Exclude folders input bug

[dshermanjh]

TL;DR

The exclude_folders = [] accepts strings that can be anything. Accidentally a folder can be input without having the format folders/folder-id causing an errored state.

Expected behavior

Expected to have terraform plan or apply fail without having a state file in errored state requiring fix.

Observed behavior

Terraform applies unsuccessfully with a 400 error then has to be manually removed from state file.

Terraform Configuration

module "iam_disableAuditLoggingExemption" {                            # module name is the constraint name with an underscore
  source  = "terraform-google-modules/org-policy/google"               # source module
  version = "5.2.2"                                                    # module version

  constraint       = "constraints/iam.disableAuditLoggingExemption"    # name of org policy constraint
  policy_type      = "boolean"                                         # type of policy - boolean
  organization_id  = var.org_id                                        # var for Organization ID
  policy_for       = "organization"                                    # policy applies to organization level
  enforce          = true                                              # enforcement set to true
  exclude_folders  = []                                                # exclude a folder -  ["folders/${var.dev_folder}", "folders/folder-id"]
  exclude_projects = []                                                # exclude a project  -  ["project-id-1", "project-id-2"]
}

Terraform Version

Terraform v1.5.7

Additional information

No response

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days