Enable users to see 'derived' memberships of Google groups in a new data source similar to google_cloud_identity_group_memberships

[SarahFrench]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to a user, that user is claiming responsibility for the issue.
• Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Description

(Opened on behalf of a customer)

The google_cloud_identity_group_membership data source helps user retrieve the members of a given Google Group. Groups can be members of groups, and currently that data source will show that group among the list of members. Any individuals how have membership of a group via another group are not explicitly named.

For example, google_cloud_identity_group_membership would not list User X as an explicit member of Group A from the diagram below:

Group A _____________
|         Group B___
|          |  User X
|          |_________
|____________________

The cloud identity API has an endpoint called searchTransitiveMemberships (https://cloud.google.com/identity/docs/reference/rest/v1/groups.memberships/searchTransitiveMemberships) that would enable getting the list of all 'indirect' members of a group. The response from this API lists members of a given group and notes whether "relationType": "DIRECT" or "relationType": "INDIRECT" for each member found.

Using the diagram above, the new google_cloud_identity_group_transative_memberships data source (when provided Group A as an argument) would list Group B as a DIRECT member of Group A, and User X as an INDIRECT member of Group A.

New or Affected Resource(s)

• google_cloud_identity_group_transative_memberships

Potential Terraform Configuration

data "google_cloud_identity_group_transative_memberships" "members" {
  group = "groups/123eab45c6defghi"
}

References

No response

b/343221192

[SarahFrench]

I'm working on this: GoogleCloudPlatform/magic-modules#11337

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.