Add support for ExirationDate value for groups.memberships.ExpiryDetail

[salrashid123]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Add support for automatic expirations of group members
https://cloud.google.com/identity/docs/how-to/manage-expirations

this feature allows an admin to programatically set an expiration time for a user in a google group. this can be used to control 'firecall' or just in time access.

The current cloud_identity_group resource does not allow setting this value

Note, if a user is added to a group through a discrete operation ouside of using this module (eg, a resource provisioning the user ot a group directly using https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships/create) then when if the auto expiration is set and the user is removed out of band, the first terraform provisioning step would see the resource is not present and attempt to readd this. This may cause some significant issues but i'm not sure if this new flag in this resource would cause more potential harm than help..

New or Affected Resource(s)

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_identity_group

• google_cloud_identity_group

Potential Terraform Configuration

suggested form:

resource "google_cloud_identity_group_membership" "cloud_identity_group_membership_basic" {
  group = "groups/02grqrue4gb58m7"

  preferred_member_key {
    id = "[email protected]"
  }
  roles {
    name = "MEMBER"
    expiry_detail {
      expire_time = "2014-10-02T15:01:23Z"
    }
  }
}

References

GoogleCloudPlatform/magic-modules#3696

https://github.com/salrashid123/iam_autorevoke#terraform

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.