Open w0de opened 10 months ago
The same issue exists on other policy items, in case someone wanted to see this wasn't an isolated issue. The below fails as well.
resource "googleworkspace_chrome_policy" "SafeBrowsingProtectionLevel" {
org_unit_id = googleworkspace_org_unit.stage.id
policies {
schema_name = "chrome.users.SafeBrowsingProtectionLevel"
schema_values = {
"safeBrowsingProtectionLevel" = jsonencode("SAFE_BROWSING_PROTECTION_LEVEL_ENUM_ENHANCED_PROTECTION")
"safeBrowsingProxiedRealTimeChecksAllowed" = true
}
}
}
However, if they're the same type, it goes through just fine.
resource "googleworkspace_chrome_policy" "PrivacySandboxPromptEnabled" {
org_unit_id = googleworkspace_org_unit.stage.id
policies {
schema_name = "chrome.users.PrivacySandboxPromptEnabled"
schema_values = {
"privacySandboxPromptEnabled" = false
"privacySandboxAdTopicsEnabled" = false
"privacySandboxSiteEnabledAdsEnabled" = false
"privacySandboxAdMeasurementEnabled" = false
}
}
}
Terraform Version
Affected Resource(s)
Terraform Configuration Files
Debug Output
https://gist.github.com/w0de/32f5f90f4440d221b1a7453fffa079f2
Panic Output
n/a
Expected Behavior
A chrome.users.DomainReliabilityAllowed policy is created with the two specified values.
Actual Behavior
No policy is created. The schema_values fail validation:
Here's the schema:
chrome.users.ChromeCleanupEnabled
```json { "categoryTitle": "Security", "definition": { "enumType": [ { "name": "NullableBoolean", "value": [ { "name": "UNSET", "number": 1 }, { "name": "FALSE", "number": 2 }, { "name": "TRUE", "number": 3 } ] } ], "messageType": [ { "field": [ { "label": "LABEL_OPTIONAL", "name": "chromeCleanupEnabled", "number": 1, "type": "TYPE_BOOL" }, { "label": "LABEL_OPTIONAL", "name": "chromeCleanupReportingEnabled", "number": 2, "type": "TYPE_ENUM", "typeName": "NullableBoolean" } ], "name": "ChromeCleanupEnabled" } ] }, "fieldDescriptions": [ { "defaultValue": true, "description": "Enables Chrome Cleanup on Windows, which periodically scans the system for unwanted software.", "field": "chromeCleanupEnabled", "fieldDescription": "Enables Chrome Cleanup on Windows, which periodically scans the system for unwanted software.", "knownValueDescriptions": [ { "description": "Allow Chrome Cleanup to periodically scan the system and allow manual scans.", "value": "true" }, { "description": "Prevent Chrome Cleanup from periodical scans and disallow manual scans.", "value": "false" } ] }, { "defaultValue": "UNSET", "description": "Chrome Cleanup data reporting. Controls how Chrome Cleanup reports data to Google.", "field": "chromeCleanupReportingEnabled", "fieldDependencies": [ { "sourceField": "chromeCleanupEnabled", "sourceFieldValue": "true" } ], "fieldDescription": "Controls how Chrome Cleanup reports data to Google.", "knownValueDescriptions": [ { "description": "Users may choose to share results from a Chrome Cleanup cleanup run with Google.", "value": "UNSET" }, { "description": "Results from a Chrome Cleanup cleanup are always shared with Google.", "value": "TRUE" }, { "description": "Results from a Chrome Cleanup cleanup are never shared with Google.", "value": "FALSE" } ], "name": "Chrome Cleanup data reporting." } ], "name": "customers/redacted/policySchemas/chrome.users.ChromeCleanupEnabled", "policyApiLifecycle": { "policyApiLifecycleStage": "API_CURRENT" }, "policyDescription": "Chrome Cleanup.", "schemaName": "chrome.users.ChromeCleanupEnabled", "supportUri": "https://support.google.com/chrome/a/answer/2657289?hl=en#chrome_cleanup_enabled", "validTargetResources": [ "ORG_UNIT" ] } ```Appears that validation function is indeed incorrectly validating all values against all fields: https://github.com/hashicorp/terraform-provider-googleworkspace/blob/main/internal/provider/resource_chrome_policy.go#L331-L354
Steps to Reproduce
TYPE_ENUM
andTYPE_STRING
). Include one or more apparently valid schema_value(s).terraform apply
.Important Factoids
Also occurs if only one value is provided (absent value(s) fail). It does not occur if the types are
TYPE_ENUM
andTYPE_STRING
only (validation logic identical?).My dev workspace's policy schema defines 117 policies with >=2 fields of differing type (list).
References
n/a