Terraform cloud_organization_link creates projects in wiz with invalid organizations ("deleted") instead of the organization.
Closed this issue · 4 comments
Terraform cloud_organization_link creates projects in wiz with invalid organizations ("deleted") instead of the organization.
resource "wiz_project" "cloud" {
for_each = {for project in local.projects: project.projectname => project }
name = each.value.projectname
description = each.value.description != null ? each.value.description : "-"
risk_profile {
business_impact = "MBI"
}
business_unit = "Default"
cloud_organization_link {
cloud_organization =
environment = "PRODUCTION"
shared = false
resource_tags {
key = "Default"
value = "prd"
}
resource_tags {
key = "Default-Entity"
value = each.value.projectname
}
}
}
Terraform Version and Provider Version
Terraform v1.6.6
on linux_amd64
- provider registry.terraform.io/axtongrams/wiz v1.1.6
Affected Resource(s)
Terraform Configuration Files
# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.
terraform {
backend "s3" {
bucket = "wiz-backend"
key = "wiz-default"
region = "eu-central-1"
profile = "aws-profile"
}
}
Debug Output
Panic Output
Expected Behavior
What should have happened?
Actual Behavior
What actually happened?
Steps to Reproduce
Important Factoids
References
- GH-1234
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
What are you passing for cloud_organization
?
It is empty in your example and presume it's the local definition used by the for_each iterator but this you haven't shared. Please provide more details of the steps needed to reproduce the condition.
For cloud_organization, I'm passing the Wiz ID of the Cloud organization. I tested it with the AWS org id as well, but it had the same effect.
This is because you are most likely not passing a valid wiz identifier for the organization. I was able to reproduce the same in passing a bogus UID, it sets the scenario you describe with a cloud org link as 'deleted' in the UI.
Suggest:
- Select the organization from the graph query in the UI - https://app.wiz.io/graph#~(view~'table~query~(type~(~'CLOUD_ORGANIZATION)~select~true))
- Note the entity ID in the address bar, for example you should see a URL like this: https://app.wiz.io/graph#~(view~'table~query~(type~(~'CLOUD_ORGANIZATION)~select~true)~entity~(~'133906df-c947-5131-b780-a824d2ca5eed*2cCLOUD_ORGANIZATION))
- The ID will be: "133906df-c947-5131-b780-a824d2ca5eed"
Hope this helps
Many thanks @jschoombee ! This did help!