[SYM-5335] Implement gcp_connector

[llam15]

Description

• Implements the gcp_connector module, which:

  • Creates the resources required for the Sym Runtime to access a given Google Cloud Platform organization via Workload Identity Federation.
  • Adds variables to allow implementers to toggle whether to allow Sym to manage Google Group Memberships
  • Note: Because Google Workspace Admin Roles can only be managed by the Admin Console or with a Super Admin user, this module does not define the custom role that must be attached to the Sym Service Account. Instead we will provide in the documentation steps on how to set it up manually.

• Adds a CircleCI pipeline to run terraform/fmt and terraform/validate as required checks for PRs

• Adds a CODEOWNER file as well as a PR template file

Testing

• Manually tested by applying to the sym-intergation-leslie project in the compliance.dev test account like so:

module "gcp_connector" {
  source = "../gcp-connector"

  environment                     = "leslie-local"
  identity_pool_project_id = google_project.sym_integration.project_id
  gcp_org_id                       = "472792873457"

  enable_group_management_api  = true

  depends_on = [google_project.sym_integration]
}

[linear]

SYM-5335 Implement gcp_connector

[llam15]

This precondition block is what forces our minimum Terraform version to be >= 1.2.

Currently, the latest version of Terraform is 1.6.5. Are we comfortable with saying that to use the gcp_connector you must have a version >= 1.2?

[Arianna2028]

Got it... I do think we can get away with it, though it would be good, if possible, to find out if our existing customers who are interested in using us with GCP are able to do this.

[llam15]

I decided to make the TF Doc generation part of our pre-commit hooks, so that we can preview the README in the PRs before merging, instead of generating them after they are merged to main.

Thoughts?