Add import support for organization_policies

Signed-off-by: Modular Magician <[email protected]>
hashicorp · Mar 12, 2019 · d1e8e43 · d1e8e43
1 parent 9c2d04e
commit d1e8e43
Show file tree

Hide file tree

Showing 6 changed files with 99 additions and 1 deletion.
diff --git a/google-beta/resource_google_folder_organization_policy.go b/google-beta/resource_google_folder_organization_policy.go
@@ -2,6 +2,7 @@ package google
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/cloudresourcemanager/v1"
@@ -14,6 +15,10 @@ func resourceGoogleFolderOrganizationPolicy() *schema.Resource {
 		Update: resourceGoogleFolderOrganizationPolicyUpdate,
 		Delete: resourceGoogleFolderOrganizationPolicyDelete,
 
+		Importer: &schema.ResourceImporter{
+			State: resourceFolderOrgPolicyImporter,
+		},
+
 		Schema: mergeSchemas(
 			schemaOrganizationPolicy,
 			map[string]*schema.Schema{
@@ -27,6 +32,17 @@ func resourceGoogleFolderOrganizationPolicy() *schema.Resource {
 	}
 }
 
+func resourceFolderOrgPolicyImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	parts := strings.Split(d.Id(), ":")
+	if len(parts) != 2 {
+		return nil, fmt.Errorf("ID must be in the format folders/<folderId>:constraints/<constraint>")
+	}
+	d.Set("folder", parts[0])
+	d.Set("constraint", parts[1])
+
+	return []*schema.ResourceData{d}, nil
+}
+
 func resourceGoogleFolderOrganizationPolicyCreate(d *schema.ResourceData, meta interface{}) error {
 	if err := setFolderOrganizationPolicy(d, meta); err != nil {
 		return err

diff --git a/google-beta/resource_google_folder_organization_policy_test.go b/google-beta/resource_google_folder_organization_policy_test.go
@@ -66,6 +66,11 @@ func TestAccFolderOrganizationPolicy_list_allowAll(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_allowAll(org, folder),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyAll("list", "ALLOW"),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -85,6 +90,11 @@ func TestAccFolderOrganizationPolicy_list_allowSome(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_allowSome(org, folder, project),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyAllowedValues("list", []string{"projects/" + project}),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -103,6 +113,11 @@ func TestAccFolderOrganizationPolicy_list_denySome(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_denySome(org, folder),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -125,6 +140,11 @@ func TestAccFolderOrganizationPolicy_list_update(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_denySome(org, folder),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -143,6 +163,11 @@ func TestAccFolderOrganizationPolicy_restore_defaultTrue(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_restore_defaultTrue(org, folder),
 				Check:  getGoogleFolderOrganizationRestoreDefaultTrue("restore", &cloudresourcemanager.RestoreDefault{}),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.restore",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }

diff --git a/google-beta/resource_google_project_organization_policy.go b/google-beta/resource_google_project_organization_policy.go
@@ -2,6 +2,7 @@ package google
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/cloudresourcemanager/v1"
@@ -14,6 +15,10 @@ func resourceGoogleProjectOrganizationPolicy() *schema.Resource {
 		Update: resourceGoogleProjectOrganizationPolicyUpdate,
 		Delete: resourceGoogleProjectOrganizationPolicyDelete,
 
+		Importer: &schema.ResourceImporter{
+			State: resourceProjectOrgPolicyImporter,
+		},
+
 		Schema: mergeSchemas(
 			schemaOrganizationPolicy,
 			map[string]*schema.Schema{
@@ -27,6 +32,17 @@ func resourceGoogleProjectOrganizationPolicy() *schema.Resource {
 	}
 }
 
+func resourceProjectOrgPolicyImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	parts := strings.Split(d.Id(), ":")
+	if len(parts) != 2 {
+		return nil, fmt.Errorf("ID must be in the format <projectId>:constraints/<constraint>")
+	}
+	d.Set("project", parts[0])
+	d.Set("constraint", parts[1])
+
+	return []*schema.ResourceData{d}, nil
+}
+
 func resourceGoogleProjectOrganizationPolicyCreate(d *schema.ResourceData, meta interface{}) error {
 	if err := setProjectOrganizationPolicy(d, meta); err != nil {
 		return err

diff --git a/google-beta/resource_google_project_organization_policy_test.go b/google-beta/resource_google_project_organization_policy_test.go
@@ -84,6 +84,11 @@ func testAccProjectOrganizationPolicy_list_allowAll(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_allowAll(projectId),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyAll("list", "ALLOW"),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -100,6 +105,11 @@ func testAccProjectOrganizationPolicy_list_allowSome(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_allowSome(project),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyAllowedValues("list", []string{canonicalProject}),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -115,6 +125,11 @@ func testAccProjectOrganizationPolicy_list_denySome(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_denySome(projectId),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -134,6 +149,11 @@ func testAccProjectOrganizationPolicy_list_update(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_denySome(projectId),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -150,6 +170,11 @@ func testAccProjectOrganizationPolicy_restore_defaultTrue(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_restore_defaultTrue(projectId),
 				Check:  getGoogleProjectOrganizationRestoreDefaultTrue("restore", &cloudresourcemanager.RestoreDefault{}),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.restore",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }

diff --git a/website/docs/r/google_folder_organization_policy.html.markdown b/website/docs/r/google_folder_organization_policy.html.markdown
@@ -127,3 +127,11 @@ exported:
 * `etag` - (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. 
 
 * `update_time` - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
+
+## Import
+
+Folder organization policies can be imported by `id` in the format `folders/<folderId>:constraints/<constraint>`. eg
+
+```
+$ terraform import google_folder_organization_policy.policy folders/folder-1234:constraints/serviceuser.services
+```
diff --git a/website/docs/r/google_project_organization_policy.html.markdown b/website/docs/r/google_project_organization_policy.html.markdown
@@ -91,7 +91,7 @@ The following arguments are supported:
 
 * `list_policy` - (Optional) A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
 
-* `restore_policy` - (Optional) A restore policy is a constraint to restore the default policy. Structure is documented below. 
+* `restore_policy` - (Optional) A restore policy is a constraint to restore the default policy. Structure is documented below.
 
 - - -
 
@@ -126,3 +126,11 @@ exported:
 * `etag` - (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
 
 * `update_time` - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
+
+## Import
+
+Project organization policies can be imported by `id` in the format `<projectId>:constraints/<constraint>`. eg
+
+```
+$ terraform import google_project_organization_policy.policy test-project:constraints/serviceuser.services
+```