add inherit_from_parent to all org policy resources

google/resource_google_organization_policy.go

@@ -2,9 +2,10 @@ package google
 
 import (
 	"fmt"
+	"strings"
+
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/cloudresourcemanager/v1"
-	"strings"
 )
 
 var schemaOrganizationPolicy = map[string]*schema.Schema{
@@ -83,6 +84,10 @@ var schemaOrganizationPolicy = map[string]*schema.Schema{
 					Optional: true,
 					Computed: true,
 				},
+				"inherit_from_parent": {
+					Type:     schema.TypeBool,
+					Optional: true,
+				},
 			},
 		},
 	},
@@ -295,7 +300,10 @@ func flattenListOrganizationPolicy(policy *cloudresourcemanager.ListPolicy) []ma
 		return lPolicies
 	}
 
-	listPolicy := map[string]interface{}{}
+	listPolicy := map[string]interface{}{
+		"suggested_value":     policy.SuggestedValue,
+		"inherit_from_parent": policy.InheritFromParent,
+	}
 	switch {
 	case policy.AllValues == "ALLOW":
 		listPolicy["allow"] = []interface{}{map[string]interface{}{
@@ -359,10 +367,12 @@ func expandListOrganizationPolicy(configured []interface{}) (*cloudresourcemanag
 
 	listPolicy := configured[0].(map[string]interface{})
 	return &cloudresourcemanager.ListPolicy{
-		AllValues:      allValues,
-		AllowedValues:  allowedValues,
-		DeniedValues:   deniedValues,
-		SuggestedValue: listPolicy["suggested_value"].(string),
+		AllValues:         allValues,
+		AllowedValues:     allowedValues,
+		DeniedValues:      deniedValues,
+		SuggestedValue:    listPolicy["suggested_value"].(string),
+		InheritFromParent: listPolicy["inherit_from_parent"].(bool),
+		ForceSendFields:   []string{"InheritFromParent"},
 	}, nil
 }
 

google/resource_google_organization_policy_test.go

@@ -20,12 +20,13 @@ var DENIED_ORG_POLICIES = []string{
 // avoid race conditions and aborted operations.
 func TestAccOrganizationPolicy(t *testing.T) {
 	testCases := map[string]func(t *testing.T){
-		"boolean":        testAccOrganizationPolicy_boolean,
-		"list_allowAll":  testAccOrganizationPolicy_list_allowAll,
-		"list_allowSome": testAccOrganizationPolicy_list_allowSome,
-		"list_denySome":  testAccOrganizationPolicy_list_denySome,
-		"list_update":    testAccOrganizationPolicy_list_update,
-		"restore_policy": testAccOrganizationPolicy_restore_defaultTrue,
+		"boolean":                testAccOrganizationPolicy_boolean,
+		"list_allowAll":          testAccOrganizationPolicy_list_allowAll,
+		"list_allowSome":         testAccOrganizationPolicy_list_allowSome,
+		"list_denySome":          testAccOrganizationPolicy_list_denySome,
+		"list_update":            testAccOrganizationPolicy_list_update,
+		"list_inheritFromParent": testAccOrganizationPolicy_list_inheritFromParent,
+		"restore_policy":         testAccOrganizationPolicy_restore_defaultTrue,
 	}
 
 	for name, tc := range testCases {
@@ -166,6 +167,25 @@ func testAccOrganizationPolicy_list_update(t *testing.T) {
 	})
 }
 
+func testAccOrganizationPolicy_list_inheritFromParent(t *testing.T) {
+	org := getTestOrgTargetFromEnv(t)
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckGoogleOrganizationPolicyDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccOrganizationPolicyConfig_list_inheritFromParent(org),
+			},
+			{
+				ResourceName:      "google_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccOrganizationPolicy_restore_defaultTrue(t *testing.T) {
 	org := getTestOrgTargetFromEnv(t)
 	resource.Test(t, resource.TestCase{
@@ -377,6 +397,25 @@ resource "google_organization_policy" "list" {
 `, org)
 }
 
+func testAccOrganizationPolicyConfig_list_inheritFromParent(org string) string {
+	return fmt.Sprintf(`
+resource "google_organization_policy" "list" {
+    org_id = "%s"
+    constraint = "serviceuser.services"
+
+    list_policy {
+        deny {
+            values = [
+                "doubleclicksearch.googleapis.com",
+                "replicapoolupdater.googleapis.com",
+            ]
+        }
+        inherit_from_parent = true
+    }
+}
+`, org)
+}
+
 func testAccOrganizationPolicyConfig_restore_defaultTrue(org string) string {
 	return fmt.Sprintf(`
 resource "google_organization_policy" "restore" {

website/docs/r/google_folder_organization_policy.html.markdown

@@ -106,6 +106,9 @@ The `list_policy` block supports:
 
 * `suggested_values` - (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
 
+* `inherit_from_parent` - (Optional) If set to true, the values from the effective Policy of the parent resource
+are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
+
 The `allow` or `deny` blocks support:
 
 * `all` - (Optional) The policy allows or denies all values.

website/docs/r/google_organization_policy.html.markdown

@@ -104,6 +104,9 @@ The `list_policy` block supports:
 
 * `suggested_values` - (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
 
+* `inherit_from_parent` - (Optional) If set to true, the values from the effective Policy of the parent resource
+are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
+
 The `allow` or `deny` blocks support:
 
 * `all` - (Optional) The policy allows or denies all values.

website/docs/r/google_project_organization_policy.html.markdown

@@ -105,6 +105,9 @@ The `list_policy` block supports:
 
 * `suggested_values` - (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
 
+* `inherit_from_parent` - (Optional) If set to true, the values from the effective Policy of the parent resource
+are inherited, meaning the values set in this Policy are added to the values inherited up the hierarchy.
+
 The `allow` or `deny` blocks support:
 
 * `all` - (Optional) The policy allows or denies all values.