From 00f24698d0d84353f77f14068db7c4867dc5e15c Mon Sep 17 00:00:00 2001
From: Ludovico Magnocavallo <ludomagno@google.com>
Date: Sun, 13 Feb 2022 10:40:23 +0100
Subject: [PATCH] refactor DRS org policy

---
 fast/stages/01-resman/organization.tf | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/fast/stages/01-resman/organization.tf b/fast/stages/01-resman/organization.tf
index 5c52c00c..b8d2d0aa 100644
--- a/fast/stages/01-resman/organization.tf
+++ b/fast/stages/01-resman/organization.tf
@@ -104,15 +104,13 @@ module "organization" {
       local.list_allow, { values = ["in:INTERNAL"] }
     )
     "constraints/compute.vmExternalIpAccess" = local.list_deny
-    "constraints/iam.allowedPolicyMemberDomains" = {
-      inherit_from_parent = false
-      suggested_value     = null
-      status              = true
-      values = concat(
-        [var.organization.customer_id],
-        try(local.policy_configs.allowed_policy_member_domains, [])
-      )
-    }
+    "constraints/iam.allowedPolicyMemberDomains" = merge(
+      local.list_allow, {
+        values = concat(
+          [var.organization.customer_id],
+          try(local.policy_configs.allowed_policy_member_domains, [])
+        )
+    })
     "constraints/run.allowedIngress" = merge(
       local.list_allow, { values = ["is:internal"] }
     )