create
Creates a Group.
Synopsis
Implements the API documented at https://cloud.google.com/identity/docs/reference/rest/v1/groups/create Examples:
- Create a dynamic group: gsm groupsCi create –id group@example.org –labels “cloudidentity.googleapis.com/groups.discussion_forum” –queries “resourceType=USER;query=user.organizations.exists(org, org.department==‘engineering’)”
gsm groupsCi create [flags]
Options
--description string An extended description to help users determine the purpose of a Group.
Must not be longer than 4,096 characters.
--displayName string The display name of the Group.
--fields string Fields allows partial responses to be retrieved.
See https://developers.google.com/gdata/docs/2.0/basics#PartialResponse for more information.
-h, --help help for create
--id string The ID of the entity.
For Google-managed entities, the id must be the email address.
For external-identity-mapped entities, the id must be a string conforming to the Identity Source's requirements.
Must be unique within a namespace.
--initialGroupConfig string Required. The initial configuration option for the Group.
WITH_INITIAL_OWNER - The end user making the request will be added as the initial owner of the Group.
EMPTY - An empty group is created without any initial owners.
This can only be used by admins of the domain. (default "EMPTY")
--labels strings One or more label entries that apply to the Group. Currently supported labels contain a key with an empty value.
Google Groups are the default type of group and have a label with a key of cloudidentity.googleapis.com/groups.discussion_forum and an empty value.
Existing Google Groups can have an additional label with a key of cloudidentity.googleapis.com/groups.security and an empty value added to them. This is an immutable change and the security label cannot be removed once added.
Dynamic groups have a label with a key of cloudidentity.googleapis.com/groups.dynamic.
Identity-mapped groups for Cloud Search have a label with a key of system/groups/external and an empty value.
Examples: {"cloudidentity.googleapis.com/groups.discussion_forum": ""} or {"system/groups/external": ""}.
An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
--namespace string The namespace in which the entity exists.
If not specified, the EntityKey represents a Google-managed entity such as a Google user or a Google Group.
If specified, the EntityKey represents an external-identity-mapped group.
The namespace must correspond to an identity source created in Admin Console and must be in the form of identitysources/{identity_source_id}.
--parent string Must be of the form identitysources/{identity_source_id} for external- identity-mapped groups or customers/{customer_id} for Google Groups.
--queries stringArray Memberships will be the union of all queries.
Only one entry with USER resource is currently supported.
Can be used multiple times in the form of "--queries query=...;resourceType=..."
You may use the following properties:
resourceType - The following values are valid:
- USER - For queries on User
query - Query that determines the memberships of the dynamic group.
Examples:
- All users with at least one organizations.department of engineering:
user.organizations.exists(org, org.department=='engineering')
- All users with at least one location that has area of foo and building_id of bar:
user.locations.exists(loc, loc.area=='foo' && loc.building_id=='bar')
Options inherited from parent commands
--compressOutput By default, GSM outputs "pretty" (indented) objects. By setting this flag, GSM's output will be compressed. This may or may not improve performance in scripts.
--config string config file (default is $HOME/.config/gsm/.gsm.yaml)
--delay int This delay (plus a random jitter between 0 and 50) will be applied after every command to avoid reaching quota and rate limits. Set to 0 to disable.
--dwdSubject string Specify a subject used for DWD impersonation (overrides value in config file)
--log string Set the path of the log file. Default is either ~/gsm.log or defined in your config file
--maxElapsedTime int This is the maximum total time that will be spent retrying a request in minutes. (default 15)
--maxRetryInterval int This is the maximum interval that will be used between retry attempts in seconds. (default 320)
--redirectPort int This is the TCP port on which GSM will create web server if you authenticate with a user account for the first time. This is necessary for the OAuth flow. See https://developers.google.com/identity/protocols/oauth2/native-app#redirect-uri_loopback (default 8081)
--retryOn ints Specify the HTTP error code(s) that GSM should retry on. Note that GSM will always retry on HTTP 403 errors that indicate a quota / rate limit error
--streamOutput Setting this flag will cause GSM to output slice values to stdout one by one, instead of one large object
SEE ALSO
- gsm groupsCi - Manage Google Groups with the Cloud Identity API
- gsm groupsCi create batch - Batch creates groups using a CSV file as input.