From 6a7a4c240abd0ecb09f3894352a2736792792750 Mon Sep 17 00:00:00 2001 From: Ajay Rangarajan Date: Thu, 27 Mar 2025 19:24:24 -0500 Subject: [PATCH 1/3] SSPROD-54180 gcp logless ciem test updates --- .../modular_organization/onboarding_with_posture.tf | 11 ++++++++++- .../modular_organization/pub-sub-admin-write-only1.tf | 7 ++++--- .../modular_organization/pub-sub-admin-write-only2.tf | 7 ++++--- test/examples/modular_organization/pub-sub.tf | 7 ++++--- .../modular_single_project/onboarding_with_posture.tf | 11 ++++++++++- .../pub-sub-admin-write-only1.tf | 7 ++++--- .../pub-sub-admin-write-only2.tf | 7 ++++--- test/examples/modular_single_project/pub-sub.tf | 7 ++++--- 8 files changed, 44 insertions(+), 20 deletions(-) diff --git a/test/examples/modular_organization/onboarding_with_posture.tf b/test/examples/modular_organization/onboarding_with_posture.tf index 214c779..1ab626a 100644 --- a/test/examples/modular_organization/onboarding_with_posture.tf +++ b/test/examples/modular_organization/onboarding_with_posture.tf @@ -38,4 +38,13 @@ resource "sysdig_secure_cloud_auth_account_feature" "config_posture" { enabled = true components = [module.config-posture.service_principal_component_id] depends_on = [module.config-posture] -} \ No newline at end of file +} + +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" { + account_id = module.onboarding.sysdig_secure_account_id + type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" + enabled = true + components = [module.config-posture.service_principal_component_id] + depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture] + flags = {"CIEM_FEATURE_MODE": "basic"} +} diff --git a/test/examples/modular_organization/pub-sub-admin-write-only1.tf b/test/examples/modular_organization/pub-sub-admin-write-only1.tf index bf702d6..e6c18b2 100644 --- a/test/examples/modular_organization/pub-sub-admin-write-only1.tf +++ b/test/examples/modular_organization/pub-sub-admin-write-only1.tf @@ -27,10 +27,11 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [ module.pub-sub ] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.pub-sub.pubsub_datasource_component_id] - depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub] + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) + depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} } diff --git a/test/examples/modular_organization/pub-sub-admin-write-only2.tf b/test/examples/modular_organization/pub-sub-admin-write-only2.tf index 7dec324..ea30482 100644 --- a/test/examples/modular_organization/pub-sub-admin-write-only2.tf +++ b/test/examples/modular_organization/pub-sub-admin-write-only2.tf @@ -22,10 +22,11 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [ module.pub-sub ] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.pub-sub.pubsub_datasource_component_id] - depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub] + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) + depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} } diff --git a/test/examples/modular_organization/pub-sub.tf b/test/examples/modular_organization/pub-sub.tf index eb9fd34..d8243df 100644 --- a/test/examples/modular_organization/pub-sub.tf +++ b/test/examples/modular_organization/pub-sub.tf @@ -53,10 +53,11 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [ module.pub-sub ] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.pub-sub.pubsub_datasource_component_id] - depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub] + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) + depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} } diff --git a/test/examples/modular_single_project/onboarding_with_posture.tf b/test/examples/modular_single_project/onboarding_with_posture.tf index b46b41d..62b3c82 100644 --- a/test/examples/modular_single_project/onboarding_with_posture.tf +++ b/test/examples/modular_single_project/onboarding_with_posture.tf @@ -34,4 +34,13 @@ resource "sysdig_secure_cloud_auth_account_feature" "config_posture" { enabled = true components = [module.config-posture.service_principal_component_id] depends_on = [module.config-posture] -} \ No newline at end of file +} + +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" { + account_id = module.onboarding.sysdig_secure_account_id + type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" + enabled = true + components = [module.config-posture.service_principal_component_id] + depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture] + flags = {"CIEM_FEATURE_MODE": "basic"} +} diff --git a/test/examples/modular_single_project/pub-sub-admin-write-only1.tf b/test/examples/modular_single_project/pub-sub-admin-write-only1.tf index c237c03..0550057 100644 --- a/test/examples/modular_single_project/pub-sub-admin-write-only1.tf +++ b/test/examples/modular_single_project/pub-sub-admin-write-only1.tf @@ -25,10 +25,11 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [ module.pub-sub ] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.pub-sub.pubsub_datasource_component_id] - depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub] + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) + depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} } diff --git a/test/examples/modular_single_project/pub-sub-admin-write-only2.tf b/test/examples/modular_single_project/pub-sub-admin-write-only2.tf index 4f4bd82..519f64f 100644 --- a/test/examples/modular_single_project/pub-sub-admin-write-only2.tf +++ b/test/examples/modular_single_project/pub-sub-admin-write-only2.tf @@ -20,10 +20,11 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [ module.pub-sub ] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.pub-sub.pubsub_datasource_component_id] - depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub] + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) + depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} } diff --git a/test/examples/modular_single_project/pub-sub.tf b/test/examples/modular_single_project/pub-sub.tf index 03b3bc9..28b25bc 100644 --- a/test/examples/modular_single_project/pub-sub.tf +++ b/test/examples/modular_single_project/pub-sub.tf @@ -51,10 +51,11 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [ module.pub-sub ] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.pub-sub.pubsub_datasource_component_id] - depends_on = [sysdig_secure_cloud_auth_account_feature.config_posture, module.pub-sub] + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) + depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} } From 32c9c2240f5877cc77a15ed9a5bdd34f9a811e75 Mon Sep 17 00:00:00 2001 From: Ajay Rangarajan Date: Tue, 1 Apr 2025 12:18:36 -0500 Subject: [PATCH 2/3] SSPROD-54180 adding ignore lifecycle for basic ciem flags --- .../modular_organization/onboarding_with_posture.tf | 8 +++++++- .../modular_single_project/onboarding_with_posture.tf | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/test/examples/modular_organization/onboarding_with_posture.tf b/test/examples/modular_organization/onboarding_with_posture.tf index 1ab626a..165bbde 100644 --- a/test/examples/modular_organization/onboarding_with_posture.tf +++ b/test/examples/modular_organization/onboarding_with_posture.tf @@ -46,5 +46,11 @@ resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" enabled = true components = [module.config-posture.service_principal_component_id] depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture] - flags = {"CIEM_FEATURE_MODE": "basic"} + flags = { + "CIEM_FEATURE_MODE": "basic" + } + + lifecycle { + ignore_changes = [flags] + } } diff --git a/test/examples/modular_single_project/onboarding_with_posture.tf b/test/examples/modular_single_project/onboarding_with_posture.tf index 62b3c82..d115023 100644 --- a/test/examples/modular_single_project/onboarding_with_posture.tf +++ b/test/examples/modular_single_project/onboarding_with_posture.tf @@ -42,5 +42,11 @@ resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" enabled = true components = [module.config-posture.service_principal_component_id] depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture] - flags = {"CIEM_FEATURE_MODE": "basic"} + flags = { + "CIEM_FEATURE_MODE": "basic" + } + + lifecycle { + ignore_changes = [flags] + } } From b5e18e9b6e01c89d713e6b22988c3c2b7301f961 Mon Sep 17 00:00:00 2001 From: Ajay Rangarajan Date: Mon, 7 Apr 2025 01:38:00 -0500 Subject: [PATCH 3/3] SSPROD-54180 ignore basic ciem flag and component changes --- test/examples/modular_organization/onboarding_with_posture.tf | 2 +- .../modular_organization/pub-sub-admin-write-only1.tf | 4 ++++ .../modular_organization/pub-sub-admin-write-only2.tf | 4 ++++ test/examples/modular_organization/pub-sub.tf | 4 ++++ .../modular_single_project/onboarding_with_posture.tf | 2 +- .../modular_single_project/pub-sub-admin-write-only1.tf | 4 ++++ .../modular_single_project/pub-sub-admin-write-only2.tf | 4 ++++ test/examples/modular_single_project/pub-sub.tf | 4 ++++ 8 files changed, 26 insertions(+), 2 deletions(-) diff --git a/test/examples/modular_organization/onboarding_with_posture.tf b/test/examples/modular_organization/onboarding_with_posture.tf index 165bbde..3b73142 100644 --- a/test/examples/modular_organization/onboarding_with_posture.tf +++ b/test/examples/modular_organization/onboarding_with_posture.tf @@ -51,6 +51,6 @@ resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" } lifecycle { - ignore_changes = [flags] + ignore_changes = [flags, components] } } diff --git a/test/examples/modular_organization/pub-sub-admin-write-only1.tf b/test/examples/modular_organization/pub-sub-admin-write-only1.tf index e6c18b2..38f57c7 100644 --- a/test/examples/modular_organization/pub-sub-admin-write-only1.tf +++ b/test/examples/modular_organization/pub-sub-admin-write-only1.tf @@ -34,4 +34,8 @@ resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanc components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } } diff --git a/test/examples/modular_organization/pub-sub-admin-write-only2.tf b/test/examples/modular_organization/pub-sub-admin-write-only2.tf index ea30482..efa1d06 100644 --- a/test/examples/modular_organization/pub-sub-admin-write-only2.tf +++ b/test/examples/modular_organization/pub-sub-admin-write-only2.tf @@ -29,4 +29,8 @@ resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanc components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } } diff --git a/test/examples/modular_organization/pub-sub.tf b/test/examples/modular_organization/pub-sub.tf index d8243df..eb08e0a 100644 --- a/test/examples/modular_organization/pub-sub.tf +++ b/test/examples/modular_organization/pub-sub.tf @@ -60,4 +60,8 @@ resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanc components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } } diff --git a/test/examples/modular_single_project/onboarding_with_posture.tf b/test/examples/modular_single_project/onboarding_with_posture.tf index d115023..81d241e 100644 --- a/test/examples/modular_single_project/onboarding_with_posture.tf +++ b/test/examples/modular_single_project/onboarding_with_posture.tf @@ -47,6 +47,6 @@ resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" } lifecycle { - ignore_changes = [flags] + ignore_changes = [flags, components] } } diff --git a/test/examples/modular_single_project/pub-sub-admin-write-only1.tf b/test/examples/modular_single_project/pub-sub-admin-write-only1.tf index 0550057..363f233 100644 --- a/test/examples/modular_single_project/pub-sub-admin-write-only1.tf +++ b/test/examples/modular_single_project/pub-sub-admin-write-only1.tf @@ -32,4 +32,8 @@ resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanc components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } } diff --git a/test/examples/modular_single_project/pub-sub-admin-write-only2.tf b/test/examples/modular_single_project/pub-sub-admin-write-only2.tf index 519f64f..52404bc 100644 --- a/test/examples/modular_single_project/pub-sub-admin-write-only2.tf +++ b/test/examples/modular_single_project/pub-sub-admin-write-only2.tf @@ -27,4 +27,8 @@ resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanc components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } } diff --git a/test/examples/modular_single_project/pub-sub.tf b/test/examples/modular_single_project/pub-sub.tf index 28b25bc..386e2e1 100644 --- a/test/examples/modular_single_project/pub-sub.tf +++ b/test/examples/modular_single_project/pub-sub.tf @@ -58,4 +58,8 @@ resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanc components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.pub-sub.pubsub_datasource_component_id]) depends_on = [module.pub-sub, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } }