New Resource: wiz_connector_gcp

AxtonGrams · Aug 17, 2023 · 305d687 · 305d687
1 parent 4f8f8b9
commit 305d687
Show file tree

Hide file tree

Showing 10 changed files with 845 additions and 32 deletions.
diff --git a/docs/resources/connector_gcp.md b/docs/resources/connector_gcp.md
@@ -0,0 +1,109 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "wiz_connector_gcp Resource - terraform-provider-wiz"
+subcategory: ""
+description: |-
+  Connectors are used to connect GCP resources to Wiz.
+---
+
+# wiz_connector_gcp (Resource)
+
+Connectors are used to connect GCP resources to Wiz.
+
+## Example Usage
+
+```terraform
+# Provision a simple GCP connector, organization-wide
+resource "wiz_connector_gcp" "example" {
+  name = "example"
+  auth_params = jsonencode({
+    "isManagedIdentity" : true,
+    "organization_id" : "o-example"
+  })
+
+  extra_config = jsonencode(
+    {
+      "projects" : [],
+      "excludedProjects" : [],
+      "includedFolders" : [],
+      "excludedFolders" : [],
+      "diskAnalyzerInFlightDisabled" : false,
+      "auditLogMonitorEnabled" : false
+    }
+  )
+}
+
+# Provision a GCP connector targeting an individual Google project
+resource "wiz_connector_gcp" "example" {
+  name = "example"
+  auth_params = jsonencode({
+    "isManagedIdentity" : true,
+    "project_id" : "exmaple-project-id"
+  })
+
+  extra_config = jsonencode(
+    {
+      "projects" : [],
+      "excludedProjects" : [],
+      "includedFolders" : [],
+      "excludedFolders" : [],
+      "diskAnalyzerInFlightDisabled" : false,
+      "auditLogMonitorEnabled" : false
+    }
+  )
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `auth_params` (String, Sensitive) The authentication parameters. Must be represented in `JSON` format.
+- `name` (String) The connector name.
+
+### Optional
+
+- `enabled` (Boolean) Whether the connector is enabled.
+    - Defaults to `true`.
+- `extra_config` (String) Extra configuration for the connector. Must be represented in `JSON` format.
+
+### Read-Only
+
+- `audit_log_monitor_enabled` (Boolean) Whether audit log monitor is enabled. Note an advanced license is required.
+- `disk_analyzer_inflight_disabled` (Boolean) If using Outpost, whether disk analyzer inflight scanning is disabled.
+- `events_pub_sub_subscription_id` (String) If using Wiz Cloud Events, the Pub/Sub Subscription ID.
+- `events_topic_name` (String) If using Wiz Cloud Events, the Topic Name in format `projects/<project_id>/topics/<topic_id>`.
+- `excluded_folders` (List of String) The GCP folders excluded by the connector.
+- `excluded_projects` (List of String) The GCP projects excluded by the connector.
+- `folder_id` (String) The GCP folder ID.
+- `id` (String) Wiz internal identifier for the connector.
+- `included_folders` (List of String) The GCP folders included by the connector.
+- `is_managed_identity` (String) Is managed identity?
+- `organization_id` (String) The GCP organization ID.
+- `projects` (List of String) The GCP projects to target with the connector.
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# Importing Considerations:
+#
+# Please note this is considered experimental, exercise caution and consider the following:
+#
+# - Make sure that the `auth_params` field is set to the same values as set when the resource was created outside of Terraform.
+#   This is due to the way we need to handle change as under normal diff conditions, `auth_params` requires a resource recreation.
+#
+# - For `auth_params` include `isManagedIdentity`. If using outposts, also include `outPostId` and `diskAnalyzer` structure.
+#
+# For more information, refer to the examples in the documentation.
+#
+terraform import wiz_connector_gcp.import_example "7be792ba-bfd1-46d0-9fba-5f6bc19df4a8"
+
+# Optional - this is to set auth_params in state.
+#
+# If not run post-import, the next `terraform apply` will take care of it.
+# Note any speculative changes to `auth_params` are for setting state for the one-time import only, any further changes would require a resource recreation as normal.
+terraform apply --target=wiz_connector_gcp.import_example
+```
diff --git a/examples/resources/wiz_connector_gcp/import.sh b/examples/resources/wiz_connector_gcp/import.sh
@@ -0,0 +1,18 @@
+# Importing Considerations:
+#
+# Please note this is considered experimental, exercise caution and consider the following:
+#
+# - Make sure that the `auth_params` field is set to the same values as set when the resource was created outside of Terraform.
+#   This is due to the way we need to handle change as under normal diff conditions, `auth_params` requires a resource recreation.
+#
+# - For `auth_params` include `isManagedIdentity`. If using outposts, also include `outPostId` and `diskAnalyzer` structure.
+#
+# For more information, refer to the examples in the documentation.
+#
+terraform import wiz_connector_gcp.import_example "7be792ba-bfd1-46d0-9fba-5f6bc19df4a8"
+
+# Optional - this is to set auth_params in state.
+#
+# If not run post-import, the next `terraform apply` will take care of it.
+# Note any speculative changes to `auth_params` are for setting state for the one-time import only, any further changes would require a resource recreation as normal.
+terraform apply --target=wiz_connector_gcp.import_example
diff --git a/examples/resources/wiz_connector_gcp/resource.tf b/examples/resources/wiz_connector_gcp/resource.tf
@@ -0,0 +1,39 @@
+# Provision a simple GCP connector, organization-wide
+resource "wiz_connector_gcp" "example" {
+  name = "example"
+  auth_params = jsonencode({
+    "isManagedIdentity" : true,
+    "organization_id" : "o-example"
+  })
+
+  extra_config = jsonencode(
+    {
+      "projects" : [],
+      "excludedProjects" : [],
+      "includedFolders" : [],
+      "excludedFolders" : [],
+      "diskAnalyzerInFlightDisabled" : false,
+      "auditLogMonitorEnabled" : false
+    }
+  )
+}
+
+# Provision a GCP connector targeting an individual Google project
+resource "wiz_connector_gcp" "example" {
+  name = "example"
+  auth_params = jsonencode({
+    "isManagedIdentity" : true,
+    "project_id" : "exmaple-project-id"
+  })
+
+  extra_config = jsonencode(
+    {
+      "projects" : [],
+      "excludedProjects" : [],
+      "includedFolders" : [],
+      "excludedFolders" : [],
+      "diskAnalyzerInFlightDisabled" : false,
+      "auditLogMonitorEnabled" : false
+    }
+  )
+}
diff --git a/...nal/acceptance/resource_connector_test.go → ...acceptance/resource_connector_aws_test.go b/...nal/acceptance/resource_connector_test.go → ...acceptance/resource_connector_aws_test.go
diff --git a/internal/acceptance/resource_connector_gcp_test.go b/internal/acceptance/resource_connector_gcp_test.go
@@ -0,0 +1,83 @@
+package acceptance
+
+import (
+	"fmt"
+	"regexp"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/acctest"
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccResourceWizConnectorGcp_basic(t *testing.T) {
+	rName := acctest.RandomWithPrefix(ResourcePrefix)
+
+	resource.UnitTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t, TestCase(TcCommon)) },
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testResourceWizConnectorGcpBasic(rName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"wiz_connector_gcp.foo",
+						"name",
+						rName,
+					),
+					resource.TestCheckResourceAttr(
+						"wiz_connector_gcp.foo",
+						"folder_id",
+						"123456",
+					),
+					resource.TestCheckResourceAttr(
+						"wiz_connector_gcp.foo",
+						"auth_params",
+						"{\"folder_id\":\"123456\",\"isManagedIdentity\":true}",
+					),
+					resource.TestMatchResourceAttr(
+						"wiz_connector_gcp.foo",
+						"id",
+						regexp.MustCompile(UUIDPattern),
+					),
+					resource.TestCheckResourceAttr(
+						"wiz_connector_gcp.foo",
+						"enabled",
+						"true",
+					),
+					resource.TestCheckResourceAttr(
+						"wiz_connector_gcp.foo",
+						"disk_analyzer_inflight_disabled",
+						"false",
+					),
+					resource.TestCheckResourceAttr(
+						"wiz_connector_gcp.foo",
+						"extra_config",
+						"{\"auditLogMonitorEnabled\":false,\"diskAnalyzerInFlightDisabled\":false,\"excludedFolders\":[],\"excludedProjects\":[],\"includedFolders\":[],\"projects\":[]}",
+					),
+				),
+			},
+		},
+	})
+}
+
+func testResourceWizConnectorGcpBasic(rName string) string {
+	return fmt.Sprintf(`
+	resource "wiz_connector_gcp" "foo" {
+		name = "%[1]s"
+		auth_params = jsonencode({
+		  "isManagedIdentity" : true,
+		  "folder_id" : "123456",
+		})
+		extra_config = jsonencode(
+		  {
+			"projects" : [],
+			"excludedProjects" : [],
+			"includedFolders" : [],
+			"excludedFolders" : [],
+			"diskAnalyzerInFlightDisabled" : false,
+			"auditLogMonitorEnabled" : false,
+		  }
+		)
+	  }
+`, rName)
+}
diff --git a/internal/provider/provider.go b/internal/provider/provider.go
@@ -11,8 +11,29 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 
 	"wiz.io/hashicorp/terraform-provider-wiz/internal/config"
+	"wiz.io/hashicorp/terraform-provider-wiz/internal/wiz"
 )
 
+// CreateConnector struct
+type CreateConnector struct {
+	CreateConnector wiz.CreateConnectorPayload `json:"createConnector"`
+}
+
+// ReadConnectorPayload struct
+type ReadConnectorPayload struct {
+	Connector wiz.Connector `json:"connector"`
+}
+
+// UpdateConnector struct
+type UpdateConnector struct {
+	UpdateConnector wiz.UpdateConnectorPayload `json:"updateConnector"`
+}
+
+// DeleteConnector struct
+type DeleteConnector struct {
+	DeleteConnector wiz.DeleteConnectorPayload `json:"_stub"`
+}
+
 // New creates a new provider
 func New(version string) func() *schema.Provider {
 	return func() *schema.Provider {
@@ -270,6 +291,7 @@ yLyKQXhw2W2Xs0qLeC1etA+jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR/
 				"wiz_control":                                  resourceWizControl(),
 				"wiz_control_associations":                     resourceWizControlAssociations(),
 				"wiz_connector_aws":                            resourceWizConnectorAws(),
+				"wiz_connector_gcp":                            resourceWizConnectorGcp(),
 				"wiz_host_config_rule_associations":            resourceWizHostConfigRuleAssociations(),
 				"wiz_integration_aws_sns":                      resourceWizIntegrationAwsSNS(),
 				"wiz_integration_servicenow":                   resourceWizIntegrationServiceNow(),

diff --git a/internal/provider/resource_connector_aws.go b/internal/provider/resource_connector_aws.go
@@ -137,23 +137,18 @@ func resourceWizConnectorAws() *schema.Resource {
 			},
 			),
 		),
-		CreateContext: resourceWizConnectorCreate,
-		ReadContext:   resourceWizConnectorRead,
-		UpdateContext: resourceWizConnectorUpdate,
-		DeleteContext: resourceWizConnectorDelete,
+		CreateContext: resourceWizConnectorAwsCreate,
+		ReadContext:   resourceWizConnectorAwsRead,
+		UpdateContext: resourceWizConnectorAwsUpdate,
+		DeleteContext: resourceWizConnectorAwsDelete,
 		Importer: &schema.ResourceImporter{
 			StateContext: schema.ImportStatePassthroughContext,
 		},
 	}
 }
 
-// CreateConnector struct
-type CreateConnector struct {
-	CreateConnector wiz.CreateConnectorPayload `json:"createConnector"`
-}
-
-func resourceWizConnectorCreate(ctx context.Context, d *schema.ResourceData, m interface{}) (diags diag.Diagnostics) {
-	tflog.Info(ctx, "resourceWizConnectorCreate called...")
+func resourceWizConnectorAwsCreate(ctx context.Context, d *schema.ResourceData, m interface{}) (diags diag.Diagnostics) {
+	tflog.Info(ctx, "resourceWizConnectorAwsCreate called...")
 
 	query := `mutation CreateConnector($input: CreateConnectorInput!) {
 				createConnector(input: $input) {
@@ -184,16 +179,11 @@ func resourceWizConnectorCreate(ctx context.Context, d *schema.ResourceData, m i
 	// set the id
 	d.SetId(data.CreateConnector.Connector.ID)
 
-	return resourceWizConnectorRead(ctx, d, m)
-}
-
-// ReadConnectorPayload struct
-type ReadConnectorPayload struct {
-	Connector wiz.Connector `json:"connector"`
+	return resourceWizConnectorAwsRead(ctx, d, m)
 }
 
-func resourceWizConnectorRead(ctx context.Context, d *schema.ResourceData, m interface{}) (diags diag.Diagnostics) {
-	tflog.Info(ctx, "resourceWizConnectorRead called...")
+func resourceWizConnectorAwsRead(ctx context.Context, d *schema.ResourceData, m interface{}) (diags diag.Diagnostics) {
+	tflog.Info(ctx, "resourceWizConnectorAwsRead called...")
 
 	// check the id
 	if d.Id() == "" {
@@ -356,12 +346,7 @@ func resourceWizConnectorRead(ctx context.Context, d *schema.ResourceData, m int
 	return diags
 }
 
-// UpdateConnector struct
-type UpdateConnector struct {
-	UpdateConnector wiz.UpdateConnectorPayload `json:"updateConnector"`
-}
-
-func resourceWizConnectorUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) (diags diag.Diagnostics) {
+func resourceWizConnectorAwsUpdate(ctx context.Context, d *schema.ResourceData, m interface{}) (diags diag.Diagnostics) {
 	tflog.Info(ctx, "resourceWizConnectorUpdate called...")
 
 	// check the id
@@ -404,15 +389,10 @@ func resourceWizConnectorUpdate(ctx context.Context, d *schema.ResourceData, m i
 		return diags
 	}
 
-	return resourceWizConnectorRead(ctx, d, m)
-}
-
-// DeleteConnector struct
-type DeleteConnector struct {
-	DeleteConnector wiz.DeleteConnectorPayload `json:"_stub"`
+	return resourceWizConnectorAwsRead(ctx, d, m)
 }
 
-func resourceWizConnectorDelete(ctx context.Context, d *schema.ResourceData, m interface{}) (diags diag.Diagnostics) {
+func resourceWizConnectorAwsDelete(ctx context.Context, d *schema.ResourceData, m interface{}) (diags diag.Diagnostics) {
 	tflog.Info(ctx, "resourceWizConnectorDelete called...")
 
 	// check the id