chore: add var lacework_integration_guid to outputs and sleep for az role propogation

README.md

@@ -49,6 +49,7 @@ All code contributions made by Lacework customers to this repo are considered 
 | <a name="provider_lacework"></a> [lacework](#provider\_lacework) | ~> 2.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | n/a |
 | <a name="provider_terraform"></a> [terraform](#provider\_terraform) | n/a |
+| <a name="provider_time"></a> [time](#provider\_time) | n/a |
 
 ## Modules
 
@@ -91,6 +92,7 @@ No modules.
 | [lacework_integration_azure_agentless_scanning.lacework_cloud_account](https://registry.terraform.io/providers/lacework/lacework/latest/docs/resources/integration_azure_agentless_scanning) | resource |
 | [random_id.uniq](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
 | [terraform_data.job_execution_now](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
+| [time_sleep.wait_for_role_assignment_propagation](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |
 | [azurerm_resource_group.scanning_rg](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) | data source |
 | [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |
@@ -152,6 +154,7 @@ No modules.
 | <a name="output_key_vault_uri"></a> [key\_vault\_uri](#output\_key\_vault\_uri) | The URI of the key vault that stores LW account details |
 | <a name="output_lacework_account"></a> [lacework\_account](#output\_lacework\_account) | Lacework Account Name for Integration. |
 | <a name="output_lacework_domain"></a> [lacework\_domain](#output\_lacework\_domain) | Lacework Domain Name for Integration. |
+| <a name="output_lacework_integration_guid"></a> [lacework\_integration\_guid](#output\_lacework\_integration\_guid) | GUID of the created Lacework integration |
 | <a name="output_lacework_integration_name"></a> [lacework\_integration\_name](#output\_lacework\_integration\_name) | The name of the integration. Passed along in global module reference. |
 | <a name="output_monitored_subscription_role_definition_id"></a> [monitored\_subscription\_role\_definition\_id](#output\_monitored\_subscription\_role\_definition\_id) | The id of the monitored subscription role definition |
 | <a name="output_prefix"></a> [prefix](#output\_prefix) | Prefix used to add uniqueness to resource names. |

main.tf

@@ -186,6 +186,15 @@ data "azurerm_resource_group" "scanning_rg" {
   name = local.scanning_resource_group_name
 }
 
+// Azure role propagation takes few seconds,so we are adding sleep before calling lacework api. 
+resource "time_sleep" "wait_for_role_assignment_propagation" {
+  depends_on = [
+    azurerm_role_assignment.storage_data_loader,
+    azurerm_role_assignment.storage_sidekick,
+  ]
+  create_duration = "20s" // adjust if needed
+}
+
 // Lacework Cloud Account Integration
 resource "lacework_integration_azure_agentless_scanning" "lacework_cloud_account" {
   count = var.global ? 1 : 0
@@ -195,6 +204,7 @@ resource "lacework_integration_azure_agentless_scanning" "lacework_cloud_account
   depends_on = [
     azuread_service_principal.data_loader,
     azurerm_storage_container.scanning,
+    time_sleep.wait_for_role_assignment_propagation,
   ]
 
   name = local.lacework_integration_name_local
@@ -403,7 +413,7 @@ resource "azurerm_role_assignment" "storage_sidekick" {
 resource "azurerm_role_assignment" "storage_data_loader" {
   count = var.global ? 1 : 0
 
-  principal_id         = azuread_service_principal.data_loader[0].id
+  principal_id         = azuread_service_principal.data_loader[0].object_id
   role_definition_name = "Storage Blob Data Reader"
   scope                = local.storage_account_id
 }
@@ -632,4 +642,4 @@ resource "terraform_data" "job_execution_now" {
 data "lacework_metric_module" "lwmetrics" {
   name    = local.module_name
   version = local.module_version
-}
+}

output.tf

@@ -108,3 +108,8 @@ output "scanning_subscription_id" {
   value       = data.azurerm_subscription.current.subscription_id
   description = "The subscription ID where scanning resources are deployed"
 }
+
+output "lacework_integration_guid" {
+  value = length(lacework_integration_azure_agentless_scanning.lacework_cloud_account) > 0 ? lacework_integration_azure_agentless_scanning.lacework_cloud_account[0].intg_guid : null
+  description = "GUID of the created Lacework integration"
+}