Add import support for organization_policies (#3218)

modular-magician · chrisst · commit 4c7763c4a2c2 · 2019-03-14T09:31:51.000-07:00
/cc @chrisst
diff --git a/google/resource_google_folder_organization_policy.go b/google/resource_google_folder_organization_policy.go
@@ -14,6 +14,10 @@ func resourceGoogleFolderOrganizationPolicy() *schema.Resource {
 		Update: resourceGoogleFolderOrganizationPolicyUpdate,
 		Delete: resourceGoogleFolderOrganizationPolicyDelete,
 
+		Importer: &schema.ResourceImporter{
+			State: resourceFolderOrgPolicyImporter,
+		},
+
 		Schema: mergeSchemas(
 			schemaOrganizationPolicy,
 			map[string]*schema.Schema{
@@ -27,6 +31,25 @@ func resourceGoogleFolderOrganizationPolicy() *schema.Resource {
 	}
 }
 
+func resourceFolderOrgPolicyImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	config := meta.(*Config)
+
+	if err := parseImportId([]string{
+		"folders/(?P<folder>[^/]+):constraints/(?P<constraint>[^/]+)",
+		"(?P<folder>[^/]+):(?P<constraint>[^/]+)"},
+		d, config); err != nil {
+		return nil, err
+	}
+
+	if d.Get("folder") == "" || d.Get("constraint") == "" {
+		return nil, fmt.Errorf("unable to parse folder or constraint. Check import formats")
+	}
+
+	d.Set("folder", "folders/"+d.Get("folder").(string))
+
+	return []*schema.ResourceData{d}, nil
+}
+
 func resourceGoogleFolderOrganizationPolicyCreate(d *schema.ResourceData, meta interface{}) error {
 	if err := setFolderOrganizationPolicy(d, meta); err != nil {
 		return err
diff --git a/google/resource_google_folder_organization_policy_test.go b/google/resource_google_folder_organization_policy_test.go
@@ -66,6 +66,11 @@ func TestAccFolderOrganizationPolicy_list_allowAll(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_allowAll(org, folder),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyAll("list", "ALLOW"),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -85,6 +90,11 @@ func TestAccFolderOrganizationPolicy_list_allowSome(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_allowSome(org, folder, project),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyAllowedValues("list", []string{"projects/" + project}),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -103,6 +113,11 @@ func TestAccFolderOrganizationPolicy_list_denySome(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_denySome(org, folder),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -125,6 +140,11 @@ func TestAccFolderOrganizationPolicy_list_update(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_denySome(org, folder),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -143,6 +163,11 @@ func TestAccFolderOrganizationPolicy_restore_defaultTrue(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_restore_defaultTrue(org, folder),
 				Check:  getGoogleFolderOrganizationRestoreDefaultTrue("restore", &cloudresourcemanager.RestoreDefault{}),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.restore",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
diff --git a/google/resource_google_project_organization_policy.go b/google/resource_google_project_organization_policy.go
@@ -14,6 +14,10 @@ func resourceGoogleProjectOrganizationPolicy() *schema.Resource {
 		Update: resourceGoogleProjectOrganizationPolicyUpdate,
 		Delete: resourceGoogleProjectOrganizationPolicyDelete,
 
+		Importer: &schema.ResourceImporter{
+			State: resourceProjectOrgPolicyImporter,
+		},
+
 		Schema: mergeSchemas(
 			schemaOrganizationPolicy,
 			map[string]*schema.Schema{
@@ -27,6 +31,24 @@ func resourceGoogleProjectOrganizationPolicy() *schema.Resource {
 	}
 }
 
+func resourceProjectOrgPolicyImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	config := meta.(*Config)
+
+	if err := parseImportId([]string{
+		"projects/(?P<project>[^/]+):constraints/(?P<constraint>[^/]+)",
+		"(?P<project>[^/]+):constraints/(?P<constraint>[^/]+)",
+		"(?P<project>[^/]+):(?P<constraint>[^/]+)"},
+		d, config); err != nil {
+		return nil, err
+	}
+
+	if d.Get("project") == "" || d.Get("constraint") == "" {
+		return nil, fmt.Errorf("unable to parse project or constraint. Check import formats")
+	}
+
+	return []*schema.ResourceData{d}, nil
+}
+
 func resourceGoogleProjectOrganizationPolicyCreate(d *schema.ResourceData, meta interface{}) error {
 	if err := setProjectOrganizationPolicy(d, meta); err != nil {
 		return err
diff --git a/google/resource_google_project_organization_policy_test.go b/google/resource_google_project_organization_policy_test.go
@@ -84,6 +84,11 @@ func testAccProjectOrganizationPolicy_list_allowAll(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_allowAll(projectId),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyAll("list", "ALLOW"),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -100,6 +105,11 @@ func testAccProjectOrganizationPolicy_list_allowSome(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_allowSome(project),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyAllowedValues("list", []string{canonicalProject}),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -115,6 +125,11 @@ func testAccProjectOrganizationPolicy_list_denySome(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_denySome(projectId),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -134,6 +149,11 @@ func testAccProjectOrganizationPolicy_list_update(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_denySome(projectId),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -150,6 +170,11 @@ func testAccProjectOrganizationPolicy_restore_defaultTrue(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_restore_defaultTrue(projectId),
 				Check:  getGoogleProjectOrganizationRestoreDefaultTrue("restore", &cloudresourcemanager.RestoreDefault{}),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.restore",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
diff --git a/website/docs/r/google_folder_organization_policy.html.markdown b/website/docs/r/google_folder_organization_policy.html.markdown
@@ -87,12 +87,12 @@ The following arguments are supported:
 
 * `version` - (Optional) Version of the Policy. Default version is 0.
 
-* `boolean_policy` - (Optional) A boolean policy is a constraint that is either enforced or not. Structure is documented below. 
+* `boolean_policy` - (Optional) A boolean policy is a constraint that is either enforced or not. Structure is documented below.
 
-* `list_policy` - (Optional) A policy that can define specific values that are allowed or denied for the given constraint. It 
+* `list_policy` - (Optional) A policy that can define specific values that are allowed or denied for the given constraint. It
 can also be used to allow or deny all values. Structure is documented below.
 
-* `restore_policy` - (Optional) A restore policy is a constraint to restore the default policy. Structure is documented below. 
+* `restore_policy` - (Optional) A restore policy is a constraint to restore the default policy. Structure is documented below.
 
 - - -
 
@@ -124,6 +124,15 @@ The `restore_policy` block supports:
 In addition to the arguments listed above, the following computed attributes are
 exported:
 
-* `etag` - (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. 
+* `etag` - (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
 
 * `update_time` - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
+
+## Import
+
+Folder organization policies can be imported using any of the follow formats:
+
+```
+$ terraform import google_folder_organization_policy.policy folders/folder-1234:constraints/serviceuser.services
+$ terraform import google_folder_organization_policy.policy folder-1234:serviceuser.services
+```
diff --git a/website/docs/r/google_project_organization_policy.html.markdown b/website/docs/r/google_project_organization_policy.html.markdown
@@ -91,7 +91,7 @@ The following arguments are supported:
 
 * `list_policy` - (Optional) A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
 
-* `restore_policy` - (Optional) A restore policy is a constraint to restore the default policy. Structure is documented below. 
+* `restore_policy` - (Optional) A restore policy is a constraint to restore the default policy. Structure is documented below.
 
 - - -
 
@@ -126,3 +126,13 @@ exported:
 * `etag` - (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
 
 * `update_time` - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
+
+## Import
+
+Project organization policies can be imported using any of the follow formats:
+
+```
+$ terraform import google_project_organization_policy.policy projects/test-project:constraints/serviceuser.services
+$ terraform import google_project_organization_policy.policy test-project:constraints/serviceuser.services
+$ terraform import google_project_organization_policy.policy test-project:serviceuser.services
+```
