feat(cloudauth): organizational units (#437)

cgeers · web-flow · commit bf2eb198b5b1 · 2023-10-31T13:21:26.000-05:00
* feat(cloudauth): organizational units

* docs(cloudauth): new cloud org param: organizational_unit_ids

* fix(cloudauth): secureOrganizationFromResourceData

* fix(cloudauth): allow success on response OK, Created, Accepted
diff --git a/sysdig/common.go b/sysdig/common.go
@@ -60,4 +60,5 @@ const (
 	SchemaFeature                   = "feature"
 	SchemaManagementAccountId       = "management_account_id"
 	SchemaOrganizationIDKey         = "organization_id"
+	SchemaOrganizationalUnitIds     = "organizational_unit_ids"
 )
diff --git a/sysdig/internal/client/v2/organization.go b/sysdig/internal/client/v2/organization.go
@@ -35,7 +35,7 @@ func (client *Client) CreateOrganizationSecure(ctx context.Context, org *Organiz
 	}
 	defer response.Body.Close()
 
-	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated && response.StatusCode != http.StatusAccepted {
 		err = client.ErrorFromResponse(response)
 		return nil, err
 	}
@@ -88,7 +88,7 @@ func (client *Client) UpdateOrganizationSecure(ctx context.Context, orgID string
 	}
 	defer response.Body.Close()
 
-	if response.StatusCode != http.StatusOK {
+	if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated && response.StatusCode != http.StatusAccepted {
 		errStatus, err := client.ErrorAndStatusFromResponse(response)
 		return nil, errStatus, err
 	}
diff --git a/sysdig/resource_sysdig_secure_organization.go b/sysdig/resource_sysdig_secure_organization.go
@@ -38,6 +38,13 @@ func resourceSysdigSecureOrganization() *schema.Resource {
 				Type:     schema.TypeString,
 				Required: true,
 			},
+			SchemaOrganizationalUnitIds: {
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type: schema.TypeString,
+				},
+			},
 		},
 	}
 }
@@ -54,7 +61,7 @@ func resourceSysdigSecureOrganizationCreate(ctx context.Context, data *schema.Re
 
 	org := secureOrganizationFromResourceData(data)
 
-	orgCreated, err := client.CreateOrganizationSecure(ctx, &org)
+	orgCreated, err := client.CreateOrganizationSecure(ctx, org)
 	if err != nil {
 		return diag.FromErr(err)
 	}
@@ -111,7 +118,7 @@ func resourceSysdigSecureOrganizationUpdate(ctx context.Context, data *schema.Re
 
 	org := secureOrganizationFromResourceData(data)
 
-	_, errStatus, err := client.UpdateOrganizationSecure(ctx, data.Id(), &org)
+	_, errStatus, err := client.UpdateOrganizationSecure(ctx, data.Id(), org)
 	if err != nil {
 		if strings.Contains(errStatus, "404") {
 			return nil
@@ -122,12 +129,17 @@ func resourceSysdigSecureOrganizationUpdate(ctx context.Context, data *schema.Re
 	return nil
 }
 
-func secureOrganizationFromResourceData(data *schema.ResourceData) v2.OrganizationSecure {
-	return v2.OrganizationSecure{
-		CloudOrganization: cloudauth.CloudOrganization{
-			ManagementAccountId: data.Get(SchemaManagementAccountId).(string),
-		},
+func secureOrganizationFromResourceData(data *schema.ResourceData) *v2.OrganizationSecure {
+	secureOrganization := &v2.OrganizationSecure{CloudOrganization: cloudauth.CloudOrganization{}}
+	secureOrganization.CloudOrganization.ManagementAccountId = data.Get(SchemaManagementAccountId).(string)
+	organizationalUnitIdsData := data.Get(SchemaOrganizationalUnitIds).([]interface{})
+	for _, organizationalUnitIdData := range organizationalUnitIdsData {
+		secureOrganization.CloudOrganization.OrganizationalUnitIds = append(
+			secureOrganization.CloudOrganization.OrganizationalUnitIds,
+			organizationalUnitIdData.(string),
+		)
 	}
+	return secureOrganization
 }
 
 func secureOrganizationToResourceData(data *schema.ResourceData, org *v2.OrganizationSecure) error {
@@ -136,6 +148,11 @@ func secureOrganizationToResourceData(data *schema.ResourceData, org *v2.Organiz
 		return err
 	}
 
+	err = data.Set(SchemaOrganizationalUnitIds, org.OrganizationalUnitIds)
+	if err != nil {
+		return err
+	}
+
 	err = data.Set(SchemaIDKey, org.Id)
 	if err != nil {
 		return err
diff --git a/website/docs/r/secure_organization.md b/website/docs/r/secure_organization.md
@@ -28,6 +28,7 @@ resource "sysdig_secure_organization" "sample" {
 ## Argument Reference
 
 * `management_account_id` - (Required) Cloud Account created using resource sysdig_secure_cloud_auth_account.
+* `organizational_unit_ids` - (Optional) List of organizational unit identifiers from which to onboard. If empty, the entire organization is onboarded. 
 
 ## Attributes Reference
 

Original file line number	Diff line number	Diff line change
`@@ -60,4 +60,5 @@ const (`
`60`	`60`	`SchemaFeature = "feature"`
`61`	`61`	`SchemaManagementAccountId = "management_account_id"`
`62`	`62`	`SchemaOrganizationIDKey = "organization_id"`
	`63`	`+ SchemaOrganizationalUnitIds = "organizational_unit_ids"`
`63`	`64`	`)`
Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ func (client Client) CreateOrganizationSecure(ctx context.Context, org Organiz`
`35`	`35`	`}`
`36`	`36`	`defer response.Body.Close()`
`37`	`37`
`38`		`- if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated {`
	`38`	`+ if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated && response.StatusCode != http.StatusAccepted {`
`39`	`39`	`err = client.ErrorFromResponse(response)`
`40`	`40`	`return nil, err`
`41`	`41`	`}`
`@@ -88,7 +88,7 @@ func (client *Client) UpdateOrganizationSecure(ctx context.Context, orgID string`
`88`	`88`	`}`
`89`	`89`	`defer response.Body.Close()`
`90`	`90`
`91`		`- if response.StatusCode != http.StatusOK {`
	`91`	`+ if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated && response.StatusCode != http.StatusAccepted {`
`92`	`92`	`errStatus, err := client.ErrorAndStatusFromResponse(response)`
`93`	`93`	`return nil, errStatus, err`
`94`	`94`	`}`