access

Summary Adds Google Workspace user account provisioning so that members in certain roles automatically get a account, managed via Pulumi IaC. Changes New capabilities User provisioning: Members with , , and in roles with get a GWS user account created automatically Existing user import: Members with are imported into Pulumi state (via ) to avoid recreating accounts that already exist in Google Workspace Password management: New users get a random 24-char password with . Passwords are exported as a Pulumi secret stack output () Auto-licensing: All provisioned users are placed in — configure this OU in Google Admin Console with auto-license assignment for Workspace Business Smart group membership: Group membership logic now prefers the provisioned GWS email over the personal field Roles with (new Google config added) (new Google config added) (existing Google config updated) Members with GWS user fields (all existing users) , , , , , Files modified Deployment notes 1. Pre-requisite: Create a OU in Google Admin Console and configure auto-license assignment for Workspace Business 2. First deploy: Run — existing users will be imported, no new users created yet 3. After import: Remove flags from members (they are only needed for the first deploy) 4. Adding new users**: Add , , to a member in a role. After deploy, retrieve password with Verification passes (with expected warnings for members missing profile fields) passes (22/22)