v5.18.0/website/docs/r/cloud_identity_group_membership.html.markdown - terraform-provider-google-beta - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "Cloud Identity"
 description: |-
   A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member".
 ---

 # google\_cloud\_identity\_group\_membership

 A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member".


 To get more information about GroupMembership, see:

 * [API documentation](https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships)
 * How-to Guides
     * [Official Documentation](https://cloud.google.com/identity/docs/how-to/memberships-google-groups)

 ~> **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,
 you must specify a `billing_project` and set `user_project_override` to true
 in the provider configuration. Otherwise the Cloud Identity API will return a 403 error.
 Your account must have the `serviceusage.services.use` permission on the
 `billing_project` you defined.

 ## Example Usage - Cloud Identity Group Membership


 ```hcl
 resource "google_cloud_identity_group" "group" {
   display_name = "my-identity-group"

   parent = "customers/A01b123xz"

   group_key {
   	id = "my-identity-group@example.com"
   }

   labels = {
     "cloudidentity.googleapis.com/groups.discussion_forum" = ""
   }
 }

 resource "google_cloud_identity_group" "child-group" {
   display_name = "my-identity-group-child"

   parent = "customers/A01b123xz"

   group_key {
   	id = "my-identity-group-child@example.com"
   }

   labels = {
     "cloudidentity.googleapis.com/groups.discussion_forum" = ""
   }
 }

 resource "google_cloud_identity_group_membership" "cloud_identity_group_membership_basic" {
   group    = google_cloud_identity_group.group.id

   preferred_member_key {
     id = google_cloud_identity_group.child-group.group_key[0].id
   }

   roles {
     name = "MEMBER"
   }
 }
 ```
 ## Example Usage - Cloud Identity Group Membership User


 ```hcl
 resource "google_cloud_identity_group" "group" {
   display_name = "my-identity-group"

   parent = "customers/A01b123xz"

   group_key {
     id = "my-identity-group@example.com"
   }

   labels = {
     "cloudidentity.googleapis.com/groups.discussion_forum" = ""
   }
 }

 resource "google_cloud_identity_group_membership" "cloud_identity_group_membership_basic" {
   group    = google_cloud_identity_group.group.id

   preferred_member_key {
     id = "cloud_identity_user@example.com"
   }

   roles {
     name = "MEMBER"
   }

   roles {
     name = "MANAGER"
   }
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `roles` -
   (Required)
   The MembershipRoles that apply to the Membership.
   Must not contain duplicate MembershipRoles with the same name.
   Structure is [documented below](#nested_roles).

 * `group` -
   (Required)
   The name of the Group to create this membership in.


 <a name="nested_roles"></a>The `roles` block supports:

 * `name` -
   (Required)
   The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER.
   Possible values are: `OWNER`, `MANAGER`, `MEMBER`.

 * `expiry_detail` -
   (Optional)
   The MembershipRole expiry details, only supported for MEMBER role.
   Other roles cannot be accompanied with MEMBER role having expiry.
   Structure is [documented below](#nested_expiry_detail).


 <a name="nested_expiry_detail"></a>The `expiry_detail` block supports:

 * `expire_time` -
   (Required)
   The time at which the MembershipRole will expire.
   A timestamp in RFC3339 UTC "Zulu" format, with nanosecond
   resolution and up to nine fractional digits.
   Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

 - - -


 * `member_key` -
   (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
   EntityKey of the member.
   Structure is [documented below](#nested_member_key).

 * `preferred_member_key` -
   (Optional)
   EntityKey of the member.
   Structure is [documented below](#nested_preferred_member_key).


 <a name="nested_member_key"></a>The `member_key` block supports:

 * `id` -
   (Required)
   The ID of the entity.
   For Google-managed entities, the id must be the email address of an existing
   group or user.
   For external-identity-mapped entities, the id must be a string conforming
   to the Identity Source's requirements.
   Must be unique within a namespace.

 * `namespace` -
   (Optional)
   The namespace in which the entity exists.
   If not specified, the EntityKey represents a Google-managed entity
   such as a Google user or a Google Group.
   If specified, the EntityKey represents an external-identity-mapped group.
   The namespace must correspond to an identity source created in Admin Console
   and must be in the form of `identitysources/{identity_source_id}`.

 <a name="nested_preferred_member_key"></a>The `preferred_member_key` block supports:

 * `id` -
   (Required)
   The ID of the entity.
   For Google-managed entities, the id must be the email address of an existing
   group or user.
   For external-identity-mapped entities, the id must be a string conforming
   to the Identity Source's requirements.
   Must be unique within a namespace.

 * `namespace` -
   (Optional)
   The namespace in which the entity exists.
   If not specified, the EntityKey represents a Google-managed entity
   such as a Google user or a Google Group.
   If specified, the EntityKey represents an external-identity-mapped group.
   The namespace must correspond to an identity source created in Admin Console
   and must be in the form of `identitysources/{identity_source_id}`.

 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `{{name}}`

 * `name` -
   The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}.

 * `create_time` -
   The time when the Membership was created.

 * `update_time` -
   The time when the Membership was last updated.

 * `type` -
   The type of the membership.


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 20 minutes.
 - `update` - Default is 20 minutes.
 - `delete` - Default is 20 minutes.

 ## Import


 GroupMembership can be imported using any of these accepted formats:

 * `{{name}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import GroupMembership using one of the formats above. For example:

 ```tf
 import {
   id = "{{name}}"
   to = google_cloud_identity_group_membership.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), GroupMembership can be imported using one of the formats above. For example:

 ```
 $ terraform import google_cloud_identity_group_membership.default {{name}}
 ```
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "Cloud Identity"
	description: \|-
	A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member".
	---

	# google\_cloud\_identity\_group\_membership

	A Membership defines a relationship between a Group and an entity belonging to that Group, referred to as a "member".


	To get more information about GroupMembership, see:

	* [API documentation](https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships)
	* How-to Guides
	* [Official Documentation](https://cloud.google.com/identity/docs/how-to/memberships-google-groups)

	~> Warning: If you are using User ADCs (Application Default Credentials) with this resource,
	you must specify a `billing_project` and set `user_project_override` to true
	in the provider configuration. Otherwise the Cloud Identity API will return a 403 error.
	Your account must have the `serviceusage.services.use` permission on the
	`billing_project` you defined.

	## Example Usage - Cloud Identity Group Membership


	```hcl
	resource "google_cloud_identity_group" "group" {
	display_name = "my-identity-group"

	parent = "customers/A01b123xz"

	group_key {
	id = "my-identity-group@example.com"
	}

	labels = {
	"cloudidentity.googleapis.com/groups.discussion_forum" = ""
	}
	}

	resource "google_cloud_identity_group" "child-group" {
	display_name = "my-identity-group-child"

	parent = "customers/A01b123xz"

	group_key {
	id = "my-identity-group-child@example.com"
	}

	labels = {
	"cloudidentity.googleapis.com/groups.discussion_forum" = ""
	}
	}

	resource "google_cloud_identity_group_membership" "cloud_identity_group_membership_basic" {
	group = google_cloud_identity_group.group.id

	preferred_member_key {
	id = google_cloud_identity_group.child-group.group_key[0].id
	}

	roles {
	name = "MEMBER"
	}
	}
	```
	## Example Usage - Cloud Identity Group Membership User


	```hcl
	resource "google_cloud_identity_group" "group" {
	display_name = "my-identity-group"

	parent = "customers/A01b123xz"

	group_key {
	id = "my-identity-group@example.com"
	}

	labels = {
	"cloudidentity.googleapis.com/groups.discussion_forum" = ""
	}
	}

	resource "google_cloud_identity_group_membership" "cloud_identity_group_membership_basic" {
	group = google_cloud_identity_group.group.id

	preferred_member_key {
	id = "cloud_identity_user@example.com"
	}

	roles {
	name = "MEMBER"
	}

	roles {
	name = "MANAGER"
	}
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `roles` -
	(Required)
	The MembershipRoles that apply to the Membership.
	Must not contain duplicate MembershipRoles with the same name.
	Structure is [documented below](#nested_roles).

	* `group` -
	(Required)
	The name of the Group to create this membership in.


	<a name="nested_roles"></a>The `roles` block supports:

	* `name` -
	(Required)
	The name of the MembershipRole. Must be one of OWNER, MANAGER, MEMBER.
	Possible values are: `OWNER`, `MANAGER`, `MEMBER`.

	* `expiry_detail` -
	(Optional)
	The MembershipRole expiry details, only supported for MEMBER role.
	Other roles cannot be accompanied with MEMBER role having expiry.
	Structure is [documented below](#nested_expiry_detail).


	<a name="nested_expiry_detail"></a>The `expiry_detail` block supports:

	* `expire_time` -
	(Required)
	The time at which the MembershipRole will expire.
	A timestamp in RFC3339 UTC "Zulu" format, with nanosecond
	resolution and up to nine fractional digits.
	Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

	- - -


	* `member_key` -
	(Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
	EntityKey of the member.
	Structure is [documented below](#nested_member_key).

	* `preferred_member_key` -
	(Optional)
	EntityKey of the member.
	Structure is [documented below](#nested_preferred_member_key).


	<a name="nested_member_key"></a>The `member_key` block supports:

	* `id` -
	(Required)
	The ID of the entity.
	For Google-managed entities, the id must be the email address of an existing
	group or user.
	For external-identity-mapped entities, the id must be a string conforming
	to the Identity Source's requirements.
	Must be unique within a namespace.

	* `namespace` -
	(Optional)
	The namespace in which the entity exists.
	If not specified, the EntityKey represents a Google-managed entity
	such as a Google user or a Google Group.
	If specified, the EntityKey represents an external-identity-mapped group.
	The namespace must correspond to an identity source created in Admin Console
	and must be in the form of `identitysources/{identity_source_id}`.

	<a name="nested_preferred_member_key"></a>The `preferred_member_key` block supports:

	* `id` -
	(Required)
	The ID of the entity.
	For Google-managed entities, the id must be the email address of an existing
	group or user.
	For external-identity-mapped entities, the id must be a string conforming
	to the Identity Source's requirements.
	Must be unique within a namespace.

	* `namespace` -
	(Optional)
	The namespace in which the entity exists.
	If not specified, the EntityKey represents a Google-managed entity
	such as a Google user or a Google Group.
	If specified, the EntityKey represents an external-identity-mapped group.
	The namespace must correspond to an identity source created in Admin Console
	and must be in the form of `identitysources/{identity_source_id}`.

	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `{{name}}`

	* `name` -
	The resource name of the Membership, of the form groups/{group_id}/memberships/{membership_id}.

	* `create_time` -
	The time when the Membership was created.

	* `update_time` -
	The time when the Membership was last updated.

	* `type` -
	The type of the membership.


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 20 minutes.
	- `update` - Default is 20 minutes.
	- `delete` - Default is 20 minutes.

	## Import


	GroupMembership can be imported using any of these accepted formats:

	* `{{name}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import GroupMembership using one of the formats above. For example:

	```tf
	import {
	id = "{{name}}"
	to = google_cloud_identity_group_membership.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), GroupMembership can be imported using one of the formats above. For example:

	```
	$ terraform import google_cloud_identity_group_membership.default {{name}}
	```