Add import support for organization_policies

chrisst · modular-magician · commit 6b75d24849e6 · 2019-03-13T22:41:30.000Z
Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/google/resource_google_folder_organization_policy.go b/google/resource_google_folder_organization_policy.go
@@ -2,6 +2,7 @@ package google
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/cloudresourcemanager/v1"
@@ -14,6 +15,10 @@ func resourceGoogleFolderOrganizationPolicy() *schema.Resource {
 		Update: resourceGoogleFolderOrganizationPolicyUpdate,
 		Delete: resourceGoogleFolderOrganizationPolicyDelete,
 
+		Importer: &schema.ResourceImporter{
+			State: resourceFolderOrgPolicyImporter,
+		},
+
 		Schema: mergeSchemas(
 			schemaOrganizationPolicy,
 			map[string]*schema.Schema{
@@ -27,6 +32,17 @@ func resourceGoogleFolderOrganizationPolicy() *schema.Resource {
 	}
 }
 
+func resourceFolderOrgPolicyImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	parts := strings.Split(d.Id(), ":")
+	if len(parts) != 2 {
+		return nil, fmt.Errorf("ID must be in the format folders/<folderId>:constraints/<constraint>")
+	}
+	d.Set("folder", parts[0])
+	d.Set("constraint", parts[1])
+
+	return []*schema.ResourceData{d}, nil
+}
+
 func resourceGoogleFolderOrganizationPolicyCreate(d *schema.ResourceData, meta interface{}) error {
 	if err := setFolderOrganizationPolicy(d, meta); err != nil {
 		return err
diff --git a/google/resource_google_folder_organization_policy_test.go b/google/resource_google_folder_organization_policy_test.go
@@ -66,6 +66,11 @@ func TestAccFolderOrganizationPolicy_list_allowAll(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_allowAll(org, folder),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyAll("list", "ALLOW"),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -85,6 +90,11 @@ func TestAccFolderOrganizationPolicy_list_allowSome(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_allowSome(org, folder, project),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyAllowedValues("list", []string{"projects/" + project}),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -103,6 +113,11 @@ func TestAccFolderOrganizationPolicy_list_denySome(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_denySome(org, folder),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -125,6 +140,11 @@ func TestAccFolderOrganizationPolicy_list_update(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_list_denySome(org, folder),
 				Check:  testAccCheckGoogleFolderOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -143,6 +163,11 @@ func TestAccFolderOrganizationPolicy_restore_defaultTrue(t *testing.T) {
 				Config: testAccFolderOrganizationPolicy_restore_defaultTrue(org, folder),
 				Check:  getGoogleFolderOrganizationRestoreDefaultTrue("restore", &cloudresourcemanager.RestoreDefault{}),
 			},
+			{
+				ResourceName:      "google_folder_organization_policy.restore",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
diff --git a/google/resource_google_project_organization_policy.go b/google/resource_google_project_organization_policy.go
@@ -2,6 +2,7 @@ package google
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/hashicorp/terraform/helper/schema"
 	"google.golang.org/api/cloudresourcemanager/v1"
@@ -14,6 +15,10 @@ func resourceGoogleProjectOrganizationPolicy() *schema.Resource {
 		Update: resourceGoogleProjectOrganizationPolicyUpdate,
 		Delete: resourceGoogleProjectOrganizationPolicyDelete,
 
+		Importer: &schema.ResourceImporter{
+			State: resourceProjectOrgPolicyImporter,
+		},
+
 		Schema: mergeSchemas(
 			schemaOrganizationPolicy,
 			map[string]*schema.Schema{
@@ -27,6 +32,17 @@ func resourceGoogleProjectOrganizationPolicy() *schema.Resource {
 	}
 }
 
+func resourceProjectOrgPolicyImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	parts := strings.Split(d.Id(), ":")
+	if len(parts) != 2 {
+		return nil, fmt.Errorf("ID must be in the format <projectId>:constraints/<constraint>")
+	}
+	d.Set("project", parts[0])
+	d.Set("constraint", parts[1])
+
+	return []*schema.ResourceData{d}, nil
+}
+
 func resourceGoogleProjectOrganizationPolicyCreate(d *schema.ResourceData, meta interface{}) error {
 	if err := setProjectOrganizationPolicy(d, meta); err != nil {
 		return err
diff --git a/google/resource_google_project_organization_policy_test.go b/google/resource_google_project_organization_policy_test.go
@@ -84,6 +84,11 @@ func testAccProjectOrganizationPolicy_list_allowAll(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_allowAll(projectId),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyAll("list", "ALLOW"),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -100,6 +105,11 @@ func testAccProjectOrganizationPolicy_list_allowSome(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_allowSome(project),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyAllowedValues("list", []string{canonicalProject}),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -115,6 +125,11 @@ func testAccProjectOrganizationPolicy_list_denySome(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_denySome(projectId),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -134,6 +149,11 @@ func testAccProjectOrganizationPolicy_list_update(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_list_denySome(projectId),
 				Check:  testAccCheckGoogleProjectOrganizationListPolicyDeniedValues("list", DENIED_ORG_POLICIES),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.list",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -150,6 +170,11 @@ func testAccProjectOrganizationPolicy_restore_defaultTrue(t *testing.T) {
 				Config: testAccProjectOrganizationPolicyConfig_restore_defaultTrue(projectId),
 				Check:  getGoogleProjectOrganizationRestoreDefaultTrue("restore", &cloudresourcemanager.RestoreDefault{}),
 			},
+			{
+				ResourceName:      "google_project_organization_policy.restore",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
diff --git a/website/docs/r/google_folder_organization_policy.html.markdown b/website/docs/r/google_folder_organization_policy.html.markdown
@@ -127,3 +127,11 @@ exported:
 * `etag` - (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. 
 
 * `update_time` - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
+
+## Import
+
+Folder organization policies can be imported with the format `folders/<folderId>:constraints/<constraint>`. eg
+
+```
+$ terraform import google_folder_organization_policy.policy folders/folder-1234:constraints/serviceuser.services
+```
diff --git a/website/docs/r/google_project_organization_policy.html.markdown b/website/docs/r/google_project_organization_policy.html.markdown
@@ -91,7 +91,7 @@ The following arguments are supported:
 
 * `list_policy` - (Optional) A policy that can define specific values that are allowed or denied for the given constraint. It can also be used to allow or deny all values. Structure is documented below.
 
-* `restore_policy` - (Optional) A restore policy is a constraint to restore the default policy. Structure is documented below. 
+* `restore_policy` - (Optional) A restore policy is a constraint to restore the default policy. Structure is documented below.
 
 - - -
 
@@ -126,3 +126,11 @@ exported:
 * `etag` - (Computed) The etag of the organization policy. `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other.
 
 * `update_time` - (Computed) The timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds, representing when the variable was last updated. Example: "2016-10-09T12:33:37.578138407Z".
+
+## Import
+
+Project organization policies can be imported with the format `<projectId>:constraints/<constraint>`. eg
+
+```
+$ terraform import google_project_organization_policy.policy test-project:constraints/serviceuser.services
+```
diff --git a/website/docs/r/sql_ssl_cert.html.markdown b/website/docs/r/sql_ssl_cert.html.markdown
@@ -39,12 +39,9 @@ The following arguments are supported:
 * `instance` - (Required) The name of the Cloud SQL instance. Changing this
     forces a new resource to be created.
 
-* `common_name` - (Required) The common name to be used in the certificate to identify the
+* `common_name` - (Required) The common name to be used in the certificate to identify the 
     client. Constrained to [a-zA-Z.-_ ]+. Changing this forces a new resource to be created.
 
-* `project` - (Optional) The ID of the project in which the resource belongs. If it
-    is not provided, the provider project is used.
-
 
 ## Attributes Reference
 
@@ -56,9 +53,9 @@ exported:
 * `server_ca_cert` - The CA cert of the server this client cert was generated from.
 * `cert` - The actual certificate data for this client certificate.
 * `cert_serial_number` - The serial number extracted from the certificate data.
-* `create_time` - The time when the certificate was created in RFC 3339 format,
+* `create_time` - The time when the certificate was created in RFC 3339 format, 
     for example 2012-11-15T16:19:00.094Z.
-* `expiration_time` - The time when the certificate expires in RFC 3339 format,
+* `expiration_time` - The time when the certificate expires in RFC 3339 format, 
     for example 2012-11-15T16:19:00.094Z.
 
 ## Import
