Terraform cloud_organization_link creates projects in wiz with invalid organizations ("deleted") instead of the organization.

Question

Terraform cloud_organization_link creates projects in wiz with invalid organizations ("deleted") instead of the organization.

Closed this issue 8 months ago · 4 comments

cadm-lars-lorenzen commented 9 months ago

resource "wiz_project" "cloud" {
for_each = {for project in local.projects: project.projectname => project }
name = each.value.projectname
description = each.value.description != null ? each.value.description : "-"
risk_profile {
business_impact = "MBI"
}
business_unit = "Default"

cloud_organization_link {
cloud_organization =
environment = "PRODUCTION"
shared = false
resource_tags {
key = "Default"
value = "prd"
}
resource_tags {
key = "Default-Entity"
value = each.value.projectname
}
}

}

Terraform Version and Provider Version

Terraform v1.6.6
on linux_amd64

provider registry.terraform.io/axtongrams/wiz v1.1.6

Affected Resource(s)

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.
terraform {
  backend "s3" {
      bucket = "wiz-backend"
      key    = "wiz-default"
      region = "eu-central-1"
      profile = "aws-profile"
  }
}

Debug Output

Panic Output

Expected Behavior

What should have happened?

Actual Behavior

What actually happened?

Steps to Reproduce

Important Factoids

References

GH-1234

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Answer 1 · 2023-12-24T18:29:10.000Z

What are you passing for cloud_organization?

It is empty in your example and presume it's the local definition used by the for_each iterator but this you haven't shared. Please provide more details of the steps needed to reproduce the condition.

Answer 2 · 2024-01-04T17:01:52.000Z

For cloud_organization, I'm passing the Wiz ID of the Cloud organization. I tested it with the AWS org id as well, but it had the same effect.

Answer 3 · 2024-01-12T14:35:38.000Z

This is because you are most likely not passing a valid wiz identifier for the organization. I was able to reproduce the same in passing a bogus UID, it sets the scenario you describe with a cloud org link as 'deleted' in the UI.

Suggest:

Select the organization from the graph query in the UI - https://app.wiz.io/graph#~(view~'table~query~(type~(~'CLOUD_ORGANIZATION)~select~true))
Note the entity ID in the address bar, for example you should see a URL like this: https://app.wiz.io/graph#~(view~'table~query~(type~(~'CLOUD_ORGANIZATION)~select~true)~entity~(~'133906df-c947-5131-b780-a824d2ca5eed*2cCLOUD_ORGANIZATION))
The ID will be: "133906df-c947-5131-b780-a824d2ca5eed"

Hope this helps

Answer 4 · 2024-01-12T14:57:15.000Z

Many thanks @jschoombee ! This did help!