Place security policy under folder for easier cleanup (#5174) (#3601)

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/5174.txt

@@ -0,0 +1,3 @@
+```release-note:none
+
+```

google-beta/resource_compute_organization_security_policy_association.go

@@ -239,8 +239,7 @@ func resourceComputeOrganizationSecurityPolicyAssociationDelete(d *schema.Resour
 func resourceComputeOrganizationSecurityPolicyAssociationImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
 	config := meta.(*Config)
 	if err := parseImportId([]string{
-		"(?P<policy_id>[^/]+)/association/(?P<name>[^/]+)",
-		"(?P<policy_id>[^/]+)/(?P<name>[^/]+)",
+		"(?P<policy_id>.+)/association/(?P<name>[^/]+)",
 	}, d, config); err != nil {
 		return nil, err
 	}

google-beta/resource_compute_organization_security_policy_association_generated_test.go

@@ -51,16 +51,20 @@ func TestAccComputeOrganizationSecurityPolicyAssociation_organizationSecurityPol
 
 func testAccComputeOrganizationSecurityPolicyAssociation_organizationSecurityPolicyAssociationBasicExample(context map[string]interface{}) string {
 	return Nprintf(`
+resource "google_folder" "security_policy_target" {
+  provider     = google-beta
+  display_name = "tf-test-secpol-%{random_suffix}"
+  parent       = "organizations/%{org_id}"
+}
+
 resource "google_compute_organization_security_policy" "policy" {
   provider = google-beta
-
   display_name = "tf-test%{random_suffix}"
-  parent       = "organizations/%{org_id}"
+  parent       = google_folder.security_policy_target.name
 }
 
 resource "google_compute_organization_security_policy_rule" "policy" {
   provider = google-beta
-
   policy_id = google_compute_organization_security_policy.policy.id
   action = "allow"
 
@@ -83,7 +87,6 @@ resource "google_compute_organization_security_policy_rule" "policy" {
 
 resource "google_compute_organization_security_policy_association" "policy" {
   provider = google-beta
-
   name          = "tf-test%{random_suffix}"
   attachment_id = google_compute_organization_security_policy.policy.parent
   policy_id     = google_compute_organization_security_policy.policy.id

google-beta/resource_compute_organization_security_policy_generated_test.go

@@ -52,7 +52,6 @@ func testAccComputeOrganizationSecurityPolicy_organizationSecurityPolicyBasicExa
 	return Nprintf(`
 resource "google_compute_organization_security_policy" "policy" {
   provider = google-beta
-
   display_name = "tf-test%{random_suffix}"
   parent       = "organizations/%{org_id}"
 }

google-beta/resource_compute_organization_security_policy_rule.go

@@ -19,7 +19,6 @@ import (
 	"log"
 	"reflect"
 	"strconv"
-	"strings"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
@@ -540,33 +539,18 @@ func resourceComputeOrganizationSecurityPolicyRuleDelete(d *schema.ResourceData,
 
 func resourceComputeOrganizationSecurityPolicyRuleImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
 	config := meta.(*Config)
-
-	// current import_formats can't import fields with forward slashes in their value
-	if err := parseImportId([]string{"(?P<policy_id>.+)"}, d, config); err != nil {
+	if err := parseImportId([]string{
+		"(?P<policy_id>.+)/priority/(?P<priority>[^/]+)",
+	}, d, config); err != nil {
 		return nil, err
 	}
 
-	nameParts := strings.Split(d.Get("policy_id").(string), "/")
-	if len(nameParts) != 6 {
-		return nil, fmt.Errorf(
-			"Saw %s when the import ID is expected to have shape %s",
-			d.Get("policy_id").(string),
-			"locations/global/securityPolicies/{{policy_id}}/priority/{{priority}}",
-		)
-	}
-	if err := d.Set("policy_id", fmt.Sprintf("locations/global/securityPolicies/%s", nameParts[3])); err != nil {
-		return nil, fmt.Errorf("Error setting policy_id: %s", err)
-	}
-
-	if prio, err := strconv.ParseInt(nameParts[5], 10, 64); err != nil {
-		return nil, fmt.Errorf(
-			"Priority %s cannot be converted to integer", nameParts[5],
-		)
-	} else {
-		if err := d.Set("priority", prio); err != nil {
-			return nil, fmt.Errorf("Error setting priority: %s", err)
-		}
+	// Replace import id for the resource id
+	id, err := replaceVars(d, config, "{{policy_id}}/priority/{{priority}}")
+	if err != nil {
+		return nil, fmt.Errorf("Error constructing id: %s", err)
 	}
+	d.SetId(id)
 
 	return []*schema.ResourceData{d}, nil
 }

google-beta/resource_compute_organization_security_policy_rule_generated_test.go

@@ -53,7 +53,6 @@ func testAccComputeOrganizationSecurityPolicyRule_organizationSecurityPolicyRule
 	return Nprintf(`
 resource "google_compute_organization_security_policy" "policy" {
   provider = google-beta
-
   display_name = "tf-test%{random_suffix}"
   parent       = "organizations/%{org_id}"
 }

google-beta/resource_compute_organization_security_policy_rule_test.go

@@ -41,13 +41,16 @@ func TestAccComputeOrganizationSecurityPolicyRule_organizationSecurityPolicyRule
 
 func testAccComputeOrganizationSecurityPolicyRule_organizationSecurityPolicyRulePreUpdateExample(context map[string]interface{}) string {
 	return Nprintf(`
-resource "google_compute_organization_security_policy" "policy" {
-  display_name = "tf-test%{random_suffix}"
+resource "google_folder" "security_policy_target" {
+  display_name = "tf-test-secpol-%{random_suffix}"
   parent       = "organizations/%{org_id}"
 }
 
+resource "google_compute_organization_security_policy" "policy" {
+  display_name = "tf-test%{random_suffix}"
+  parent       = google_folder.security_policy_target.name
+}
 resource "google_compute_organization_security_policy_rule" "policy" {
-
   policy_id = google_compute_organization_security_policy.policy.id
   action = "allow"
 
@@ -72,13 +75,17 @@ resource "google_compute_organization_security_policy_rule" "policy" {
 
 func testAccComputeOrganizationSecurityPolicyRule_organizationSecurityPolicyRulePostUpdateExample(context map[string]interface{}) string {
 	return Nprintf(`
+resource "google_folder" "security_policy_target" {
+  display_name = "tf-test-secpol-%{random_suffix}"
+  parent       = "organizations/%{org_id}"
+}
+
 resource "google_compute_organization_security_policy" "policy" {
   display_name = "tf-test%{random_suffix}"
-  parent       = "organizations/%{org_id}"
+  parent       = google_folder.security_policy_target.name
 }
 
 resource "google_compute_organization_security_policy_rule" "policy" {
-
   policy_id = google_compute_organization_security_policy.policy.id
   action = "deny"
 

website/docs/r/compute_organization_security_policy.html.markdown

@@ -39,7 +39,6 @@ To get more information about OrganizationSecurityPolicy, see:
 ```hcl
 resource "google_compute_organization_security_policy" "policy" {
   provider = google-beta
-
   display_name = "tf-test%{random_suffix}"
   parent       = "organizations/123456789"
 }

website/docs/r/compute_organization_security_policy_association.html.markdown

@@ -37,16 +37,20 @@ To get more information about OrganizationSecurityPolicyAssociation, see:
 
 
 ```hcl
+resource "google_folder" "security_policy_target" {
+  provider     = google-beta
+  display_name = "tf-test-secpol-%{random_suffix}"
+  parent       = "organizations/123456789"
+}
+
 resource "google_compute_organization_security_policy" "policy" {
   provider = google-beta
-
   display_name = "tf-test%{random_suffix}"
-  parent       = "organizations/123456789"
+  parent       = google_folder.security_policy_target.name
 }
 
 resource "google_compute_organization_security_policy_rule" "policy" {
   provider = google-beta
-
   policy_id = google_compute_organization_security_policy.policy.id
   action = "allow"
 
@@ -69,7 +73,6 @@ resource "google_compute_organization_security_policy_rule" "policy" {
 
 resource "google_compute_organization_security_policy_association" "policy" {
   provider = google-beta
-
   name          = "tf-test%{random_suffix}"
   attachment_id = google_compute_organization_security_policy.policy.parent
   policy_id     = google_compute_organization_security_policy.policy.id
@@ -123,5 +126,4 @@ OrganizationSecurityPolicyAssociation can be imported using any of these accepte
 
 ```
 $ terraform import google_compute_organization_security_policy_association.default {{policy_id}}/association/{{name}}
-$ terraform import google_compute_organization_security_policy_association.default {{policy_id}}/{{name}}
 ```

website/docs/r/compute_organization_security_policy_rule.html.markdown

@@ -39,7 +39,6 @@ To get more information about OrganizationSecurityPolicyRule, see:
 ```hcl
 resource "google_compute_organization_security_policy" "policy" {
   provider = google-beta
-
   display_name = "tf-test%{random_suffix}"
   parent       = "organizations/123456789"
 }
@@ -208,5 +207,4 @@ OrganizationSecurityPolicyRule can be imported using any of these accepted forma
 
 ```
 $ terraform import google_compute_organization_security_policy_rule.default {{policy_id}}/priority/{{priority}}
-$ terraform import google_compute_organization_security_policy_rule.default {{policy_id}}/{{priority}}
 ```