$ terraform --version
Terraform v1.3.2
on darwin_amd64
+ provider registry.terraform.io/hashicorp/google v4.41.0
+ provider registry.terraform.io/hashicorp/google-beta v4.41.0
Your version of Terraform is out of date! The latest version
is 1.3.6. You can update by downloading from https://www.terraform.io/downloads.html
TL;DR
When adding an
exclude_projects
list for an organization policy it turns off the org-wide policy instead.The issue seems to be that
resource "google_org_policy_policy" "policy_boolean_exclude_projects" {
in https://github.com/terraform-google-modules/terraform-google-org-policy/blob/master/modules/org_policy_v2/boolean_constraints.tf#L119-L130 uses the same parent_root type and ID not the project itself.Expected behavior
Just turn off the policy for project itself, not the whole org.
Observed behavior
When I set the
exclude_projects
list this happens:Note how the parent for the policy is
organizations/xxx
, not the exclude project.Terraform Configuration
Terraform Version
Additional information
No response