Assigned
Status Update
No update yet.
Comments
va...@google.com
vo...@google.com
ba...@google.com
ka...@google.com
Hello,
Thank you for reaching out. I'm going to create an internal feature request. Please keep in mind that this feature request has to be analyzed and considered by the product team and I can't provide you ETA for it to be delivered. However, you can keep track of the status by following this thread.
Description
Please add a new boolean parameter to the create method such as override = true so that the create request essentially converts to a patch request. The boolean will only come into effect if the create request fails with the error ALREADY_EXISTS.
From my understanding the Google Terraform module, org_policy_v2, is generated based on yaml files and cannot be customized to workaround this API limitation when trying to create new org policies.
I have to manually set all org policies to inherit from parent in order for Terraform to begin managing them. This is very inconvenient and may be a security risk as I have to disable my org policies in order for me to begin managing them with Terraform. These policies may be set to inherit from parent for multiple hours as I work through disabling the 100+ policies and for the Terraform deployment pipeline to apply and take over management of the policies.