mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-01 07:42:40 +00:00
add inherit_from_parent to all org policy resources (#2653)
<!-- This change is generated by MagicModules. --> /cc @danawillow
This commit is contained in:
parent
ad01a747d2
commit
eca7ab673c
|
@ -2,9 +2,10 @@ package google
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"strings"
|
||||||
|
|
||||||
"github.com/hashicorp/terraform/helper/schema"
|
"github.com/hashicorp/terraform/helper/schema"
|
||||||
"google.golang.org/api/cloudresourcemanager/v1"
|
"google.golang.org/api/cloudresourcemanager/v1"
|
||||||
"strings"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var schemaOrganizationPolicy = map[string]*schema.Schema{
|
var schemaOrganizationPolicy = map[string]*schema.Schema{
|
||||||
|
@ -83,6 +84,10 @@ var schemaOrganizationPolicy = map[string]*schema.Schema{
|
||||||
Optional: true,
|
Optional: true,
|
||||||
Computed: true,
|
Computed: true,
|
||||||
},
|
},
|
||||||
|
"inherit_from_parent": {
|
||||||
|
Type: schema.TypeBool,
|
||||||
|
Optional: true,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -295,7 +300,10 @@ func flattenListOrganizationPolicy(policy *cloudresourcemanager.ListPolicy) []ma
|
||||||
return lPolicies
|
return lPolicies
|
||||||
}
|
}
|
||||||
|
|
||||||
listPolicy := map[string]interface{}{}
|
listPolicy := map[string]interface{}{
|
||||||
|
"suggested_value": policy.SuggestedValue,
|
||||||
|
"inherit_from_parent": policy.InheritFromParent,
|
||||||
|
}
|
||||||
switch {
|
switch {
|
||||||
case policy.AllValues == "ALLOW":
|
case policy.AllValues == "ALLOW":
|
||||||
listPolicy["allow"] = []interface{}{map[string]interface{}{
|
listPolicy["allow"] = []interface{}{map[string]interface{}{
|
||||||
|
@ -359,10 +367,12 @@ func expandListOrganizationPolicy(configured []interface{}) (*cloudresourcemanag
|
||||||
|
|
||||||
listPolicy := configured[0].(map[string]interface{})
|
listPolicy := configured[0].(map[string]interface{})
|
||||||
return &cloudresourcemanager.ListPolicy{
|
return &cloudresourcemanager.ListPolicy{
|
||||||
AllValues: allValues,
|
AllValues: allValues,
|
||||||
AllowedValues: allowedValues,
|
AllowedValues: allowedValues,
|
||||||
DeniedValues: deniedValues,
|
DeniedValues: deniedValues,
|
||||||
SuggestedValue: listPolicy["suggested_value"].(string),
|
SuggestedValue: listPolicy["suggested_value"].(string),
|
||||||
|
InheritFromParent: listPolicy["inherit_from_parent"].(bool),
|
||||||
|
ForceSendFields: []string{"InheritFromParent"},
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -20,12 +20,13 @@ var DENIED_ORG_POLICIES = []string{
|
||||||
// avoid race conditions and aborted operations.
|
// avoid race conditions and aborted operations.
|
||||||
func TestAccOrganizationPolicy(t *testing.T) {
|
func TestAccOrganizationPolicy(t *testing.T) {
|
||||||
testCases := map[string]func(t *testing.T){
|
testCases := map[string]func(t *testing.T){
|
||||||
"boolean": testAccOrganizationPolicy_boolean,
|
"boolean": testAccOrganizationPolicy_boolean,
|
||||||
"list_allowAll": testAccOrganizationPolicy_list_allowAll,
|
"list_allowAll": testAccOrganizationPolicy_list_allowAll,
|
||||||
"list_allowSome": testAccOrganizationPolicy_list_allowSome,
|
"list_allowSome": testAccOrganizationPolicy_list_allowSome,
|
||||||
"list_denySome": testAccOrganizationPolicy_list_denySome,
|
"list_denySome": testAccOrganizationPolicy_list_denySome,
|
||||||
"list_update": testAccOrganizationPolicy_list_update,
|
"list_update": testAccOrganizationPolicy_list_update,
|
||||||
"restore_policy": testAccOrganizationPolicy_restore_defaultTrue,
|
"list_inheritFromParent": testAccOrganizationPolicy_list_inheritFromParent,
|
||||||
|
"restore_policy": testAccOrganizationPolicy_restore_defaultTrue,
|
||||||
}
|
}
|
||||||
|
|
||||||
for name, tc := range testCases {
|
for name, tc := range testCases {
|
||||||
|
@ -166,6 +167,25 @@ func testAccOrganizationPolicy_list_update(t *testing.T) {
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func testAccOrganizationPolicy_list_inheritFromParent(t *testing.T) {
|
||||||
|
org := getTestOrgTargetFromEnv(t)
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
CheckDestroy: testAccCheckGoogleOrganizationPolicyDestroy,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
{
|
||||||
|
Config: testAccOrganizationPolicyConfig_list_inheritFromParent(org),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ResourceName: "google_organization_policy.list",
|
||||||
|
ImportState: true,
|
||||||
|
ImportStateVerify: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func testAccOrganizationPolicy_restore_defaultTrue(t *testing.T) {
|
func testAccOrganizationPolicy_restore_defaultTrue(t *testing.T) {
|
||||||
org := getTestOrgTargetFromEnv(t)
|
org := getTestOrgTargetFromEnv(t)
|
||||||
resource.Test(t, resource.TestCase{
|
resource.Test(t, resource.TestCase{
|
||||||
|
@ -377,6 +397,25 @@ resource "google_organization_policy" "list" {
|
||||||
`, org)
|
`, org)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func testAccOrganizationPolicyConfig_list_inheritFromParent(org string) string {
|
||||||
|
return fmt.Sprintf(`
|
||||||
|
resource "google_organization_policy" "list" {
|
||||||
|
org_id = "%s"
|
||||||
|
constraint = "serviceuser.services"
|
||||||
|
|
||||||
|
list_policy {
|
||||||
|
deny {
|
||||||
|
values = [
|
||||||
|
"doubleclicksearch.googleapis.com",
|
||||||
|
"replicapoolupdater.googleapis.com",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
inherit_from_parent = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
`, org)
|
||||||
|
}
|
||||||
|
|
||||||
func testAccOrganizationPolicyConfig_restore_defaultTrue(org string) string {
|
func testAccOrganizationPolicyConfig_restore_defaultTrue(org string) string {
|
||||||
return fmt.Sprintf(`
|
return fmt.Sprintf(`
|
||||||
resource "google_organization_policy" "restore" {
|
resource "google_organization_policy" "restore" {
|
||||||
|
|
|
@ -106,6 +106,9 @@ The `list_policy` block supports:
|
||||||
|
|
||||||
* `suggested_values` - (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
|
* `suggested_values` - (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
|
||||||
|
|
||||||
|
* `inherit_from_parent` - (Optional) If set to true, the values from the effective Policy of the parent resource
|
||||||
|
are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
|
||||||
|
|
||||||
The `allow` or `deny` blocks support:
|
The `allow` or `deny` blocks support:
|
||||||
|
|
||||||
* `all` - (Optional) The policy allows or denies all values.
|
* `all` - (Optional) The policy allows or denies all values.
|
||||||
|
|
|
@ -104,6 +104,9 @@ The `list_policy` block supports:
|
||||||
|
|
||||||
* `suggested_values` - (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
|
* `suggested_values` - (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
|
||||||
|
|
||||||
|
* `inherit_from_parent` - (Optional) If set to true, the values from the effective Policy of the parent resource
|
||||||
|
are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
|
||||||
|
|
||||||
The `allow` or `deny` blocks support:
|
The `allow` or `deny` blocks support:
|
||||||
|
|
||||||
* `all` - (Optional) The policy allows or denies all values.
|
* `all` - (Optional) The policy allows or denies all values.
|
||||||
|
|
|
@ -105,6 +105,9 @@ The `list_policy` block supports:
|
||||||
|
|
||||||
* `suggested_values` - (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
|
* `suggested_values` - (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
|
||||||
|
|
||||||
|
* `inherit_from_parent` - (Optional) If set to true, the values from the effective Policy of the parent resource
|
||||||
|
are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
|
||||||
|
|
||||||
The `allow` or `deny` blocks support:
|
The `allow` or `deny` blocks support:
|
||||||
|
|
||||||
* `all` - (Optional) The policy allows or denies all values.
|
* `all` - (Optional) The policy allows or denies all values.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user