Adding datasources for folder and project org policy (#468)

/cc @chrisst
hashicorp · Mar 14, 2019 · 9ec09a4 · 9ec09a4
1 parent ab0ac3d
commit 9ec09a4
Show file tree

Hide file tree

Showing 8 changed files with 279 additions and 0 deletions.
diff --git a/google-beta/data_source_google_folder_organization_policy.go b/google-beta/data_source_google_folder_organization_policy.go
@@ -0,0 +1,27 @@
+package google
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func dataSourceGoogleFolderOrganizationPolicy() *schema.Resource {
+	// Generate datasource schema from resource
+	dsSchema := datasourceSchemaFromResourceSchema(resourceGoogleFolderOrganizationPolicy().Schema)
+
+	addRequiredFieldsToSchema(dsSchema, "folder")
+	addRequiredFieldsToSchema(dsSchema, "constraint")
+
+	return &schema.Resource{
+		Read:   datasourceGoogleFolderOrganizationPolicyRead,
+		Schema: dsSchema,
+	}
+}
+
+func datasourceGoogleFolderOrganizationPolicyRead(d *schema.ResourceData, meta interface{}) error {
+
+	d.SetId(fmt.Sprintf("%s:%s", d.Get("folder"), d.Get("constraint")))
+
+	return resourceGoogleFolderOrganizationPolicyRead(d, meta)
+}
diff --git a/google-beta/data_source_google_folder_organization_policy_test.go b/google-beta/data_source_google_folder_organization_policy_test.go
@@ -0,0 +1,91 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccDataSourceGoogleFolderOrganizationPolicy_basic(t *testing.T) {
+	folder := acctest.RandomWithPrefix("tf-test")
+	org := getTestOrgFromEnv(t)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceGoogleFolderOrganizationPolicy_basic(org, folder),
+				Check: testAccDataSourceGoogleOrganizationPolicyCheck(
+					"data.google_folder_organization_policy.data",
+					"google_folder_organization_policy.resource"),
+			},
+		},
+	})
+}
+
+func testAccDataSourceGoogleOrganizationPolicyCheck(dataSourceName string, resourceName string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		ds, ok := s.RootModule().Resources[dataSourceName]
+		if !ok {
+			return fmt.Errorf("root module has no resource called %s", dataSourceName)
+		}
+
+		rs, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("can't find %s in state", resourceName)
+		}
+
+		dsAttr := ds.Primary.Attributes
+		rsAttr := rs.Primary.Attributes
+
+		cloudFuncAttrToCheck := []string{
+			"name",
+			"folder",
+			"constraint",
+			"version",
+			"list_policy",
+			"restore_policy",
+			"boolean_policy",
+		}
+
+		for _, attr := range cloudFuncAttrToCheck {
+			if dsAttr[attr] != rsAttr[attr] {
+				return fmt.Errorf(
+					"%s is %s; want %s",
+					attr,
+					dsAttr[attr],
+					rsAttr[attr],
+				)
+			}
+		}
+
+		return nil
+	}
+}
+
+func testAccDataSourceGoogleFolderOrganizationPolicy_basic(org, folder string) string {
+	return fmt.Sprintf(`
+resource "google_folder" "orgpolicy" {
+  display_name = "%s"
+  parent       = "%s"
+}
+
+resource "google_folder_organization_policy" "resource" {
+    folder     = "${google_folder.orgpolicy.name}"
+    constraint = "serviceuser.services"
+
+    restore_policy {
+        default = true
+    }
+}
+
+data "google_folder_organization_policy" "data" {
+  folder     = "${google_folder.orgpolicy.name}"
+  constraint = "serviceuser.services"
+}
+	`, folder, "organizations/"+org)
+}
diff --git a/google-beta/data_source_google_project_organization_policy.go b/google-beta/data_source_google_project_organization_policy.go
@@ -0,0 +1,27 @@
+package google
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func dataSourceGoogleProjectOrganizationPolicy() *schema.Resource {
+	// Generate datasource schema from resource
+	dsSchema := datasourceSchemaFromResourceSchema(resourceGoogleProjectOrganizationPolicy().Schema)
+
+	addRequiredFieldsToSchema(dsSchema, "project")
+	addRequiredFieldsToSchema(dsSchema, "constraint")
+
+	return &schema.Resource{
+		Read:   datasourceGoogleProjectOrganizationPolicyRead,
+		Schema: dsSchema,
+	}
+}
+
+func datasourceGoogleProjectOrganizationPolicyRead(d *schema.ResourceData, meta interface{}) error {
+
+	d.SetId(fmt.Sprintf("%s:%s", d.Get("project"), d.Get("constraint")))
+
+	return resourceGoogleProjectOrganizationPolicyRead(d, meta)
+}
diff --git a/google-beta/data_source_google_project_organization_policy_test.go b/google-beta/data_source_google_project_organization_policy_test.go
@@ -0,0 +1,47 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccDataSourceGoogleProjectOrganizationPolicy_basic(t *testing.T) {
+	project := getTestProjectFromEnv()
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceGoogleProjectOrganizationPolicy_basic(project),
+				Check: testAccDataSourceGoogleOrganizationPolicyCheck(
+					"data.google_project_organization_policy.data",
+					"google_project_organization_policy.resource"),
+			},
+		},
+	})
+}
+
+func testAccDataSourceGoogleProjectOrganizationPolicy_basic(project string) string {
+	return fmt.Sprintf(`
+
+
+resource "google_project_organization_policy" "resource" {
+  project    = "%s"
+  constraint = "constraints/compute.trustedImageProjects"
+
+  list_policy {
+    allow {
+      all = true
+    }
+  }
+}
+
+data "google_project_organization_policy" "data" {
+  project     = "%s"
+  constraint = "constraints/compute.trustedImageProjects"
+}
+	`, project, project)
+}
diff --git a/google-beta/provider.go b/google-beta/provider.go
@@ -109,10 +109,12 @@ func Provider() terraform.ResourceProvider {
 			"google_kms_key_ring":                             dataSourceGoogleKmsKeyRing(),
 			"google_kms_crypto_key":                           dataSourceGoogleKmsCryptoKey(),
 			"google_folder":                                   dataSourceGoogleFolder(),
+			"google_folder_organization_policy":               dataSourceGoogleFolderOrganizationPolicy(),
 			"google_netblock_ip_ranges":                       dataSourceGoogleNetblockIpRanges(),
 			"google_organization":                             dataSourceGoogleOrganization(),
 			"google_project":                                  dataSourceGoogleProject(),
 			"google_projects":                                 dataSourceGoogleProjects(),
+			"google_project_organization_policy":              dataSourceGoogleProjectOrganizationPolicy(),
 			"google_project_services":                         dataSourceGoogleProjectServices(),
 			"google_service_account":                          dataSourceGoogleServiceAccount(),
 			"google_service_account_key":                      dataSourceGoogleServiceAccountKey(),

diff --git a/website/docs/d/datasource_google_folder_organization_policy.html.markdown b/website/docs/d/datasource_google_folder_organization_policy.html.markdown
@@ -0,0 +1,39 @@
+---
+layout: "google"
+page_title: "Google: google_folder_organization_policy"
+sidebar_current: "docs-google-datasource-folder-organization-policy"
+description: |-
+  Retrieve Organization policies for a Google Folder
+---
+
+# google\_folder\_organization\_policy
+
+Allows management of Organization policies for a Google Folder. For more information see
+[the official
+documentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview)
+
+## Example Usage
+
+```hcl
+data "google_folder_organization_policy" "policy" {
+  folder     = "folders/folderid"
+  constraint = "constraints/compute.trustedImageProjects"
+}
+
+output "version" {
+  value = "${data.google_folder_organization_policy.policy.version}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `folder` - (Required) The resource name of the folder to set the policy for. Its format is folders/{folder_id}.
+
+* `constraint` - (Required) (Required) The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
+
+
+## Attributes Reference
+
+See [google_folder_organization_policy](https://www.terraform.io/docs/providers/google/r/google_folder_organization_policy.html) resource for details of the available attributes.
diff --git a/website/docs/d/datasource_google_project_organization_policy.html.markdown b/website/docs/d/datasource_google_project_organization_policy.html.markdown
@@ -0,0 +1,40 @@
+---
+layout: "google"
+page_title: "Google: google_project_organization_policy"
+sidebar_current: "docs-google-datasource-project-organization-policy"
+description: |-
+  Retrieve Organization policies for a Google Project.
+---
+
+# google\_project\_organization\_policy
+
+Allows management of Organization policies for a Google Project. For more information see
+[the official
+documentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview)
+
+## Example Usage
+
+```hcl
+data "google_project_organization_policy" "policy" {
+  project    = "project-id"
+  constraint = "constraints/serviceuser.services"
+}
+
+output "version" {
+  value = "${data.google_project_organization_policy.policy.version}"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `project` - (Required) The project ID.
+
+* `constraint` - (Required) (Required) The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
+
+
+## Attributes Reference
+
+See [google_project_organization_policy](https://www.terraform.io/docs/providers/google/r/google_project.html) resource for details of the available attributes.
+
diff --git a/website/google.erb b/website/google.erb
@@ -78,6 +78,9 @@
       <li<%= sidebar_current("docs-google-datasource-compute-region-instance-group") %>>
       <a href="/docs/providers/google/d/datasource_compute_region_instance_group.html">google_compute_region_instance_group</a>
       </li>
+      <li<%= sidebar_current("docs-google-datasource-project-organization-policy") %>>
+        <a href="/docs/providers/google/d/datasource_google_project_organization_policy.html">google_project_organization_policy</a>
+      </li>
       <li<%= sidebar_current("docs-google-datasource-project-services") %>>
         <a href="/docs/providers/google/d/google_project_services.html">google_project_services</a>
       </li>
@@ -114,6 +117,9 @@
       <li<%= sidebar_current("docs-google-datasource-folder") %>>
       <a href="/docs/providers/google/d/google_folder.html">google_folder</a>
       </li>
+      <li<%= sidebar_current("docs-google-datasource-folder-organization-policy") %>>
+      <a href="/docs/providers/google/d/datasource_google_folder_organization_policy.html">datasource_google_folder_organization_policy</a>
+      </li>
       <li<%= sidebar_current("docs-google-datasource-iam-policy") %>>
         <a href="/docs/providers/google/d/google_iam_policy.html">google_iam_policy</a>
       </li>