The exclude_folders = [] accepts strings that can be anything. Accidentally a folder can be input without having the format folders/folder-id causing an errored state.
Expected behavior
Expected to have terraform plan or apply fail without having a state file in errored state requiring fix.
Observed behavior
Terraform applies unsuccessfully with a 400 error then has to be manually removed from state file.
Terraform Configuration
module "iam_disableAuditLoggingExemption" { # module name is the constraint name with an underscore
source = "terraform-google-modules/org-policy/google" # source module
version = "5.2.2" # module version
constraint = "constraints/iam.disableAuditLoggingExemption" # name of org policy constraint
policy_type = "boolean" # type of policy - boolean
organization_id = var.org_id # var for Organization ID
policy_for = "organization" # policy applies to organization level
enforce = true # enforcement set to true
exclude_folders = [] # exclude a folder - ["folders/${var.dev_folder}", "folders/folder-id"]
exclude_projects = [] # exclude a project - ["project-id-1", "project-id-2"]
}
TL;DR
The exclude_folders = [] accepts strings that can be anything. Accidentally a folder can be input without having the format folders/folder-id causing an errored state.
Expected behavior
Expected to have terraform plan or apply fail without having a state file in errored state requiring fix.
Observed behavior
Terraform applies unsuccessfully with a 400 error then has to be manually removed from state file.
Terraform Configuration
Terraform Version
Additional information
No response