diff --git a/.changelog/9217.txt b/.changelog/9217.txt new file mode 100644 index 00000000000..57552ad1280 --- /dev/null +++ b/.changelog/9217.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +cloudidentity: Added `additional_group_keys` attribute to `google_cloud_identity_group` resource +``` diff --git a/google/services/cloudidentity/resource_cloud_identity_group.go b/google/services/cloudidentity/resource_cloud_identity_group.go index b7475f434b0..8929ae38b26 100644 --- a/google/services/cloudidentity/resource_cloud_identity_group.go +++ b/google/services/cloudidentity/resource_cloud_identity_group.go @@ -134,6 +134,40 @@ See the for possible values. Default value: "EMPTY" Possible values: ["INITIAL_GROUP_CONFIG_UNSPECIFIED", "WITH_INITIAL_OWNER", "EMPTY"]`, Default: "EMPTY", }, + "additional_group_keys": { + Type: schema.TypeList, + Computed: true, + Description: `Additional group keys associated with the Group`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "id": { + Type: schema.TypeString, + Computed: true, + Description: `The ID of the entity. + +For Google-managed entities, the id must be the email address of an existing +group or user. + +For external-identity-mapped entities, the id must be a string conforming +to the Identity Source's requirements. + +Must be unique within a namespace.`, + }, + "namespace": { + Type: schema.TypeString, + Computed: true, + Description: `The namespace in which the entity exists. + +If not specified, the EntityKey represents a Google-managed entity +such as a Google user or a Google Group. + +If specified, the EntityKey represents an external-identity-mapped group. +The namespace must correspond to an identity source created in Admin Console +and must be in the form of 'identitysources/{identity_source_id}'.`, + }, + }, + }, + }, "create_time": { Type: schema.TypeString, Computed: true, @@ -338,6 +372,9 @@ func resourceCloudIdentityGroupRead(d *schema.ResourceData, meta interface{}) er if err := d.Set("description", flattenCloudIdentityGroupDescription(res["description"], d, config)); err != nil { return fmt.Errorf("Error reading Group: %s", err) } + if err := d.Set("additional_group_keys", flattenCloudIdentityGroupAdditionalGroupKeys(res["additionalGroupKeys"], d, config)); err != nil { + return fmt.Errorf("Error reading Group: %s", err) + } if err := d.Set("create_time", flattenCloudIdentityGroupCreateTime(res["createTime"], d, config)); err != nil { return fmt.Errorf("Error reading Group: %s", err) } @@ -542,6 +579,33 @@ func flattenCloudIdentityGroupDescription(v interface{}, d *schema.ResourceData, return v } +func flattenCloudIdentityGroupAdditionalGroupKeys(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + if v == nil { + return v + } + l := v.([]interface{}) + transformed := make([]interface{}, 0, len(l)) + for _, raw := range l { + original := raw.(map[string]interface{}) + if len(original) < 1 { + // Do not include empty json objects coming back from the api + continue + } + transformed = append(transformed, map[string]interface{}{ + "id": flattenCloudIdentityGroupAdditionalGroupKeysId(original["id"], d, config), + "namespace": flattenCloudIdentityGroupAdditionalGroupKeysNamespace(original["namespace"], d, config), + }) + } + return transformed +} +func flattenCloudIdentityGroupAdditionalGroupKeysId(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenCloudIdentityGroupAdditionalGroupKeysNamespace(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + func flattenCloudIdentityGroupCreateTime(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { return v } diff --git a/google/services/cloudidentity/resource_cloud_identity_group_test.go b/google/services/cloudidentity/resource_cloud_identity_group_test.go index 137d5314f14..d3e40b48fff 100644 --- a/google/services/cloudidentity/resource_cloud_identity_group_test.go +++ b/google/services/cloudidentity/resource_cloud_identity_group_test.go @@ -101,6 +101,10 @@ func testAccCloudIdentityGroup_cloudIdentityGroupsBasicExampleTest(t *testing.T) Steps: []resource.TestStep{ { Config: testAccCloudIdentityGroup_cloudIdentityGroupsBasicExample(context), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttrSet("google_cloud_identity_group.cloud_identity_group_basic", + "additional_group_keys.#"), + ), }, { ResourceName: "google_cloud_identity_group.cloud_identity_group_basic", diff --git a/website/docs/r/cloud_identity_group.html.markdown b/website/docs/r/cloud_identity_group.html.markdown index 22f43ce7fba..a8243d8ac46 100644 --- a/website/docs/r/cloud_identity_group.html.markdown +++ b/website/docs/r/cloud_identity_group.html.markdown @@ -132,6 +132,10 @@ In addition to the arguments listed above, the following computed attributes are Resource name of the Group in the format: groups/{group_id}, where group_id is the unique ID assigned to the Group. +* `additional_group_keys` - + Additional group keys associated with the Group + Structure is [documented below](#nested_additional_group_keys). + * `create_time` - The time when the Group was created. @@ -139,6 +143,26 @@ In addition to the arguments listed above, the following computed attributes are The time when the Group was last updated. +The `additional_group_keys` block contains: + +* `id` - + (Output) + The ID of the entity. + For Google-managed entities, the id must be the email address of an existing + group or user. + For external-identity-mapped entities, the id must be a string conforming + to the Identity Source's requirements. + Must be unique within a namespace. + +* `namespace` - + (Output) + The namespace in which the entity exists. + If not specified, the EntityKey represents a Google-managed entity + such as a Google user or a Google Group. + If specified, the EntityKey represents an external-identity-mapped group. + The namespace must correspond to an identity source created in Admin Console + and must be in the form of `identitysources/{identity_source_id}`. + ## Timeouts This resource provides the following