Add new resource google_folder_organization_policy (#747)

* Add new resource google_folder_organization_policy
* Add documentation

google/provider.go

@@ -118,6 +118,7 @@ func Provider() terraform.ResourceProvider {
 			"google_dns_record_set":                        resourceDnsRecordSet(),
 			"google_folder":                                resourceGoogleFolder(),
 			"google_folder_iam_policy":                     ResourceIamPolicy(IamFolderSchema, NewFolderIamUpdater),
+			"google_folder_organization_policy":            resourceGoogleFolderOrganizationPolicy(),
 			"google_logging_billing_account_sink":          resourceLoggingBillingAccountSink(),
 			"google_logging_folder_sink":                   resourceLoggingFolderSink(),
 			"google_logging_project_sink":                  resourceLoggingProjectSink(),

google/resource_google_folder_organization_policy.go

@@ -0,0 +1,101 @@
+package google
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform/helper/schema"
+	"google.golang.org/api/cloudresourcemanager/v1"
+)
+
+func resourceGoogleFolderOrganizationPolicy() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceGoogleFolderOrganizationPolicyCreate,
+		Read:   resourceGoogleFolderOrganizationPolicyRead,
+		Update: resourceGoogleFolderOrganizationPolicyUpdate,
+		Delete: resourceGoogleFolderOrganizationPolicyDelete,
+
+		Schema: mergeSchemas(
+			schemaOrganizationPolicy,
+			map[string]*schema.Schema{
+				"folder": {
+					Type:     schema.TypeString,
+					Required: true,
+					ForceNew: true,
+				},
+			},
+		),
+	}
+}
+
+func resourceGoogleFolderOrganizationPolicyCreate(d *schema.ResourceData, meta interface{}) error {
+	if err := setFolderOrganizationPolicy(d, meta); err != nil {
+		return err
+	}
+
+	d.SetId(fmt.Sprintf("%s:%s", d.Get("folder"), d.Get("constraint")))
+
+	return resourceGoogleFolderOrganizationPolicyRead(d, meta)
+}
+
+func resourceGoogleFolderOrganizationPolicyRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	folder := d.Get("folder").(string)
+
+	policy, err := config.clientResourceManager.Folders.GetOrgPolicy(folder, &cloudresourcemanager.GetOrgPolicyRequest{
+		Constraint: canonicalOrgPolicyConstraint(d.Get("constraint").(string)),
+	}).Do()
+
+	if err != nil {
+		return handleNotFoundError(err, d, fmt.Sprintf("Organization policy for %s", folder))
+	}
+
+	d.Set("constraint", policy.Constraint)
+	d.Set("boolean_policy", flattenBooleanOrganizationPolicy(policy.BooleanPolicy))
+	d.Set("list_policy", flattenListOrganizationPolicy(policy.ListPolicy))
+	d.Set("version", policy.Version)
+	d.Set("etag", policy.Etag)
+	d.Set("update_time", policy.UpdateTime)
+
+	return nil
+}
+
+func resourceGoogleFolderOrganizationPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
+	if err := setFolderOrganizationPolicy(d, meta); err != nil {
+		return err
+	}
+
+	return resourceGoogleFolderOrganizationPolicyRead(d, meta)
+}
+
+func resourceGoogleFolderOrganizationPolicyDelete(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	_, err := config.clientResourceManager.Folders.ClearOrgPolicy(d.Get("folder").(string), &cloudresourcemanager.ClearOrgPolicyRequest{
+		Constraint: canonicalOrgPolicyConstraint(d.Get("constraint").(string)),
+	}).Do()
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func setFolderOrganizationPolicy(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+	listPolicy, err := expandListOrganizationPolicy(d.Get("list_policy").([]interface{}))
+	if err != nil {
+		return err
+	}
+
+	_, err = config.clientResourceManager.Folders.SetOrgPolicy(d.Get("folder").(string), &cloudresourcemanager.SetOrgPolicyRequest{
+		Policy: &cloudresourcemanager.OrgPolicy{
+			Constraint:    canonicalOrgPolicyConstraint(d.Get("constraint").(string)),
+			BooleanPolicy: expandBooleanOrganizationPolicy(d.Get("boolean_policy").([]interface{})),
+			ListPolicy:    listPolicy,
+			Version:       int64(d.Get("version").(int)),
+			Etag:          d.Get("etag").(string),
+		},
+	}).Do()
+
+	return err
+}