-
Notifications
You must be signed in to change notification settings - Fork 0
/
google-workspace-variables.tf
44 lines (38 loc) · 2.13 KB
/
google-workspace-variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
variable "google_workspace_gcp_project_id" {
type = string
description = "string ID of GCP project that will host oauth clients for Google Workspace API connectors; must exist"
}
variable "google_workspace_terraform_sa_account_email" {
type = string
description = "Email of GCP service account that will be used to provision GCP resources. Leave 'null' to use application default for you environment."
default = null
validation {
condition = var.google_workspace_terraform_sa_account_email == null || can(regex(".*@.*\\.iam\\.gserviceaccount\\.com$", var.google_workspace_terraform_sa_account_email))
error_message = "The gcp_terraform_sa_account_email value should be a valid GCP service account email address."
}
}
variable "google_workspace_example_user" {
type = string
description = "user to impersonate for Google Workspace API calls (null for none)"
default = null
}
variable "google_workspace_example_admin" {
type = string
description = "user to impersonate for Google Workspace API calls (null for value of `google_workspace_example_user`)"
default = null # will failover to user
}
variable "google_workspace_provision_keys" {
type = bool
description = "whether to provision key for each Google Workspace connector's GCP Service Account (OAuth Client). If false, you must create the key manually and provide it."
default = true
}
locals {
# tflint-ignore: terraform_unused_declarations
validate_google_workspace_gcp_project_id = (var.google_workspace_gcp_project_id == null || var.google_workspace_gcp_project_id == "") && (length(setintersection(var.enabled_connectors, ["gcal", "gdirectory", "gdrive", "gmail", "google-meet", "google-chat"])) > 0)
validate_google_workspace_gcp_project_id_message = "The google_workspace_gcp_project_id var should be populated if a Google Workspace connector is enabled."
validate_google_workspace_gcp_project_id_check = regex(
"^${local.validate_google_workspace_gcp_project_id_message}$",
(!local.validate_google_workspace_gcp_project_id
? local.validate_google_workspace_gcp_project_id_message
: ""))
}