Added Support for V2 API. Testing to be made

[Narinas]

Added support for the Resource Manager V2 API with the new Google Provider google_org_policy_policy resource. Testing is pending, if maintainers are able to test it will be much appreciated, if not I will make testing later.

[google-cla[bot]]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[comment-bot-dev]

Thanks for the PR! 🚀 Unfortunately it looks like some of our CI checks failed. See the Contributing Guide for details.

• ⚠️check_terraform Failed Terraform check. More details below.

  
  Running terraform fmt
  variables.tf
  --- old/variables.tf
  +++ new/variables.tf
  @@ -102,7 +102,7 @@
  
  variable "use_google_org_policy_policy" {
  description = "Use google_org_policy_policy instead of the google_organization_policy_* resources (V2 API). https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/org_policy_policy"

• type = bool
• default = false
• type = bool
• default = false }

Error: terraform fmt failed with exit code 3 Check the output for diffs and correct using terraform fmt

boolean_constraints_policy_policy.tf --- old/boolean_constraints_policy_policy.tf +++ new/boolean_constraints_policy_policy.tf @@ -19,15 +19,15 @@ Organization policy (boolean constraint) *****/ resource "google_org_policy_policy" "org_policy_policy_boolean" {

• count = var.use_google_org_policy_policy && local.organization && local.boolean_policy ? 1 : 0

• name = "organization/${var.organization_id}/policies/${var.constraint}"

• count = var.use_google_org_policy_policy && local.organization && local.boolean_policy ? 1 : 0

• name = "organization/${var.organization_id}/policies/${var.constraint}" parent = "organization/${var.organization_id}"

  spec { rules { enforce = local.enforce_v2 dynamic "condition" {

• for_each = var.conditions

• for_each = var.conditions

   content {
     description = each.key.description

  @@ -46,11 +46,11 @@ resource "google_org_policy_policy" "policy_policy_boolean_exclude_folders" { for_each = (var.use_google_org_policy_policy && local.boolean_policy && !local.project) ? var.exclude_folders : []

• name = "folders/${var.organization_id}/policies/${var.constraint}"

• name = "folders/${var.organization_id}/policies/${var.constraint}" parent = "folders/${var.organization_id}" spec { rules {

• enforce = local.enforce_v2 == false ? "TRUE": "FALSE"

• enforce = local.enforce_v2 == false ? "TRUE" : "FALSE" } } } @@ -61,11 +61,11 @@ resource "google_org_policy_policy" "policy_policy_boolean_exclude_projects" { for_each = (var.use_google_org_policy_policy && local.boolean_policy && !local.project) ? var.exclude_projects : []

• name = "projects/${var.organization_id}/policies/${var.constraint}"

• name = "projects/${var.organization_id}/policies/${var.constraint}" parent = "projects/${var.organization_id}" spec { rules {

• enforce = local.enforce_v2 == false ? "TRUE": "FALSE"

• enforce = local.enforce_v2 == false ? "TRUE" : "FALSE" } } } Error: terraform fmt failed with exit code 3 Check the output for diffs and correct using terraform fmt

  main.tf --- old/main.tf +++ new/main.tf @@ -25,10 +25,10 @@ list_policy = var.policy_type == "list" && !local.invalid_config

  // If allow/deny list empty and enforce is not set, enforce is set to true

• enforce = var.allow_list_length > 0 || var.deny_list_length > 0 ? null : var.enforce != false

• enforce = var.allow_list_length > 0 || var.deny_list_length > 0 ? null : var.enforce != false // variables set for use of google_org_policy_policy resource

• enforce_v2 = local.enforce == true ? "TRUE" : local.enforce == false ? "FALSE" : null

• parent_root = local.organization ? "organizations" : local.folder ? "folders" : "projects"

• enforce_v2 = local.enforce == true ? "TRUE" : local.enforce == false ? "FALSE" : null

• parent_root = local.organization ? "organizations" : local.folder ? "folders" : "projects" policy_for_id = local.organization ? var.organization_id : local.folder ? var.folder_id : var.folder_id

  invalid_config_case_1 = var.deny_list_length > 0 && var.allow_list_length > 0 Error: terraform fmt failed with exit code 3 Check the output for diffs and correct using terraform fmt

  list_constraints.tf --- old/list_constraints.tf +++ new/list_constraints.tf @@ -210,7 +210,7 @@ Exclude folders from policy (list constraint) *****/ resource "google_folder_organization_policy" "folder_policy_list_exclude_folders" {

• for_each = (!var.use_google_org_policy_policy && local.list_policy && ! local.project) ? var.exclude_folders : []

• for_each = (!var.use_google_org_policy_policy && local.list_policy && !local.project) ? var.exclude_folders : []

  folder = each.value constraint = var.constraint @@ -224,7 +224,7 @@ Exclude projects from policy (list constraint) *****/ resource "google_project_organization_policy" "project_policy_list_exclude_projects" {

• for_each = (!var.use_google_org_policy_policy && local.list_policy && ! local.project) ? var.exclude_projects : []

• for_each = (!var.use_google_org_policy_policy && local.list_policy && !local.project) ? var.exclude_projects : []

  project = each.value constraint = var.constraint Error: terraform fmt failed with exit code 3 Check the output for diffs and correct using terraform fmt

  list_constraints_policy_policy.tf --- old/list_constraints_policy_policy.tf +++ new/list_constraints_policy_policy.tf @@ -30,14 +30,14 @@ spec { rules { dynamic "condition" {

• for_each = var.conditions

• for_each = var.conditions

   content {

• description = each.key.description

• expression = each.key.expression

• location = each.key.location

• title = each.key.title

• }

• description = each.key.description

• expression = each.key.expression

• location = each.key.location

• title = each.key.title

• } }

  values { @@ -57,7 +57,7 @@ Exclude folders from policy (list constraint) *****/ resource "google_org_policy_policy" "folder_policy_list_exclude_folders" {

• for_each = (var.use_google_org_policy_policy && local.list_policy && ! local.project) ? var.exclude_folders : []

• for_each = (var.use_google_org_policy_policy && local.list_policy && !local.project) ? var.exclude_folders : []

  name = "folders/${each.value}/policies/${var.constraint}" parent = "folders/${each.value}" @@ -65,7 +65,7 @@

  spec { inherit_from_parent = false

• reset = true

• reset = true } }

@@ -73,7 +73,7 @@ Exclude projects from policy (list constraint) *****/ resource "google_org_policy_policy" "project_policy_list_exclude_projects" {

• for_each = (var.use_google_org_policy_policy && local.list_policy && ! local.project) ? var.exclude_projects : []

• for_each = (var.use_google_org_policy_policy && local.list_policy && !local.project) ? var.exclude_projects : []

  name = "projects/${each.value}/policies/${var.constraint}" parent = "projects/${each.value}" @@ -81,6 +81,6 @@

  spec { inherit_from_parent = false

• reset = true
• reset = true } } Error: terraform fmt failed with exit code 3 Check the output for diffs and correct using terraform fmt

[github-actions[bot]]

This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

[bharathkkb]

superseded by https://github.com/terraform-google-modules/terraform-google-org-policy/pull/58