or not.Import is supported using the following syntax:
terraform import googleworkspace_user.dwight 123456789012345678901
# or with email as id
terraform import googleworkspace_user.dwight dwight.schrute@example.com