Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/mc-parameterized' into mc-parame…
Browse files Browse the repository at this point in the history
…terized
  • Loading branch information
nehalk-tf committed Dec 5, 2024
2 parents c4e2b4e + 205254c commit 5bab625
Show file tree
Hide file tree
Showing 2 changed files with 80 additions and 12 deletions.
Original file line number Diff line number Diff line change
@@ -1,15 +1,12 @@
resource "google_org_policy_policy" "primary" {
provider = google-beta
name = "projects/${google_project.basic.name}/policies/iam.managed.disableServiceAccountKeyUpload"
name = "projects/${google_project.basic.name}/policies/compute.managed.restrictDiskCreation"
parent = "projects/${google_project.basic.name}"

spec {
rules {
enforce = "FALSE"
parameters {
"allowAll" : true
"allowedLocations" : ["us-east1", "us-west1"]
}
enforce = "TRUE"
parameters = jsonencode({"isSizeLimitCheck" : true, "allowedDiskTypes" : ["pd-ssd", "pd-standard"]})
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -458,20 +458,91 @@ func testAccCheckOrgPolicyPolicyDestroyProducer(t *testing.T) func(s *terraform.
return nil
}
}

func TestAccOrgPolicyPolicy_EnforceParameterizedMCPolicy(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"org_id": envvar.GetTestOrgFromEnv(t),
"random_suffix": acctest.RandString(t, 10),
}

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
CheckDestroy: testAccCheckOrgPolicyPolicyDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccOrgPolicyPolicy_EnforceParameterizedMCPolicy(context),
},
{
ResourceName: "google_org_policy_policy.primary",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"name", "spec.0.rules.0.condition.0.expression"},
},
},
})
}
func testAccOrgPolicyPolicy_EnforceParameterizedMCPolicy(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_org_policy_policy" "primary" {
name = "projects/${google_project.basic.name}/policies/constraints/compute.managed.restrictDiskCreation"
name = "projects/${google_project.basic.name}/policies/essentialcontacts.managed.allowedContactDomains"
parent = "projects/${google_project.basic.name}"
spec {
rules {
enforce = "TRUE"
parameters {
"isSizeLimitCheck" = True,
"allowedDiskTypes" = ["pd-ssd"]
}
parameters = "{\"allowedDomains\": [\"@google.com\"]}"
}
}
}
resource "google_project" "basic" {
project_id = "tf-test-id%{random_suffix}"
name = "tf-test-id%{random_suffix}"
org_id = "%{org_id}"
deletion_policy = "DELETE"
}
`, context)
}

func TestAccOrgPolicyPolicy_EnforceParameterizedMCDryRunPolicy(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"org_id": envvar.GetTestOrgFromEnv(t),
"random_suffix": acctest.RandString(t, 10),
}

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
CheckDestroy: testAccCheckOrgPolicyPolicyDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccOrgPolicyPolicy_EnforceParameterizedMCDryRunPolicy(context),
},
{
ResourceName: "google_org_policy_policy.primary",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"name", "spec.0.rules.0.condition.0.expression"},
},
},
})
}
func testAccOrgPolicyPolicy_EnforceParameterizedMCDryRunPolicy(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_org_policy_policy" "primary" {
name = "projects/${google_project.basic.name}/policies/essentialcontacts.managed.allowedContactDomains"
parent = "projects/${google_project.basic.name}"
dry_run_spec {
rules {
enforce = "TRUE"
parameters = "{\"allowedDomains\": [\"@google.com\"]}"
}
}
}
Expand Down

0 comments on commit 5bab625

Please sign in to comment.