v5.18.0/website/docs/r/cloud_identity_group.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Cloud Identity"
 description: |-
   A Cloud Identity resource representing a Group.
 ---

 # google\_cloud\_identity\_group

 A Cloud Identity resource representing a Group.


 To get more information about Group, see:

 * [API documentation](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups)
 * How-to Guides
     * [Official Documentation](https://cloud.google.com/identity/docs/how-to/setup)

 ~> **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,
 you must specify a `billing_project` and set `user_project_override` to true
 in the provider configuration. Otherwise the Cloud Identity API will return a 403 error.
 Your account must have the `serviceusage.services.use` permission on the
 `billing_project` you defined.

 ## Example Usage - Cloud Identity Groups Basic


 ```hcl
 resource "google_cloud_identity_group" "cloud_identity_group_basic" {
   display_name         = "my-identity-group"
   initial_group_config = "WITH_INITIAL_OWNER"

   parent = "customers/A01b123xz"

   group_key {
   	id = "my-identity-group@example.com"
   }

   labels = {
     "cloudidentity.googleapis.com/groups.discussion_forum" = ""
   }
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `group_key` -
   (Required)
   EntityKey of the Group.
   Structure is [documented below](#nested_group_key).

 * `parent` -
   (Required)
   The resource name of the entity under which this Group resides in the
   Cloud Identity resource hierarchy.
   Must be of the form identitysources/{identity_source_id} for external-identity-mapped
   groups or customers/{customer_id} for Google Groups.

 * `labels` -
   (Required)
   One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value.
   Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value.
   Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added.
   Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic.
   Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.


 <a name="nested_group_key"></a>The `group_key` block supports:

 * `id` -
   (Required)
   The ID of the entity.
   For Google-managed entities, the id must be the email address of an existing
   group or user.
   For external-identity-mapped entities, the id must be a string conforming
   to the Identity Source's requirements.
   Must be unique within a namespace.

 * `namespace` -
   (Optional)
   The namespace in which the entity exists.
   If not specified, the EntityKey represents a Google-managed entity
   such as a Google user or a Google Group.
   If specified, the EntityKey represents an external-identity-mapped group.
   The namespace must correspond to an identity source created in Admin Console
   and must be in the form of `identitysources/{identity_source_id}`.

 - - -


 * `display_name` -
   (Optional)
   The display name of the Group.

 * `description` -
   (Optional)
   An extended description to help users determine the purpose of a Group.
   Must not be longer than 4,096 characters.

 * `initial_group_config` -
   (Optional)
   The initial configuration options for creating a Group.
   See the
   [API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig)
   for possible values.
   Default value is `EMPTY`.
   Possible values are: `INITIAL_GROUP_CONFIG_UNSPECIFIED`, `WITH_INITIAL_OWNER`, `EMPTY`.


 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `{{name}}`

 * `name` -
   Resource name of the Group in the format: groups/{group_id}, where group_id
   is the unique ID assigned to the Group.

 * `additional_group_keys` -
   Additional group keys associated with the Group
   Structure is [documented below](#nested_additional_group_keys).

 * `create_time` -
   The time when the Group was created.

 * `update_time` -
   The time when the Group was last updated.


 <a name="nested_additional_group_keys"></a>The `additional_group_keys` block contains:

 * `id` -
   (Output)
   The ID of the entity.
   For Google-managed entities, the id must be the email address of an existing
   group or user.
   For external-identity-mapped entities, the id must be a string conforming
   to the Identity Source's requirements.
   Must be unique within a namespace.

 * `namespace` -
   (Output)
   The namespace in which the entity exists.
   If not specified, the EntityKey represents a Google-managed entity
   such as a Google user or a Google Group.
   If specified, the EntityKey represents an external-identity-mapped group.
   The namespace must correspond to an identity source created in Admin Console
   and must be in the form of `identitysources/{identity_source_id}`.

 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 20 minutes.
 - `update` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 Group can be imported using any of these accepted formats:

 * `{{name}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Group using one of the formats above. For example:

 ```tf
 import {
   id = "{{name}}"
   to = google_cloud_identity_group.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Group can be imported using one of the formats above. For example:

 ```
 $ terraform import google_cloud_identity_group.default {{name}}
 ```
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Cloud Identity"
	description: \|-
	A Cloud Identity resource representing a Group.
	---

	# google\_cloud\_identity\_group

	A Cloud Identity resource representing a Group.


	To get more information about Group, see:

	* [API documentation](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups)
	* How-to Guides
	* [Official Documentation](https://cloud.google.com/identity/docs/how-to/setup)

	~> Warning: If you are using User ADCs (Application Default Credentials) with this resource,
	you must specify a `billing_project` and set `user_project_override` to true
	in the provider configuration. Otherwise the Cloud Identity API will return a 403 error.
	Your account must have the `serviceusage.services.use` permission on the
	`billing_project` you defined.

	## Example Usage - Cloud Identity Groups Basic


	```hcl
	resource "google_cloud_identity_group" "cloud_identity_group_basic" {
	display_name = "my-identity-group"
	initial_group_config = "WITH_INITIAL_OWNER"

	parent = "customers/A01b123xz"

	group_key {
	id = "my-identity-group@example.com"
	}

	labels = {
	"cloudidentity.googleapis.com/groups.discussion_forum" = ""
	}
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `group_key` -
	(Required)
	EntityKey of the Group.
	Structure is [documented below](#nested_group_key).

	* `parent` -
	(Required)
	The resource name of the entity under which this Group resides in the
	Cloud Identity resource hierarchy.
	Must be of the form identitysources/{identity_source_id} for external-identity-mapped
	groups or customers/{customer_id} for Google Groups.

	* `labels` -
	(Required)
	One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value.
	Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value.
	Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added.
	Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic.
	Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.


	<a name="nested_group_key"></a>The `group_key` block supports:

	* `id` -
	(Required)
	The ID of the entity.
	For Google-managed entities, the id must be the email address of an existing
	group or user.
	For external-identity-mapped entities, the id must be a string conforming
	to the Identity Source's requirements.
	Must be unique within a namespace.

	* `namespace` -
	(Optional)
	The namespace in which the entity exists.
	If not specified, the EntityKey represents a Google-managed entity
	such as a Google user or a Google Group.
	If specified, the EntityKey represents an external-identity-mapped group.
	The namespace must correspond to an identity source created in Admin Console
	and must be in the form of `identitysources/{identity_source_id}`.

	- - -


	* `display_name` -
	(Optional)
	The display name of the Group.

	* `description` -
	(Optional)
	An extended description to help users determine the purpose of a Group.
	Must not be longer than 4,096 characters.

	* `initial_group_config` -
	(Optional)
	The initial configuration options for creating a Group.
	See the
	[API reference](https://cloud.google.com/identity/docs/reference/rest/v1beta1/groups/create#initialgroupconfig)
	for possible values.
	Default value is `EMPTY`.
	Possible values are: `INITIAL_GROUP_CONFIG_UNSPECIFIED`, `WITH_INITIAL_OWNER`, `EMPTY`.


	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `{{name}}`

	* `name` -
	Resource name of the Group in the format: groups/{group_id}, where group_id
	is the unique ID assigned to the Group.

	* `additional_group_keys` -
	Additional group keys associated with the Group
	Structure is [documented below](#nested_additional_group_keys).

	* `create_time` -
	The time when the Group was created.

	* `update_time` -
	The time when the Group was last updated.


	<a name="nested_additional_group_keys"></a>The `additional_group_keys` block contains:

	* `id` -
	(Output)
	The ID of the entity.
	For Google-managed entities, the id must be the email address of an existing
	group or user.
	For external-identity-mapped entities, the id must be a string conforming
	to the Identity Source's requirements.
	Must be unique within a namespace.

	* `namespace` -
	(Output)
	The namespace in which the entity exists.
	If not specified, the EntityKey represents a Google-managed entity
	such as a Google user or a Google Group.
	If specified, the EntityKey represents an external-identity-mapped group.
	The namespace must correspond to an identity source created in Admin Console
	and must be in the form of `identitysources/{identity_source_id}`.

	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 20 minutes.
	- `update` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	Group can be imported using any of these accepted formats:

	* `{{name}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Group using one of the formats above. For example:

	```tf
	import {
	id = "{{name}}"
	to = google_cloud_identity_group.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Group can be imported using one of the formats above. For example:

	```
	$ terraform import google_cloud_identity_group.default {{name}}
	```