-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* rewrite with plugin framework * Update Go version to 1.20.3 * implement drives.delete * deprecate wait_after_create and retry on 404 * rename some variables * rename * fix rename * implement file resource * re-add combineId * fix optional attributes * add permission resource * add inherited flag to flags * add helper functions to get and set permissions * implement permissions policy resources * update deps * upgrade to new dev version of gsm * Implement label assignment * Implement label policy * clean up diagnostics and error checking * refactor label assignment * split helper functions into seperate files * refactor permissions policy * Update Go version to 1.20.4 * Update Readme * Add copyright header * refactor drive * add drive_id and refactore read * add drive DS * don't force retry on 404 * remove WaitAfterCreate * fix id / drive_id * update deps * refactor file * remove useless helper function * standardize method names * add header * implement ou_membership resource * Implement drives data source * implement file data source * Implement files data source * remove comment * fix function name * add label DS * add labels data source * use standardized ids for all resources * use function for drive restrictions * add bool for useStateForUnknown to handle nested blocks properly * add function to return label field * only use useStateForUnknown for top level attributes * add id fields * remove ID fields again * add permission data source * add permissions data source * attributes should be computed * update deps * Update Go version to 1.20.5 * Update GitHub actions * optimize some struct sizes * update deps * Add resource definitions for labels, label fields and selection choices * read some additional attributes * implement lifecycle management * add version * use scopes slice instead of bool attributes and re-add getting config from env variables * create separate model for properties for resource and DS * update deps * implement id splitting functions * properly set Ids * use correct Ids * remove has_unpublished_changes from resource * properly set Ids and only set domain / email when actually used * rename file * implement test cases * fix test * implement label permission resource * Retry for max 3 min * fix nil pointer * set use_domain_admin_access = false in test * make sure that only either email or domain is set * update README * add more fields to label data source and add tests * use properties for label data sources and add test cases * use nested attributes instead of blocks * rename file * add test cases for permission data sources * fix fields * add test cases for drive data sources * add test cases for file data sources * update docs * skip announce * update actions * fix replace logic when upgrading from previous state * only allow either email or domain * add migration guide * update docs * update deps * fix test case * update docs * minor updates to docs * add headers to test files * add intro * format * update docs * update deps * remove duplicate text from docs
- Loading branch information
1 parent
e9b2369
commit e469b5b
Showing
116 changed files
with
13,034 additions
and
3,027 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -48,3 +48,5 @@ release: | |
draft: true | ||
changelog: | ||
skip: true | ||
announce: | ||
skip: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,56 +5,65 @@ A Terraform Provider for Google Drive | |
|
||
[View on Terraform Registry](https://registry.terraform.io/providers/hanneshayashi/gdrive/latest). | ||
|
||
The Terraform provider for Google Drive can be used to manage Google Drive objects like files and folders, Shared Drives and Labels. | ||
|
||
It can also be used to manage permissions to any of these objects, as well as import and export files to and from Google Drive. | ||
|
||
Using Terraform and a source code management solution to manage your Google Drive environment can help you estabilsh secure processes | ||
that require approval from multiple people before changes are deployed to production. You can also build your own modules to estabilsh | ||
standards across your orgnization like naming conventions, default permissions or Label assignments. | ||
|
||
## Features | ||
|
||
* Manage Shared Drives and organize them into organizational units | ||
* Manage Google Drive files (including file uploads, downloads and exports) | ||
* Manage Google Drive permissions | ||
* Manage Google Drive Labels (assignment to files als folders) | ||
* Manage Google Drive Labels, fields, assignments to files and permissions | ||
|
||
## Installation | ||
To install this provider, copy and paste this code into your Terraform configuration. Then, run terraform init. | ||
|
||
To install this provider, copy and paste this code into your Terraform configuration. Then, run `terraform init`. | ||
|
||
```terraform | ||
terraform { | ||
required_providers { | ||
gdrive = { | ||
source = "hanneshayashi/gdrive" | ||
version = "~> 0.9" | ||
version = "~> 1.0" | ||
} | ||
} | ||
} | ||
``` | ||
|
||
## Setup | ||
First, you need a GCP Service Account with [Domain Wide Delegation](https://support.google.com/a/answer/162106) set up with the Google Drive scope. | ||
## Upgrade from 0.x | ||
|
||
This provider uses [GSM](https://github.com/hanneshayashi/gsm)'s auth and drive packages. | ||
You can take a look at the GSM [Setup Guide](https://gsm.hayashi-ke.online/setup), if you need help. | ||
Please see the [Upgrade Guide](https://registry.terraform.io/providers/hanneshayashi/gdrive/latest/docs/guides/version_1_upgrade) and make sure you have a backup of your state file before upgrading. | ||
|
||
## Setup | ||
|
||
The basic steps are: | ||
1. Create GCP Project | ||
2. Enable Drive API | ||
3. Create Service Account + Enable Domain Wide Delegation | ||
1. Create GCP Project (or use an existing one) | ||
2. Enable the following APIs: | ||
* Drive API | ||
* Drive Labels API | ||
* Cloud Identity API | ||
3. Create a Service Account + Enable Domain Wide Delegation | ||
* See [Perform Google Workspace Domain-Wide Delegation of Authority](https://developers.google.com/admin-sdk/directory/v1/guides/delegation) | ||
* **You don't need the Service Account Key if you want to use [Application Default Credential](https://cloud.google.com/iam/docs/best-practices-for-using-and-managing-service-accounts#use-attached-service-accounts)** | ||
4. Enter the Client ID of the Service Account with the [Drive scope](https://developers.google.com/identity/protocols/oauth2/scopes#drive) (`https://www.googleapis.com/auth/drive`) in your Admin Console | ||
* **You *don't* need the Service Account Key if you want to use [Application Default Credential](https://cloud.google.com/iam/docs/best-practices-for-using-and-managing-service-accounts#use-attached-service-accounts)** | ||
4. Enter the Client ID of the Service Account with the following scopes in your Admin Console: | ||
* `https://www.googleapis.com/auth/drive` | ||
* `https://www.googleapis.com/auth/drive.labels` | ||
* `https://www.googleapis.com/auth/drive.admin.labels` | ||
* `https://www.googleapis.com/auth/cloud-identity.orgunits` | ||
|
||
You can authenticate in one of two ways: | ||
1. Create a Service Account Key and configure the provider like so: | ||
```terraform | ||
provider "gdrive" { | ||
service_account_key = "/path/to/sa.json" # This is the path to your Service Account Key file or its content in JSON format | ||
subject = "[email protected]" # This is the user you want to impersonate with Domain Wide Delegation | ||
} | ||
``` | ||
2. Use Application Default Credentials: | ||
Activate the [IAM Service Account Credentials API](https://console.developers.google.com/apis/api/iamcredentials.googleapis.com/overview) *in the project where the Service Account is located* | ||
1. Use Application Default Credentials (**recommended**): | ||
Activate the [IAM Service Account Credentials API](https://console.developers.google.com/apis/api/iamcredentials.googleapis.com/overview) *in the project where the Service Account is located* | ||
|
||
a) Use `gcloud auth application-default login` on your local workstation | ||
a) Use a Google Compute Engine instance or [any service that supports attaching a Service Account in GCP](https://cloud.google.com/iam/docs/impersonating-service-accounts#attaching-new-resource) | ||
|
||
**or** | ||
|
||
b) Use a Google Compute Engine instance or [any service that supports attaching a Service Account in GCP](https://cloud.google.com/iam/docs/impersonating-service-accounts#attaching-new-resource) | ||
b) Use `gcloud auth application-default login --impersonate-service-account` on your local workstation | ||
|
||
In **both** cases, the account needs the *[Service Account Token Creator](https://cloud.google.com/iam/docs/service-accounts#token-creator-role)* role for the Service Account you set up for DWD (**even if your GCP service is using the same account**). | ||
|
||
|
@@ -67,48 +76,15 @@ provider "gdrive" { | |
} | ||
``` | ||
|
||
### Optional | ||
|
||
#### Enable Management of Shared Drives in Organizational Units | ||
|
||
**BEWARE! THE API AND THIS FEATURE ARE IN BETA AND MAY BREAK WITHOUT WARNING!** | ||
|
||
If you want to organize your Shared Drives in organizational units with this provider, some additional setup is required: | ||
1. Enable the Cloud Identity API in your GCP project | ||
2. Add `https://www.googleapis.com/auth/cloud-identity.orgunits` as a scope to your Domain Wide Delegation config | ||
3. Set `use_cloud_identity_api = true` in your provider configuration: | ||
|
||
```terraform | ||
provider "gdrive" { | ||
# ... | ||
use_cloud_identity_api = true | ||
} | ||
``` | ||
|
||
#### Enable Drive Label API | ||
|
||
**Label assignments use the normal Drive API so no additional setup is required** | ||
|
||
If you want to use Google Drive Labels (currently data sources only), some additional setup is required: | ||
1. Enable the Drive Labels API in your GCP project | ||
2. Add `https://www.googleapis.com/auth/drive.labels` as a scope to your Domain Wide Delegation config | ||
3. Set `use_labels_api = true` in your provider configuration: | ||
|
||
2. Create a Service Account Key and configure the provider like so: | ||
```terraform | ||
provider "gdrive" { | ||
# ... | ||
use_labels_api = true | ||
service_account_key = "/path/to/sa.json" # This is the path to your Service Account Key file or its content in JSON format | ||
subject = "[email protected]" # This is the user you want to impersonate with Domain Wide Delegation | ||
} | ||
``` | ||
|
||
If you want to use "admin access" when working with labels, you also need to do the following: | ||
1. Add `https://www.googleapis.com/auth/drive.admin.labels` as a scope to your Domain Wide Delegation config | ||
2. Set `use_labels_admin_scope = true` in your provider configuration: | ||
You can also set the `SERVICE_ACCOUNT_KEY` environment variable to store either the path to the Key file or the JSON contents directly. | ||
|
||
```terraform | ||
provider "gdrive" { | ||
# ... | ||
use_labels_api = true | ||
use_labels_admin_scope = true | ||
} | ||
``` | ||
This provider uses [GSM](https://github.com/hanneshayashi/gsm) for authentication and API access. | ||
You can take a look at the GSM [Setup Guide](https://gsm.hayashi-ke.online/setup), if you need help. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.