How can I create a group on Google Cloud Identity using Terraform that allows outside organization members?
I created a group using a code similar to this:
resource "google_cloud_identity_group" "team" {
provider = google.cloud-identity
display_name = "team-example"
parent = "customers/xyz"
description = "Team Description"
initial_group_config = "EMPTY"
group_key {
id = "team-example@example.com"
}
labels = {
"cloudidentity.googleapis.com/groups.discussion_forum" = ""
}
}
Once I tried to add a member which email belongs to another organization, I got the error below:
Error creating GroupMembership: googleapi: Error 400: Error(4023): Cannot create membership in group 'groups/xyz' for member 'person@otherdomain.com' because the group does not allow members outside the organization
I couldn't find an answer on the documentation and I even tried to find the "allow members from outside the organization" flag at the group api.
As a work-around, I need to:
Controlling allowExternalMembers is managed via the Google Groups Settings API (https://developers.google.com/admin-sdk/groups-settings/v1/reference/groups), which is not covered by Google's terraform provider yet.
So an execution block that executes that API request might be needed here until then.