diff --git a/build/terraform b/build/terraform index 68616a6ac3a3..7a8e9c16cb86 160000 --- a/build/terraform +++ b/build/terraform @@ -1 +1 @@ -Subproject commit 68616a6ac3a353a4bf65fd02fbb0a6ca0064c4db +Subproject commit 7a8e9c16cb86e73e6aa17011b1c9797b03712061 diff --git a/build/terraform-beta b/build/terraform-beta index 247765f2b3e1..77460da90b28 160000 --- a/build/terraform-beta +++ b/build/terraform-beta @@ -1 +1 @@ -Subproject commit 247765f2b3e13e56e91c906b111d547ec8623616 +Subproject commit 77460da90b288c029fea0155b57ee4b109296dd6 diff --git a/third_party/terraform/resources/resource_google_organization_policy.go b/third_party/terraform/resources/resource_google_organization_policy.go index ae29cf11c82b..939fda2caf4c 100644 --- a/third_party/terraform/resources/resource_google_organization_policy.go +++ b/third_party/terraform/resources/resource_google_organization_policy.go @@ -10,6 +10,10 @@ import ( ) var schemaOrganizationPolicy = map[string]*schema.Schema{ + // Although the API suggests that boolean_policy, list_policy, or restore_policy must be set, + // Organization policies can be "inherited from parent" in the UI, and this is the default + // state of the resource without any policy set. + // See https://github.com/terraform-providers/terraform-provider-google/issues/3607 "constraint": { Type: schema.TypeString, Required: true, @@ -17,10 +21,9 @@ var schemaOrganizationPolicy = map[string]*schema.Schema{ DiffSuppressFunc: compareSelfLinkOrResourceName, }, "boolean_policy": { - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: []string{"list_policy", "boolean_policy", "restore_policy"}, + Type: schema.TypeList, + Optional: true, + MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "enforced": { @@ -31,10 +34,9 @@ var schemaOrganizationPolicy = map[string]*schema.Schema{ }, }, "list_policy": { - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: []string{"list_policy", "boolean_policy", "restore_policy"}, + Type: schema.TypeList, + Optional: true, + MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "allow": { @@ -109,10 +111,9 @@ var schemaOrganizationPolicy = map[string]*schema.Schema{ Computed: true, }, "restore_policy": { - Type: schema.TypeList, - Optional: true, - MaxItems: 1, - ExactlyOneOf: []string{"restore_policy", "boolean_policy", "list_policy"}, + Type: schema.TypeList, + Optional: true, + MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "default": { diff --git a/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown b/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown index 56d018b1a63c..1b808df2c574 100644 --- a/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown +++ b/third_party/terraform/website/docs/guides/version_3_upgrade.html.markdown @@ -1358,11 +1358,6 @@ required on the `http_check.auth_info` block. ## Resource: `google_organization_policy` -### Exactly one of `list_policy`, `boolean_policy`, or `restore_policy` is now required on `google_organization_policy` - -In attempt to be more consistent with the API, exactly one of `list_policy`, `boolean_policy`, -or `restore_policy` is now required on `google_organization_policy`. - ### Exactly one of `allow` or `deny` is now required on `google_organization_policy.list_policy` In an attempt to avoid allowing empty blocks in config files, exactly one of `allow` or `deny` is now