[gsuite_group_settings] who_can_moderate_members competing with who_can_approve_members
natalysheinin opened this issue · comments
Problem
I think both of these settings manage the same google attributes because if you have one set to something other than the default (default is ALL_MANAGERS_CAN_APPROVE
), then the terraform plan
attempts to change the other settings to the default.
Steps to Replicate
For example, let's say this is your tf config:
resource "gsuite_group_settings" "gsuite_group_settings" {
email = gsuite_group.gsuite_group.email
...
who_can_moderate_members = "NONE"
...
}
When you run terraform plan for the first time, it creates the group + group settings.
When you run terraform plan the second time (without making any code changes):
resource "gsuite_group_settings" "gsuite_group_settings" {
who_can_approve_members = "NONE_CAN_APPROVE" -> "ALL_MANAGERS_CAN_APPROVE"
When you run terraform plan the third time (without making any code changes):
resource "gsuite_group_settings" "gsuite_group_settings" {
who_can_moderate_members = "OWNERS_AND_MANAGERS" -> "NONE"
Proposed Solution
One of these settings should be deprecated.
According to google-api-go-client, WhoCanApproveMembers
is deprecated and merged into whoCanModerateMembers
.
Therefore, I think it's better to treat who_can_approve_members
as deprecated.
Also, the structs in group_settings have similar deprecated parts, so we need to consider them.