Reorder org policy rules

2023-01-03 16:37:32 +01:00
parent 0380c1004b
commit 065b1471a8
8 changed files with 82 additions and 82 deletions
--- a/modules/organization/organization-policies.tf
+++ b/modules/organization/organization-policies.tf
@@ -95,23 +95,6 @@ resource "google_org_policy_policy" "default" {
    inherit_from_parent = each.value.inherit_from_parent
    reset               = each.value.reset

-    rules {
-      allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
-      deny_all  = try(each.value.deny.all, null) == true ? "TRUE" : null
-      enforce = (
-        each.value.is_boolean_policy && each.value.enforce != null
-        ? upper(tostring(each.value.enforce))
-        : null
-      )
-      dynamic "values" {
-        for_each = each.value.has_values ? [1] : []
-        content {
-          allowed_values = try(each.value.allow.values, null)
-          denied_values  = try(each.value.deny.values, null)
-        }
-      }
-    }
-
    dynamic "rules" {
      for_each = each.value.rules
      iterator = rule
@@ -138,6 +121,23 @@ resource "google_org_policy_policy" "default" {
        }
      }
    }
+
+    rules {
+      allow_all = try(each.value.allow.all, null) == true ? "TRUE" : null
+      deny_all  = try(each.value.deny.all, null) == true ? "TRUE" : null
+      enforce = (
+        each.value.is_boolean_policy && each.value.enforce != null
+        ? upper(tostring(each.value.enforce))
+        : null
+      )
+      dynamic "values" {
+        for_each = each.value.has_values ? [1] : []
+        content {
+          allowed_values = try(each.value.allow.values, null)
+          denied_values  = try(each.value.deny.values, null)
+        }
+      }
+    }
  }

  depends_on = [