feat: Add support for new organization policies (#863)

* add support for Public Access Prevention organization policy * add support for Restrict Authorized Networks on Cloud SQL instances organization policy * add new org policies to the integration test validation
terraform-google-modules · Nov 3, 2022 · 9c17c13 · 9c17c13
1 parent 82aa221
commit 9c17c13
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/1-org/envs/shared/org_policy.tf b/1-org/envs/shared/org_policy.tf
@@ -32,10 +32,12 @@ locals {
     "compute.setNewProjectDefaultToZonalDNSOnly",
     "compute.requireOsLogin",
     "sql.restrictPublicIp",
+    "sql.restrictAuthorizedNetworks",
     "iam.disableServiceAccountKeyCreation",
     "iam.automaticIamGrantsForDefaultServiceAccounts",
     "iam.disableServiceAccountKeyUpload",
-    "storage.uniformBucketLevelAccess"
+    "storage.uniformBucketLevelAccess",
+    "storage.publicAccessPrevention"
   ])
 }
 

diff --git a/test/integration/org/org_test.go b/test/integration/org/org_test.go
@@ -141,8 +141,10 @@ func TestOrg(t *testing.T) {
 				"constraints/compute.skipDefaultNetworkCreation",
 				"constraints/compute.restrictXpnProjectLienRemoval",
 				"constraints/sql.restrictPublicIp",
+				"constraints/sql.restrictAuthorizedNetworks",
 				"constraints/iam.disableServiceAccountKeyCreation",
 				"constraints/storage.uniformBucketLevelAccess",
+				"constraints/storage.publicAccessPrevention",
 				"constraints/iam.automaticIamGrantsForDefaultServiceAccounts",
 			} {
 				orgPolicy := gcloud.Runf(t, "resource-manager org-policies describe %s --folder %s", booleanConstraint, parentFolder)