SSPROD-54180 logless ciem test updates (#61)

* SSPROD-54180 gcp logless ciem test updates

* SSPROD-54180 adding ignore lifecycle for basic ciem flags

* SSPROD-54180 ignore basic ciem flag and component changes

Author: ajay-rangarajan

test/examples/modular_organization/onboarding_with_posture.tf

@@ -38,4 +38,19 @@ resource "sysdig_secure_cloud_auth_account_feature" "config_posture" {
   enabled    = true
   components = [module.config-posture.service_principal_component_id]
   depends_on = [module.config-posture]
-}
+}
+
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" {
+  account_id = module.onboarding.sysdig_secure_account_id
+  type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
+  enabled    = true
+  components = [module.config-posture.service_principal_component_id]
+  depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture]
+  flags = {
+    "CIEM_FEATURE_MODE": "basic"
+  }
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
+}

test/examples/modular_organization/pub-sub-admin-write-only1.tf

@@ -27,10 +27,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [ module.pub-sub ]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.pub-sub.pubsub_datasource_component_id]
-  depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub]
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id])
+  depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
 }

test/examples/modular_organization/pub-sub-admin-write-only2.tf

@@ -22,10 +22,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [ module.pub-sub ]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.pub-sub.pubsub_datasource_component_id]
-  depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub]
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id])
+  depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
 }

test/examples/modular_organization/pub-sub.tf

@@ -53,10 +53,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [ module.pub-sub ]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.pub-sub.pubsub_datasource_component_id]
-  depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub]
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id])
+  depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
 }

test/examples/modular_single_project/onboarding_with_posture.tf

@@ -34,4 +34,19 @@ resource "sysdig_secure_cloud_auth_account_feature" "config_posture" {
   enabled    = true
   components = [module.config-posture.service_principal_component_id]
   depends_on = [module.config-posture]
-}
+}
+
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" {
+  account_id = module.onboarding.sysdig_secure_account_id
+  type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
+  enabled    = true
+  components = [module.config-posture.service_principal_component_id]
+  depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture]
+  flags = {
+    "CIEM_FEATURE_MODE": "basic"
+  }
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
+}

test/examples/modular_single_project/pub-sub-admin-write-only1.tf

@@ -25,10 +25,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [ module.pub-sub ]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.pub-sub.pubsub_datasource_component_id]
-  depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub]
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id])
+  depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
 }

test/examples/modular_single_project/pub-sub-admin-write-only2.tf

@@ -20,10 +20,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [ module.pub-sub ]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.pub-sub.pubsub_datasource_component_id]
-  depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub]
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id])
+  depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
 }

test/examples/modular_single_project/pub-sub.tf

@@ -51,10 +51,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" {
   depends_on = [ module.pub-sub ]
 }
 
-resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" {
+resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" {
   account_id = module.onboarding.sysdig_secure_account_id
   type       = "FEATURE_SECURE_IDENTITY_ENTITLEMENT"
   enabled    = true
-  components = [module.pub-sub.pubsub_datasource_component_id]
-  depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub]
+  components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id])
+  depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic]
+  flags = {"CIEM_FEATURE_MODE": "advanced"}
+
+  lifecycle {
+    ignore_changes = [flags, components]
+  }
 }