V1.0 dev (#13)

* rewrite with plugin framework * Update Go version to 1.20.3 * implement drives.delete * deprecate wait_after_create and retry on 404 * rename some variables * rename * fix rename * implement file resource * re-add combineId * fix optional attributes * add permission resource * add inherited flag to flags * add helper functions to get and set permissions * implement permissions policy resources * update deps * upgrade to new dev version of gsm * Implement label assignment * Implement label policy * clean up diagnostics and error checking * refactor label assignment * split helper functions into seperate files * refactor permissions policy * Update Go version to 1.20.4 * Update Readme * Add copyright header * refactor drive * add drive_id and refactore read * add drive DS * don't force retry on 404 * remove WaitAfterCreate * fix id / drive_id * update deps * refactor file * remove useless helper function * standardize method names * add header * implement ou_membership resource * Implement drives data source * implement file data source * Implement files data source * remove comment * fix function name * add label DS * add labels data source * use standardized ids for all resources * use function for drive restrictions * add bool for useStateForUnknown to handle nested blocks properly * add function to return label field * only use useStateForUnknown for top level attributes * add id fields * remove ID fields again * add permission data source * add permissions data source * attributes should be computed * update deps * Update Go version to 1.20.5 * Update GitHub actions * optimize some struct sizes * update deps * Add resource definitions for labels, label fields and selection choices * read some additional attributes * implement lifecycle management * add version * use scopes slice instead of bool attributes and re-add getting config from env variables * create separate model for properties for resource and DS * update deps * implement id splitting functions * properly set Ids * use correct Ids * remove has_unpublished_changes from resource * properly set Ids and only set domain / email when actually used * rename file * implement test cases * fix test * implement label permission resource * Retry for max 3 min * fix nil pointer * set use_domain_admin_access = false in test * make sure that only either email or domain is set * update README * add more fields to label data source and add tests * use properties for label data sources and add test cases * use nested attributes instead of blocks * rename file * add test cases for permission data sources * fix fields * add test cases for drive data sources * add test cases for file data sources * update docs * skip announce * update actions * fix replace logic when upgrading from previous state * only allow either email or domain * add migration guide * update docs * update deps * fix test case * update docs * minor updates to docs * add headers to test files * add intro * format * update docs * update deps * remove duplicate text from docs
hanneshayashi · Jun 27, 2023 · e469b5b · e469b5b
1 parent e9b2369
commit e469b5b
Show file tree

Hide file tree

Showing 116 changed files with 13,034 additions and 3,027 deletions.
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -20,21 +20,21 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.5.3
       - name: Unshallow
         run: git fetch --prune --unshallow
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4.0.1
         with:
-          go-version: 1.19
+          go-version: 1.20.5
       - name: Import GPG key
         id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v5.1.0
+        uses: crazy-max/ghaction-import-gpg@v5.3.0
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v4.3.0
         with:
           version: latest
           args: release --rm-dist

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -48,3 +48,5 @@ release:
   draft: true
 changelog:
   skip: true
+announce:
+  skip: true
diff --git a/README.md b/README.md
@@ -5,56 +5,65 @@ A Terraform Provider for Google Drive
 
 [View on Terraform Registry](https://registry.terraform.io/providers/hanneshayashi/gdrive/latest).
 
+The Terraform provider for Google Drive can be used to manage Google Drive objects like files and folders, Shared Drives and Labels.
+
+It can also be used to manage permissions to any of these objects, as well as import and export files to and from Google Drive.
+
+Using Terraform and a source code management solution to manage your Google Drive environment can help you estabilsh secure processes
+that require approval from multiple people before changes are deployed to production. You can also build your own modules to estabilsh
+standards across your orgnization like naming conventions, default permissions or Label assignments.
+
 ## Features
+
 * Manage Shared Drives and organize them into organizational units
 * Manage Google Drive files (including file uploads, downloads and exports)
 * Manage Google Drive permissions
-* Manage Google Drive Labels (assignment to files als folders)
+* Manage Google Drive Labels, fields, assignments to files and permissions
 
 ## Installation
-To install this provider, copy and paste this code into your Terraform configuration. Then, run terraform init.
+
+To install this provider, copy and paste this code into your Terraform configuration. Then, run `terraform init`.
 
 ```terraform
 terraform {
   required_providers {
     gdrive = {
       source = "hanneshayashi/gdrive"
-      version = "~> 0.9"
+      version = "~> 1.0"
     }
   }
 }
 ```
 
-## Setup
-First, you need a GCP Service Account with [Domain Wide Delegation](https://support.google.com/a/answer/162106) set up with the Google Drive scope.
+## Upgrade from 0.x
 
-This provider uses [GSM](https://github.com/hanneshayashi/gsm)'s auth and drive packages.
-You can take a look at the GSM [Setup Guide](https://gsm.hayashi-ke.online/setup), if you need help.
+Please see the [Upgrade Guide](https://registry.terraform.io/providers/hanneshayashi/gdrive/latest/docs/guides/version_1_upgrade) and make sure you have a backup of your state file before upgrading.
+
+## Setup
 
-The basic steps are:
-1. Create GCP Project
-2. Enable Drive API
-3. Create Service Account + Enable Domain Wide Delegation
+1. Create GCP Project (or use an existing one)
+2. Enable the following APIs:
+    * Drive API
+    * Drive Labels API
+    * Cloud Identity API
+3. Create a Service Account + Enable Domain Wide Delegation
     * See [Perform Google Workspace Domain-Wide Delegation of Authority](https://developers.google.com/admin-sdk/directory/v1/guides/delegation)
-    * **You don't need the Service Account Key if you want to use [Application Default Credential](https://cloud.google.com/iam/docs/best-practices-for-using-and-managing-service-accounts#use-attached-service-accounts)**
-4. Enter the Client ID of the Service Account with the [Drive scope](https://developers.google.com/identity/protocols/oauth2/scopes#drive) (`https://www.googleapis.com/auth/drive`) in your Admin Console
+    * **You *don't* need the Service Account Key if you want to use [Application Default Credential](https://cloud.google.com/iam/docs/best-practices-for-using-and-managing-service-accounts#use-attached-service-accounts)**
+4. Enter the Client ID of the Service Account with the following scopes in your Admin Console:
+    *	`https://www.googleapis.com/auth/drive`
+    *	`https://www.googleapis.com/auth/drive.labels`
+    *	`https://www.googleapis.com/auth/drive.admin.labels`
+    * `https://www.googleapis.com/auth/cloud-identity.orgunits`
 
 You can authenticate in one of two ways:
-1. Create a Service Account Key and configure the provider like so:
-```terraform
-provider "gdrive" {
-  service_account_key = "/path/to/sa.json"  # This is the path to your Service Account Key file or its content in JSON format
-  subject             = "[email protected]" # This is the user you want to impersonate with Domain Wide Delegation
-}
-```
-2. Use Application Default Credentials:
-Activate the [IAM Service Account Credentials API](https://console.developers.google.com/apis/api/iamcredentials.googleapis.com/overview) *in the project where the Service Account is located*
+1. Use Application Default Credentials (**recommended**):
+  Activate the [IAM Service Account Credentials API](https://console.developers.google.com/apis/api/iamcredentials.googleapis.com/overview) *in the project where the Service Account is located*
 
-   a) Use `gcloud auth application-default login` on your local workstation
+   a) Use a Google Compute Engine instance or [any service that supports attaching a Service Account in GCP](https://cloud.google.com/iam/docs/impersonating-service-accounts#attaching-new-resource)
 
    **or**
 
-   b) Use a Google Compute Engine instance or [any service that supports attaching a Service Account in GCP](https://cloud.google.com/iam/docs/impersonating-service-accounts#attaching-new-resource)
+   b) Use `gcloud auth application-default login --impersonate-service-account` on your local workstation
 
 In **both** cases, the account needs the *[Service Account Token Creator](https://cloud.google.com/iam/docs/service-accounts#token-creator-role)* role for the Service Account you set up for DWD (**even if your GCP service is using the same account**).
 
@@ -67,48 +76,15 @@ provider "gdrive" {
 }
 ```
 
-### Optional
-
-#### Enable Management of Shared Drives in Organizational Units
-
-**BEWARE! THE API AND THIS FEATURE ARE IN BETA AND MAY BREAK WITHOUT WARNING!**
-
-If you want to organize your Shared Drives in organizational units with this provider, some additional setup is required:
-1. Enable the Cloud Identity API in your GCP project
-2. Add `https://www.googleapis.com/auth/cloud-identity.orgunits` as a scope to your Domain Wide Delegation config
-3. Set `use_cloud_identity_api = true` in your provider configuration:
-
-```terraform
-provider "gdrive" {
-  # ...
-  use_cloud_identity_api = true
-}
-```
-
-#### Enable Drive Label API
-
-**Label assignments use the normal Drive API so no additional setup is required**
-
-If you want to use Google Drive Labels (currently data sources only), some additional setup is required:
-1. Enable the Drive Labels API in your GCP project
-2. Add `https://www.googleapis.com/auth/drive.labels` as a scope to your Domain Wide Delegation config
-3. Set `use_labels_api = true` in your provider configuration:
-
+2. Create a Service Account Key and configure the provider like so:
 ```terraform
 provider "gdrive" {
-  # ...
-  use_labels_api = true
+  service_account_key = "/path/to/sa.json"  # This is the path to your Service Account Key file or its content in JSON format
+  subject             = "[email protected]" # This is the user you want to impersonate with Domain Wide Delegation
 }
 ```
 
-If you want to use "admin access" when working with labels, you also need to do the following:
-1. Add `https://www.googleapis.com/auth/drive.admin.labels` as a scope to your Domain Wide Delegation config
-2. Set `use_labels_admin_scope = true` in your provider configuration:
+You can also set the `SERVICE_ACCOUNT_KEY` environment variable to store either the path to the Key file or the JSON contents directly.
 
-```terraform
-provider "gdrive" {
-  # ...
-  use_labels_api         = true
-  use_labels_admin_scope = true
-}
-```
+This provider uses [GSM](https://github.com/hanneshayashi/gsm) for authentication and API access.
+You can take a look at the GSM [Setup Guide](https://gsm.hayashi-ke.online/setup), if you need help.
diff --git a/docs/data-sources/drive.md b/docs/data-sources/drive.md
@@ -3,12 +3,12 @@
 page_title: "gdrive_drive Data Source - terraform-provider-gdrive"
 subcategory: ""
 description: |-
-  Gets a Shared Drive and returns its metadata
+  Gets a Shared Drive and returns its metadata.
 ---
 
 # gdrive_drive (Data Source)
 
-Gets a Shared Drive and returns its metadata
+Gets a Shared Drive and returns its metadata.
 
 ## Example Usage
 
@@ -23,24 +23,26 @@ data "gdrive_drive" "drive" {
 
 ### Required
 
-- `drive_id` (String) ID of the Shared Drive
+- `drive_id` (String) ID of the Shared Drive.
 
 ### Optional
 
-- `use_domain_admin_access` (Boolean) Use domain admin access
+- `use_domain_admin_access` (Boolean) Use domain admin access.
 
 ### Read-Only
 
-- `id` (String) The ID of this resource.
+- `id` (String) The unique ID of this resource.
 - `name` (String) The name of this shared drive.
-- `restrictions` (List of Object) A set of restrictions that apply to this shared drive or items inside this shared drive. (see [below for nested schema](#nestedatt--restrictions))
+- `restrictions` (Attributes) A set of restrictions that apply to this Shared Drive or items inside this Shared Drive. (see [below for nested schema](#nestedatt--restrictions))
 
 <a id="nestedatt--restrictions"></a>
 ### Nested Schema for `restrictions`
 
 Read-Only:
 
-- `admin_managed_restrictions` (Boolean)
-- `copy_requires_writer_permission` (Boolean)
-- `domain_users_only` (Boolean)
-- `drive_members_only` (Boolean)
+- `admin_managed_restrictions` (Boolean) Whether administrative privileges on this shared drive are required to modify restrictions.
+- `copy_requires_writer_permission` (Boolean) Whether the options to copy, print, or download files inside this shared drive, should be disabled for readers and commenters.
+When this restriction is set to true, it will override the similarly named field to true for any file inside this shared drive.
+- `domain_users_only` (Boolean) Whether access to this shared drive and items inside this shared drive is restricted to users of the domain to which this shared drive belongs.
+This restriction may be overridden by other sharing policies controlled outside of this shared drive.
+- `drive_members_only` (Boolean) Whether access to items inside this shared drive is restricted to its members.
diff --git a/docs/data-sources/drives.md b/docs/data-sources/drives.md
@@ -3,12 +3,12 @@
 page_title: "gdrive_drives Data Source - terraform-provider-gdrive"
 subcategory: ""
 description: |-
-  Returns a list of Shared Drives that match the given query
+  Returns a list of Shared Drives that match the given query.
 ---
 
 # gdrive_drives (Data Source)
 
-Returns a list of Shared Drives that match the given query
+Returns a list of Shared Drives that match the given query.
 
 ## Example Usage
 
@@ -31,22 +31,37 @@ data "gdrive_drives" "drives_no_members" {
 ### Required
 
 - `query` (String) Query string for searching shared drives.
+
 See the https://developers.google.com/drive/api/v3/search-shareddrives for supported syntax.
 
 ### Optional
 
-- `use_domain_admin_access` (Boolean) Use domain admin access
+- `use_domain_admin_access` (Boolean) Use domain admin access.
 
 ### Read-Only
 
-- `drives` (List of Object) (see [below for nested schema](#nestedatt--drives))
-- `id` (String) The ID of this resource.
+- `drives` (Attributes Set) A set of Shared Drives that match the specified query. (see [below for nested schema](#nestedatt--drives))
+- `id` (String) The unique ID of this resource.
+- `name` (String) The name of this shared drive.
 
 <a id="nestedatt--drives"></a>
 ### Nested Schema for `drives`
 
 Read-Only:
 
-- `drive_id` (String)
-- `name` (String)
-- `restrictions` (Map of Boolean)
+- `drive_id` (String) ID of the Shared Drive.
+- `id` (String) The unique ID of this resource.
+- `name` (String) The name of this shared drive.
+- `restrictions` (Attributes) A set of restrictions that apply to this Shared Drive or items inside this Shared Drive. (see [below for nested schema](#nestedatt--drives--restrictions))
+
+<a id="nestedatt--drives--restrictions"></a>
+### Nested Schema for `drives.restrictions`
+
+Read-Only:
+
+- `admin_managed_restrictions` (Boolean) Whether administrative privileges on this shared drive are required to modify restrictions.
+- `copy_requires_writer_permission` (Boolean) Whether the options to copy, print, or download files inside this shared drive, should be disabled for readers and commenters.
+When this restriction is set to true, it will override the similarly named field to true for any file inside this shared drive.
+- `domain_users_only` (Boolean) Whether access to this shared drive and items inside this shared drive is restricted to users of the domain to which this shared drive belongs.
+This restriction may be overridden by other sharing policies controlled outside of this shared drive.
+- `drive_members_only` (Boolean) Whether access to items inside this shared drive is restricted to its members.
diff --git a/docs/data-sources/file.md b/docs/data-sources/file.md
@@ -3,12 +3,18 @@
 page_title: "gdrive_file Data Source - terraform-provider-gdrive"
 subcategory: ""
 description: |-
-  Gets a files metadata and optionally downloads / exports it to the local file system
+  This data source can be used for the following:
+  * Get a file and return its metadata.
+  * Download a file from Drive to the local file system.
+  * Export a Google file (Doc, Sheet, etc) to a native file format (CSV, Excel, Word, etc.) and download it to the local file system.
 ---
 
 # gdrive_file (Data Source)
 
-Gets a files metadata and optionally downloads / exports it to the local file system
+This data source can be used for the following:
+* Get a file and return its metadata.
+* Download a file from Drive to the local file system.
+* Export a Google file (Doc, Sheet, etc) to a native file format (CSV, Excel, Word, etc.) and download it to the local file system.
 
 ## Example Usage
 
@@ -37,20 +43,21 @@ data "gdrive_file" "file_export" {
 
 ### Required
 
-- `file_id` (String) ID of the file
+- `file_id` (String) ID of the file.
 
 ### Optional
 
-- `download_path` (String) Use this to specify a local file path to download a (non-Google) file
+- `download_path` (String) Use this to specify a local file path to download a (non-Google) file.
 - `export_mime_type` (String) Specify the target MIME type for the export.
-For a list of supported MIME types see https://developers.google.com/drive/api/v3/ref-export-formats
+
+For a list of supported MIME types see https://developers.google.com/file/api/v3/ref-export-formats
 - `export_path` (String) Use this to specify a local file path to export a Google file (sheet, doc, etc.)
 
 ### Read-Only
 
-- `drive_id` (String) The driveId if the file is located in a Shared Drive
-- `id` (String) The ID of this resource.
+- `drive_id` (String) The ID of the Shared Drive the file is located it. Only present if the file is located in a Shared Drive.
+- `id` (String) The unique ID of this resource.
 - `local_file_path` (String) The path where the local copy or export of the file was created
-- `mime_type` (String) Name MIME type of the file in Google Drive
-- `name` (String) The name of the file
-- `parent` (String) The ID of the file's parent
+- `mime_type` (String) Name MIME type of the file in Google file.
+- `name` (String) The name of the file.
+- `parent` (String) The ID of the file's parent.