|
8 | 8 |
|
9 | 9 | ## Purpose and Functionality |
10 | 10 |
|
11 | | -This is a [child-module](https://opentofu.org/docs/language/modules/#child-modules) for managing Google Workspace users, groups, and roles. |
| 11 | +Use this [child module](https://opentofu.org/docs/language/modules/#child-modules) to manage Google Workspace users, groups, and roles. |
| 12 | + |
| 13 | +If you want to use this module with an existing Google Workspace, see the [import-existing-org](examples/import-existing-org) example, which demonstrates how to import your existing Google users and groups. |
12 | 14 |
|
13 | 15 | ## Usage |
14 | 16 |
|
15 | 17 | ### Step-by-Step Instructions |
16 | 18 |
|
17 | | -There are 2 provider authentication routes available, |
18 | | -1 - authenticate a service account via API keys |
19 | | -2 - authenticate using API keys and impersonate a real User with Super Admin privileges. |
| 19 | +There are two provider authentication methods available: |
| 20 | +1. Authenticate using a Google Cloud service account key file. |
| 21 | +2. Authenticate using a Google Cloud service account key file and impersonate a real user with Super Admin privileges. |
20 | 22 |
|
21 | | -We recommend impersonating a Super Admin, which allows you to grant Admin privileges to users (service Accounts cannot do this). |
| 23 | +We recommend method (2), impersonating a Super Admin, as this allows you to grant Admin privileges to users (service accounts cannot do this). To set this up, follow the [Domain-Wide Delegation authentication instructions](https://github.com/hashicorp/terraform-provider-googleworkspace/blob/main/docs/index.md#using-domain-wide-delegation). |
22 | 24 |
|
23 | 25 | Follow the provider [authentication setup instructions](https://github.com/hashicorp/terraform-provider-googleworkspace/blob/main/docs/index.md#google-workspace-provider). |
24 | 26 |
|
25 | | -Once you've finished the setup process, your provider block should look like this, |
| 27 | +Once you've completed the setup process, your provider block should look like this: |
26 | 28 |
|
27 | 29 | ```hcl |
28 | 30 | provider "googleworkspace" { |
29 | | - # use 'my_customer', which is an alias that Google's API recognizes to reference your account's customerId. |
30 | | - # User Custom Schemas (googleworkspace_user.custom_schemas) will fail if the customer_id is set to your actual customer_id. |
31 | | - # For more details see: https://developers.google.com/workspace/admin/directory/reference/rest/v1/schemas/get |
| 31 | + # Use 'my_customer' as an alias for your account's customerId to ensure compatibility with Google's API |
| 32 | + # For example, custom schemas on the user object will fail if the customer_id is set to your actual customer_id |
| 33 | + # For more details: https://developers.google.com/workspace/admin/directory/reference/rest/v1/schemas/get |
32 | 34 | customer_id = "my_customer" |
33 | 35 |
|
34 | 36 | credentials = "/path/to/credentials/my-google-project-credentials-1234567890.json" |
|
0 commit comments