From 636683e2e7cee883dd5a53d47d2ca8040bf7705b Mon Sep 17 00:00:00 2001 From: Suhong Qin Date: Thu, 9 Nov 2023 21:07:06 +0000 Subject: [PATCH 01/10] Add dynamicGroupMetadata in cloud_identity_group --- mmv1/products/cloudidentity/Group.yaml | 79 +++++++++++++++- .../cloud_identity_groups_dynamic.tf.erb | 20 ++++ .../resource_cloud_identity_group_test.go.erb | 94 ++++++++++++++++++- 3 files changed, 191 insertions(+), 2 deletions(-) create mode 100644 mmv1/templates/terraform/examples/cloud_identity_groups_dynamic.tf.erb diff --git a/mmv1/products/cloudidentity/Group.yaml b/mmv1/products/cloudidentity/Group.yaml index 0fe37e0e21aa..bdcf97d162f3 100644 --- a/mmv1/products/cloudidentity/Group.yaml +++ b/mmv1/products/cloudidentity/Group.yaml @@ -50,6 +50,15 @@ examples: test_env_vars: org_domain: :ORG_DOMAIN cust_id: :CUST_ID + - !ruby/object:Provider::Terraform::Examples + name: 'cloud_identity_groups_dynamic' + skip_test: true + primary_resource_id: 'cloud_identity_groups_dynamic' + vars: + id_group: 'my-identity-dynamic-group' + test_env_vars: + org_domain: :ORG_DOMAIN + cust_id: :CUST_ID custom_code: !ruby/object:Provider::Terraform::CustomCode post_create: templates/terraform/post_create/set_computed_name.erb custom_import: templates/terraform/custom_import/cloud_identity_group_import.go.erb @@ -179,6 +188,74 @@ properties: Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added. - Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic. + Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic automatically added by the API when creating a group with 'dynamicGroupMetadata'. Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value. + - !ruby/object:Api::Type::NestedObject + name: 'dynamicGroupMetadata' + description: | + Dynamic group metadata like queries and status. + properties: + - !ruby/object:Api::Type::Array + name: 'queries' + description: | + Memberships will be the union of all queries. Only one entry with USER resource is currently supported. Customers can create up to 100 dynamic groups. + item_type: !ruby/object:Api::Type::NestedObject + properties: + - !ruby/object:Api::Type::Enum + name: 'resourceType' + required: true + description: | + Resource type for the Dynamic Group Query. + values: + - :USER + - !ruby/object:Api::Type::String + name: 'query' + required: true + description: | + Query that determines the memberships of the dynamic group. + Examples: + * All users with at least one organizations.department of engineering. + ``` + user.organizations.exists(org, org.department=='engineering') + ``` + * All users with at least one location that has area of foo and building_id of bar. + ``` + user.locations.exists(loc, loc.area=='foo' && loc.building_id=='bar') + ``` + * All users with any variation of the name John Doe (case-insensitive queries add + equalsIgnoreCase() to the value being queried). + ``` + user.name.value.equalsIgnoreCase('jOhn DoE') + ``` + **Note:** When using this field, Identity API will add + `"cloudidentity.googleapis.com/groups.dynamic"` to this group's labels. + - !ruby/object:Api::Type::NestedObject + name: 'status' + output: true + description: | + The current status of a dynamic group along with timestamp. + properties: + - !ruby/object:Api::Type::Enum + name: 'status' + output: true + description: | + Status of the dynamic group. + values: + - :UP_TO_DATE + - :UPDATING_MEMBERSHIPS + - :INVALID_QUERY + - :STATUS_UNSPECIFIED + - !ruby/object:Api::Type::Time + name: 'statusTime' + output: true + description: | + The latest time at which the dynamic group is guaranteed to be in + the given status. If status is UP_TO_DATE, the latest time at + which the dynamic group was confirmed to be up-to-date. If status + is UPDATING_MEMBERSHIPS, the time at which dynamic group was + created. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond + resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". diff --git a/mmv1/templates/terraform/examples/cloud_identity_groups_dynamic.tf.erb b/mmv1/templates/terraform/examples/cloud_identity_groups_dynamic.tf.erb new file mode 100644 index 000000000000..8ac3a954c510 --- /dev/null +++ b/mmv1/templates/terraform/examples/cloud_identity_groups_dynamic.tf.erb @@ -0,0 +1,20 @@ +resource "google_cloud_identity_group" "<%= ctx[:primary_resource_id] %>" { + display_name = "<%= ctx[:vars]['id_group'] %>" + + parent = "customers/<%= ctx[:test_env_vars]['cust_id'] %>" + + group_key { + id = "<%= ctx[:vars]['id_group'] %>@<%= ctx[:test_env_vars]['org_domain'] %>" + } + + labels = { + "cloudidentity.googleapis.com/groups.discussion_forum" = "" + } + + dynamic_group_metadata { + queries { + resource_type = "USER" + query = "user.addresses.exists(ad, ad.locality=='Sunnyvale')" + } + } +} diff --git a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb index 43ea19716b0f..9107e68d37e9 100644 --- a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb +++ b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb @@ -76,6 +76,7 @@ func testAccCloudIdentityGroup_update(context map[string]interface{}) string { resource "google_cloud_identity_group" "cloud_identity_group_basic" { display_name = "tf-test-my-identity-group%{random_suffix}-update" description = "my-description" + initial_group_config = "EMPTY" parent = "customers/%{cust_id}" @@ -85,7 +86,14 @@ resource "google_cloud_identity_group" "cloud_identity_group_basic" { labels = { "cloudidentity.googleapis.com/groups.discussion_forum" = "" - "cloudidentity.googleapis.com/groups.security" = "" + "cloudidentity.googleapis.com/groups.security" = "" + } + + dynamic_group_metadata { + queries { + resource_type = "USER" + query = "user.addresses.exists(ad, ad.locality=='Sunnyvale')" + } } } `, context) @@ -177,3 +185,87 @@ func testAccCheckCloudIdentityGroupDestroyProducer(t *testing.T) func(s *terrafo return nil } } + +func TestAccCloudIdentityGroup_cloudIdentityGroupsDynamicExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "org_domain": envvar.GetTestOrgDomainFromEnv(t), + "cust_id": envvar.GetTestCustIdFromEnv(t), + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckCloudIdentityGroupDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccCloudIdentityGroup_cloudIdentityGroupsDynamicExample(context), + }, + { + ResourceName: "google_cloud_identity_group.cloud_identity_groups_dynamic", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccCloudIdentityGroup_cloudIdentityGroupsDynamicUpdate(context), + }, + { + ResourceName: "google_cloud_identity_group.cloud_identity_groups_dynamic", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccCloudIdentityGroup_cloudIdentityGroupsDynamicExample(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_cloud_identity_group" "cloud_identity_groups_dynamic" { + display_name = "tf-test-my-identity-dynamic-group%{random_suffix}" + + parent = "customers/%{cust_id}" + + group_key { + id = "tf-test-my-identity-dynamic-group%{random_suffix}@%{org_domain}" + } + + labels = { + "cloudidentity.googleapis.com/groups.discussion_forum" = "" + } + + dynamic_group_metadata { + queries { + resource_type = "USER" + query = "user.addresses.exists(ad, ad.locality=='Sunnyvale')" + } + } +} +`, context) +} + +func testAccCloudIdentityGroup_cloudIdentityGroupsDynamicUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_cloud_identity_group" "cloud_identity_groups_dynamic" { + display_name = "tf-test-my-identity-dynamic-group%{random_suffix}" + + parent = "customers/%{cust_id}" + + group_key { + id = "tf-test-my-identity-dynamic-group%{random_suffix}@%{org_domain}" + } + + labels = { + "cloudidentity.googleapis.com/groups.discussion_forum" = "" + } + + dynamic_group_metadata { + queries { + resource_type = "USER" + query = "user.addresses.exists(ad, ad.locality=='Seattle')" + } + } +} +`, context) +} From e38f6ae29e04a67ef1ab9a643a7482ae73374bc7 Mon Sep 17 00:00:00 2001 From: Suhong Qin Date: Thu, 16 Nov 2023 17:31:39 +0000 Subject: [PATCH 02/10] fix dynamic group update --- .../cloudidentity/resource_cloud_identity_group_test.go.erb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb index 9107e68d37e9..d359c1f06edc 100644 --- a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb +++ b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb @@ -257,7 +257,8 @@ resource "google_cloud_identity_group" "cloud_identity_groups_dynamic" { } labels = { - "cloudidentity.googleapis.com/groups.discussion_forum" = "" + "cloudidentity.googleapis.com/groups.discussion_forum" = "", + "cloudidentity.googleapis.com/groups.dynamic" = "" } dynamic_group_metadata { From a6fc83ec7806d29422fd1ef47b8775f40d0c8101 Mon Sep 17 00:00:00 2001 From: Suhong Qin Date: Thu, 16 Nov 2023 23:28:57 +0000 Subject: [PATCH 03/10] fix update --- .../resource_cloud_identity_group_test.go.erb | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb index d359c1f06edc..59fdd609567d 100644 --- a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb +++ b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb @@ -76,7 +76,6 @@ func testAccCloudIdentityGroup_update(context map[string]interface{}) string { resource "google_cloud_identity_group" "cloud_identity_group_basic" { display_name = "tf-test-my-identity-group%{random_suffix}-update" description = "my-description" - initial_group_config = "EMPTY" parent = "customers/%{cust_id}" @@ -88,13 +87,6 @@ resource "google_cloud_identity_group" "cloud_identity_group_basic" { "cloudidentity.googleapis.com/groups.discussion_forum" = "" "cloudidentity.googleapis.com/groups.security" = "" } - - dynamic_group_metadata { - queries { - resource_type = "USER" - query = "user.addresses.exists(ad, ad.locality=='Sunnyvale')" - } - } } `, context) } @@ -257,8 +249,8 @@ resource "google_cloud_identity_group" "cloud_identity_groups_dynamic" { } labels = { - "cloudidentity.googleapis.com/groups.discussion_forum" = "", "cloudidentity.googleapis.com/groups.dynamic" = "" + "cloudidentity.googleapis.com/groups.discussion_forum" = "" } dynamic_group_metadata { From 90ca9d4a0aff2ceb97f60908c0c9cc5a6a586db4 Mon Sep 17 00:00:00 2001 From: Suhong Qin Date: Fri, 17 Nov 2023 18:11:04 +0000 Subject: [PATCH 04/10] test dynamic group create --- .../resource_cloud_identity_group_test.go.erb | 34 ------------------- 1 file changed, 34 deletions(-) diff --git a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb index 59fdd609567d..d56e228944d3 100644 --- a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb +++ b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb @@ -200,14 +200,6 @@ func TestAccCloudIdentityGroup_cloudIdentityGroupsDynamicExample(t *testing.T) { ImportState: true, ImportStateVerify: true, }, - { - Config: testAccCloudIdentityGroup_cloudIdentityGroupsDynamicUpdate(context), - }, - { - ResourceName: "google_cloud_identity_group.cloud_identity_groups_dynamic", - ImportState: true, - ImportStateVerify: true, - }, }, }) } @@ -236,29 +228,3 @@ resource "google_cloud_identity_group" "cloud_identity_groups_dynamic" { } `, context) } - -func testAccCloudIdentityGroup_cloudIdentityGroupsDynamicUpdate(context map[string]interface{}) string { - return acctest.Nprintf(` -resource "google_cloud_identity_group" "cloud_identity_groups_dynamic" { - display_name = "tf-test-my-identity-dynamic-group%{random_suffix}" - - parent = "customers/%{cust_id}" - - group_key { - id = "tf-test-my-identity-dynamic-group%{random_suffix}@%{org_domain}" - } - - labels = { - "cloudidentity.googleapis.com/groups.dynamic" = "" - "cloudidentity.googleapis.com/groups.discussion_forum" = "" - } - - dynamic_group_metadata { - queries { - resource_type = "USER" - query = "user.addresses.exists(ad, ad.locality=='Seattle')" - } - } -} -`, context) -} From ee4a6774926859c69b50bb74d5bd666a675ba505 Mon Sep 17 00:00:00 2001 From: Suhong Qin Date: Sat, 9 Dec 2023 00:07:28 +0000 Subject: [PATCH 05/10] add diff supress func --- mmv1/products/cloudidentity/Group.yaml | 2 ++ .../cloud_identity_group_dynamic_label.go.erb | 20 +++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb diff --git a/mmv1/products/cloudidentity/Group.yaml b/mmv1/products/cloudidentity/Group.yaml index bdcf97d162f3..36acf70d8cd3 100644 --- a/mmv1/products/cloudidentity/Group.yaml +++ b/mmv1/products/cloudidentity/Group.yaml @@ -60,6 +60,7 @@ examples: org_domain: :ORG_DOMAIN cust_id: :CUST_ID custom_code: !ruby/object:Provider::Terraform::CustomCode + constants: templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb post_create: templates/terraform/post_create/set_computed_name.erb custom_import: templates/terraform/custom_import/cloud_identity_group_import.go.erb parameters: @@ -181,6 +182,7 @@ properties: - !ruby/object:Api::Type::KeyValuePairs name: 'labels' required: true + diff_suppress_func: resourceCloudIdentityGroupDynamicLabelDiffSuppress description: | One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value. diff --git a/mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb b/mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb new file mode 100644 index 000000000000..54089555eb82 --- /dev/null +++ b/mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb @@ -0,0 +1,20 @@ +const dynamicLabel = "cloudidentity.googleapis.com/groups.dynamic" + +// we want to suppress the dynamic label diff +func resourceCloudIdentityGroupDynamicLabelDiffSuppress(k, _, _ string, d *schema.ResourceData) bool { + // For a map, k is path to the element, rather than the map. + // E.g. "node_groups.2.ips.0" + lastDotIndex := strings.LastIndex(k, ".") + if lastDotIndex != -1 { + k = string(k[:lastDotIndex]) + } + + oldData, newData := d.GetChange(k) + m := make(map[string]interface{}) + for key, val := range newData.(map[string]interface{}) { + if key != dynamicLabel { + m[key] = val + } + } + return reflect.DeepEqual(oldData.(map[string]interface{}), m) +} \ No newline at end of file From aa192c5db761de06893c910fb9d48ce13d2a4f93 Mon Sep 17 00:00:00 2001 From: Suhong Qin Date: Mon, 11 Dec 2023 17:40:17 +0000 Subject: [PATCH 06/10] fix build failure --- .../cloud_identity_group_dynamic_label.go.erb | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb b/mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb index 54089555eb82..a1d395d82876 100644 --- a/mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb +++ b/mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb @@ -9,12 +9,16 @@ func resourceCloudIdentityGroupDynamicLabelDiffSuppress(k, _, _ string, d *schem k = string(k[:lastDotIndex]) } - oldData, newData := d.GetChange(k) - m := make(map[string]interface{}) - for key, val := range newData.(map[string]interface{}) { - if key != dynamicLabel { - m[key] = val - } - } - return reflect.DeepEqual(oldData.(map[string]interface{}), m) + oldData, newData := d.GetChange(k) + if oldData == nil || newData == nil { + return false + } + + m := make(map[string]interface{}) + for key, val := range newData.(map[string]interface{}) { + if key != dynamicLabel { + m[key] = val + } + } + return reflect.DeepEqual(oldData.(map[string]interface{}), m) } \ No newline at end of file From 7d01137ae3673af38eaa77e62e8518f9ddd52202 Mon Sep 17 00:00:00 2001 From: Suhong Qin Date: Mon, 11 Dec 2023 22:58:35 +0000 Subject: [PATCH 07/10] fix supressfunc --- .../constants/cloud_identity_group_dynamic_label.go.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb b/mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb index a1d395d82876..9e1bf1b3f529 100644 --- a/mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb +++ b/mmv1/templates/terraform/constants/cloud_identity_group_dynamic_label.go.erb @@ -15,10 +15,10 @@ func resourceCloudIdentityGroupDynamicLabelDiffSuppress(k, _, _ string, d *schem } m := make(map[string]interface{}) - for key, val := range newData.(map[string]interface{}) { + for key, val := range oldData.(map[string]interface{}) { if key != dynamicLabel { m[key] = val } } - return reflect.DeepEqual(oldData.(map[string]interface{}), m) + return reflect.DeepEqual(m, newData.(map[string]interface{})) } \ No newline at end of file From 40f5fec9db56cc26fe483c661429e97951c1f38f Mon Sep 17 00:00:00 2001 From: Suhong Qin Date: Tue, 12 Dec 2023 00:49:16 +0000 Subject: [PATCH 08/10] check --- .../cloudidentity/resource_cloud_identity_group_test.go.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb index d56e228944d3..1e5cff326857 100644 --- a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb +++ b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb @@ -222,7 +222,7 @@ resource "google_cloud_identity_group" "cloud_identity_groups_dynamic" { dynamic_group_metadata { queries { resource_type = "USER" - query = "user.addresses.exists(ad, ad.locality=='Sunnyvale')" + query = "user.addresses.exists(ad, ad.locality=='Seattle')" } } } From 9bacfd454bc04334f088c16b1ab042a7d2cb798b Mon Sep 17 00:00:00 2001 From: Suhong Qin Date: Tue, 12 Dec 2023 19:09:28 +0000 Subject: [PATCH 09/10] ExpectNonEmptyPlan --- .../cloudidentity/resource_cloud_identity_group_test.go.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb index 1e5cff326857..782110a635d5 100644 --- a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb +++ b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb @@ -194,11 +194,11 @@ func TestAccCloudIdentityGroup_cloudIdentityGroupsDynamicExample(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccCloudIdentityGroup_cloudIdentityGroupsDynamicExample(context), + ExpectNonEmptyPlan: true, }, { ResourceName: "google_cloud_identity_group.cloud_identity_groups_dynamic", ImportState: true, - ImportStateVerify: true, }, }, }) From 54bd362ea958d51ce89fbb7d2321ce1b767a5746 Mon Sep 17 00:00:00 2001 From: Suhong Qin Date: Tue, 12 Dec 2023 20:36:30 +0000 Subject: [PATCH 10/10] Revert "test dynamic group create" This reverts commit 90ca9d4a0aff2ceb97f60908c0c9cc5a6a586db4. --- .../resource_cloud_identity_group_test.go.erb | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb index 782110a635d5..2d6a74d07ea9 100644 --- a/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb +++ b/mmv1/third_party/terraform/services/cloudidentity/resource_cloud_identity_group_test.go.erb @@ -200,6 +200,14 @@ func TestAccCloudIdentityGroup_cloudIdentityGroupsDynamicExample(t *testing.T) { ResourceName: "google_cloud_identity_group.cloud_identity_groups_dynamic", ImportState: true, }, + { + Config: testAccCloudIdentityGroup_cloudIdentityGroupsDynamicUpdate(context), + }, + { + ResourceName: "google_cloud_identity_group.cloud_identity_groups_dynamic", + ImportState: true, + ImportStateVerify: true, + }, }, }) } @@ -228,3 +236,28 @@ resource "google_cloud_identity_group" "cloud_identity_groups_dynamic" { } `, context) } + +func testAccCloudIdentityGroup_cloudIdentityGroupsDynamicUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_cloud_identity_group" "cloud_identity_groups_dynamic" { + display_name = "tf-test-my-identity-dynamic-group%{random_suffix}" + + parent = "customers/%{cust_id}" + + group_key { + id = "tf-test-my-identity-dynamic-group%{random_suffix}@%{org_domain}" + } + + labels = { + "cloudidentity.googleapis.com/groups.discussion_forum" = "" + } + + dynamic_group_metadata { + queries { + resource_type = "USER" + query = "user.addresses.exists(ad, ad.locality=='Seattle')" + } + } +} +`, context) +}