You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Suppress googleworkspace permadiffs in preview output
- GroupSettings: ignoreChanges on isArchived (upstream
hashicorp/terraform-provider-googleworkspace#398)
- OrgUnit: drop the stale import option; it was only needed for the
initial adopt and now triggers a re-compare on every preview
description: role.description+' \n(Managed by github.com/modelcontextprotocol/access)',
21
21
});
22
22
23
-
newgworkspace.GroupSettings(role.google.group,{
24
-
email: groups[role.google.group].email,
25
-
26
-
// Maximise visibility of group. It's visible in GitHub anyway
27
-
whoCanViewMembership: 'ALL_IN_DOMAIN_CAN_VIEW',
28
-
29
-
// This specifies who can add/remove members. We want this to only be via this IaC.
30
-
whoCanModerateMembers: 'NONE',
31
-
whoCanLeaveGroup: 'NONE_CAN_LEAVE',
32
-
whoCanJoin: 'INVITED_CAN_JOIN',
33
-
34
-
// Email groups allow anyone (including externals) to post
35
-
// Non-email groups are not intended as mailing lists, so use the most restrictive settings
36
-
// whoCanViewGroup is badly named, but actually means 'Permissions to view group messages'. See https://developers.google.com/workspace/admin/groups-settings/v1/reference/groups
37
-
...(role.google.isEmailGroup
38
-
? {
39
-
whoCanPostMessage: 'ANYONE_CAN_POST',
40
-
whoCanContactOwner: 'ALL_OWNERS_CAN_CONTACT',
41
-
whoCanViewGroup: 'ALL_MEMBERS_CAN_VIEW',
42
-
}
43
-
: {
44
-
whoCanPostMessage: 'ALL_OWNERS_CAN_POST',
45
-
whoCanContactOwner: 'ALL_OWNERS_CAN_CONTACT',
46
-
whoCanViewGroup: 'ALL_OWNERS_CAN_VIEW',
47
-
}),
48
-
});
23
+
newgworkspace.GroupSettings(
24
+
role.google.group,
25
+
{
26
+
email: groups[role.google.group].email,
27
+
28
+
// Maximise visibility of group. It's visible in GitHub anyway
29
+
whoCanViewMembership: 'ALL_IN_DOMAIN_CAN_VIEW',
30
+
31
+
// This specifies who can add/remove members. We want this to only be via this IaC.
32
+
whoCanModerateMembers: 'NONE',
33
+
whoCanLeaveGroup: 'NONE_CAN_LEAVE',
34
+
whoCanJoin: 'INVITED_CAN_JOIN',
35
+
36
+
// Email groups allow anyone (including externals) to post
37
+
// Non-email groups are not intended as mailing lists, so use the most restrictive settings
38
+
// whoCanViewGroup is badly named, but actually means 'Permissions to view group messages'. See https://developers.google.com/workspace/admin/groups-settings/v1/reference/groups
39
+
...(role.google.isEmailGroup
40
+
? {
41
+
whoCanPostMessage: 'ANYONE_CAN_POST',
42
+
whoCanContactOwner: 'ALL_OWNERS_CAN_CONTACT',
43
+
whoCanViewGroup: 'ALL_MEMBERS_CAN_VIEW',
44
+
}
45
+
: {
46
+
whoCanPostMessage: 'ALL_OWNERS_CAN_POST',
47
+
whoCanContactOwner: 'ALL_OWNERS_CAN_CONTACT',
48
+
whoCanViewGroup: 'ALL_OWNERS_CAN_VIEW',
49
+
}),
50
+
},
51
+
{ignoreChanges: ['isArchived']}
52
+
);
49
53
});
50
54
51
55
// Create the organizational unit for MCP users
@@ -56,7 +60,7 @@ const mcpOrgUnit = new gworkspace.OrgUnit(
0 commit comments