From 9fa1d462d2cc78cfeeca1d3e2b8cd8f556077a08 Mon Sep 17 00:00:00 2001 From: The Magician Date: Thu, 14 Mar 2019 09:45:45 -0700 Subject: [PATCH] Adding datasources for folder and project org policy (#3137) /cc @chrisst --- ...ource_google_folder_organization_policy.go | 27 ++++++ ..._google_folder_organization_policy_test.go | 91 +++++++++++++++++++ ...urce_google_project_organization_policy.go | 27 ++++++ ...google_project_organization_policy_test.go | 47 ++++++++++ google/provider.go | 2 + ...e_folder_organization_policy.html.markdown | 39 ++++++++ ..._project_organization_policy.html.markdown | 40 ++++++++ website/google.erb | 6 ++ 8 files changed, 279 insertions(+) create mode 100644 google/data_source_google_folder_organization_policy.go create mode 100644 google/data_source_google_folder_organization_policy_test.go create mode 100644 google/data_source_google_project_organization_policy.go create mode 100644 google/data_source_google_project_organization_policy_test.go create mode 100644 website/docs/d/datasource_google_folder_organization_policy.html.markdown create mode 100644 website/docs/d/datasource_google_project_organization_policy.html.markdown diff --git a/google/data_source_google_folder_organization_policy.go b/google/data_source_google_folder_organization_policy.go new file mode 100644 index 00000000..3d976c97 --- /dev/null +++ b/google/data_source_google_folder_organization_policy.go @@ -0,0 +1,27 @@ +package google + +import ( + "fmt" + + "github.com/hashicorp/terraform/helper/schema" +) + +func dataSourceGoogleFolderOrganizationPolicy() *schema.Resource { + // Generate datasource schema from resource + dsSchema := datasourceSchemaFromResourceSchema(resourceGoogleFolderOrganizationPolicy().Schema) + + addRequiredFieldsToSchema(dsSchema, "folder") + addRequiredFieldsToSchema(dsSchema, "constraint") + + return &schema.Resource{ + Read: datasourceGoogleFolderOrganizationPolicyRead, + Schema: dsSchema, + } +} + +func datasourceGoogleFolderOrganizationPolicyRead(d *schema.ResourceData, meta interface{}) error { + + d.SetId(fmt.Sprintf("%s:%s", d.Get("folder"), d.Get("constraint"))) + + return resourceGoogleFolderOrganizationPolicyRead(d, meta) +} diff --git a/google/data_source_google_folder_organization_policy_test.go b/google/data_source_google_folder_organization_policy_test.go new file mode 100644 index 00000000..7a631d1d --- /dev/null +++ b/google/data_source_google_folder_organization_policy_test.go @@ -0,0 +1,91 @@ +package google + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/acctest" + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccDataSourceGoogleFolderOrganizationPolicy_basic(t *testing.T) { + folder := acctest.RandomWithPrefix("tf-test") + org := getTestOrgFromEnv(t) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceGoogleFolderOrganizationPolicy_basic(org, folder), + Check: testAccDataSourceGoogleOrganizationPolicyCheck( + "data.google_folder_organization_policy.data", + "google_folder_organization_policy.resource"), + }, + }, + }) +} + +func testAccDataSourceGoogleOrganizationPolicyCheck(dataSourceName string, resourceName string) resource.TestCheckFunc { + return func(s *terraform.State) error { + ds, ok := s.RootModule().Resources[dataSourceName] + if !ok { + return fmt.Errorf("root module has no resource called %s", dataSourceName) + } + + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("can't find %s in state", resourceName) + } + + dsAttr := ds.Primary.Attributes + rsAttr := rs.Primary.Attributes + + cloudFuncAttrToCheck := []string{ + "name", + "folder", + "constraint", + "version", + "list_policy", + "restore_policy", + "boolean_policy", + } + + for _, attr := range cloudFuncAttrToCheck { + if dsAttr[attr] != rsAttr[attr] { + return fmt.Errorf( + "%s is %s; want %s", + attr, + dsAttr[attr], + rsAttr[attr], + ) + } + } + + return nil + } +} + +func testAccDataSourceGoogleFolderOrganizationPolicy_basic(org, folder string) string { + return fmt.Sprintf(` +resource "google_folder" "orgpolicy" { + display_name = "%s" + parent = "%s" +} + +resource "google_folder_organization_policy" "resource" { + folder = "${google_folder.orgpolicy.name}" + constraint = "serviceuser.services" + + restore_policy { + default = true + } +} + +data "google_folder_organization_policy" "data" { + folder = "${google_folder.orgpolicy.name}" + constraint = "serviceuser.services" +} + `, folder, "organizations/"+org) +} diff --git a/google/data_source_google_project_organization_policy.go b/google/data_source_google_project_organization_policy.go new file mode 100644 index 00000000..3e472bec --- /dev/null +++ b/google/data_source_google_project_organization_policy.go @@ -0,0 +1,27 @@ +package google + +import ( + "fmt" + + "github.com/hashicorp/terraform/helper/schema" +) + +func dataSourceGoogleProjectOrganizationPolicy() *schema.Resource { + // Generate datasource schema from resource + dsSchema := datasourceSchemaFromResourceSchema(resourceGoogleProjectOrganizationPolicy().Schema) + + addRequiredFieldsToSchema(dsSchema, "project") + addRequiredFieldsToSchema(dsSchema, "constraint") + + return &schema.Resource{ + Read: datasourceGoogleProjectOrganizationPolicyRead, + Schema: dsSchema, + } +} + +func datasourceGoogleProjectOrganizationPolicyRead(d *schema.ResourceData, meta interface{}) error { + + d.SetId(fmt.Sprintf("%s:%s", d.Get("project"), d.Get("constraint"))) + + return resourceGoogleProjectOrganizationPolicyRead(d, meta) +} diff --git a/google/data_source_google_project_organization_policy_test.go b/google/data_source_google_project_organization_policy_test.go new file mode 100644 index 00000000..d4113b82 --- /dev/null +++ b/google/data_source_google_project_organization_policy_test.go @@ -0,0 +1,47 @@ +package google + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" +) + +func TestAccDataSourceGoogleProjectOrganizationPolicy_basic(t *testing.T) { + project := getTestProjectFromEnv() + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccDataSourceGoogleProjectOrganizationPolicy_basic(project), + Check: testAccDataSourceGoogleOrganizationPolicyCheck( + "data.google_project_organization_policy.data", + "google_project_organization_policy.resource"), + }, + }, + }) +} + +func testAccDataSourceGoogleProjectOrganizationPolicy_basic(project string) string { + return fmt.Sprintf(` + + +resource "google_project_organization_policy" "resource" { + project = "%s" + constraint = "constraints/compute.trustedImageProjects" + + list_policy { + allow { + all = true + } + } +} + +data "google_project_organization_policy" "data" { + project = "%s" + constraint = "constraints/compute.trustedImageProjects" +} + `, project, project) +} diff --git a/google/provider.go b/google/provider.go index cd3d3d4d..4f5dfa02 100644 --- a/google/provider.go +++ b/google/provider.go @@ -109,10 +109,12 @@ func Provider() terraform.ResourceProvider { "google_kms_key_ring": dataSourceGoogleKmsKeyRing(), "google_kms_crypto_key": dataSourceGoogleKmsCryptoKey(), "google_folder": dataSourceGoogleFolder(), + "google_folder_organization_policy": dataSourceGoogleFolderOrganizationPolicy(), "google_netblock_ip_ranges": dataSourceGoogleNetblockIpRanges(), "google_organization": dataSourceGoogleOrganization(), "google_project": dataSourceGoogleProject(), "google_projects": dataSourceGoogleProjects(), + "google_project_organization_policy": dataSourceGoogleProjectOrganizationPolicy(), "google_project_services": dataSourceGoogleProjectServices(), "google_service_account": dataSourceGoogleServiceAccount(), "google_service_account_key": dataSourceGoogleServiceAccountKey(), diff --git a/website/docs/d/datasource_google_folder_organization_policy.html.markdown b/website/docs/d/datasource_google_folder_organization_policy.html.markdown new file mode 100644 index 00000000..b01253b1 --- /dev/null +++ b/website/docs/d/datasource_google_folder_organization_policy.html.markdown @@ -0,0 +1,39 @@ +--- +layout: "google" +page_title: "Google: google_folder_organization_policy" +sidebar_current: "docs-google-datasource-folder-organization-policy" +description: |- + Retrieve Organization policies for a Google Folder +--- + +# google\_folder\_organization\_policy + +Allows management of Organization policies for a Google Folder. For more information see +[the official +documentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview) + +## Example Usage + +```hcl +data "google_folder_organization_policy" "policy" { + folder = "folders/folderid" + constraint = "constraints/compute.trustedImageProjects" +} + +output "version" { + value = "${data.google_folder_organization_policy.policy.version}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `folder` - (Required) The resource name of the folder to set the policy for. Its format is folders/{folder_id}. + +* `constraint` - (Required) (Required) The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints). + + +## Attributes Reference + +See [google_folder_organization_policy](https://www.terraform.io/docs/providers/google/r/google_folder_organization_policy.html) resource for details of the available attributes. diff --git a/website/docs/d/datasource_google_project_organization_policy.html.markdown b/website/docs/d/datasource_google_project_organization_policy.html.markdown new file mode 100644 index 00000000..c284da1c --- /dev/null +++ b/website/docs/d/datasource_google_project_organization_policy.html.markdown @@ -0,0 +1,40 @@ +--- +layout: "google" +page_title: "Google: google_project_organization_policy" +sidebar_current: "docs-google-datasource-project-organization-policy" +description: |- + Retrieve Organization policies for a Google Project. +--- + +# google\_project\_organization\_policy + +Allows management of Organization policies for a Google Project. For more information see +[the official +documentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview) + +## Example Usage + +```hcl +data "google_project_organization_policy" "policy" { + project = "project-id" + constraint = "constraints/serviceuser.services" +} + +output "version" { + value = "${data.google_project_organization_policy.policy.version}" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `project` - (Required) The project ID. + +* `constraint` - (Required) (Required) The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints). + + +## Attributes Reference + +See [google_project_organization_policy](https://www.terraform.io/docs/providers/google/r/google_project.html) resource for details of the available attributes. + diff --git a/website/google.erb b/website/google.erb index b9239601..7f08ef9d 100644 --- a/website/google.erb +++ b/website/google.erb @@ -78,6 +78,9 @@ > google_compute_region_instance_group + > + google_project_organization_policy + > google_project_services @@ -114,6 +117,9 @@ > google_folder + > + datasource_google_folder_organization_policy + > google_iam_policy