add support for a google_project_organization_policy resource

[lawrenae]

I'd like to be able to do the equivelant of the following command in terraform:

cat allow-external-ip.json
{ "constraint": "constraints/compute.vmExternalIpAccess", "listPolicy": { "allValues": ALLOW }}

gcloud beta resource-manager org-policies set-policy allow-external-ip.json --project my-project-id

The bigger use case is to define an org policy at a folder level like so:

resource "google_folder_organization_policy" "no-external-ips" {
  folder     = "${google_folder.cool_folder.name}"
  constraint = "compute.vmExternalIpAccess"

  list_policy {
    deny {
      all = true
    }
  }
}

and then be able to "override" it on a per project basis:

resource "google_project_organization_policy" "cool-project-allow-external-IPs" {
  project    = "${google_project.cool_project.project_id}"
  constraint = "compute.vmExternalIpAccess"

  list_policy {
    allow {
      all = true
    }
  }
}

Thoughts? I'd be interested in alternatives to solving this problem, or implementing the solution in the provider, so please let me know.

Thanks!

-- Andy

[lawrenae]

Closing this issue with the PR being merged

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!