Skip to content

Commit a30c5bf

Browse files
lawrenaedanawillow
lawrenae
authored and
danawillow
committed
google_project_organization_policy (hashicorp#1226)
* support google_project_organization_policy * add documentation for google_project_organization_policy * remove "folder" references and cleanup docs * fix tests * un-parallelize tests * add comment about non-parralel tests * moving canonicalProjectId() to test
1 parent 77de8cf commit a30c5bf

File tree

2 files changed

+109
-0
lines changed

2 files changed

+109
-0
lines changed

docs/r/google_project_organization_policy.html.markdown

+106
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,106 @@
1+
---
2+
layout: "google"
3+
page_title: "Google: google_project_organization_policy"
4+
sidebar_current: "docs-google-project-organization-policy"
5+
description: |-
6+
Allows management of Organization policies for a Google Project.
7+
---
8+
9+
# google\_project\_organization\_policy
10+
11+
Allows management of Organization policies for a Google Project. For more information see
12+
[the official
13+
documentation](https://cloud.google.com/resource-manager/docs/organization-policy/overview) and
14+
[API](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setOrgPolicy).
15+
16+
## Example Usage
17+
18+
To set policy with a [boolean constraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-boolean-constraints):
19+
20+
```hcl
21+
resource "google_project_organization_policy" "serial_port_policy" {
22+
project = "your-project-id"
23+
constraint = "compute.disableSerialPortAccess"
24+
25+
boolean_policy {
26+
enforced = true
27+
}
28+
}
29+
```
30+
31+
32+
To set a policy with a [list contraint](https://cloud.google.com/resource-manager/docs/organization-policy/quickstart-list-constraints):
33+
34+
```hcl
35+
resource "google_project_organization_policy" "services_policy" {
36+
project = "your-project-id"
37+
constraint = "serviceuser.services"
38+
39+
list_policy {
40+
allow {
41+
all = true
42+
}
43+
}
44+
}
45+
```
46+
47+
48+
Or to deny some services, use the following instead:
49+
50+
```hcl
51+
resource "google_project_organization_policy" "services_policy" {
52+
project = "your-project-id"
53+
constraint = "serviceuser.services"
54+
55+
list_policy {
56+
suggested_values = "compute.googleapis.com"
57+
58+
deny {
59+
values = ["cloudresourcemanager.googleapis.com"]
60+
}
61+
}
62+
}
63+
```
64+
65+
## Argument Reference
66+
67+
The following arguments are supported:
68+
69+
* `project` - (Required) The project id of the project to set the policy for.
70+
71+
* `constraint` - (Required) The name of the Constraint the Policy is configuring, for example, `serviceuser.services`. Check out the [complete list of available constraints](https://cloud.google.com/resource-manager/docs/organization-policy/understanding-constraints#available_constraints).
72+
73+
- - -
74+
75+
* `version` - (Optional) Version of the Policy. Default version is 0.
76+
77+
* `boolean_policy` - (Optional) A boolean policy is a constraint that is either enforced or not. Structure is documented below.
78+
79+
* `list_policy` - (Optional) A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
80+
81+
- - -
82+
83+
The `boolean_policy` block supports:
84+
85+
* `enforced` - (Required) If true, then the Policy is enforced. If false, then any configuration is acceptable.
86+
87+
The `list_policy` block supports:
88+
89+
* `allow` or `deny` - (Optional) One or the other must be set.
90+
91+
* `suggested_values` - (Optional) The Google Cloud Console will try to default to a configuration that matches the value specified in this field.
92+
93+
The `allow` or `deny` blocks support:
94+
95+
* `all` - (Optional) The policy allows or denies all values.
96+
97+
* `values` - (Optional) The policy can define specific values that are allowed or denied.
98+
99+
## Attributes Reference
100+
101+
In addition to the arguments listed above, the following computed attributes are
102+
exported:
103+
104+
* `etag` - (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
105+
106+
* `update_time` - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".

google.erb

+3
Original file line numberDiff line numberDiff line change
@@ -180,6 +180,9 @@
180180
<li<%= sidebar_current("docs-google-project-iam-custom-role") %>>
181181
<a href="/docs/providers/google/r/google_project_iam_custom_role.html">google_project_iam_custom_role</a>
182182
</li>
183+
<li<%= sidebar_current("docs-google-project-organization-policy") %>>
184+
<a href="/docs/providers/google/r/google_project_organization_policy.html">google_project_organization_policy</a>
185+
</li>
183186
<li<%= sidebar_current("docs-google-project-service-x") %>>
184187
<a href="/docs/providers/google/r/google_project_service.html">google_project_service</a>
185188
</li>

0 commit comments

Comments
 (0)