diff --git a/test/examples/organization/cloud_logs.tf b/test/examples/organization/cloud_logs.tf index f1b22d6..eed15e2 100644 --- a/test/examples/organization/cloud_logs.tf +++ b/test/examples/organization/cloud_logs.tf @@ -17,10 +17,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [module.cloud-logs] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.cloud-logs.cloud_logs_component_id] - depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.config_posture] -} \ No newline at end of file + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.cloud-logs.cloud_logs_component_id]) + depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } +} diff --git a/test/examples/organization/cloud_logs_gov.tf b/test/examples/organization/cloud_logs_gov.tf index 35c9aad..d34838c 100644 --- a/test/examples/organization/cloud_logs_gov.tf +++ b/test/examples/organization/cloud_logs_gov.tf @@ -18,10 +18,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [module.cloud-logs] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.cloud-logs.cloud_logs_component_id] - depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.config_posture] -} \ No newline at end of file + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.cloud-logs.cloud_logs_component_id]) + depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } +} diff --git a/test/examples/organization/event_bridge.tf b/test/examples/organization/event_bridge.tf index b958db3..dfbe851 100644 --- a/test/examples/organization/event_bridge.tf +++ b/test/examples/organization/event_bridge.tf @@ -26,10 +26,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [module.event-bridge] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.event-bridge.event_bridge_component_id] - depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.config_posture] -} \ No newline at end of file + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.event-bridge.event_bridge_component_id]) + depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } +} diff --git a/test/examples/organization/event_bridge_gov.tf b/test/examples/organization/event_bridge_gov.tf index cfe3414..c6f7137 100644 --- a/test/examples/organization/event_bridge_gov.tf +++ b/test/examples/organization/event_bridge_gov.tf @@ -20,10 +20,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [module.event-bridge] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.event-bridge.event_bridge_component_id] - depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.config_posture] + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.event-bridge.event_bridge_component_id]) + depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } } diff --git a/test/examples/organization/onboarding_with_cspm.tf b/test/examples/organization/onboarding_with_cspm.tf index 70293fb..ba1512a 100644 --- a/test/examples/organization/onboarding_with_cspm.tf +++ b/test/examples/organization/onboarding_with_cspm.tf @@ -50,3 +50,18 @@ resource "sysdig_secure_cloud_auth_account_feature" "config_posture" { components = [module.config-posture.config_posture_component_id] depends_on = [module.config-posture] } + +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" { + account_id = module.onboarding.sysdig_secure_account_id + type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" + enabled = true + components = [module.config-posture.config_posture_component_id] + depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture] + flags = { + "CIEM_FEATURE_MODE": "basic" + } + + lifecycle { + ignore_changes = [flags, components] + } +} diff --git a/test/examples/organization/onboarding_with_cspm_gov.tf b/test/examples/organization/onboarding_with_cspm_gov.tf index f5d45d8..f166d0b 100644 --- a/test/examples/organization/onboarding_with_cspm_gov.tf +++ b/test/examples/organization/onboarding_with_cspm_gov.tf @@ -39,3 +39,18 @@ resource "sysdig_secure_cloud_auth_account_feature" "config_posture" { components = [module.config-posture.config_posture_component_id] depends_on = [module.config-posture] } + +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" { + account_id = module.onboarding.sysdig_secure_account_id + type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" + enabled = true + components = [module.config-posture.config_posture_component_id] + depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture] + flags = { + "CIEM_FEATURE_MODE": "basic" + } + + lifecycle { + ignore_changes = [flags, components] + } +} diff --git a/test/examples/single_account/cloud_logs.tf b/test/examples/single_account/cloud_logs.tf index f1b22d6..eed15e2 100644 --- a/test/examples/single_account/cloud_logs.tf +++ b/test/examples/single_account/cloud_logs.tf @@ -17,10 +17,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [module.cloud-logs] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.cloud-logs.cloud_logs_component_id] - depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.config_posture] -} \ No newline at end of file + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.cloud-logs.cloud_logs_component_id]) + depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } +} diff --git a/test/examples/single_account/cloud_logs_gov.tf b/test/examples/single_account/cloud_logs_gov.tf index 35c9aad..d34838c 100644 --- a/test/examples/single_account/cloud_logs_gov.tf +++ b/test/examples/single_account/cloud_logs_gov.tf @@ -18,10 +18,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [module.cloud-logs] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.cloud-logs.cloud_logs_component_id] - depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.config_posture] -} \ No newline at end of file + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.cloud-logs.cloud_logs_component_id]) + depends_on = [module.cloud-logs, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } +} diff --git a/test/examples/single_account/event_bridge.tf b/test/examples/single_account/event_bridge.tf index 91a0418..702b236 100644 --- a/test/examples/single_account/event_bridge.tf +++ b/test/examples/single_account/event_bridge.tf @@ -17,10 +17,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [module.event-bridge] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.event-bridge.event_bridge_component_id] - depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.config_posture] -} \ No newline at end of file + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.event-bridge.event_bridge_component_id]) + depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } +} diff --git a/test/examples/single_account/event_bridge_gov.tf b/test/examples/single_account/event_bridge_gov.tf index ba068a5..98e32c2 100644 --- a/test/examples/single_account/event_bridge_gov.tf +++ b/test/examples/single_account/event_bridge_gov.tf @@ -18,10 +18,15 @@ resource "sysdig_secure_cloud_auth_account_feature" "threat_detection" { depends_on = [module.event-bridge] } -resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement" { +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_advanced" { account_id = module.onboarding.sysdig_secure_account_id type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" enabled = true - components = [module.event-bridge.event_bridge_component_id] - depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.config_posture] + components = concat(sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic.components, [module.event-bridge.event_bridge_component_id]) + depends_on = [module.event-bridge, sysdig_secure_cloud_auth_account_feature.identity_entitlement_basic] + flags = {"CIEM_FEATURE_MODE": "advanced"} + + lifecycle { + ignore_changes = [flags, components] + } } diff --git a/test/examples/single_account/onboarding_with_cspm.tf b/test/examples/single_account/onboarding_with_cspm.tf index bdf1959..bd7010a 100644 --- a/test/examples/single_account/onboarding_with_cspm.tf +++ b/test/examples/single_account/onboarding_with_cspm.tf @@ -32,4 +32,19 @@ resource "sysdig_secure_cloud_auth_account_feature" "config_posture" { enabled = true components = [module.config-posture.config_posture_component_id] depends_on = [module.config-posture] -} \ No newline at end of file +} + +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" { + account_id = module.onboarding.sysdig_secure_account_id + type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" + enabled = true + components = [module.config-posture.config_posture_component_id] + depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture] + flags = { + "CIEM_FEATURE_MODE": "basic" + } + + lifecycle { + ignore_changes = [flags, components] + } +} diff --git a/test/examples/single_account/onboarding_with_cspm_gov.tf b/test/examples/single_account/onboarding_with_cspm_gov.tf index f3de5d1..c67011d 100644 --- a/test/examples/single_account/onboarding_with_cspm_gov.tf +++ b/test/examples/single_account/onboarding_with_cspm_gov.tf @@ -35,3 +35,18 @@ resource "sysdig_secure_cloud_auth_account_feature" "config_posture" { components = [module.config-posture.config_posture_component_id] depends_on = [module.config-posture] } + +resource "sysdig_secure_cloud_auth_account_feature" "identity_entitlement_basic" { + account_id = module.onboarding.sysdig_secure_account_id + type = "FEATURE_SECURE_IDENTITY_ENTITLEMENT" + enabled = true + components = [module.config-posture.config_posture_component_id] + depends_on = [module.config-posture, sysdig_secure_cloud_auth_account_feature.config_posture] + flags = { + "CIEM_FEATURE_MODE": "basic" + } + + lifecycle { + ignore_changes = [flags, components] + } +}