SSPROD-54180 logless ciem test updates (#57)

* SSPROD-54180 aws logless ciem test updates

* SSPROD-54180 adding ignore changes to basic feature

* SSPROD-54180 ignore basic ciem flag and component changes

Author: ajay-rangarajan

test/examples/organization/cloud_logs.tf

@@ -17,10 +17,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [module.cloud-logs]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.cloud-logs.cloud_logs_component_id]
-  depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.config_posture]
-}
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.cloud-logs.cloud_logs_component_id])
+  depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
+}

test/examples/organization/cloud_logs_gov.tf

@@ -18,10 +18,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [module.cloud-logs]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.cloud-logs.cloud_logs_component_id]
-  depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.config_posture]
-}
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.cloud-logs.cloud_logs_component_id])
+  depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
+}

test/examples/organization/event_bridge.tf

@@ -26,10 +26,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [module.event-bridge]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.event-bridge.event_bridge_component_id]
-  depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.config_posture]
-}
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.event-bridge.event_bridge_component_id])
+  depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
+}

test/examples/organization/event_bridge_gov.tf

@@ -20,10 +20,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [module.event-bridge]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.event-bridge.event_bridge_component_id]
-  depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.config_posture]
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.event-bridge.event_bridge_component_id])
+  depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
 }

test/examples/organization/onboarding_with_cspm.tf

@@ -50,3 +50,18 @@ resource "sysdig_secure_cloud_auth_account_feature" "config_posture" {
   components = [module.config-posture.config_posture_component_id]
   depends_on = [module.config-posture]
 }
+
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" {
+  account_id = module.onboarding.sysdig_secure_account_id
+  type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
+  enabled    = true
+  components = [module.config-posture.config_posture_component_id]
+  depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture]
+  flags = {
+    "CIEM_FEATURE_MODE": "basic"
+  }
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
+}

test/examples/organization/onboarding_with_cspm_gov.tf

@@ -39,3 +39,18 @@ resource "sysdig_secure_cloud_auth_account_feature" "config_posture" {
   components = [module.config-posture.config_posture_component_id]
   depends_on = [module.config-posture]
 }
+
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" {
+  account_id = module.onboarding.sysdig_secure_account_id
+  type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
+  enabled    = true
+  components = [module.config-posture.config_posture_component_id]
+  depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture]
+  flags = {
+    "CIEM_FEATURE_MODE": "basic"
+  }
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
+}

test/examples/single_account/cloud_logs.tf

@@ -17,10 +17,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [module.cloud-logs]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.cloud-logs.cloud_logs_component_id]
-  depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.config_posture]
-}
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.cloud-logs.cloud_logs_component_id])
+  depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
+}

test/examples/single_account/cloud_logs_gov.tf

@@ -18,10 +18,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [module.cloud-logs]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.cloud-logs.cloud_logs_component_id]
-  depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.config_posture]
-}
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.cloud-logs.cloud_logs_component_id])
+  depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
+}

test/examples/single_account/event_bridge.tf

@@ -17,10 +17,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [module.event-bridge]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.event-bridge.event_bridge_component_id]
-  depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.config_posture]
-}
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.event-bridge.event_bridge_component_id])
+  depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
+}

test/examples/single_account/event_bridge_gov.tf

@@ -18,10 +18,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [module.event-bridge]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.event-bridge.event_bridge_component_id]
-  depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.config_posture]
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.event-bridge.event_bridge_component_id])
+  depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
 }