Possible to output DNS TXT verification string upon creation of new domain?

[MostHated]

Hey there,
I am trying to streamline my process a bit. I buy my domains names through NameCheap but point their NS to Cloudflare, so I was able to use the Cloudflare provider and there is a newer Namecheap provider that does the job. I am trying to integrate all 3 of these if possible.

Ideally I want it to work like this:

(Namecheap as registrar, nothing else setup)

1. TF apply:
2. G-Suite provider creates the domain record (this is working well currently) and then creates and outputs the verification TXT record (While testing the creation functionality the other day, I had to go into the admin panel under domains section and click on it in my list of domains to see the record)
3. Cloudflare provider creates zone record for domain which then outputs the assigned NS servers
4. Namecheap provider takes the output NS from Cloudflare in as input to point the domain to Cloudflare (The above two have to happen in that order as Cloudflare will not let you add DNS records until domains NS are pointed to it)
5. Cloudflare provider takes in the TXT record output from G-Suite as input to DNS TXT entry and creates the rest of the records within the zone

Does this sound like something that is possible with the functionality that is available within this G-Suite provider?

Thanks,
-MH

[MostHated]

I got everything all setup to the point where it is all created minus the txt record in Cloudflare. I went into the admin panel to see for sure what the end result was and it lists the domain in there, but it has a link you have to press that says "Activate domain" which then lets you see the txt record. I would imagine there must be some sort of flag or something, such as activate = true or similar that can be put onto the gsuite_domain record entry and then return the txt?

**Edit - The page says "Activate", but looking at the link you press, it has through some API stuff it has to do with "verify alias ownership"

https://admin.google.com/domain.com/VerifyAliasOwnership?alias=domain.com

I found this:

{
  "kind": "admin#directory#domainAlias",
  "etag": etag,
  "domainAliasName": string,
  "parentDomainName": string,
  "verified": boolean,
  "creationTime": long
}

https://developers.google.com/admin-sdk/directory/v1/reference/domainAliases

It looks like if the Domain Verification Token can be retrieved and then output, that might do the trick. I am not sure if there is a way to make it look for that automatically after it is applied to the DNS record, though.

[DeviaVir]

Hmm, I don't see that verification token as part of the golang API we use:
https://godoc.org/google.golang.org/api/admin/directory/v1#DomainAlias

I did find https://godoc.org/google.golang.org/api/admin/directory/v1#VerificationCode, but that will need to be its own terraform resource (bit more work involved there).

[MostHated]

Ah, I understand. Well, at least I got fairly close to achieving full automation. Perhaps I can write some sort of filler script to try and handle the process. It is not the most important thing in the world currently, I am pretty content with what I have been able to accomplish thus far thanks to your package, so I definitely thank you for that!

Thanks,
-MH