Skip to content

Commit

Permalink
Added support for restoring default organization policies (#1477)
Browse files Browse the repository at this point in the history
* Added support for restoring default organization policies

* Added support for restoring default folder/project organization policies

* Refactored code

* Fixes #1239

* Clarify docs

* Clarify docs

* Clarify docs
  • Loading branch information
ortaman authored and danawillow committed May 30, 2018
1 parent f40eff9 commit 8a77e42
Show file tree
Hide file tree
Showing 9 changed files with 324 additions and 54 deletions.
18 changes: 13 additions & 5 deletions google/resource_google_folder_organization_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ func resourceGoogleFolderOrganizationPolicyRead(d *schema.ResourceData, meta int
d.Set("constraint", policy.Constraint)
d.Set("boolean_policy", flattenBooleanOrganizationPolicy(policy.BooleanPolicy))
d.Set("list_policy", flattenListOrganizationPolicy(policy.ListPolicy))
d.Set("restore_policy", flattenRestoreOrganizationPolicy(policy.RestoreDefault))
d.Set("version", policy.Version)
d.Set("etag", policy.Etag)
d.Set("update_time", policy.UpdateTime)
Expand Down Expand Up @@ -85,18 +86,25 @@ func resourceGoogleFolderOrganizationPolicyDelete(d *schema.ResourceData, meta i
func setFolderOrganizationPolicy(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
folder := canonicalFolderId(d.Get("folder").(string))

listPolicy, err := expandListOrganizationPolicy(d.Get("list_policy").([]interface{}))
if err != nil {
return err
}

restoreDefault, err := expandRestoreOrganizationPolicy(d.Get("restore_policy").([]interface{}))
if err != nil {
return err
}

_, err = config.clientResourceManager.Folders.SetOrgPolicy(folder, &cloudresourcemanager.SetOrgPolicyRequest{
Policy: &cloudresourcemanager.OrgPolicy{
Constraint: canonicalOrgPolicyConstraint(d.Get("constraint").(string)),
BooleanPolicy: expandBooleanOrganizationPolicy(d.Get("boolean_policy").([]interface{})),
ListPolicy: listPolicy,
Version: int64(d.Get("version").(int)),
Etag: d.Get("etag").(string),
Constraint: canonicalOrgPolicyConstraint(d.Get("constraint").(string)),
BooleanPolicy: expandBooleanOrganizationPolicy(d.Get("boolean_policy").([]interface{})),
ListPolicy: listPolicy,
RestoreDefault: restoreDefault,
Version: int64(d.Get("version").(int)),
Etag: d.Get("etag").(string),
},
}).Do()

Expand Down
54 changes: 53 additions & 1 deletion google/resource_google_folder_organization_policy_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -129,6 +129,24 @@ func TestAccFolderOrganizationPolicy_list_update(t *testing.T) {
})
}

func TestAccFolderOrganizationPolicy_restore_defaultTrue(t *testing.T) {
t.Parallel()

folder := acctest.RandomWithPrefix("tf-test")
org := getTestOrgFromEnv(t)
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckGoogleOrganizationPolicyDestroy,
Steps: []resource.TestStep{
{
Config: testAccFolderOrganizationPolicy_restore_defaultTrue(org, folder),
Check: getGoogleFolderOrganizationRestoreDefaultTrue("restore", &cloudresourcemanager.RestoreDefault{}),
},
},
})
}

func testAccCheckGoogleFolderOrganizationPolicyDestroy(s *terraform.State) error {
config := testAccProvider.Meta().(*Config)

Expand Down Expand Up @@ -222,6 +240,22 @@ func testAccCheckGoogleFolderOrganizationListPolicyDeniedValues(n string, values
}
}

func getGoogleFolderOrganizationRestoreDefaultTrue(n string, policyDefault *cloudresourcemanager.RestoreDefault) resource.TestCheckFunc {
return func(s *terraform.State) error {

policy, err := getGoogleFolderOrganizationPolicyTestResource(s, n)
if err != nil {
return err
}

if !reflect.DeepEqual(policy.RestoreDefault, policyDefault) {
return fmt.Errorf("Expected the restore default '%s', instead denied, %s", policyDefault, policy.RestoreDefault)
}

return nil
}
}

func getGoogleFolderOrganizationPolicyTestResource(s *terraform.State, n string) (*cloudresourcemanager.OrgPolicy, error) {
rn := "google_folder_organization_policy." + n
rs, ok := s.RootModule().Resources[rn]
Expand Down Expand Up @@ -249,7 +283,7 @@ resource "google_folder" "orgpolicy" {
}
resource "google_folder_organization_policy" "bool" {
# Test numeric folder ID.
# Test numeric folder ID.
folder = "${replace(google_folder.orgpolicy.name, "folders/", "")}"
constraint = "constraints/compute.disableSerialPortAccess"
Expand Down Expand Up @@ -322,3 +356,21 @@ resource "google_folder_organization_policy" "list" {
}
`, folder, "organizations/"+org)
}

func testAccFolderOrganizationPolicy_restore_defaultTrue(org, folder string) string {
return fmt.Sprintf(`
resource "google_folder" "orgpolicy" {
display_name = "%s"
parent = "%s"
}
resource "google_folder_organization_policy" "restore" {
folder = "${google_folder.orgpolicy.name}"
constraint = "serviceuser.services"
restore_policy {
default = true
}
}
`, folder, "organizations/"+org)
}
64 changes: 57 additions & 7 deletions google/resource_google_organization_policy.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ var schemaOrganizationPolicy = map[string]*schema.Schema{
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
ConflictsWith: []string{"list_policy"},
ConflictsWith: []string{"list_policy", "restore_policy"},
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"enforced": {
Expand All @@ -32,7 +32,7 @@ var schemaOrganizationPolicy = map[string]*schema.Schema{
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
ConflictsWith: []string{"boolean_policy"},
ConflictsWith: []string{"boolean_policy", "restore_policy"},
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"allow": {
Expand Down Expand Up @@ -99,6 +99,20 @@ var schemaOrganizationPolicy = map[string]*schema.Schema{
Type: schema.TypeString,
Computed: true,
},
"restore_policy": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
ConflictsWith: []string{"boolean_policy", "list_policy"},
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"default": {
Type: schema.TypeBool,
Required: true,
},
},
},
},
}

func resourceGoogleOrganizationPolicy() *schema.Resource {
Expand Down Expand Up @@ -152,6 +166,7 @@ func resourceGoogleOrganizationPolicyRead(d *schema.ResourceData, meta interface
d.Set("version", policy.Version)
d.Set("etag", policy.Etag)
d.Set("update_time", policy.UpdateTime)
d.Set("restore_policy", flattenRestoreOrganizationPolicy(policy.RestoreDefault))

return nil
}
Expand Down Expand Up @@ -200,13 +215,19 @@ func setOrganizationPolicy(d *schema.ResourceData, meta interface{}) error {
return err
}

restoreDefault, err := expandRestoreOrganizationPolicy(d.Get("restore_policy").([]interface{}))
if err != nil {
return err
}

_, err = config.clientResourceManager.Organizations.SetOrgPolicy(org, &cloudresourcemanager.SetOrgPolicyRequest{
Policy: &cloudresourcemanager.OrgPolicy{
Constraint: canonicalOrgPolicyConstraint(d.Get("constraint").(string)),
BooleanPolicy: expandBooleanOrganizationPolicy(d.Get("boolean_policy").([]interface{})),
ListPolicy: listPolicy,
Version: int64(d.Get("version").(int)),
Etag: d.Get("etag").(string),
Constraint: canonicalOrgPolicyConstraint(d.Get("constraint").(string)),
BooleanPolicy: expandBooleanOrganizationPolicy(d.Get("boolean_policy").([]interface{})),
ListPolicy: listPolicy,
RestoreDefault: restoreDefault,
Version: int64(d.Get("version").(int)),
Etag: d.Get("etag").(string),
},
}).Do()

Expand All @@ -227,6 +248,20 @@ func flattenBooleanOrganizationPolicy(policy *cloudresourcemanager.BooleanPolicy
return bPolicies
}

func flattenRestoreOrganizationPolicy(restore_policy *cloudresourcemanager.RestoreDefault) []map[string]interface{} {
rp := make([]map[string]interface{}, 0, 1)

if restore_policy == nil {
return rp
}

rp = append(rp, map[string]interface{}{
"default": true,
})

return rp
}

func expandBooleanOrganizationPolicy(configured []interface{}) *cloudresourcemanager.BooleanPolicy {
if len(configured) == 0 {
return nil
Expand All @@ -238,6 +273,21 @@ func expandBooleanOrganizationPolicy(configured []interface{}) *cloudresourceman
}
}

func expandRestoreOrganizationPolicy(configured []interface{}) (*cloudresourcemanager.RestoreDefault, error) {
if len(configured) == 0 {
return nil, nil
}

restoreDefaultMap := configured[0].(map[string]interface{})
default_value := restoreDefaultMap["default"].(bool)

if default_value {
return &cloudresourcemanager.RestoreDefault{}, nil
}

return nil, fmt.Errorf("Invalid value for restore_policy. Expecting default = true")
}

func flattenListOrganizationPolicy(policy *cloudresourcemanager.ListPolicy) []map[string]interface{} {
lPolicies := make([]map[string]interface{}, 0, 1)

Expand Down
Loading

0 comments on commit 8a77e42

Please sign in to comment.