AxtonGrams · jschoombee · Aug 6, 2024 · Jul 25, 2024 · Jul 25, 2024 · Jul 26, 2024
@@ -123,7 +123,7 @@ resource "wiz_project" "test" {
 - `archived` (Boolean) Whether the project is archived/inactive
     - Defaults to `false`.
 - `business_unit` (String) The business unit to which the project belongs.
-- `cloud_account_link` (Block Set) Associate the project directly with a cloud account by wiz identifier UID to organize all the subscription resources, issues, and findings within this project. (see [below for nested schema](#nestedblock--cloud_account_link))
+- `cloud_account_link` (Block Set) Please either use this embedded set or the resource wiz_project_cloud_account_link. Associate the project directly with a cloud account by wiz identifier UID to organize all the subscription resources, issues, and findings within this project. (see [below for nested schema](#nestedblock--cloud_account_link))
 - `cloud_organization_link` (Block Set) Associate the project with an organizational link to organize all the subscription resources, issues, and findings within this project. (see [below for nested schema](#nestedblock--cloud_organization_link))
 - `description` (String) The project description.
 - `identifiers` (List of String) Identifiers for the project.

@@ -0,0 +1,82 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "wiz_project_cloud_account_link Resource - terraform-provider-wiz"
+subcategory: ""
+description: |-
+  Associate a cloud subscription with a project. Use either this resource or the cloudaccountlink block set for the wiz_project, never both.
+---
+
+# wiz_project_cloud_account_link (Resource)
+
+Associate a cloud subscription with a project. Use either this resource or the cloud_account_link block set for the wiz_project, never both.
+
+## Example Usage
+
+```terraform
+# A link from a project to a cloud account can be created using the accounts id in wiz
+resource "wiz_project_cloud_account_link" "example" {
+  project_id       = "ee25cc95-82b0-4543-8934-5bc655b86786"
+  cloud_account_id = "5cc3a684-44cb-4cd5-b78f-f029c25dc617"
+  environment      = "PRODUCTION"
+}
+
+# Or using the external id of the cloud account
+resource "wiz_project_cloud_account_link" "example" {
+  project_id                = "ee25cc95-82b0-4543-8934-5bc655b86786"
+  external_cloud_account_id = "04e56587-4408-402a-9c8c-f454ed45da65"
+  environment               = "PRODUCTION"
+}
+
+# Both can be supplied but they have to belong to the same account
+resource "wiz_project_cloud_account_link" "example" {
+  project_id                = "ee25cc95-82b0-4543-8934-5bc655b86786"
+  cloud_account_id          = "5cc3a684-44cb-4cd5-b78f-f029c25dc617"
+  external_cloud_account_id = "04e56587-4408-402a-9c8c-f454ed45da65"
+  environment               = "PRODUCTION"
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `project_id` (String) The Wiz internal identifier of the Wiz project to link the cloud account to
+
+### Optional
+
+- `cloud_account_id` (String) The Wiz internal identifier for the Cloud Account Subscription.
+- `environment` (String) The environment.
+    - Allowed values: 
+        - PRODUCTION
+        - STAGING
+        - DEVELOPMENT
+        - TESTING
+        - OTHER
+
+    - Defaults to `PRODUCTION`.
+- `external_cloud_account_id` (String) The external identifier for the Cloud Account, e.g. an azure subscription id or an aws account id.
+- `resource_groups` (List of String) Please provide a list of resource group identifiers for filtering by resource groups. `shared` must be true to define resource_groups.
+- `resource_tags` (Block Set) Provide a key and value pair for filtering resources. `shared` must be true to define resource_tags. (see [below for nested schema](#nestedblock--resource_tags))
+- `shared` (Boolean) Subscriptions that host a few projects can be marked as ‘shared subscriptions’ and resources can be filtered by tags.
+
+### Read-Only
+
+- `id` (String) Unique tf-internal identifier for the project cloud account link
+
+<a id="nestedblock--resource_tags"></a>
+### Nested Schema for `resource_tags`
+
+Required:
+
+- `key` (String)
+- `value` (String)
+
+## Import
+
+Import is supported using the following syntax:
+
+```shell
+# The id for importing a wiz_project_cloud_account_link has to be in this format: 'link|<project_id>|<cloud_account_id>'
+terraform import wiz_project_cloud_account_link.example_import "link|ee25cc95-82b0-4543-8934-5bc655b86786|5cc3a684-44cb-4cd5-b78f-f029c25dc617"
+```
@@ -0,0 +1,2 @@
+# The id for importing a wiz_project_cloud_account_link has to be in this format: 'link|<project_id>|<cloud_account_id>'
+terraform import wiz_project_cloud_account_link.example_import "link|ee25cc95-82b0-4543-8934-5bc655b86786|5cc3a684-44cb-4cd5-b78f-f029c25dc617"
@@ -0,0 +1,21 @@
+# A link from a project to a cloud account can be created using the accounts id in wiz
+resource "wiz_project_cloud_account_link" "example" {
+  project_id       = "ee25cc95-82b0-4543-8934-5bc655b86786"
+  cloud_account_id = "5cc3a684-44cb-4cd5-b78f-f029c25dc617"
+  environment      = "PRODUCTION"
+}
+
+# Or using the external id of the cloud account
+resource "wiz_project_cloud_account_link" "example" {
+  project_id                = "ee25cc95-82b0-4543-8934-5bc655b86786"
+  external_cloud_account_id = "04e56587-4408-402a-9c8c-f454ed45da65"
+  environment               = "PRODUCTION"
+}
+
+# Both can be supplied but they have to belong to the same account
+resource "wiz_project_cloud_account_link" "example" {
+  project_id                = "ee25cc95-82b0-4543-8934-5bc655b86786"
+  cloud_account_id          = "5cc3a684-44cb-4cd5-b78f-f029c25dc617"
+  external_cloud_account_id = "04e56587-4408-402a-9c8c-f454ed45da65"
+  environment               = "PRODUCTION"
+}
@@ -25,4 +25,6 @@ const (
 	TcReportGraphQuery TestCase = "REPORT_GRAPH_QUERY"
 	// TcCloudConfigRule test case
 	TcCloudConfigRule TestCase = "CLOUD_CONFIG_RULE"
+	// TcProjectCloudAccountLink test case
+	TcProjectCloudAccountLink = "PROJECT_CLOUD_ACCOUNT_LINK"
 )
@@ -47,6 +47,8 @@ func testAccPreCheck(t *testing.T, tc TestCase) {
 		envVars = append(commonEnvVars, "WIZ_SUBSCRIPTION_ID")
 	case TcReportGraphQuery:
 		envVars = append(commonEnvVars, "WIZ_PROJECT_ID")
+	case TcProjectCloudAccountLink:
+		envVars = append(commonEnvVars, "WIZ_PROJECT_ID", "WIZ_SUBSCRIPTION_ID")
 	default:
 		t.Fatalf("unknown testCase: %s", tc)
 	}

@@ -0,0 +1,45 @@
+package acceptance
+
+import (
+	"fmt"
+	"os"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+func TestAccResourceWizProjectCloudAccountLink_basic(t *testing.T) {
+	projectID := os.Getenv("WIZ_PROJECT_ID")
+	cloudAccountID := os.Getenv("WIZ_SUBSCRIPTION_ID")
+
+	resource.UnitTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t, TcProjectCloudAccountLink) },
+		ProviderFactories: providerFactories,
+		Steps: []resource.TestStep{
+			{
+				Config: testResourceWizProjectCloudAccountLinkBasic(projectID, cloudAccountID),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"wiz_project_cloud_account_link.foo",
+						"project_id",
+						projectID,
+					),
+					resource.TestCheckResourceAttr(
+						"wiz_project_cloud_account_link.foo",
+						"cloud_account_id",
+						cloudAccountID,
+					),
+				),
+			},
+		},
+	})
+}
+
+func testResourceWizProjectCloudAccountLinkBasic(projectID string, cloudAccountID string) string {
+	return fmt.Sprintf(`
+resource "wiz_project_cloud_account_link" "foo" {
+  project_id = "%s"
+  cloud_account_id = "%s"
+}
+`, projectID, cloudAccountID)
+}
@@ -302,6 +302,7 @@ yLyKQXhw2W2Xs0qLeC1etA+jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR/
 				"wiz_security_framework":                       resourceWizSecurityFramework(),
 				"wiz_service_account":                          resourceWizServiceAccount(),
 				"wiz_user":                                     resourceWizUser(),
+				"wiz_project_cloud_account_link":               resourceWizProjectCloudAccountLink(),
 			},
 		}
 		p.ConfigureContextFunc = configure(version, p)

@@ -317,9 +317,10 @@ func resourceWizProject() *schema.Resource {
 				},
 			},
 			"cloud_account_link": {
-				Type:        schema.TypeSet,
-				Optional:    true,
-				Description: "Associate the project directly with a cloud account by wiz identifier UID to organize all the subscription resources, issues, and findings within this project.",
+				Type:     schema.TypeSet,
+				Optional: true,
+				Description: "Please either use this embedded set or the resource wiz_project_cloud_account_link. " +
+					"Associate the project directly with a cloud account by wiz identifier UID to organize all the subscription resources, issues, and findings within this project.",
 
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		# The id for importing a wiz_project_cloud_account_link has to be in this format: 'link\|<project_id>\|<cloud_account_id>'
		terraform import wiz_project_cloud_account_link.example_import "link\|ee25cc95-82b0-4543-8934-5bc655b86786\|5cc3a684-44cb-4cd5-b78f-f029c25dc617"