├── .ci
└── scripts
│ └── gofmtcheck.sh
├── .github
├── CODE_OF_CONDUCT.md
├── ISSUE_TEMPLATE
│ ├── bug-report.md
│ ├── config.yml
│ └── feature-request.md
├── dependabot.yml
└── workflows
│ ├── pull.yml
│ └── release.yml
├── .gitignore
├── .goreleaser.yml
├── CODEOWNERS
├── GNUmakefile
├── LICENSE
├── README.md
├── _about
└── CONTRIBUTING.md
├── docs
├── data-sources
│ ├── cloud_accounts.md
│ ├── cloud_config_rules.md
│ ├── host_config_rules.md
│ ├── kubernetes_clusters.md
│ ├── organizations.md
│ ├── subscription_resource_groups.md
│ └── users.md
├── index.md
└── resources
│ ├── automation_rule_aws_sns.md
│ ├── automation_rule_jira_add_comment.md
│ ├── automation_rule_jira_create_ticket.md
│ ├── automation_rule_jira_transition_ticket.md
│ ├── automation_rule_servicenow_create_ticket.md
│ ├── automation_rule_servicenow_update_ticket.md
│ ├── cicd_scan_policy.md
│ ├── cloud_config_rule.md
│ ├── cloud_config_rule_associations.md
│ ├── connector_aws.md
│ ├── connector_gcp.md
│ ├── control.md
│ ├── control_associations.md
│ ├── host_config_rule_associations.md
│ ├── integration_aws_sns.md
│ ├── integration_jira.md
│ ├── integration_servicenow.md
│ ├── project.md
│ ├── project_cloud_account_link.md
│ ├── report_graph_query.md
│ ├── saml_group_mapping.md
│ ├── saml_idp.md
│ ├── security_framework.md
│ ├── service_account.md
│ └── user.md
├── examples
├── data-sources
│ ├── wiz_cloud_accounts
│ │ └── data-source.tf
│ ├── wiz_cloud_config_rules
│ │ └── data-source.tf
│ ├── wiz_host_config_rules
│ │ └── data-source.tf
│ ├── wiz_kubernetes_clusters
│ │ └── data-source.tf
│ ├── wiz_organizations
│ │ └── data-source.tf
│ ├── wiz_subscription_resource_groups
│ │ └── data-source.tf
│ └── wiz_users
│ │ └── data-source.tf
├── provider
│ └── provider.tf
└── resources
│ ├── wiz_automation_rule_aws_sns
│ └── resource.tf
│ ├── wiz_automation_rule_jira_add_comment
│ └── resource.tf
│ ├── wiz_automation_rule_jira_create_ticket
│ └── resource.tf
│ ├── wiz_automation_rule_jira_transition_ticket
│ └── resource.tf
│ ├── wiz_automation_rule_servicenow_create_ticket
│ └── resource.tf
│ ├── wiz_automation_rule_servicenow_update_ticket
│ └── resource.tf
│ ├── wiz_cicd_scan_policy
│ └── resource.tf
│ ├── wiz_cloud_config_rule
│ └── resource.tf
│ ├── wiz_cloud_config_rule_associations
│ └── resource.tf
│ ├── wiz_connector_aws
│ ├── import.sh
│ └── resource.tf
│ ├── wiz_connector_gcp
│ ├── import.sh
│ └── resource.tf
│ ├── wiz_control
│ └── resource.tf
│ ├── wiz_control_associations
│ └── resource.tf
│ ├── wiz_host_config_rule_associations
│ └── resource.tf
│ ├── wiz_integration_aws_sns
│ └── resource.tf
│ ├── wiz_integration_jira
│ └── resource.tf
│ ├── wiz_integration_servicenow
│ └── resource.tf
│ ├── wiz_project
│ ├── import.sh
│ └── resource.tf
│ ├── wiz_project_cloud_account_link
│ ├── import.sh
│ └── resource.tf
│ ├── wiz_report_graph_query
│ └── resource.tf
│ ├── wiz_saml_group_mapping
│ ├── import.sh
│ └── resource.tf
│ ├── wiz_saml_idp
│ └── resource.tf
│ ├── wiz_security_framework
│ └── resource.tf
│ ├── wiz_service_account
│ └── resource.tf
│ └── wiz_user
│ └── resource.tf
├── go.mod
├── go.sum
├── internal
├── acceptance
│ ├── common.go
│ ├── data_source_cloud_accounts_test.go
│ ├── data_source_cloud_config_rules_test.go
│ ├── data_source_host_configuration_rules_test.go
│ ├── data_source_kubernetes_clusters_test.go
│ ├── data_source_subscription_resource_groups_test.go
│ ├── data_source_users_test.go
│ ├── provider_test.go
│ ├── resource_automation_rule_aws_sns_test.go
│ ├── resource_automation_rule_jira_add_comment_test.go
│ ├── resource_automation_rule_jira_create_ticket_test.go
│ ├── resource_automation_rule_jira_transition_ticket_test.go
│ ├── resource_automation_rule_servicenow_create_ticket_test.go
│ ├── resource_automation_rule_servicenow_update_ticket_test.go
│ ├── resource_cloud_config_rule_test.go
│ ├── resource_connector_aws_test.go
│ ├── resource_connector_gcp_test.go
│ ├── resource_integration_aws_sns_test.go
│ ├── resource_integration_jira_test.go
│ ├── resource_integration_servicenow_test.go
│ ├── resource_project_cloud_account_link_test.go
│ ├── resource_project_test.go
│ ├── resource_report_graph_query_test.go
│ ├── resource_saml_group_mapping_test.go
│ ├── resource_saml_idp_test.go
│ ├── resource_service_account_test.go
│ └── resource_user_test.go
├── client
│ ├── client.go
│ └── client_test.go
├── common.go
├── config
│ └── config.go
├── provider
│ ├── data_source_cloud_accounts.go
│ ├── data_source_cloud_accounts_test.go
│ ├── data_source_cloud_configuration_rules.go
│ ├── data_source_cloud_configuration_rules_test.go
│ ├── data_source_host_configuration_rules.go
│ ├── data_source_host_configuration_rules_test.go
│ ├── data_source_kubernetes_clusters.go
│ ├── data_source_kubernetes_clusters_test.go
│ ├── data_source_organizations.go
│ ├── data_source_subscription_resource_groups.go
│ ├── data_source_subscription_resource_groups_test.go
│ ├── data_source_users.go
│ ├── data_source_users_test.go
│ ├── provider.go
│ ├── resource_automation_rule.go
│ ├── resource_automation_rule_aws_sns.go
│ ├── resource_automation_rule_jira_add_comment.go
│ ├── resource_automation_rule_jira_create_ticket.go
│ ├── resource_automation_rule_jira_transition_ticket.go
│ ├── resource_automation_rule_servicenow_create_ticket.go
│ ├── resource_automation_rule_servicenow_update_ticket.go
│ ├── resource_cicd_scan_policy.go
│ ├── resource_cicd_scan_policy_test.go
│ ├── resource_cloud_config_rule.go
│ ├── resource_cloud_config_rule_associations.go
│ ├── resource_cloud_config_rule_test.go
│ ├── resource_connector_aws.go
│ ├── resource_connector_gcp.go
│ ├── resource_connector_gcp_test.go
│ ├── resource_control.go
│ ├── resource_control_associations.go
│ ├── resource_control_test.go
│ ├── resource_host_config_rule.go
│ ├── resource_host_config_rule_association.go
│ ├── resource_integration.go
│ ├── resource_integration_aws_sns.go
│ ├── resource_integration_jira.go
│ ├── resource_integration_servicenow.go
│ ├── resource_project.go
│ ├── resource_project_cloud_account_link.go
│ ├── resource_project_cloud_account_link_test.go
│ ├── resource_project_test.go
│ ├── resource_report.go
│ ├── resource_report_graph_query.go
│ ├── resource_saml_group_mapping.go
│ ├── resource_saml_group_mapping_test.go
│ ├── resource_saml_idp.go
│ ├── resource_saml_idp_test.go
│ ├── resource_security_framework.go
│ ├── resource_security_framework_test.go
│ ├── resource_service_account.go
│ ├── resource_service_account_test.go
│ ├── resource_user.go
│ └── resource_user_test.go
├── utils
│ └── helper_functions.go
└── wiz
│ ├── enums.go
│ └── structs.go
├── main.go
├── schema
└── README.md
├── templates
└── index.md.tmpl
├── terraform-registry-manifest.json
└── tools.go
/.ci/scripts/gofmtcheck.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | # Check gofmt
4 | echo "==> Checking that code complies with gofmt requirements..."
5 | gofmt_files=$(find . -name '*.go' | grep -v vendor | xargs gofmt -l -s)
6 | if [[ -n ${gofmt_files} ]]; then
7 | echo 'gofmt needs running on the following files:'
8 | echo "${gofmt_files}"
9 | echo "You can use the command: \`make fmt\` to reformat code."
10 | exit 1
11 | fi
12 |
13 | exit 0
14 |
--------------------------------------------------------------------------------
/.github/CODE_OF_CONDUCT.md:
--------------------------------------------------------------------------------
1 | # Code of Conduct
2 |
3 | HashiCorp Community Guidelines apply to you when interacting with the community here on GitHub and contributing code.
4 |
5 | Please read the full text at https://www.hashicorp.com/community-guidelines
6 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/bug-report.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: "\U0001F41B Bug Report"
3 | about: "If something isn't working as expected \U0001F914."
4 | title: ''
5 | labels: bug
6 |
7 | ---
8 |
9 | ### Terraform Version and Provider Version
10 |
11 |
12 | ### Affected Resource(s)
13 |
18 |
19 | ### Terraform Configuration Files
20 | ```hcl
21 | # Copy-paste your Terraform configurations here - for large Terraform configs,
22 | # please use a service like Dropbox and share a link to the ZIP file. For
23 | # security, you can also encrypt the files using our GPG public key.
24 | ```
25 |
26 | ### Debug Output
27 |
28 |
29 | ### Panic Output
30 |
31 |
32 | ### Expected Behavior
33 | What should have happened?
34 |
35 | ### Actual Behavior
36 | What actually happened?
37 |
38 | ### Steps to Reproduce
39 |
41 |
42 | ### Important Factoids
43 |
44 |
45 | ### References
46 |
47 | - GH-1234
48 |
49 | ### Community Note
50 |
51 | * Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request
52 | * If you are interested in working on this issue or have submitted a pull request, please leave a comment
53 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | blank_issues_enabled: false
2 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature-request.md:
--------------------------------------------------------------------------------
1 | ---
2 | name: "\U0001F680 Feature Request"
3 | about: "I have a suggestion (and might want to implement myself \U0001F642)!"
4 | title: ''
5 | labels: enhancement
6 |
7 | ---
8 |
9 | ### Description
10 |
11 |
12 |
13 | ### Potential Terraform Configuration
14 |
15 |
16 |
17 | ```hcl
18 | # Copy-paste your Terraform configurations here - for large Terraform configs,
19 | # please use a service like Dropbox and share a link to the ZIP file. For
20 | # security, you can also encrypt the files using our GPG public key.
21 | ```
22 |
23 | ### References
24 |
25 |
30 |
31 |
32 |
33 |
34 | ### Community Note
35 |
36 | * Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request
37 | * If you are interested in working on this issue or have submitted a pull request, please leave a comment
38 |
39 |
40 |
--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | # See GitHub's docs for more information on this file:
2 | # https://docs.github.com/en/free-pro-team@latest/github/administering-a-repository/configuration-options-for-dependency-updates
3 | version: 2
4 | updates:
5 | # Maintain dependencies for GitHub Actions
6 | - package-ecosystem: "github-actions"
7 | directory: "/"
8 | schedule:
9 | # Check for updates to GitHub Actions every weekday
10 | interval: "daily"
11 |
12 | # Maintain dependencies for Go modules
13 | - package-ecosystem: "gomod"
14 | directory: "/"
15 | schedule:
16 | # Check for updates to Go modules every weekday
17 | interval: "daily"
18 |
--------------------------------------------------------------------------------
/.github/workflows/pull.yml:
--------------------------------------------------------------------------------
1 | name: Tests
2 | on:
3 | pull_request:
4 | paths-ignore:
5 | - 'README.md'
6 | jobs:
7 | build:
8 | name: Build
9 | runs-on: ubuntu-latest
10 | timeout-minutes: 5
11 | steps:
12 | - name: Check out code into the Go module directory
13 | uses: actions/checkout@v4
14 | - name: Set up Go
15 | uses: actions/setup-go@v5
16 | with:
17 | go-version-file: 'go.mod'
18 | cache: true
19 | id: go
20 | - name: Get dependencies
21 | run: go mod download
22 | - name: Build
23 | run: go build -v .
24 | lint:
25 | name: go-lint
26 | runs-on: ubuntu-latest
27 | steps:
28 | - uses: actions/checkout@v4
29 | - uses: actions/setup-go@v5
30 | with:
31 | go-version-file: 'go.mod'
32 | - uses: danhunsaker/golang-github-actions@v1.3.1
33 | with:
34 | run: lint
35 | fmt:
36 | name: go-fmt
37 | runs-on: ubuntu-latest
38 | steps:
39 | - uses: actions/checkout@v4
40 | - uses: actions/setup-go@v5
41 | with:
42 | go-version-file: 'go.mod'
43 | - uses: danhunsaker/golang-github-actions@v1.3.1
44 | with:
45 | run: fmt
46 | imports:
47 | name: go-imports
48 | runs-on: ubuntu-latest
49 | steps:
50 | - uses: actions/checkout@v4
51 | - uses: actions/setup-go@v5
52 | with:
53 | go-version-file: 'go.mod'
54 | - name: check
55 | uses: danhunsaker/golang-github-actions@v1.3.1
56 | with:
57 | run: imports
58 | token: ${{ secrets.GITHUB_TOKEN }}
59 | generate:
60 | name: go-generate
61 | runs-on: ubuntu-latest
62 | steps:
63 | - name: Check out code into the Go module directory
64 | uses: actions/checkout@v4
65 | - name: Set up Go
66 | uses: actions/setup-go@v5
67 | with:
68 | go-version-file: 'go.mod'
69 | cache: true
70 | - name: Setup terraform
71 | uses: hashicorp/setup-terraform@v3
72 | - run: go generate ./...
73 | - name: git diff
74 | run: |
75 | git diff --exit-code || \
76 | (echo; echo "Unexpected difference in directories after code generation. Run 'go generate ./...' command and commit."; exit 1)
77 | test:
78 | name: Unit Tests
79 | needs: build
80 | runs-on: ubuntu-latest
81 | steps:
82 | - name: Check out code into the Go module directory
83 | uses: actions/checkout@v4
84 | - name: Set up Go
85 | uses: actions/setup-go@v5
86 | with:
87 | go-version-file: 'go.mod'
88 | cache: true
89 | id: go
90 | - run: go test -v -cover ./internal/provider/... ./internal/client/... ./internal/config/... ./internal/utils/...
91 | codeowners:
92 | runs-on: ubuntu-latest
93 | steps:
94 | - name: Checkout
95 | uses: actions/checkout@v4
96 | with:
97 | ref: ${{ github.event.pull_request.head.ref }}
98 | repository: ${{ github.event.pull_request.head.repo.full_name }}
99 | - name: Check for CODEOWNERS file
100 | uses: andstor/file-existence-action@v3
101 | id: check_codeowners_1
102 | with:
103 | files: CODEOWNERS
104 | - name: Check for CODEOWNERS file
105 | uses: andstor/file-existence-action@v3
106 | id: check_codeowners_2
107 | with:
108 | files: docs/CODEOWNERS
109 | - name: Check for CODEOWNERS file
110 | uses: andstor/file-existence-action@v3
111 | id: check_codeowners_3
112 | with:
113 | files: .github/CODEOWNERS
114 | - name: Validate CODEOWNERS
115 | uses: mszostok/codeowners-validator@v0.7.4
116 | if: steps.check_codeowners_1.outputs.files_exists || steps.check_codeowners_2.outputs.files_exists ||steps.check_codeowners_3.outputs.files_exists
117 | with:
118 | checks: "files,owners,duppatterns,syntax"
119 | github_access_token: ${{ secrets.CODEOWNERS_PAT}}
120 |
--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
1 | # This GitHub action can publish assets for release when a tag is created.
2 | # Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0).
3 | #
4 | # This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your
5 | # private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE`
6 | # secret. If you would rather own your own GPG handling, please fork this action
7 | # or use an alternative one for key handling.
8 | #
9 | # You will need to pass the `--batch` flag to `gpg` in your signing step
10 | # in `goreleaser` to indicate this is being used in a non-interactive mode.
11 | #
12 | name: release
13 | on:
14 | push:
15 | tags:
16 | - 'v*'
17 | permissions:
18 | contents: write
19 | jobs:
20 | goreleaser:
21 | runs-on: ubuntu-latest
22 | steps:
23 | -
24 | name: Checkout
25 | uses: actions/checkout@v4
26 | -
27 | name: Unshallow
28 | run: git fetch --prune --unshallow
29 | -
30 | name: Set up Go
31 | uses: actions/setup-go@v5
32 | with:
33 | go-version-file: 'go.mod'
34 | cache: true
35 | -
36 | name: Import GPG key
37 | uses: crazy-max/ghaction-import-gpg@v6
38 | id: import_gpg
39 | with:
40 | gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
41 | passphrase: ${{ secrets.PASSPHRASE }}
42 | -
43 | name: Run GoReleaser
44 | uses: goreleaser/goreleaser-action@v6.1.0
45 | with:
46 | version: latest
47 | args: release --clean
48 | env:
49 | GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
50 | # GitHub sets this automatically
51 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
52 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Binaries for programs and plugins
2 | *.exe
3 | *.exe~
4 | *.dll
5 | *.so
6 | *.dylib
7 |
8 | # Test binary, built with `go test -c`
9 | *.test
10 |
11 | # Output of the go coverage tool, specifically when used with LiteIDE
12 | *.out
13 |
14 | # Dependency directories (remove the comment below to include it)
15 | /vendor
16 |
17 | terraform-provider-wiz
18 |
19 | schema/wiz.graphql
20 | schema/wiz.json
21 |
--------------------------------------------------------------------------------
/.goreleaser.yml:
--------------------------------------------------------------------------------
1 | # Visit https://goreleaser.com for documentation on how to customize this
2 | # behavior.
3 | before:
4 | hooks:
5 | # this is just an example and not a requirement for provider building/publishing
6 | - go mod tidy
7 | builds:
8 | - env:
9 | # goreleaser does not work with CGO, it could also complicate
10 | # usage by users in CI/CD systems like Terraform Cloud where
11 | # they are unable to install libraries.
12 | - CGO_ENABLED=0
13 | mod_timestamp: '{{ .CommitTimestamp }}'
14 | flags:
15 | - -trimpath
16 | ldflags:
17 | - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}'
18 | goos:
19 | - freebsd
20 | - windows
21 | - linux
22 | - darwin
23 | goarch:
24 | - amd64
25 | - '386'
26 | - arm
27 | - arm64
28 | ignore:
29 | - goos: darwin
30 | goarch: '386'
31 | binary: '{{ .ProjectName }}_v{{ .Version }}'
32 | archives:
33 | - format: zip
34 | name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
35 | checksum:
36 | extra_files:
37 | - glob: 'terraform-registry-manifest.json'
38 | name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
39 | name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
40 | algorithm: sha256
41 | signs:
42 | - artifacts: checksum
43 | args:
44 | # if you are using this in a GitHub action or some other automated pipeline, you
45 | # need to pass the batch flag to indicate its not interactive.
46 | - "--batch"
47 | - "--local-user"
48 | - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key
49 | - "--output"
50 | - "${signature}"
51 | - "--detach-sign"
52 | - "${artifact}"
53 | release:
54 | extra_files:
55 | - glob: 'terraform-registry-manifest.json'
56 | name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
57 | # If you want to manually examine the release before its live, uncomment this line:
58 | # draft: true
59 | changelog:
60 | use: github
61 |
--------------------------------------------------------------------------------
/CODEOWNERS:
--------------------------------------------------------------------------------
1 | * @axtongrams/reviewers
2 |
--------------------------------------------------------------------------------
/GNUmakefile:
--------------------------------------------------------------------------------
1 | TEST ?= ./internal/provider/... ./internal/client/... ./internal/config/... ./internal/utils/...
2 | PKG_NAME ?= internal
3 | GO_VER ?= go
4 | TEST_COUNT ?= 1
5 | ACCTEST_PARALLELISM ?= 20
6 | ACCTEST_TIMEOUT ?= 180m
7 |
8 | default: build
9 |
10 | build: fmtcheck
11 | $(GO_VER) install
12 |
13 | depscheck:
14 | @echo "==> Checking source code with go mod tidy..."
15 | @$(GO_VER) mod tidy
16 | @git diff --exit-code -- go.mod go.sum || \
17 | (echo; echo "Unexpected difference in go.mod/go.sum files. Run 'go mod tidy' command or revert any go.mod/go.sum changes and commit."; exit 1)
18 |
19 | fmt:
20 | @echo "==> Fixing source code with gofmt..."
21 | gofmt -s -w -l ./$(PKG_NAME) tools.go main.go
22 |
23 | fmtcheck:
24 | @sh -c "'$(CURDIR)/.ci/scripts/gofmtcheck.sh'"
25 |
26 | test: fmtcheck
27 | $(GO_VER) test $(TEST) -v $(TESTARGS) -timeout=5m
28 |
29 | testacc: fmtcheck
30 | TF_ACC=1 $(GO_VER) test ./${PKG_NAME}/acceptance/... -v -count $(TEST_COUNT) -parallel $(ACCTEST_PARALLELISM) $(TESTARGS) -timeout $(ACCTEST_TIMEOUT)
31 |
32 | vet:
33 | @echo "go vet ."
34 | @go vet $$(go list ./...) ; if [ $$? -eq 1 ]; then \
35 | echo ""; \
36 | echo "Vet found suspicious constructs. Please check the reported constructs"; \
37 | echo "and fix them if necessary before submitting the code for review."; \
38 | exit 1; \
39 | fi
40 |
41 | .PHONY: \
42 | build \
43 | depscheck \
44 | fmt \
45 | fmtcheck \
46 | test \
47 | testacc \
48 | vet
49 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Terraform Providerfor Wiz
2 |
3 | The Terraform provider for Wiz allows you to manage resources typically managed in the Wiz web interface.
4 |
5 | This provider is not yet feature complete and requires development, testing, and polishing.
6 |
7 | ## Requirements
8 |
9 | * [Terraform](https://www.terraform.io/downloads.html) >= 1.0
10 | * [Go](https://golang.org/doc/install) >= 1.18
11 |
12 | ## Building the Provider
13 |
14 | 1. Clone the repository
15 | 1. Enter the repository directory
16 | 1. Build the provider using the Go `install` command:
17 | ```sh
18 | $ go install
19 | ```
20 |
21 | ## Adding Dependencies
22 |
23 | This provider uses [Go modules](https://github.com/golang/go/wiki/Modules).
24 | Please see the Go documentation for the most up to date information about using Go modules.
25 |
26 | To add a new dependency `github.com/author/dependency` to your Terraform provider:
27 |
28 | ```
29 | go get github.com/author/dependency
30 | go mod tidy
31 | ```
32 |
33 | Then commit the changes to `go.mod` and `go.sum`.
34 |
35 | ## Getting Started
36 |
37 | Binaries are available for tagged releases in this repository.
38 |
39 | Once you have the provider installed, follow the instructions in the docs folder to understand what options are available. The documentation includes examples.
40 |
41 | ## Using the Provider
42 |
43 | See the [provider docs](https://registry.terraform.io/providers/AxtonGrams/wiz/latest/docs)
44 |
45 | ## Contributing
46 |
47 | We welcome your contribution. Please understand that the experimental nature of this repository means that contributing code may be a bit of a moving target. If you have an idea for an enhancement or bug fix, and want to take on the work yourself, please first create an issue so that we can discuss the implementation with you before you proceed with the work.
48 |
49 | You can review our [contribution guide](_about/CONTRIBUTING.md) to begin. You can also check out our frequently asked questions.
50 |
--------------------------------------------------------------------------------
/_about/CONTRIBUTING.md:
--------------------------------------------------------------------------------
1 | # Welcome
2 |
3 | _Please Note: This documentation is intended for Terraform Provider code developers. Typical operators writing and applying Terraform configurations do not need to read or understand this material._
4 |
5 | ## Contribute
6 |
7 | Please follow the following steps to ensure your contribution goes smoothly.
8 |
9 | ### 1. Configure Development Environment
10 |
11 | Install Terraform and Go. Clone the repository, compile the provider, and set up testing.
12 |
13 | ### 2. Change Code
14 |
15 | ### 3. Write Tests
16 |
17 | Changes must be covered by acceptance tests for all contributions.
18 |
19 | ### 4. Create a Pull Request
20 |
21 | When your contribution is ready, Create a Pull Request in the Wiz provider repository.
22 |
23 | Include the output from the acceptance tests for the resource you created or altered. Acceptance tests can be targeted to the specific resources as follows:
24 |
25 | ```
26 | $ TF_ACC=1 go test ./internal/acceptance/... -v -run='TestAccResourceWizSAMLIdp_basic'
27 | === RUN TestAccResourceWizSAMLIdp_basic
28 | 2023/04/20 16:09:44 [DEBUG] POST https://auth.app.wiz.io/oauth/token
29 | 2023/04/20 16:09:45 [DEBUG] POST https://auth.app.wiz.io/oauth/token
30 | 2023/04/20 16:09:46 [DEBUG] POST https://auth.app.wiz.io/oauth/token
31 | 2023/04/20 16:09:47 [DEBUG] POST https://api.us8.app.wiz.io/graphql
32 | 2023/04/20 16:09:48 [DEBUG] POST https://api.us8.app.wiz.io/graphql
33 | 2023/04/20 16:09:50 [DEBUG] POST https://auth.app.wiz.io/oauth/token
34 | 2023/04/20 16:09:51 [DEBUG] POST https://auth.app.wiz.io/oauth/token
35 | 2023/04/20 16:09:51 [DEBUG] POST https://api.us8.app.wiz.io/graphql
36 | 2023/04/20 16:09:52 [DEBUG] POST https://auth.app.wiz.io/oauth/token
37 | 2023/04/20 16:09:53 [DEBUG] POST https://auth.app.wiz.io/oauth/token
38 | 2023/04/20 16:09:54 [DEBUG] POST https://auth.app.wiz.io/oauth/token
39 | 2023/04/20 16:09:55 [DEBUG] POST https://api.us8.app.wiz.io/graphql
40 | --- PASS: TestAccResourceWizSAMLIdp_basic (11.93s)
41 | PASS
42 | ok wiz.io/hashicorp/terraform-provider-wiz/internal/acceptance 11.950s
43 | ```
44 |
--------------------------------------------------------------------------------
/docs/data-sources/cloud_accounts.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_cloud_accounts Data Source - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Query cloud accounts (subscriptions).
7 | ---
8 |
9 | # wiz_cloud_accounts (Data Source)
10 |
11 | Query cloud accounts (subscriptions).
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | # retrieve account by aws account id
17 | data "wiz_cloud_accounts" "accounts_by_id" {
18 | search = [
19 | "012345678912",
20 | "987654321098",
21 | ]
22 | }
23 |
24 | # retrieve one account by wiz internal identifier
25 | data "wiz_cloud_accounts" "accounts_by_wiz_id" {
26 | ids = [
27 | "d33a2072-4b95-481b-8153-c0b9089992aa",
28 | ]
29 | }
30 |
31 | # retrieve all ccounts with multiple source connectors
32 | data "wiz_cloud_accounts" "multiple_connectors" {
33 | has_multiple_connector_sources = true
34 | }
35 | ```
36 |
37 |
38 | ## Schema
39 |
40 | ### Optional
41 |
42 | - `assigned_to_project` (Boolean) QueryQuery cloud accounts by project assignment state.
43 | - `cloud_provider` (List of String) Query cloud accounts of specific cloud provider.
44 | - Allowed values:
45 | - GCP
46 | - AWS
47 | - Azure
48 | - OCI
49 | - Alibaba
50 | - vSphere
51 | - OpenShift
52 | - Kubernetes
53 | - `connector_id` (List of String) Query cloud accounts by specific connector ID.
54 | - `connector_issue_id` (List of String) Query cloud accounts by specific connector issue ID.
55 | - `first` (Number) How many results to return, maximum is `500` is per page.
56 | - Defaults to `500`.
57 | - `has_multiple_connector_sources` (Boolean) QueryQuery cloud accounts by project assignment state.
58 | - `ids` (List of String) Get specific Cloud Accounts by their IDs.
59 | - `max_pages` (Number) How many pages to return. 0 means all pages.
60 | - Defaults to `0`.
61 | - `project_id` (String) Query cloud accounts of a specific linked project, given its id.
62 | - `search` (List of String) Free text search on cloud account name or tags or external-id. Specify list of empty string to return all cloud accounts.
63 | - `status` (List of String) Query cloud accounts by status.
64 | - Allowed values:
65 | - CONNECTED
66 | - ERROR
67 | - DISABLED
68 | - INITIAL_SCANNING
69 | - PARTIALLY_CONNECTED
70 | - DISCONNECTED
71 | - DISCOVERED
72 |
73 | ### Read-Only
74 |
75 | - `cloud_accounts` (Set of Object) The returned cloud accounts. (see [below for nested schema](#nestedatt--cloud_accounts))
76 | - `id` (String) Internal identifier for the data.
77 |
78 |
79 | ### Nested Schema for `cloud_accounts`
80 |
81 | Read-Only:
82 |
83 | - `cloud_provider` (String)
84 | - `external_id` (String)
85 | - `id` (String)
86 | - `linked_project_ids` (List of String)
87 | - `name` (String)
88 | - `source_connector_ids` (List of String)
89 | - `status` (String)
90 |
--------------------------------------------------------------------------------
/docs/data-sources/host_config_rules.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_host_config_rules Data Source - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Query cloud configuration rules.
7 | ---
8 |
9 | # wiz_host_config_rules (Data Source)
10 |
11 | Query cloud configuration rules.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | # get the first five host configuration rules for access keys
17 | data "wiz_host_config_rules" "access" {
18 | first = 5
19 | search = "access"
20 | }
21 | ```
22 |
23 |
24 | ## Schema
25 |
26 | ### Optional
27 |
28 | - `enabled` (Boolean) Host Configuration Rule enabled status.
29 | - `first` (Number) How many results to return
30 | - Defaults to `500`.
31 | - `framework_category` (List of String) Search rules by any of securityFramework | securitySubCategory | securityCategory.
32 | - `search` (String) Free text search on id, name, externalId.
33 | - `target_platform` (List of String) Search by target platforms.
34 |
35 | ### Read-Only
36 |
37 | - `host_configuration_rules` (Set of Object) The returned cloud configuration rules. (see [below for nested schema](#nestedatt--host_configuration_rules))
38 | - `id` (String) Internal identifier for the data.
39 |
40 |
41 | ### Nested Schema for `host_configuration_rules`
42 |
43 | Read-Only:
44 |
45 | - `builtin` (Boolean)
46 | - `description` (String)
47 | - `direct_oval` (String)
48 | - `enabled` (Boolean)
49 | - `external_id` (String)
50 | - `id` (String)
51 | - `name` (String)
52 | - `security_sub_category_ids` (List of String)
53 | - `short_name` (String)
54 | - `target_platform_ids` (List of String)
55 |
--------------------------------------------------------------------------------
/docs/data-sources/kubernetes_clusters.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_kubernetes_clusters Data Source - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Get the details for Kubernetes clusters.
7 | ---
8 |
9 | # wiz_kubernetes_clusters (Data Source)
10 |
11 | Get the details for Kubernetes clusters.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | # Get Azure Cloud hosted Kubernetes Clusters
17 | data "wiz_kubernetes_clusters" "myclusters" {
18 | kind = ["AKS"]
19 | }
20 |
21 | # Get the first 3 clusters on a specific AWS account ID
22 | data "wiz_kubernetes_clusters" "myclusters" {
23 | external_ids = ["232412319201"]
24 | first = 3
25 | }
26 | ```
27 |
28 |
29 | ## Schema
30 |
31 | ### Optional
32 |
33 | - `cloud_provider` (List of String) Query cloud accounts of specific cloud provider.
34 | - Allowed values:
35 | - GCP
36 | - AWS
37 | - Azure
38 | - OCI
39 | - Alibaba
40 | - vSphere
41 | - OpenShift
42 | - Kubernetes
43 | - `external_ids` (List of String) The ID(s) to search by. i.e `Azure Subscription ID` or `AWS account number`.
44 | - `first` (Number) How many matches to return, maximum is `500` per page.
45 | - Defaults to `50`.
46 | - `kind` (List of String) Query Kubernetes Cluster of specific kind(s) or cloud provider(s).
47 | - Allowed values:
48 | - EKS
49 | - GKE
50 | - AKS
51 | - OKE
52 | - OPEN_SHIFT
53 | - SELF_HOSTED
54 | - `max_pages` (Number) How many pages to return. 0 means all pages.
55 | - Defaults to `0`.
56 | - `search` (String) Free text search. Specify empty string to return all kubernetes clusters
57 |
58 | ### Read-Only
59 |
60 | - `id` (String) Internal identifier for the data.
61 | - `kubernetes_clusters` (Set of Object) The returned kubernetes clusters. (see [below for nested schema](#nestedatt--kubernetes_clusters))
62 |
63 |
64 | ### Nested Schema for `kubernetes_clusters`
65 |
66 | Read-Only:
67 |
68 | - `cloud_account` (Set of Object) (see [below for nested schema](#nestedobjatt--kubernetes_clusters--cloud_account))
69 | - `id` (String)
70 | - `name` (String)
71 |
72 |
73 | ### Nested Schema for `kubernetes_clusters.cloud_account`
74 |
75 | Read-Only:
76 |
77 | - `cloud_provider` (String)
78 | - `external_id` (String)
79 | - `id` (String)
80 | - `name` (String)
81 |
--------------------------------------------------------------------------------
/docs/data-sources/organizations.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_organizations Data Source - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Get the details for Wiz organizations.
7 | ---
8 |
9 | # wiz_organizations (Data Source)
10 |
11 | Get the details for Wiz organizations.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | # Get the Wiz internal information for the Organization root based on the AWS Root ID
17 |
18 | data "wiz_organizations" "root" {
19 | search = "r-1234"
20 | }
21 | ```
22 |
23 |
24 | ## Schema
25 |
26 | ### Required
27 |
28 | - `search` (String) Organization search string. Used to search all organization attributes.
29 |
30 | ### Optional
31 |
32 | - `first` (Number) How many matches to return.
33 | - Defaults to `500`.
34 |
35 | ### Read-Only
36 |
37 | - `id` (String) Unique identifier for the search. This is a sha1 hash of the search string. Changing the search string on this data source will result in a new data source state entry
38 | - `organizations` (Set of Object) (see [below for nested schema](#nestedatt--organizations))
39 |
40 |
41 | ### Nested Schema for `organizations`
42 |
43 | Read-Only:
44 |
45 | - `cloud_provider` (String)
46 | - `external_id` (String)
47 | - `id` (String)
48 | - `name` (String)
49 | - `path` (String)
50 |
--------------------------------------------------------------------------------
/docs/data-sources/subscription_resource_groups.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_subscription_resource_groups Data Source - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Fetches the resource groups that are part of the subscription.
7 | ---
8 |
9 | # wiz_subscription_resource_groups (Data Source)
10 |
11 | Fetches the resource groups that are part of the subscription.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | # Get the first 3 resource groups for an Azure subscription ID
17 |
18 | data "wiz_subscription_resource_groups" "rgs" {
19 | subscription_id = "1689bd5b-4df3-5dc8-9046-2f0a15faa62f"
20 | first = 3
21 | }
22 | ```
23 |
24 |
25 | ## Schema
26 |
27 | ### Optional
28 |
29 | - `first` (Number) How many matches to return.
30 | - Defaults to `50`.
31 | - `relationship_type` (String) Relationship type, will default to `CONTAINS` if not specified.
32 | - Allowed values:
33 | - ANY
34 | - ANY_OUTGOING
35 | - ACTING_AS
36 | - ADMINISTRATE
37 | - ALERTED_ON
38 | - ALLOWS
39 | - ALLOWS_ACCESS_TO
40 | - APPLIES_TO
41 | - ASSIGNED_TO
42 | - ATTACHED_TO
43 | - BEHIND
44 | - BOOTS
45 | - BUILT_FROM
46 | - CAUSES
47 | - COLLABORATES
48 | - CONNECTED_TO
49 | - CONTAINS
50 | - CONTAINS_DST_IP_RANGE
51 | - CONTAINS_DST_PORT_RANGE
52 | - CONTAINS_SRC_IP_RANGE
53 | - CONTAINS_SRC_PORT_RANGE
54 | - DENIES
55 | - DEPENDS_ON
56 | - DEPLOYED_TO
57 | - ENCRYPTS
58 | - ENCRYPTS_PARTITION
59 | - ENTITLES
60 | - EXCLUDES
61 | - EXPOSES
62 | - GOVERNS
63 | - HAS
64 | - HAS_BOUNDARY_POLICY
65 | - HAS_DATA_FINDING
66 | - HAS_DATA_INVENTORY
67 | - HAS_DATA_SCHEMA
68 | - HAS_DATA_STORE
69 | - HAS_ORGANIZATION_POLICY
70 | - HAS_PRINCIPAL_POLICY
71 | - HAS_RESOURCE_POLICY
72 | - HAS_SNAPSHOT
73 | - HAS_SOURCE
74 | - HAS_STANDARD_WEB_ACCESS_FROM
75 | - HAS_TECH
76 | - HOSTS
77 | - IGNORES
78 | - IMPLEMENTS
79 | - INCLUDES
80 | - INFECTS
81 | - INSIDE
82 | - INSTANCE_OF
83 | - INVOKES
84 | - LOGS_DATA_FOR
85 | - MANAGES
86 | - MOUNTS
87 | - OWNS
88 | - PART_OF
89 | - PEERED_TO
90 | - PERFORMED
91 | - PERFORMED_IMPERSONATED
92 | - PERMITS
93 | - POINTS_TO
94 | - PROTECTS
95 | - READS_DATA_FROM
96 | - REFERENCED_BY
97 | - REPLICA_OF
98 | - ROUTES_TRAFFIC_FROM
99 | - ROUTES_TRAFFIC_TO
100 | - RUNS
101 | - SCANNED
102 | - SEND_MESSAGES_TO
103 | - SERVES
104 | - STORES_DATA_IN
105 | - TRANSIT_PEERED_TO
106 | - USES
107 | - VALIDATES
108 |
109 | - Defaults to `CONTAINS`.
110 | - `subscription_id` (String) The Wiz subscription ID to search by.
111 |
112 | ### Read-Only
113 |
114 | - `id` (String) Internal identifier for the data.
115 | - `resource_groups` (Set of Object) The returned subscription resource groups. (see [below for nested schema](#nestedatt--resource_groups))
116 |
117 |
118 | ### Nested Schema for `resource_groups`
119 |
120 | Read-Only:
121 |
122 | - `id` (String)
123 | - `name` (String)
124 |
--------------------------------------------------------------------------------
/docs/data-sources/users.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_users Data Source - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Get the details for Wiz users.
7 | ---
8 |
9 | # wiz_users (Data Source)
10 |
11 | Get the details for Wiz users.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | # Get Wiz user(s) based on an email address
17 | data "wiz_users" "by_email" {
18 | search = "johnny@domain.com"
19 | }
20 |
21 | # Get first 4 Wiz user(s) based on role
22 | data "wiz_users" "by_role" {
23 | roles = ["GLOBAL_READER"]
24 | first = 4
25 | }
26 | ```
27 |
28 |
29 | ## Schema
30 |
31 | ### Optional
32 |
33 | - `authentication_source` (String) Authentication Source.
34 | - Allowed values:
35 | - LEGACY
36 | - MODERN
37 |
38 | - Defaults to `MODERN`.
39 | - `first` (Number) How many matches to return, maximum is `100` is per page.
40 | - Defaults to `50`.
41 | - `max_pages` (Number) How many pages to return. 0 means all pages.
42 | - Defaults to `0`.
43 | - `roles` (List of String) List of roles to filter by.
44 | - `search` (String) Free text search. Specify empty string to return all users.
45 | - `users` (Block Set) The returned wiz users. (see [below for nested schema](#nestedblock--users))
46 |
47 | ### Read-Only
48 |
49 | - `id` (String) Internal identifier for the data.
50 |
51 |
52 | ### Nested Schema for `users`
53 |
54 | Optional:
55 |
56 | - `effective_role` (Block Set) The effective role details. (see [below for nested schema](#nestedblock--users--effective_role))
57 | - `email` (String) User email address.
58 | - `id` (String) Internal Wiz ID.
59 | - `identity_provider` (Block Set) The identity provider details. (see [below for nested schema](#nestedblock--users--identity_provider))
60 | - `identity_provider_type` (String) Identity Provider Type.
61 | - `is_suspended` (Boolean) If user is suspended.
62 | - `name` (String) User email name.
63 |
64 |
65 | ### Nested Schema for `users.effective_role`
66 |
67 | Optional:
68 |
69 | - `id` (String) The role internal identifier.
70 | - `name` (String) The role name.
71 | - `scopes` (List of String) Permission Scopes.
72 |
73 |
74 |
75 | ### Nested Schema for `users.identity_provider`
76 |
77 | Optional:
78 |
79 | - `name` (String) The identity provider name.
80 |
--------------------------------------------------------------------------------
/docs/index.md:
--------------------------------------------------------------------------------
1 | ---
2 | page_title: "Wiz Provider"
3 | description: |-
4 | Terraform provider to manage Wiz resources
5 | ---
6 |
7 | # terraform-provider-wiz
8 |
9 | The Wiz Terraform provider is designed to work with [Wiz](https://wiz.io/).
10 |
11 | The "wiz" provider manages resources typically manually managed in the [Wiz web interface](https://app.wiz.io/). You must configure the provider with the proper credentials before you can use it.
12 |
13 | Use the navigation to the left to read about the available resources.
14 |
15 | ## Example Usage
16 |
17 | ```terraform
18 | terraform {
19 | required_providers {
20 | wiz = {
21 | source = "AxtonGrams/wiz"
22 | version = "1.0.2"
23 | }
24 | }
25 | }
26 |
27 | provider "wiz" {
28 | wiz_url = var.wiz_url
29 | wiz_auth_client_id = var.wiz_auth_client_id
30 | wiz_auth_client_secret = var.wiz_auth_client_secret
31 | wiz_auth_audience = "wiz-api"
32 | }
33 | ```
34 |
35 | > **WARNING** Hard-coded credentials are not recommended in any Terraform configuration and risks secret leakage should this file ever be committed to a public version control system.
36 |
37 |
38 |
39 | ## Schema
40 |
41 | ### Required
42 |
43 | - `wiz_auth_client_id` (String) Your application's Client ID. You can find this value on the Settings > Service Accounts page. (default: none, environment variable: WIZ_AUTH_CLIENT_ID)
44 | - `wiz_auth_client_secret` (String, Sensitive) Your application's Client Secret. You can find this value on the Settings > Service Accounts page. (default: none, environment variable: WIZ_AUTH_CLIENT_SECRET)
45 | - `wiz_url` (String) Wiz api endpoint. This varies for each Wiz deployment. See https://docs.wiz.io/wiz-docs/docs/using-the-wiz-api#the-graphql-endpoint. (default: none, environment variable: WIZ_URL)
46 |
47 | ### Optional
48 |
49 | - `ca_chain` (String) Base64 encoded PEM of the CA chain used when communicating with Wiz. If a proxy performs TLS interception/inspection, this will be the CA chain for the certificate used by the proxy. The default includes the CAs known to be used by Wiz: `C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root`, `C=US, O=Cloudflare, Inc., CN=Cloudflare Inc ECC CA-3`, `C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2`, `C=US, O=Amazon, CN=Amazon Root CA 1`, `C=US, O=Amazon, OU=Server CA 1B, CN=Amazon`. (environment variable: CA_CHAIN)
50 | - `http_client_retry_max` (Number) Maximum retry attempts.
51 | - Defaults to `10`.
52 | - `http_client_retry_wait_max` (Number) Maximum time to wait before retrying, in seconds.
53 | - Defaults to `10`.
54 | - `http_client_retry_wait_min` (Number) Minimum time to wait before retrying, in seconds.
55 | - Defaults to `1`.
56 | - `proxy` (Boolean) Use an http proxy server? (default: false, environment variable: PROXY)
57 | - `proxy_server` (String) Proxy server address. Syntax: http[s]://[host]:[port]. (default: none, environment variable: PROXY_SERVER)
58 | - `wiz_auth_audience` (String) Set this to 'beyond-api' if using auth0 and 'wiz-api' if using Cognito. (default: wiz-api, environment variable: WIZ_AUTH_AUDIENCE)
59 | - `wiz_auth_grant_type` (String) Set this to 'client_credentials'. (default: client_credentials, environment variable: WIZ_AUTH_GRANT_TYPE)
60 | - `wiz_auth_url` (String) The authentication endpoint. (default: https://auth.app.wiz.io/oauth/token, environment variable: WIZ_AUTH_URL)
61 |
--------------------------------------------------------------------------------
/docs/resources/automation_rule_jira_add_comment.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_automation_rule_jira_add_comment Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Automation Rules define associations between actions and findings.
7 | ---
8 |
9 | # wiz_automation_rule_jira_add_comment (Resource)
10 |
11 | Automation Rules define associations between actions and findings.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "wiz_integration_jira" "default" {
17 | name = "default"
18 | jira_url = var.jira_url
19 | jira_username = var.jira_username
20 | jira_password = var.jira_password
21 | scope = "All Resources, Restrict this Integration to global roles only"
22 | }
23 |
24 | resource "wiz_automation_rule_jira_add_comment" "example" {
25 | name = "example"
26 | description = "example description"
27 | enabled = true
28 | integration_id = wiz_integration_jira.default.id
29 | trigger_source = "ISSUES"
30 | trigger_type = [
31 | "RESOLVED",
32 | ]
33 | filters = jsonencode({
34 | "severity" : [
35 | "CRITICAL"
36 | ]
37 | })
38 | jira_project_key = "PROJ"
39 | jira_comment = "Comment from Wiz"
40 | }
41 | ```
42 |
43 |
44 | ## Schema
45 |
46 | ### Required
47 |
48 | - `filters` (String) Value should be wrapped in jsonencode() to avoid diff detection. This is required even though the API states it is not required. Validate is performed by the UI.
49 | - `integration_id` (String) Wiz identifier for the Integration to leverage for this action. Must be resource type integration_jira.
50 | - `name` (String) Name of the automation rule
51 | - `trigger_source` (String) Trigger source.
52 | - Allowed values:
53 | - ISSUES
54 | - CLOUD_EVENTS
55 | - CONTROL
56 | - CONFIGURATION_FINDING
57 | - `trigger_type` (List of String) Trigger type. Must be set to `CREATED` for wiz_automation_rule_jira_add_comment.
58 | - Allowed values:
59 | - CREATED
60 | - UPDATED
61 | - RESOLVED
62 | - REOPENED
63 |
64 | ### Optional
65 |
66 | - `description` (String) Description of the automation rule
67 | - `enabled` (Boolean) Enabled?
68 | - Defaults to `true`.
69 | - `jira_add_issues_report` (Boolean) Whether or not to attach a report on all open issues as an attachment to ticket, only relevant in CONTROL triggered actions
70 | - Defaults to `false`.
71 | - `jira_comment` (String) Issue Jira comment
72 | - `jira_project_key` (String) Issue project
73 | - `project_id` (String) Wiz internal ID for a project.
74 |
75 | ### Read-Only
76 |
77 | - `action_id` (String) Wiz internal ID for the action.
78 | - `created_at` (String) The date/time at which the automation rule was created.
79 | - `id` (String) Wiz internal identifier.
80 |
--------------------------------------------------------------------------------
/docs/resources/automation_rule_jira_transition_ticket.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_automation_rule_jira_transition_ticket Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Automation Rules define associations between actions and findings.
7 | ---
8 |
9 | # wiz_automation_rule_jira_transition_ticket (Resource)
10 |
11 | Automation Rules define associations between actions and findings.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "wiz_integration_jira" "default" {
17 | name = "default"
18 | jira_url = var.jira_url
19 | jira_username = var.jira_username
20 | jira_password = var.jira_password
21 | scope = "All Resources, Restrict this Integration to global roles only"
22 | }
23 |
24 | resource "wiz_automation_rule_jira_transition_ticket" "example" {
25 | name = "example"
26 | description = "example description"
27 | enabled = true
28 | integration_id = wiz_integration_jira.default.id
29 | trigger_source = "ISSUES"
30 | trigger_type = [
31 | "RESOLVED",
32 | ]
33 | filters = jsonencode({
34 | "severity" : [
35 | "CRITICAL"
36 | ]
37 | })
38 | jira_project_key = "PROJ"
39 | jira_transition_id = "Resolved"
40 | jira_advanced_fields = jsonencode({
41 | "resolution" : "Done"
42 | })
43 | jira_comment = "Resolved via Wiz Automation"
44 | jira_add_issues_report = false
45 | jira_comment_on_transition = true
46 | jira_attach_evidence_csv = false
47 | }
48 | ```
49 |
50 |
51 | ## Schema
52 |
53 | ### Required
54 |
55 | - `filters` (String) Value should be wrapped in jsonencode() to avoid diff detection. This is required even though the API states it is not required. Validate is performed by the UI.
56 | - `integration_id` (String) Wiz identifier for the Integration to leverage for this action. Must be resource type integration_jira.
57 | - `name` (String) Name of the automation rule
58 | - `trigger_source` (String) Trigger source.
59 | - Allowed values:
60 | - ISSUES
61 | - CLOUD_EVENTS
62 | - CONTROL
63 | - CONFIGURATION_FINDING
64 | - `trigger_type` (List of String) Trigger type. Must be set to `CREATED` for wiz_automation_rule_jira_transition_ticket.
65 | - Allowed values:
66 | - CREATED
67 | - UPDATED
68 | - RESOLVED
69 | - REOPENED
70 |
71 | ### Optional
72 |
73 | - `description` (String) Description of the automation rule
74 | - `enabled` (Boolean) Enabled?
75 | - Defaults to `true`.
76 | - `jira_advanced_fields` (String)
77 | - `jira_attach_evidence_csv` (Boolean) Upload issues report as attachment Only relevant in CONTROL-triggered Actions.
78 | - Defaults to `false`.
79 | - `jira_comment` (String) Issue Jira comment
80 | - `jira_comment_on_transition` (Boolean) Whether or not to send comment during follow-up call, if this is disabled comment will be sent as update field
81 | - Defaults to `false`.
82 | - `jira_project` (String) Issue project
83 | - `jira_transition_id` (String) Issue transition ID or Name
84 | - `project_id` (String) Wiz internal ID for a project.
85 |
86 | ### Read-Only
87 |
88 | - `action_id` (String) Wiz internal ID for the action.
89 | - `created_at` (String) The date/time at which the automation rule was created.
90 | - `id` (String) Wiz internal identifier.
91 |
--------------------------------------------------------------------------------
/docs/resources/automation_rule_servicenow_update_ticket.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_automation_rule_servicenow_update_ticket Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Automation Rules define associations between actions and findings.
7 | ---
8 |
9 | # wiz_automation_rule_servicenow_update_ticket (Resource)
10 |
11 | Automation Rules define associations between actions and findings.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "wiz_integration_servicenow" "default" {
17 | name = "default"
18 | servicenow_url = var.servicename_url
19 | servicenow_username = var.servicenow_username
20 | servicenow_password = var.servicenow_password
21 | scope = "All Resources, Restrict this Integration to global roles only"
22 | }
23 |
24 | resource "wiz_automation_rule_servicenow_update_ticket" "example" {
25 | name = "example"
26 | description = "example description"
27 | enabled = true
28 | integration_id = wiz_integration_servicenow.default.id
29 | trigger_source = "ISSUES"
30 | trigger_type = [
31 | "RESOLVED",
32 | ]
33 | filters = jsonencode({
34 | "severity" : [
35 | "CRITICAL"
36 | ]
37 | })
38 | servicenow_table_name = "incident"
39 | servicenow_attach_issues_report = true
40 | servicenow_fields = jsonencode({
41 | "state" : "Closed"
42 | })
43 | }
44 | ```
45 |
46 |
47 | ## Schema
48 |
49 | ### Required
50 |
51 | - `description` (String) Description of the automation rule
52 | - `filters` (String) Value should be wrapped in jsonencode() to avoid diff detection. This is required even though the API states it is not required. Validate is performed by the UI.
53 | - `integration_id` (String) Wiz identifier for the Integration to leverage for this action. Must be resource type integration_aws_sns.
54 | - `name` (String) Name of the automation rule
55 | - `trigger_source` (String) Trigger source.
56 | - Allowed values:
57 | - ISSUES
58 | - CLOUD_EVENTS
59 | - CONTROL
60 | - CONFIGURATION_FINDING
61 | - `trigger_type` (List of String) Trigger type. Must be set to `CREATED` for wiz_automation_rule_servicenow_update_ticket.
62 | - Allowed values:
63 | - CREATED
64 | - UPDATED
65 | - RESOLVED
66 | - REOPENED
67 |
68 | ### Optional
69 |
70 | - `enabled` (Boolean) Enabled?
71 | - Defaults to `true`.
72 | - `project_id` (String) Wiz internal ID for a project.
73 | - `servicenow_attach_issues_report` (Boolean) Upload issues report as attachment Only relevant in CONTROL-triggered Actions.
74 | - Defaults to `false`.
75 | - `servicenow_fields` (String)
76 | - `servicenow_table_name` (String) Table name to which new tickets will be added to, e.g: 'incident'.
77 | - Defaults to `incident`.
78 |
79 | ### Read-Only
80 |
81 | - `action_id` (String) Wiz internal ID for the action.
82 | - `created_at` (String) The date/time at which the automation rule was created.
83 | - `id` (String) Wiz internal identifier.
84 |
--------------------------------------------------------------------------------
/docs/resources/cloud_config_rule_associations.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_cloud_config_rule_associations Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Manage associations between cloud configuration rules and security sub-categories. Associations defined outside this resouce will remain untouched through the lifecycle of this resource. Wiz managed cloud configuration rules cannot be associated to Wiz managed security sub-categories. This resource does not support imports; it can, however, overlay existing resources to bring them under management.
7 | ---
8 |
9 | # wiz_cloud_config_rule_associations (Resource)
10 |
11 | Manage associations between cloud configuration rules and security sub-categories. Associations defined outside this resouce will remain untouched through the lifecycle of this resource. Wiz managed cloud configuration rules cannot be associated to Wiz managed security sub-categories. This resource does not support imports; it can, however, overlay existing resources to bring them under management.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "wiz_cloud_config_rule_associations" "test" {
17 | security_sub_category_ids = [
18 | "2e5bc0d5-835b-4b4c-99cf-b1c6ace90a52",
19 | "708ec4a1-1a5c-4cb3-9c52-511229c5bb35",
20 | ]
21 | cloud_config_rule_ids = [
22 | "301e5fd0-6a1a-42a7-99f5-3b0436d55a7f",
23 | "a5fbd955-ed78-445a-827a-06d6cbe5aab2",
24 | ]
25 | }
26 | ```
27 |
28 |
29 | ## Schema
30 |
31 | ### Required
32 |
33 | - `cloud_config_rule_ids` (List of String) List of cloud configuration rule IDs.
34 | - `security_sub_category_ids` (List of String) List of security sub-category IDs.
35 |
36 | ### Optional
37 |
38 | - `details` (String) Details of the association. This information is not used to manage resources but can serve as notes or documentation for the associations.
39 | - Defaults to `undefined`.
40 |
41 | ### Read-Only
42 |
43 | - `id` (String) Internal identifier for the association.
44 |
--------------------------------------------------------------------------------
/docs/resources/connector_gcp.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_connector_gcp Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Connectors are used to connect GCP resources to Wiz.
7 | ---
8 |
9 | # wiz_connector_gcp (Resource)
10 |
11 | Connectors are used to connect GCP resources to Wiz.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | # Provision a simple GCP connector, organization-wide
17 | resource "wiz_connector_gcp" "example" {
18 | name = "example"
19 | auth_params = jsonencode({
20 | "isManagedIdentity" : true,
21 | "organization_id" : "o-example"
22 | })
23 |
24 | extra_config = jsonencode(
25 | {
26 | "projects" : [],
27 | "excludedProjects" : [],
28 | "includedFolders" : [],
29 | "excludedFolders" : [],
30 | "auditLogMonitorEnabled" : false
31 | }
32 | )
33 | }
34 |
35 | # Provision a GCP connector targeting an individual Google project
36 | resource "wiz_connector_gcp" "example" {
37 | name = "example"
38 | auth_params = jsonencode({
39 | "isManagedIdentity" : true,
40 | "project_id" : "exmaple-project-id"
41 | })
42 |
43 | extra_config = jsonencode(
44 | {
45 | "projects" : [],
46 | "excludedProjects" : [],
47 | "includedFolders" : [],
48 | "excludedFolders" : [],
49 | "auditLogMonitorEnabled" : false
50 | }
51 | )
52 | }
53 | ```
54 |
55 |
56 | ## Schema
57 |
58 | ### Required
59 |
60 | - `auth_params` (String, Sensitive) The authentication parameters. Must be represented in `JSON` format.
61 | - `name` (String) The connector name.
62 |
63 | ### Optional
64 |
65 | - `enabled` (Boolean) Whether the connector is enabled.
66 | - Defaults to `true`.
67 | - `extra_config` (String) Extra configuration for the connector. Must be represented in `JSON` format.
68 |
69 | ### Read-Only
70 |
71 | - `audit_log_monitor_enabled` (Boolean) Whether audit log monitor is enabled. Note an advanced license is required.
72 | - `events_pub_sub_subscription_id` (String) If using Wiz Cloud Events, the Pub/Sub Subscription ID.
73 | - `events_topic_name` (String) If using Wiz Cloud Events, the Topic Name in format `projects//topics/`.
74 | - `excluded_folders` (List of String) The GCP folders excluded by the connector.
75 | - `excluded_projects` (List of String) The GCP projects excluded by the connector.
76 | - `folder_id` (String) The GCP folder ID.
77 | - `id` (String) Wiz internal identifier for the connector.
78 | - `included_folders` (List of String) The GCP folders included by the connector.
79 | - `is_managed_identity` (String) Is managed identity?
80 | - `organization_id` (String) The GCP organization ID.
81 | - `projects` (List of String) The GCP projects to target with the connector.
82 |
83 | ## Import
84 |
85 | Import is supported using the following syntax:
86 |
87 | ```shell
88 | # Importing Considerations:
89 | #
90 | # Please note this is considered experimental, exercise caution and consider the following:
91 | #
92 | # - Make sure that the `auth_params` field is set to the same values as set when the resource was created outside of Terraform.
93 | # This is due to the way we need to handle change as under normal diff conditions, `auth_params` requires a resource recreation.
94 | #
95 | # - For `auth_params` include `isManagedIdentity`. If using outposts, also include `outPostId` and `diskAnalyzer` structure.
96 | #
97 | # For more information, refer to the examples in the documentation.
98 | #
99 | terraform import wiz_connector_gcp.import_example "7be792ba-bfd1-46d0-9fba-5f6bc19df4a8"
100 |
101 | # Optional - this is to set auth_params in state.
102 | #
103 | # If not run post-import, the next `terraform apply` will take care of it.
104 | # Note any speculative changes to `auth_params` are for setting state for the one-time import only, any further changes would require a resource recreation as normal.
105 | terraform apply --target=wiz_connector_gcp.import_example
106 | ```
107 |
--------------------------------------------------------------------------------
/docs/resources/control.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_control Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | A Control consists of a pre-defined Security Graph query and a severity level—if a Control's query returns any results, an Issue is generated for every result. Each Control is assigned to a category in one or more Policy Frameworks.
7 | ---
8 |
9 | # wiz_control (Resource)
10 |
11 | A Control consists of a pre-defined Security Graph query and a severity level—if a Control's query returns any results, an Issue is generated for every result. Each Control is assigned to a category in one or more Policy Frameworks.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "wiz_control" "test" {
17 | name = "test control 2"
18 | enabled = false
19 | description = "test control 2 description"
20 | project_id = "*"
21 | severity = "LOW"
22 | resolution_recommendation = "fix it"
23 | security_sub_categories = [
24 | "wsct-id-8",
25 | ]
26 | query = jsonencode(
27 | {
28 | "relationships" : [
29 | {
30 | "type" : [
31 | {
32 | "reverse" : true,
33 | "type" : "CONTAINS"
34 | }
35 | ],
36 | "with" : {
37 | "select" : true,
38 | "type" : [
39 | "SUBSCRIPTION"
40 | ]
41 | }
42 | }
43 | ]
44 | }
45 | )
46 | scope_query = jsonencode(
47 | {
48 | "type" : [
49 | "SUBSCRIPTION"
50 | ]
51 | }
52 | )
53 | }
54 | ```
55 |
56 |
57 | ## Schema
58 |
59 | ### Required
60 |
61 | - `name` (String) Name of the Control.
62 | - `query` (String) The query that the control runs.
63 | - `scope_query` (String) The query that represents the control's scope.
64 | - `severity` (String) Severity that will be set for this control.
65 | - Allowed values:
66 | - INFORMATIONAL
67 | - LOW
68 | - MEDIUM
69 | - HIGH
70 | - CRITICAL
71 |
72 | ### Optional
73 |
74 | - `description` (String) Description of the Control.
75 | - `enabled` (Boolean) Whether to enable the Control. This has a known defect where if set to false, it will be created as true because the API to create Controls does not accept this parameter.
76 | - Defaults to `true`.
77 | - `project_id` (String) Project scope of the control. Use '*' for all projects.
78 | - Defaults to `*`.
79 | - `resolution_recommendation` (String) Guidance on how the user should address an issue that was created by this control.
80 |
81 | ### Read-Only
82 |
83 | - `id` (String) Internal identifier for the Control
84 | - `security_sub_categories` (List of String) List of security sub-categories IDs.
85 |
--------------------------------------------------------------------------------
/docs/resources/control_associations.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_control_associations Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Manage associations between controls and security sub-categories. Associations defined outside this resouce will remain untouched through the lifecycle of this resource. Wiz managed controls cannot be associated to Wiz managed security sub-categories. This resource does not support imports; it can, however, overlay existing resources to bring them under management.
7 | ---
8 |
9 | # wiz_control_associations (Resource)
10 |
11 | Manage associations between controls and security sub-categories. Associations defined outside this resouce will remain untouched through the lifecycle of this resource. Wiz managed controls cannot be associated to Wiz managed security sub-categories. This resource does not support imports; it can, however, overlay existing resources to bring them under management.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "wiz_control_associations" "test" {
17 | security_sub_category_ids = [
18 | "2e5bc0d5-835b-4b4c-99cf-b1c6ace90a52",
19 | "708ec4a1-1a5c-4cb3-9c52-511229c5bb35",
20 | ]
21 | control_ids = [
22 | "301e5fd0-6a1a-42a7-99f5-3b0436d55a7f",
23 | "a5fbd955-ed78-445a-827a-06d6cbe5aab2",
24 | ]
25 | }
26 | ```
27 |
28 |
29 | ## Schema
30 |
31 | ### Required
32 |
33 | - `control_ids` (List of String) List of control IDs.
34 | - `security_sub_category_ids` (List of String) List of security sub-category IDs.
35 |
36 | ### Optional
37 |
38 | - `details` (String) Details of the association. This information is not used to manage resources but can serve as notes or documentation for the associations.
39 | - Defaults to `undefined`.
40 |
41 | ### Read-Only
42 |
43 | - `id` (String) Internal identifier for the association.
44 |
--------------------------------------------------------------------------------
/docs/resources/host_config_rule_associations.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_host_config_rule_associations Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Manage associations between host configuration rules and security sub-categories. Associations defined outside this resouce will remain untouched through the lifecycle of this resource. Wiz managed host configuration rules cannot be associated to Wiz managed security sub-categories. This resource does not support imports; it can, however, overlay existing resources to bring them under management.
7 | ---
8 |
9 | # wiz_host_config_rule_associations (Resource)
10 |
11 | Manage associations between host configuration rules and security sub-categories. Associations defined outside this resouce will remain untouched through the lifecycle of this resource. Wiz managed host configuration rules cannot be associated to Wiz managed security sub-categories. This resource does not support imports; it can, however, overlay existing resources to bring them under management.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "wiz_host_config_rule_associations" "test" {
17 | security_sub_category_ids = [
18 | "2e5bc0d5-835b-4b4c-99cf-b1c6ace90a52",
19 | "708ec4a1-1a5c-4cb3-9c52-511229c5bb35",
20 | ]
21 | host_config_rule_ids = [
22 | "301e5fd0-6a1a-42a7-99f5-3b0436d55a7f",
23 | "a5fbd955-ed78-445a-827a-06d6cbe5aab2",
24 | ]
25 | }
26 | ```
27 |
28 |
29 | ## Schema
30 |
31 | ### Required
32 |
33 | - `host_config_rule_ids` (List of String) List of host configuration rule IDs.
34 | - `security_sub_category_ids` (List of String) List of security sub-category IDs.
35 |
36 | ### Optional
37 |
38 | - `details` (String) Details of the association. This information is not used to manage resources but can serve as notes or documentation for the associations.
39 | - Defaults to `undefined`.
40 |
41 | ### Read-Only
42 |
43 | - `id` (String) Internal identifier for the association.
44 |
--------------------------------------------------------------------------------
/docs/resources/integration_aws_sns.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_integration_aws_sns Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Integrations are reusable, generic connections between Wiz and third-party platforms like Slack, Google Chat, and Jira that allow data from Wiz to be passed to your preferred tool.
7 | ---
8 |
9 | # wiz_integration_aws_sns (Resource)
10 |
11 | Integrations are reusable, generic connections between Wiz and third-party platforms like Slack, Google Chat, and Jira that allow data from Wiz to be passed to your preferred tool.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | # Provision an AWS SNS integration with a specified role
17 | resource "wiz_integration_aws_sns" "specified_role_all_projects" {
18 | name = "test-terraform-001"
19 | aws_sns_topic_arn = "arn:aws:sns:us-east-1:123456789012:RemediationTopic"
20 | aws_sns_access_method = "ASSUME_SPECIFIED_ROLE"
21 | aws_sns_customer_role_arn = "arn:aws:iam::123456789012:role/RemediationRole"
22 | }
23 |
24 | # Provision and AWS SNS integration with the connector role
25 | resource "wiz_integration_aws_sns" "connector_role_all_projects" {
26 | name = "test-terraform-003"
27 | aws_sns_topic_arn = "arn:aws:sns:us-east-1:123456789012:RemediationTopic"
28 | aws_sns_access_method = "ASSUME_CONNECTOR_ROLE"
29 | aws_sns_connector_id = "ab48ad5e-44fb-48f8-9899-24ee4ed974c1"
30 | }
31 |
32 | # Provision and AWS SNS integration that uses the connector role role for a specified project
33 | resource "wiz_integration_aws_sns" "specified_role_single_project" {
34 | name = "test-terraform-004"
35 | aws_sns_topic_arn = "arn:aws:sns:us-east-1:981012938874:Wiz-Remediation-Issues-Topic"
36 | aws_sns_access_method = "ASSUME_CONNECTOR_ROLE"
37 | aws_sns_connector_id = "ef0bd8a5-165b-4498-b5d7-19871f762c21"
38 | scope = "Selected Project"
39 | project_id = "1091ae77-116a-56cf-990e-db2f4f691f66"
40 | }
41 | ```
42 |
43 |
44 | ## Schema
45 |
46 | ### Required
47 |
48 | - `aws_sns_access_method` (String) The access method this integration should use.
49 | - Allowed values:
50 | - ASSUME_CONNECTOR_ROLE
51 | - ASSUME_SPECIFIED_ROLE
52 | - `name` (String) The name of the integration.
53 |
54 | ### Optional
55 |
56 | - `aws_sns_connector_id` (String) Required if and only if accessMethod is ASSUME_CONNECTOR_ROLE, this should be a valid existing AWS connector ID from which the role ARN will be taken.
57 | - Conflicts with `[aws_sns_customer_role_arn]`.
58 | - `aws_sns_customer_role_arn` (String) Required if and only if accessMethod is ASSUME_SPECIFIED_ROLE, this is the role that should be assumed, the ExternalID of the role must be your Wiz Tenant ID (a GUID).
59 | - Conflicts with `[aws_sns_connector_id]`.
60 | - `aws_sns_topic_arn` (String) The SNS Topic Arn.
61 | - `project_id` (String) The project this action is scoped to.
62 | - `scope` (String) Scoping to a selected Project makes this Integration accessible only to users with global roles or Project-scoped access to the selected Project. Other users will not be able to see it, use it, or view its results. Integrations restricted to global roles cannot be seen or used by users with Project-scoped roles.
63 | - Allowed values:
64 | - Selected Project
65 | - All Resources
66 | - All Resources, Restrict this Integration to global roles only
67 |
68 | - Defaults to `All Resources, Restrict this Integration to global roles only`.
69 |
70 | ### Read-Only
71 |
72 | - `created_at` (String) Identifies the date and time when the object was created.
73 | - `id` (String) Identifier for this object.
74 |
--------------------------------------------------------------------------------
/docs/resources/integration_jira.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_integration_jira Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Integrations are reusable, generic connections between Wiz and third-party platforms like Slack, Google Chat, and Jira that allow data from Wiz to be passed to your preferred tool.
7 | ---
8 |
9 | # wiz_integration_jira (Resource)
10 |
11 | Integrations are reusable, generic connections between Wiz and third-party platforms like Slack, Google Chat, and Jira that allow data from Wiz to be passed to your preferred tool.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "wiz_integration_jira" "default" {
17 | name = "default"
18 | jira_url = var.jira_url
19 | jira_username = var.jira_username
20 | jira_password = var.jira_password
21 | scope = "All Resources, Restrict this Integration to global roles only"
22 | }
23 | ```
24 |
25 |
26 | ## Schema
27 |
28 | ### Required
29 |
30 | - `jira_url` (String) Jira URL. (default: none, environment variable: WIZ_INTEGRATION_JIRA_URL)
31 | - `name` (String) The name of the integration.
32 |
33 | ### Optional
34 |
35 | - `jira_allow_insecure_tls` (Boolean) Jira integration TLS setting
36 | - `jira_client_certificate_and_private_key` (String, Sensitive) Jira PEM with client certificate and private key
37 | - `jira_is_on_prem` (Boolean) Whether Jira instance is on prem
38 | - Defaults to `false`.
39 | - `jira_password` (String, Sensitive) Jira password. (default: none, environment variable: WIZ_INTEGRATION_JIRA_PASSWORD)
40 | - `jira_pat` (String, Sensitive) Jira personal access token (used for on-prem). (default: none, environment variable: WIZ_INTEGRATION_JIRA_PAT)
41 | - `jira_server_ca` (String) Jira server CA
42 | - `jira_server_type` (String) Jira server type
43 | - Defaults to `CLOUD`.
44 | - `jira_username` (String) Email of a Jira user with permissions to create tickets. (default: none, environment variable: WIZ_INTEGRATION_JIRA_USERNAME)
45 | - `project_id` (String) The project this action is scoped to.
46 | - `scope` (String) Scoping to a selected Project makes this Integration accessible only to users with global roles or Project-scoped access to the selected Project. Other users will not be able to see it, use it, or view its results. Integrations restricted to global roles cannot be seen or used by users with Project-scoped roles.
47 | - Allowed values:
48 | - Selected Project
49 | - All Resources
50 | - All Resources, Restrict this Integration to global roles only
51 |
52 | - Defaults to `All Resources, Restrict this Integration to global roles only`.
53 |
54 | ### Read-Only
55 |
56 | - `created_at` (String) Identifies the date and time when the object was created.
57 | - `id` (String) Identifier for this object.
58 |
--------------------------------------------------------------------------------
/docs/resources/integration_servicenow.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_integration_servicenow Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Integrations are reusable, generic connections between Wiz and third-party platforms like Slack, Google Chat, and Jira that allow data from Wiz to be passed to your preferred tool.
7 | ---
8 |
9 | # wiz_integration_servicenow (Resource)
10 |
11 | Integrations are reusable, generic connections between Wiz and third-party platforms like Slack, Google Chat, and Jira that allow data from Wiz to be passed to your preferred tool.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "wiz_integration_servicenow" "default" {
17 | name = "default"
18 | servicenow_url = var.servicename_url
19 | servicenow_username = var.servicenow_username
20 | servicenow_password = var.servicenow_password
21 | scope = "All Resources, Restrict this Integration to global roles only"
22 | }
23 | ```
24 |
25 |
26 | ## Schema
27 |
28 | ### Required
29 |
30 | - `name` (String) The name of the integration.
31 | - `servicenow_password` (String, Sensitive) ServiceNow password. (default: none, environment variable: WIZ_INTEGRATION_SERVICENOW_PASSWORD)
32 | - `servicenow_url` (String) ServiceNow URL. (default: none, environment variable: WIZ_INTEGRATION_SERVICENOW_URL)
33 | - `servicenow_username` (String) Email of a ServiceNow user with permissions to create tickets. (default: none, environment variable: WIZ_INTEGRATION_SERVICENOW_USERNAME)
34 |
35 | ### Optional
36 |
37 | - `project_id` (String) The project this action is scoped to.
38 | - `scope` (String) Scoping to a selected Project makes this Integration accessible only to users with global roles or Project-scoped access to the selected Project. Other users will not be able to see it, use it, or view its results. Integrations restricted to global roles cannot be seen or used by users with Project-scoped roles.
39 | - Allowed values:
40 | - Selected Project
41 | - All Resources
42 | - All Resources, Restrict this Integration to global roles only
43 |
44 | - Defaults to `All Resources, Restrict this Integration to global roles only`.
45 | - `servicenow_client_id` (String) ServiceNow OAuth Client ID. (default: none, environment variable: WIZ_INTEGRATION_SERVICENOW_CLIENT_ID)
46 | - `servicenow_client_secret` (String, Sensitive) ServiceNow OAuth Client Secret. (default: none, environment variable: WIZ_INTEGRATION_SERVICENOW_CLIENT_SECRET)
47 |
48 | ### Read-Only
49 |
50 | - `created_at` (String) Identifies the date and time when the object was created.
51 | - `id` (String) Identifier for this object.
52 |
--------------------------------------------------------------------------------
/docs/resources/project_cloud_account_link.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_project_cloud_account_link Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Associate a cloud subscription with a project. Use either this resource or the cloud_account_link block set for the wiz_project, never both.
7 | ---
8 |
9 | # wiz_project_cloud_account_link (Resource)
10 |
11 | Associate a cloud subscription with a project. Use either this resource or the cloud_account_link block set for the wiz_project, never both.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | # A link from a project to a cloud account can be created using the accounts id in wiz
17 | resource "wiz_project_cloud_account_link" "example" {
18 | project_id = "ee25cc95-82b0-4543-8934-5bc655b86786"
19 | cloud_account_id = "5cc3a684-44cb-4cd5-b78f-f029c25dc617"
20 | environment = "PRODUCTION"
21 | }
22 |
23 | # Or using the external id of the cloud account
24 | resource "wiz_project_cloud_account_link" "example" {
25 | project_id = "ee25cc95-82b0-4543-8934-5bc655b86786"
26 | external_cloud_account_id = "04e56587-4408-402a-9c8c-f454ed45da65"
27 | environment = "PRODUCTION"
28 | }
29 |
30 | # Both can be supplied but they have to belong to the same account
31 | resource "wiz_project_cloud_account_link" "example" {
32 | project_id = "ee25cc95-82b0-4543-8934-5bc655b86786"
33 | cloud_account_id = "5cc3a684-44cb-4cd5-b78f-f029c25dc617"
34 | external_cloud_account_id = "04e56587-4408-402a-9c8c-f454ed45da65"
35 | environment = "PRODUCTION"
36 | }
37 | ```
38 |
39 |
40 | ## Schema
41 |
42 | ### Required
43 |
44 | - `project_id` (String) The Wiz internal identifier of the Wiz project to link the cloud account to
45 |
46 | ### Optional
47 |
48 | - `cloud_account_id` (String) The Wiz internal identifier for the Cloud Account Subscription.
49 | - `environment` (String) The environment.
50 | - Allowed values:
51 | - PRODUCTION
52 | - STAGING
53 | - DEVELOPMENT
54 | - TESTING
55 | - OTHER
56 |
57 | - Defaults to `PRODUCTION`.
58 | - `external_cloud_account_id` (String) The external identifier for the Cloud Account, e.g. an azure subscription id or an aws account id.
59 | - `resource_groups` (List of String) Please provide a list of resource group identifiers for filtering by resource groups. `shared` must be true to define resource_groups.
60 | - `resource_tags` (Block Set) Provide a key and value pair for filtering resources. `shared` must be true to define resource_tags. (see [below for nested schema](#nestedblock--resource_tags))
61 | - `shared` (Boolean) Subscriptions that host a few projects can be marked as ‘shared subscriptions’ and resources can be filtered by tags.
62 |
63 | ### Read-Only
64 |
65 | - `id` (String) Unique tf-internal identifier for the project cloud account link
66 |
67 |
68 | ### Nested Schema for `resource_tags`
69 |
70 | Required:
71 |
72 | - `key` (String)
73 | - `value` (String)
74 |
75 | ## Import
76 |
77 | Import is supported using the following syntax:
78 |
79 | ```shell
80 | # The id for importing a wiz_project_cloud_account_link has to be in this format: 'link||'
81 | terraform import wiz_project_cloud_account_link.example_import "link|ee25cc95-82b0-4543-8934-5bc655b86786|5cc3a684-44cb-4cd5-b78f-f029c25dc617"
82 | ```
83 |
--------------------------------------------------------------------------------
/docs/resources/report_graph_query.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_report_graph_query Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | A GraphQL Query Report is an automated query that can be scheduled to run at hourly intervals.
7 | ---
8 |
9 | # wiz_report_graph_query (Resource)
10 |
11 | A GraphQL Query Report is an automated query that can be scheduled to run at hourly intervals.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | # A simple example
17 | resource "wiz_report_graph_query" "foo" {
18 | name = "foo"
19 | project_id = "2c38b8fa-c315-57ea-9de4-e3a19592d796"
20 | query = <
62 | ## Schema
63 |
64 | ### Required
65 |
66 | - `name` (String) Name of the Report.
67 | - `query` (String) The query that the report will run. Required by the GRAPH_QUERY report type.
68 |
69 | ### Optional
70 |
71 | - `project_id` (String) The ID of the project that this report belongs to (changing this requires re-creatting the report). Defaults to all projects.
72 | - Defaults to `*`.
73 | - `run_interval_hours` (Number) Run interval for scheduled reports (in hours).
74 | - `run_starts_at` (String) String representing the time and date when the scheduling should start (required when run_interval_hours is set). Must be in the following format: 2006-01-02 15:04:05 +0000 UTC. Also, Wiz will always round this down by the hour.
75 |
76 | ### Read-Only
77 |
78 | - `id` (String) The ID of this resource.
79 |
--------------------------------------------------------------------------------
/docs/resources/security_framework.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_security_framework Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Configure Security Frameworks and associated resources (Categories and Subcategories). Support for extended fields has not been implemented due to issues with the API. This includes: category.external_id, category.sub_category.resolution_recommendation, and category.sub_category.external_id.
7 | ---
8 |
9 | # wiz_security_framework (Resource)
10 |
11 | Configure Security Frameworks and associated resources (Categories and Subcategories). Support for extended fields has not been implemented due to issues with the API. This includes: category.external_id, category.sub_category.resolution_recommendation, and category.sub_category.external_id.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "wiz_security_framework" "test" {
17 | name = "terraform-test-security-framework1"
18 | description = "test description"
19 | enabled = true
20 | category {
21 | name = "AM Asset Management"
22 | description = "test am description"
23 | sub_category {
24 | title = "AM-1 Track asset inventory and their risks"
25 | }
26 | }
27 | category {
28 | name = "test category 2"
29 | description = "test description 2"
30 | sub_category {
31 | title = "test subcategory"
32 | description = "bad stuff now"
33 | }
34 | sub_category {
35 | title = "test subcategory 2"
36 | description = "bad stuff could happen"
37 | }
38 | }
39 | }
40 | ```
41 |
42 |
43 | ## Schema
44 |
45 | ### Required
46 |
47 | - `category` (Block Set, Min: 1) Security framework category. (see [below for nested schema](#nestedblock--category))
48 | - `name` (String) Name of the security framework.
49 |
50 | ### Optional
51 |
52 | - `description` (String) Description of the security framework.
53 | - `enabled` (Boolean) Whether to enable the security framework.
54 | - Defaults to `true`.
55 |
56 | ### Read-Only
57 |
58 | - `id` (String) Internal identifier for the Security Framework
59 |
60 |
61 | ### Nested Schema for `category`
62 |
63 | Required:
64 |
65 | - `name` (String) Name fo the security category.
66 | - `sub_category` (Block Set, Min: 1) Security subcategory. (see [below for nested schema](#nestedblock--category--sub_category))
67 |
68 | Optional:
69 |
70 | - `description` (String) Description of the security category.
71 |
72 | Read-Only:
73 |
74 | - `id` (String) Internal identifier for the security category. Specify an existing identifier to use an existing category. If not provided, a new category will be created.
75 |
76 |
77 | ### Nested Schema for `category.sub_category`
78 |
79 | Required:
80 |
81 | - `title` (String) Title of the security subcategory.
82 |
83 | Optional:
84 |
85 | - `description` (String) Description of the security subcategory.
86 |
87 | Read-Only:
88 |
89 | - `id` (String) Internal identifier for the security subcategory. Specify an existing identifier to use an existing subcategory. If not provided, a new subcategory will be created.
90 |
--------------------------------------------------------------------------------
/docs/resources/user.md:
--------------------------------------------------------------------------------
1 | ---
2 | # generated by https://github.com/hashicorp/terraform-plugin-docs
3 | page_title: "wiz_user Resource - terraform-provider-wiz"
4 | subcategory: ""
5 | description: |-
6 | Users let you authenticate to Wiz.
7 | ---
8 |
9 | # wiz_user (Resource)
10 |
11 | Users let you authenticate to Wiz.
12 |
13 | ## Example Usage
14 |
15 | ```terraform
16 | resource "wiz_user" "psm" {
17 | for_each = local.wiz_local_users
18 | email = var.wiz_local_users[each.key].email
19 | name = each.key
20 | role = var.wiz_local_users[each.key].role
21 | }
22 | ```
23 |
24 |
25 | ## Schema
26 |
27 | ### Required
28 |
29 | - `email` (String) The user email address.
30 | - `name` (String) The user name.
31 | - `role` (String) Whether the project is archived/inactive
32 |
33 | ### Optional
34 |
35 | - `assigned_project_ids` (List of String) Assigned Project Identifiers.
36 | - `send_email_invite` (Boolean) Send email invite?
37 | - Defaults to `true`.
38 |
39 | ### Read-Only
40 |
41 | - `id` (String) Unique identifier for the user
42 |
--------------------------------------------------------------------------------
/examples/data-sources/wiz_cloud_accounts/data-source.tf:
--------------------------------------------------------------------------------
1 | # retrieve account by aws account id
2 | data "wiz_cloud_accounts" "accounts_by_id" {
3 | search = [
4 | "012345678912",
5 | "987654321098",
6 | ]
7 | }
8 |
9 | # retrieve one account by wiz internal identifier
10 | data "wiz_cloud_accounts" "accounts_by_wiz_id" {
11 | ids = [
12 | "d33a2072-4b95-481b-8153-c0b9089992aa",
13 | ]
14 | }
15 |
16 | # retrieve all ccounts with multiple source connectors
17 | data "wiz_cloud_accounts" "multiple_connectors" {
18 | has_multiple_connector_sources = true
19 | }
20 |
--------------------------------------------------------------------------------
/examples/data-sources/wiz_cloud_config_rules/data-source.tf:
--------------------------------------------------------------------------------
1 | # get aws cloud configuration rules for access keys
2 | data "wiz_cloud_config_rules" "aws_access_key" {
3 | search = "Access key"
4 | cloud_provider = [
5 | "AWS",
6 | ]
7 | }
8 |
9 | # get high and critical aws cloud configuration rules that have remediation
10 | data "wiz_cloud_config_rules" "aws_critical" {
11 | cloud_provider = [
12 | "AWS",
13 | ]
14 | severity = [
15 | "CRITICAL",
16 | "HIGH",
17 | ]
18 | has_remediation = true
19 | }
20 |
--------------------------------------------------------------------------------
/examples/data-sources/wiz_host_config_rules/data-source.tf:
--------------------------------------------------------------------------------
1 | # get the first five host configuration rules for access keys
2 | data "wiz_host_config_rules" "access" {
3 | first = 5
4 | search = "access"
5 | }
6 |
--------------------------------------------------------------------------------
/examples/data-sources/wiz_kubernetes_clusters/data-source.tf:
--------------------------------------------------------------------------------
1 | # Get Azure Cloud hosted Kubernetes Clusters
2 | data "wiz_kubernetes_clusters" "myclusters" {
3 | kind = ["AKS"]
4 | }
5 |
6 | # Get the first 3 clusters on a specific AWS account ID
7 | data "wiz_kubernetes_clusters" "myclusters" {
8 | external_ids = ["232412319201"]
9 | first = 3
10 | }
--------------------------------------------------------------------------------
/examples/data-sources/wiz_organizations/data-source.tf:
--------------------------------------------------------------------------------
1 | # Get the Wiz internal information for the Organization root based on the AWS Root ID
2 |
3 | data "wiz_organizations" "root" {
4 | search = "r-1234"
5 | }
6 |
--------------------------------------------------------------------------------
/examples/data-sources/wiz_subscription_resource_groups/data-source.tf:
--------------------------------------------------------------------------------
1 | # Get the first 3 resource groups for an Azure subscription ID
2 |
3 | data "wiz_subscription_resource_groups" "rgs" {
4 | subscription_id = "1689bd5b-4df3-5dc8-9046-2f0a15faa62f"
5 | first = 3
6 | }
--------------------------------------------------------------------------------
/examples/data-sources/wiz_users/data-source.tf:
--------------------------------------------------------------------------------
1 | # Get Wiz user(s) based on an email address
2 | data "wiz_users" "by_email" {
3 | search = "johnny@domain.com"
4 | }
5 |
6 | # Get first 4 Wiz user(s) based on role
7 | data "wiz_users" "by_role" {
8 | roles = ["GLOBAL_READER"]
9 | first = 4
10 | }
11 |
--------------------------------------------------------------------------------
/examples/provider/provider.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 | required_providers {
3 | wiz = {
4 | source = "AxtonGrams/wiz"
5 | version = "1.0.2"
6 | }
7 | }
8 | }
9 |
10 | provider "wiz" {
11 | wiz_url = var.wiz_url
12 | wiz_auth_client_id = var.wiz_auth_client_id
13 | wiz_auth_client_secret = var.wiz_auth_client_secret
14 | wiz_auth_audience = "wiz-api"
15 | }
16 |
--------------------------------------------------------------------------------
/examples/resources/wiz_automation_rule_aws_sns/resource.tf:
--------------------------------------------------------------------------------
1 | # Provision an AWS SNS integration
2 | resource "wiz_integration_aws_sns" "example" {
3 | name = "example"
4 | aws_sns_topic_arn = "arn:aws:sns:us-east-1:123456789012:Example"
5 | aws_sns_access_method = "ASSUME_SPECIFIED_ROLE"
6 | aws_sns_customer_role_arn = "arn:aws:iam::123456789012:role/Example-Role"
7 | scope = "All Resources, Restrict this Integration to global roles only"
8 | }
9 |
10 | # Provision an AWS SNS automation rule
11 | resource "wiz_automation_rule_aws_sns" "example" {
12 | name = "example"
13 | description = "example description"
14 | enabled = true
15 | integration_id = wiz_integration_aws_sns.example.id
16 | trigger_source = "ISSUES"
17 | trigger_type = [
18 | "CREATED",
19 | "REOPENED",
20 | ]
21 | aws_sns_body = jsonencode({
22 | "trigger" : {
23 | "source" : "{{triggerSource}}",
24 | "type" : "{{triggerType}}",
25 | "ruleId" : "{{ruleId}}",
26 | "ruleName" : "{{ruleName}}"
27 | },
28 | "issue" : {
29 | "id" : "{{issue.id}}",
30 | "status" : "{{issue.status}}",
31 | "severity" : "{{issue.severity}}",
32 | "created" : "{{issue.createdAt}}",
33 | "projects" : "{{#issue.projects}}{{name}}, {{/issue.projects}}"
34 | },
35 | "resource" : {
36 | "id" : "{{issue.entitySnapshot.providerId}}",
37 | "name" : "{{issue.entitySnapshot.name}}",
38 | "type" : "{{issue.entitySnapshot.nativeType}}",
39 | "cloudPlatform" : "{{issue.entitySnapshot.cloudPlatform}}",
40 | "subscriptionId" : "{{issue.entitySnapshot.subscriptionExternalId}}",
41 | "subscriptionName" : "{{issue.entitySnapshot.subscriptionName}}",
42 | "region" : "{{issue.entitySnapshot.region}}",
43 | "status" : "{{issue.entitySnapshot.status}}",
44 | "cloudProviderURL" : "{{issue.entitySnapshot.cloudProviderURL}}"
45 | },
46 | "control" : {
47 | "id" : "{{issue.control.id}}",
48 | "name" : "{{issue.control.name}}",
49 | "description" : "{{issue.control.description}}",
50 | "severity" : "{{issue.control.severity}}",
51 | "sourceCloudConfigurationRuleId" : "{{issue.control.sourceCloudConfigurationRule.shortId}}",
52 | "sourceCloudConfigurationRuleName" : "{{issue.control.sourceCloudConfigurationRule.name}}"
53 | }
54 | })
55 | filters = jsonencode({
56 | "project" : [],
57 | "relatedEntity" : {
58 | "cloudPlatform" : [
59 | "AWS"
60 | ],
61 | "subscriptionId" : [
62 | "fccc3f07-3304-4f9d-ac2d-a43dd6128eb0",
63 | "a005e165-49c5-41b7-befb-a0e4d866fc6c",
64 | ]
65 | },
66 | "sourceControl" : [
67 | "b46c34d2-3624-4e1e-bb04-dda5177582c7",
68 | "6c27d70a-7329-42e9-b19e-0b974f556365",
69 | ]
70 | })
71 | }
72 |
--------------------------------------------------------------------------------
/examples/resources/wiz_automation_rule_jira_add_comment/resource.tf:
--------------------------------------------------------------------------------
1 | resource "wiz_integration_jira" "default" {
2 | name = "default"
3 | jira_url = var.jira_url
4 | jira_username = var.jira_username
5 | jira_password = var.jira_password
6 | scope = "All Resources, Restrict this Integration to global roles only"
7 | }
8 |
9 | resource "wiz_automation_rule_jira_add_comment" "example" {
10 | name = "example"
11 | description = "example description"
12 | enabled = true
13 | integration_id = wiz_integration_jira.default.id
14 | trigger_source = "ISSUES"
15 | trigger_type = [
16 | "RESOLVED",
17 | ]
18 | filters = jsonencode({
19 | "severity" : [
20 | "CRITICAL"
21 | ]
22 | })
23 | jira_project_key = "PROJ"
24 | jira_comment = "Comment from Wiz"
25 | }
26 |
--------------------------------------------------------------------------------
/examples/resources/wiz_automation_rule_jira_create_ticket/resource.tf:
--------------------------------------------------------------------------------
1 | resource "wiz_integration_jira" "default" {
2 | name = "default"
3 | jira_url = var.jira_url
4 | jira_username = var.jira_username
5 | jira_password = var.jira_password
6 | scope = "All Resources, Restrict this Integration to global roles only"
7 | }
8 |
9 | resource "wiz_automation_rule_jira_create_ticket" "example" {
10 | name = "example"
11 | description = "example description"
12 | enabled = true
13 | integration_id = wiz_integration_jira.default.id
14 | trigger_source = "ISSUES"
15 | trigger_type = [
16 | "CREATED",
17 | ]
18 | filters = jsonencode({
19 | "severity" : [
20 | "CRITICAL"
21 | ]
22 | })
23 | jira_summary = "Wiz Issue: {{issue.control.name}}"
24 | jira_project = "PROJ"
25 | jira_description = <|'
2 | terraform import wiz_project_cloud_account_link.example_import "link|ee25cc95-82b0-4543-8934-5bc655b86786|5cc3a684-44cb-4cd5-b78f-f029c25dc617"
--------------------------------------------------------------------------------
/examples/resources/wiz_project_cloud_account_link/resource.tf:
--------------------------------------------------------------------------------
1 | # A link from a project to a cloud account can be created using the accounts id in wiz
2 | resource "wiz_project_cloud_account_link" "example" {
3 | project_id = "ee25cc95-82b0-4543-8934-5bc655b86786"
4 | cloud_account_id = "5cc3a684-44cb-4cd5-b78f-f029c25dc617"
5 | environment = "PRODUCTION"
6 | }
7 |
8 | # Or using the external id of the cloud account
9 | resource "wiz_project_cloud_account_link" "example" {
10 | project_id = "ee25cc95-82b0-4543-8934-5bc655b86786"
11 | external_cloud_account_id = "04e56587-4408-402a-9c8c-f454ed45da65"
12 | environment = "PRODUCTION"
13 | }
14 |
15 | # Both can be supplied but they have to belong to the same account
16 | resource "wiz_project_cloud_account_link" "example" {
17 | project_id = "ee25cc95-82b0-4543-8934-5bc655b86786"
18 | cloud_account_id = "5cc3a684-44cb-4cd5-b78f-f029c25dc617"
19 | external_cloud_account_id = "04e56587-4408-402a-9c8c-f454ed45da65"
20 | environment = "PRODUCTION"
21 | }
22 |
--------------------------------------------------------------------------------
/examples/resources/wiz_report_graph_query/resource.tf:
--------------------------------------------------------------------------------
1 | # A simple example
2 | resource "wiz_report_graph_query" "foo" {
3 | name = "foo"
4 | project_id = "2c38b8fa-c315-57ea-9de4-e3a19592d796"
5 | query = <|::#...'.
2 | # Import with saml mapping to multiple projects
3 | terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7:bb62aac7-e8bd-5d5e-b205-2dbafe106e1a,ee25cc95-82b0-4543-8934-5bc655b86786:PROJECT_READER"
4 |
5 | # Import with mapping to single project
6 | terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7:bb62aac7-e8bd-5d5e-b205-2dbafe106e1a:PROJECT_READER"
7 |
8 | # Import with global mapping
9 | terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7::PROJECT_READER"
10 |
11 | # Import with multiple group mappings
12 | terraform import wiz_saml_group_mapping.example_import "mapping|wiz-azure-ad-saml|88990357-fe36-421b-aedc-fcdd602b91d7:bb62aac7-e8bd-5d5e-b205-2dbafe106e1a:PROJECT_READER#12345678-1234-1234-1234-123456789012:ee25cc95-82b0-4543-8934-5bc655b86786:PROJECT_WRITER"
--------------------------------------------------------------------------------
/examples/resources/wiz_saml_group_mapping/resource.tf:
--------------------------------------------------------------------------------
1 | # Configure SAML Group Role Mapping on a global scope
2 | resource "wiz_saml_group_mapping" "test_global_scope" {
3 | saml_idp_id = "test-saml-identity-provider"
4 | group_mappings = [
5 | {
6 | provider_group_id = "global-reader-group-id"
7 | role = "PROJECT_READER"
8 | }
9 | ]
10 | }
11 |
12 | # Configure SAML Group Role Mapping on a global scope, with optional description
13 | resource "wiz_saml_group_mapping" "test_global_scope" {
14 | saml_idp_id = "test-saml-identity-provider"
15 | group_mappings = [
16 | {
17 | provider_group_id = "global-reader-group-id"
18 | role = "PROJECT_READER"
19 | description = "Global Reader group mapping"
20 | }
21 | ]
22 | }
23 |
24 | # Configure SAML Group Role Mapping for a single project
25 | resource "wiz_saml_group_mapping" "test_single_project" {
26 | saml_idp_id = "test-saml-identity-provider"
27 | group_mappings = [
28 | {
29 | provider_group_id = "admin-group-id"
30 | role = "PROJECT_ADMIN"
31 | projects = [
32 | "ee25cc95-82b0-4543-8934-5bc655b86786"
33 | ]
34 | }
35 | ]
36 | }
37 |
38 | # Configure SAML Group Role Mapping for multiple projects
39 | resource "wiz_saml_group_mapping" "test_multi_project" {
40 | saml_idp_id = "test-saml-identity-provider"
41 | group_mappings = [
42 | {
43 | provider_group_id = "member-group-id"
44 | role = "PROJECT_MEMBER"
45 | projects = [
46 | "ee25cc95-82b0-4543-8934-5bc655b86786",
47 | "e7f6542c-81f6-43cf-af48-bdd77f09650d"
48 | ]
49 | }
50 | ]
51 | }
52 |
53 | # Configure multiple SAML Group Role Mappings
54 | resource "wiz_saml_group_mapping" "test_multi_mappings" {
55 | saml_idp_id = "test-saml-identity-provider"
56 | group_mappings = [
57 | {
58 | provider_group_id = "global-reader-group-id"
59 | role = "PROJECT_READER"
60 | },
61 | {
62 | provider_group_id = "admin-group-id"
63 | role = "PROJECT_ADMIN"
64 | projects = [
65 | "ee25cc95-82b0-4543-8934-5bc655b86786"
66 | ]
67 | },
68 | {
69 | provider_group_id = "member-group-id"
70 | role = "PROJECT_MEMBER"
71 | projects = [
72 | "ee25cc95-82b0-4543-8934-5bc655b86786",
73 | "e7f6542c-81f6-43cf-af48-bdd77f09650d"
74 | ]
75 | }
76 | ]
77 | }
78 |
--------------------------------------------------------------------------------
/examples/resources/wiz_saml_idp/resource.tf:
--------------------------------------------------------------------------------
1 | resource "wiz_saml_idp" "test" {
2 | name = "SSO-Test"
3 | issuer_url = "https://ping.example.com/idp/SSO.saml2"
4 | login_url = "https://ping.example.com/idp/SSO.saml2"
5 | logout_url = "https://ping.example.com/idp/SLO.saml2"
6 | use_provider_managed_roles = true
7 | allow_manual_role_override = false
8 | merge_groups_mapping_by_role = false
9 | certificate = < 0 {
74 | var errMsg string
75 | if supportsColor {
76 | errMsg = fmt.Sprintf("\033[31m%s\033[0m must be set for acceptance tests", strings.Join(unsetVars, ", "))
77 | } else {
78 | errMsg = fmt.Sprintf("%s must be set for acceptance tests", strings.Join(unsetVars, ", "))
79 | }
80 | return fmt.Errorf(errMsg)
81 | }
82 | return nil
83 | }
84 |
--------------------------------------------------------------------------------
/internal/acceptance/resource_automation_rule_jira_add_comment_test.go:
--------------------------------------------------------------------------------
1 | package acceptance
2 |
3 | import (
4 | "fmt"
5 | "os"
6 | "testing"
7 |
8 | "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
9 | "github.com/hashicorp/terraform-plugin-testing/helper/resource"
10 | )
11 |
12 | func TestAccResourceWizAutomationRuleJiraAddComment_basic(t *testing.T) {
13 | rName := acctest.RandomWithPrefix(ResourcePrefix)
14 |
15 | resource.UnitTest(t, resource.TestCase{
16 | PreCheck: func() { testAccPreCheck(t, TestCase(TcServiceNow)) },
17 | ProviderFactories: providerFactories,
18 | Steps: []resource.TestStep{
19 | {
20 | Config: testResourceWizAutomationRuleJiraAddCommentBasic(rName),
21 | Check: resource.ComposeTestCheckFunc(
22 | resource.TestCheckResourceAttr(
23 | "wiz_integration_jira.foo",
24 | "name",
25 | rName,
26 | ),
27 | resource.TestCheckResourceAttr(
28 | "wiz_automation_rule_jira_add_comment.foo",
29 | "name",
30 | rName,
31 | ),
32 | resource.TestCheckResourceAttr(
33 | "wiz_automation_rule_jira_add_comment.foo",
34 | "description",
35 | "Provider Acceptance Test",
36 | ),
37 | resource.TestCheckResourceAttr(
38 | "wiz_automation_rule_jira_add_comment.foo",
39 | "enabled",
40 | "false",
41 | ),
42 | resource.TestCheckResourceAttr(
43 | "wiz_automation_rule_jira_add_comment.foo",
44 | "trigger_source",
45 | "CONTROL",
46 | ),
47 | resource.TestCheckResourceAttr(
48 | "wiz_automation_rule_jira_add_comment.foo",
49 | "trigger_type.#",
50 | "1",
51 | ),
52 | resource.TestCheckTypeSetElemAttr(
53 | "wiz_automation_rule_jira_add_comment.foo",
54 | "trigger_type.*",
55 | "UPDATED",
56 | ),
57 | resource.TestCheckResourceAttrPair(
58 | "wiz_integration_jira.foo",
59 | "id",
60 | "wiz_automation_rule_jira_add_comment.foo",
61 | "integration_id",
62 | ),
63 | resource.TestCheckResourceAttrPair(
64 | "wiz_integration_jira.foo",
65 | "jira_project_key",
66 | "wiz_automation_rule_jira_add_comment.foo",
67 | os.Getenv("WIZ_INTEGRATION_JIRA_PROJECT"),
68 | ),
69 | resource.TestCheckResourceAttrPair(
70 | "wiz_integration_jira.foo",
71 | "jira_comment",
72 | "wiz_automation_rule_jira_add_comment.foo",
73 | "Comment added via Wiz automation",
74 | ),
75 | resource.TestCheckResourceAttrPair(
76 | "wiz_integration_jira.foo",
77 | "jira_add_issues_report",
78 | "wiz_automation_rule_jira_add_comment.foo",
79 | "false",
80 | ),
81 | ),
82 | },
83 | },
84 | })
85 | }
86 |
87 | func testResourceWizAutomationRuleJiraAddCommentBasic(rName string) string {
88 | return fmt.Sprintf(`
89 | resource "wiz_integration_jira" "foo" {
90 | name = "%s"
91 | scope = "All Resources, Restrict this Integration to global roles only"
92 | }
93 |
94 | resource "wiz_automation_rule_jira_add_comment" "foo" {
95 | name = "%s"
96 | description = "Provider Acceptance Test"
97 | enabled = false
98 | integration_id = wiz_integration_jira.foo.id
99 | trigger_source = "CONTROL"
100 | trigger_type = [
101 | "UPDATED",
102 | ]
103 | filters = jsonencode({
104 | "severity": [
105 | "CRITICAL"
106 | ]
107 | })
108 | jira_project_key = "%s"
109 | jira_comment = "Comment added via Wiz automation"
110 | jira_add_issues_report = false
111 | }
112 | `, rName, rName, os.Getenv("WIZ_INTEGRATION_JIRA_PROJECT"))
113 | }
114 |
--------------------------------------------------------------------------------
/internal/acceptance/resource_automation_rule_jira_transition_ticket_test.go:
--------------------------------------------------------------------------------
1 | package acceptance
2 |
3 | import (
4 | "fmt"
5 | "os"
6 | "testing"
7 |
8 | "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
9 | "github.com/hashicorp/terraform-plugin-testing/helper/resource"
10 | )
11 |
12 | func TestAccResourceWizAutomationRuleJiraTransitionTicket_basic(t *testing.T) {
13 | rName := acctest.RandomWithPrefix(ResourcePrefix)
14 |
15 | resource.UnitTest(t, resource.TestCase{
16 | PreCheck: func() { testAccPreCheck(t, TestCase(TcServiceNow)) },
17 | ProviderFactories: providerFactories,
18 | Steps: []resource.TestStep{
19 | {
20 | Config: testResourceWizAutomationRuleJiraTransitionTicketBasic(rName),
21 | Check: resource.ComposeTestCheckFunc(
22 | resource.TestCheckResourceAttr(
23 | "wiz_integration_jira.foo",
24 | "name",
25 | rName,
26 | ),
27 | resource.TestCheckResourceAttr(
28 | "wiz_automation_rule_jira_transition_ticket.foo",
29 | "name",
30 | rName,
31 | ),
32 | resource.TestCheckResourceAttr(
33 | "wiz_automation_rule_jira_transition_ticket.foo",
34 | "description",
35 | "Provider Acceptance Test",
36 | ),
37 | resource.TestCheckResourceAttr(
38 | "wiz_automation_rule_jira_transition_ticket.foo",
39 | "enabled",
40 | "false",
41 | ),
42 | resource.TestCheckResourceAttr(
43 | "wiz_automation_rule_jira_transition_ticket.foo",
44 | "trigger_source",
45 | "ISSUES",
46 | ),
47 | resource.TestCheckResourceAttr(
48 | "wiz_automation_rule_jira_transition_ticket.foo",
49 | "trigger_type.#",
50 | "1",
51 | ),
52 | resource.TestCheckTypeSetElemAttr(
53 | "wiz_automation_rule_jira_transition_ticket.foo",
54 | "trigger_type.*",
55 | "RESOLVED",
56 | ),
57 | resource.TestCheckResourceAttrPair(
58 | "wiz_integration_jira.foo",
59 | "id",
60 | "wiz_automation_rule_jira_transition_ticket.foo",
61 | "integration_id",
62 | ),
63 | resource.TestCheckResourceAttrPair(
64 | "wiz_integration_jira.foo",
65 | "jira_project",
66 | "wiz_automation_rule_jira_transition_ticket.foo",
67 | os.Getenv("WIZ_INTEGRATION_JIRA_PROJECT"),
68 | ),
69 | resource.TestCheckResourceAttrPair(
70 | "wiz_integration_jira.foo",
71 | "jira_transition_id",
72 | "wiz_automation_rule_jira_transition_ticket.foo",
73 | "Resolved",
74 | ),
75 | resource.TestCheckResourceAttrPair(
76 | "wiz_integration_jira.foo",
77 | "jira_advanced_fields",
78 | "wiz_automation_rule_jira_transition_ticket.foo",
79 | "Wiz Issue: {{issue.control.name}}",
80 | ),
81 | resource.TestCheckResourceAttrPair(
82 | "wiz_integration_jira.foo",
83 | "jira_comment",
84 | "wiz_automation_rule_jira_transition_ticket.foo",
85 | "Jira comment from Wiz",
86 | ),
87 | resource.TestCheckResourceAttrPair(
88 | "wiz_integration_jira.foo",
89 | "jira_comment_on_transition",
90 | "wiz_automation_rule_jira_transition_ticket.foo",
91 | "false",
92 | ),
93 | resource.TestCheckResourceAttrPair(
94 | "wiz_integration_jira.foo",
95 | "jira_attach_evidence_csv",
96 | "wiz_automation_rule_jira_transition_ticket.foo",
97 | "false",
98 | ),
99 | ),
100 | },
101 | },
102 | })
103 | }
104 |
105 | func testResourceWizAutomationRuleJiraTransitionTicketBasic(rName string) string {
106 | return fmt.Sprintf(`
107 | resource "wiz_integration_jira" "foo" {
108 | name = "%s"
109 | scope = "All Resources, Restrict this Integration to global roles only"
110 | }
111 |
112 | resource "wiz_automation_rule_jira_transition_ticket" "foo" {
113 | name = "%s"
114 | description = "Provider Acceptance Test"
115 | enabled = false
116 | integration_id = wiz_integration_jira.foo.id
117 | trigger_source = "ISSUES"
118 | trigger_type = [
119 | "RESOLVED",
120 | ]
121 | filters = jsonencode({
122 | "severity": [
123 | "CRITICAL"
124 | ]
125 | })
126 | jira_project = "%s"
127 | jira_transition_id = "Resolved"
128 | jira_advanced_fields = jsonencode({
129 | "resolution" : "Done"
130 | })
131 | jira_comment = "Resolved via Wiz Automation"
132 | jira_comment_on_transition = true
133 | jira_attach_evidence_csv = false
134 | }
135 | `, rName, rName, os.Getenv("WIZ_INTEGRATION_JIRA_PROJECT"))
136 | }
137 |
--------------------------------------------------------------------------------
/internal/acceptance/resource_automation_rule_servicenow_update_ticket_test.go:
--------------------------------------------------------------------------------
1 | package acceptance
2 |
3 | import (
4 | "fmt"
5 | "testing"
6 |
7 | "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
8 | "github.com/hashicorp/terraform-plugin-testing/helper/resource"
9 | )
10 |
11 | func TestAccResourceWizAutomationRuleServiceNowUpdateTicket_basic(t *testing.T) {
12 | rName := acctest.RandomWithPrefix(ResourcePrefix)
13 |
14 | resource.UnitTest(t, resource.TestCase{
15 | PreCheck: func() { testAccPreCheck(t, TestCase(TcServiceNow)) },
16 | ProviderFactories: providerFactories,
17 | Steps: []resource.TestStep{
18 | {
19 | Config: testResourceWizAutomationRuleServiceNowUpdateTicketBasic(rName),
20 | Check: resource.ComposeTestCheckFunc(
21 | resource.TestCheckResourceAttr(
22 | "wiz_integration_servicenow.foo",
23 | "name",
24 | rName,
25 | ),
26 | resource.TestCheckResourceAttr(
27 | "wiz_automation_rule_servicenow_update_ticket.foo",
28 | "name",
29 | rName,
30 | ),
31 | resource.TestCheckResourceAttr(
32 | "wiz_automation_rule_servicenow_update_ticket.foo",
33 | "description",
34 | "Provider Acceptance Test",
35 | ),
36 | resource.TestCheckResourceAttr(
37 | "wiz_automation_rule_servicenow_update_ticket.foo",
38 | "enabled",
39 | "false",
40 | ),
41 | resource.TestCheckResourceAttr(
42 | "wiz_automation_rule_servicenow_update_ticket.foo",
43 | "trigger_source",
44 | "ISSUES",
45 | ),
46 | resource.TestCheckResourceAttr(
47 | "wiz_automation_rule_servicenow_update_ticket.foo",
48 | "trigger_type.#",
49 | "1",
50 | ),
51 | resource.TestCheckTypeSetElemAttr(
52 | "wiz_automation_rule_servicenow_update_ticket.foo",
53 | "trigger_type.*",
54 | "RESOLVED",
55 | ),
56 | resource.TestCheckResourceAttrPair(
57 | "wiz_integration_servicenow.foo",
58 | "id",
59 | "wiz_automation_rule_servicenow_update_ticket.foo",
60 | "integration_id",
61 | ),
62 | resource.TestCheckResourceAttr(
63 | "wiz_automation_rule_servicenow_update_ticket.foo",
64 | "servicenow_table_name",
65 | "incident",
66 | ),
67 | resource.TestCheckResourceAttr(
68 | "wiz_automation_rule_servicenow_update_ticket.foo",
69 | "servicenow_attach_issues_report",
70 | "false",
71 | ),
72 | resource.TestCheckResourceAttr(
73 | "wiz_automation_rule_servicenow_update_ticket.foo",
74 | "servicenow_fields",
75 | "{\"state\":\"Closed\"}",
76 | ),
77 | ),
78 | },
79 | },
80 | })
81 | }
82 |
83 | func testResourceWizAutomationRuleServiceNowUpdateTicketBasic(rName string) string {
84 | return fmt.Sprintf(`
85 | resource "wiz_integration_servicenow" "foo" {
86 | name = "%s"
87 | scope = "All Resources, Restrict this Integration to global roles only"
88 | }
89 |
90 | resource "wiz_automation_rule_servicenow_update_ticket" "foo" {
91 | name = "%s"
92 | description = "Provider Acceptance Test"
93 | enabled = false
94 | integration_id = wiz_integration_servicenow.foo.id
95 | trigger_source = "ISSUES"
96 | trigger_type = [
97 | "RESOLVED",
98 | ]
99 | filters = jsonencode({
100 | "severity": [
101 | "CRITICAL"
102 | ]
103 | })
104 | servicenow_table_name = "incident"
105 | servicenow_fields = jsonencode({
106 | "state" : "Closed"
107 | })
108 | servicenow_attach_issues_report = false
109 | }
110 | `, rName, rName)
111 | }
112 |
--------------------------------------------------------------------------------
/internal/acceptance/resource_cloud_config_rule_test.go:
--------------------------------------------------------------------------------
1 | package acceptance
2 |
3 | import (
4 | "fmt"
5 | "os"
6 | "regexp"
7 | "testing"
8 |
9 | "github.com/hashicorp/terraform-plugin-testing/helper/acctest"
10 | "github.com/hashicorp/terraform-plugin-testing/helper/resource"
11 | )
12 |
13 | func TestAccResourceWizCloudConfigRule_basic(t *testing.T) {
14 | subscriptionID := os.Getenv("WIZ_SUBSCRIPTION_ID")
15 | rName := acctest.RandomWithPrefix(ResourcePrefix)
16 |
17 | resource.UnitTest(t, resource.TestCase{
18 | PreCheck: func() { testAccPreCheck(t, TestCase(TcCloudConfigRule)) },
19 | ProviderFactories: providerFactories,
20 | Steps: []resource.TestStep{
21 | {
22 | Config: testResourceWizCloudConfigRuleBasic(rName, subscriptionID),
23 | Check: resource.ComposeTestCheckFunc(
24 | resource.TestCheckResourceAttr(
25 | "wiz_cloud_config_rule.foo",
26 | "name",
27 | rName,
28 | ),
29 | resource.TestCheckResourceAttr(
30 | "wiz_cloud_config_rule.foo",
31 | "description",
32 | "test description",
33 | ),
34 | resource.TestCheckResourceAttr(
35 | "wiz_cloud_config_rule.foo",
36 | "remediation_instructions",
37 | "fix it",
38 | ),
39 | resource.TestCheckResourceAttr(
40 | "wiz_cloud_config_rule.foo",
41 | "target_native_types.0",
42 | "account",
43 | ),
44 | resource.TestCheckResourceAttr(
45 | "wiz_cloud_config_rule.foo",
46 | "scope_account_ids.0",
47 | subscriptionID,
48 | ),
49 | resource.TestCheckResourceAttr(
50 | "wiz_cloud_config_rule.foo",
51 | "function_as_control",
52 | "false",
53 | ),
54 | resource.TestCheckResourceAttr(
55 | "wiz_cloud_config_rule.foo",
56 | "enabled",
57 | "false",
58 | ),
59 | resource.TestCheckResourceAttr(
60 | "wiz_cloud_config_rule.foo",
61 | "severity",
62 | "HIGH",
63 | ),
64 | resource.TestCheckResourceAttr(
65 | "wiz_cloud_config_rule.foo",
66 | "iac_matchers.0.type",
67 | "ADMISSION_CONTROLLER",
68 | ),
69 | resource.TestMatchResourceAttr(
70 | "wiz_cloud_config_rule.foo",
71 | "iac_matchers.0.rego_code",
72 | regexp.MustCompile(`\w`),
73 | ),
74 | ),
75 | },
76 | },
77 | })
78 | }
79 |
80 | func testResourceWizCloudConfigRuleBasic(rName string, subscriptionID string) string {
81 | return fmt.Sprintf(`
82 | resource "wiz_cloud_config_rule" "foo" {
83 | name = "%s"
84 | description = "test description"
85 | target_native_types = [
86 | "account",
87 | ]
88 | scope_account_ids = [
89 | "%s",
90 | ]
91 | function_as_control = false
92 | remediation_instructions = "fix it"
93 | enabled = false
94 | severity = "HIGH"
95 | opa_policy = < 0 {
62 | return diags
63 | }
64 |
65 | return diags
66 | }
67 |
--------------------------------------------------------------------------------
/internal/provider/resource_connector_gcp_test.go:
--------------------------------------------------------------------------------
1 | package provider
2 |
3 | import (
4 | "testing"
5 |
6 | "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
7 | )
8 |
9 | var extraConfigErrorSummary = "Invalid extra configuration"
10 |
11 | func TestAddFieldError(t *testing.T) {
12 | diags := diag.Diagnostics{}
13 | fieldName := "foo"
14 | keyName := "bar"
15 |
16 | // Test case 1: Invalid extra configuration
17 | expectedDiags := diag.Diagnostics{
18 | diag.Diagnostic{
19 | Severity: diag.Error,
20 | Summary: "An issue was encountered while processing the `extraConfig` field.",
21 | Detail: "missing or invalid foo field in bar",
22 | },
23 | }
24 |
25 | extraConfigErrorSummary = "Invalid extra configuration"
26 | actualDiags := addFieldError(diags, fieldName, keyName)
27 |
28 | if len(actualDiags) != len(expectedDiags) {
29 | t.Errorf("Expected %d diagnostics, but got %d", len(expectedDiags), len(actualDiags))
30 | }
31 |
32 | for i, actualDiag := range actualDiags {
33 | expectedDiag := expectedDiags[i]
34 |
35 | if actualDiag.Severity != expectedDiag.Severity {
36 | t.Errorf("Expected severity %v, but got %v", expectedDiag.Severity, actualDiag.Severity)
37 | }
38 |
39 | if actualDiag.Summary != expectedDiag.Summary {
40 | t.Errorf("Expected summary %q, but got %q", expectedDiag.Summary, actualDiag.Summary)
41 | }
42 |
43 | if actualDiag.Detail != expectedDiag.Detail {
44 | t.Errorf("Expected detail %q, but got %q", expectedDiag.Detail, actualDiag.Detail)
45 | }
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/internal/provider/resource_control_test.go:
--------------------------------------------------------------------------------
1 | package provider
2 |
3 | import (
4 | "context"
5 | "reflect"
6 | "testing"
7 |
8 | "wiz.io/hashicorp/terraform-provider-wiz/internal/wiz"
9 | )
10 |
11 | func TestFlattenControlSecuritySubCategories(t *testing.T) {
12 | ctx := context.Background()
13 |
14 | expected := []interface{}{
15 | "6b5d5a05-1186-4f70-ae0c-bde55cc9e6aa",
16 | "33bf37f5-9d7e-4e0e-a081-ca362a2223b5",
17 | }
18 |
19 | var expanded = []*wiz.SecuritySubCategory{
20 | {
21 | ID: "6b5d5a05-1186-4f70-ae0c-bde55cc9e6aa",
22 | },
23 | {
24 | ID: "33bf37f5-9d7e-4e0e-a081-ca362a2223b5",
25 | },
26 | }
27 |
28 | ssc := flattenControlSecuritySubCategories(ctx, expanded)
29 |
30 | if !reflect.DeepEqual(ssc, expected) {
31 | t.Fatalf(
32 | "Got:\n\n%#v\n\nExpected:\n\n%#v\n",
33 | ssc,
34 | expected,
35 | )
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/internal/provider/resource_host_config_rule.go:
--------------------------------------------------------------------------------
1 | package provider
2 |
3 | import (
4 | "wiz.io/hashicorp/terraform-provider-wiz/internal/wiz"
5 | )
6 |
7 | // CreateHostConfigurationRule struct
8 | type CreateHostConfigurationRule struct {
9 | CreateHostConfigurationRule wiz.CreateHostConfigurationRulePayload `json:"createHostConfigurationRule"`
10 | }
11 |
12 | // ReadHostConfigurationRulePayload struct -- updates
13 | type ReadHostConfigurationRulePayload struct {
14 | HostConfigurationRule wiz.HostConfigurationRule `json:"hostConfigurationRule"`
15 | }
16 |
17 | // UpdateHostConfigurationRule struct
18 | type UpdateHostConfigurationRule struct {
19 | UpdateHostConfigurationRule wiz.UpdateHostConfigurationRulePayload `json:"updateHostConfigurationRule"`
20 | }
21 |
22 | // DeleteHostConfigurationRule struct
23 | type DeleteHostConfigurationRule struct {
24 | DeleteHostConfigurationRule wiz.DeleteHostConfigurationRulePayload `json:"deleteHostConfigurationRule"`
25 | }
26 |
--------------------------------------------------------------------------------
/internal/provider/resource_integration.go:
--------------------------------------------------------------------------------
1 | package provider
2 |
3 | import (
4 | "context"
5 |
6 | "github.com/hashicorp/terraform-plugin-log/tflog"
7 | "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
8 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
9 | "wiz.io/hashicorp/terraform-provider-wiz/internal/client"
10 | "wiz.io/hashicorp/terraform-provider-wiz/internal/wiz"
11 | )
12 |
13 | // CreateIntegration struct
14 | type CreateIntegration struct {
15 | CreateIntegration wiz.CreateIntegrationPayload `json:"createIntegration"`
16 | }
17 |
18 | // ReadIntegrationPayload struct
19 | type ReadIntegrationPayload struct {
20 | Integration wiz.Integration `json:"integration"`
21 | }
22 |
23 | // UpdateIntegration struct
24 | type UpdateIntegration struct {
25 | UpdateIntegration wiz.UpdateIntegrationPayload `json:"updateIntegration"`
26 | }
27 |
28 | // DeleteIntegration struct
29 | type DeleteIntegration struct {
30 | DeleteIntegration wiz.DeleteIntegrationPayload `json:"deleteIntegration"`
31 | }
32 |
33 | // resourceWizIntegrationDelete deletes a Wiz integration resource
34 | func resourceWizIntegrationDelete(ctx context.Context, d *schema.ResourceData, m interface{}) (diags diag.Diagnostics) {
35 | tflog.Info(ctx, "resourceWizIntegrationAwsSNSDelete called...")
36 |
37 | // check the id
38 | if d.Id() == "" {
39 | return nil
40 | }
41 |
42 | // define the graphql query
43 | query := `mutation DeleteIntegration (
44 | $input: DeleteIntegrationInput!
45 | ) {
46 | deleteIntegration(
47 | input: $input
48 | ) {
49 | _stub
50 | }
51 | }`
52 |
53 | // populate the graphql variables
54 | vars := &wiz.DeleteIntegrationInput{}
55 | vars.ID = d.Id()
56 |
57 | // process the request
58 | data := &DeleteIntegration{}
59 | requestDiags := client.ProcessRequest(ctx, m, vars, data, query, "integration", "delete")
60 | diags = append(diags, requestDiags...)
61 | if len(diags) > 0 {
62 | return diags
63 | }
64 |
65 | return diags
66 | }
67 |
68 | // convertIntegrationScopeToBool converts the literal string representation of the 'scope' to the boolean expected by Wiz
69 | func convertIntegrationScopeToBool(integrationScope string) *bool {
70 | var value bool
71 |
72 | switch integrationScope {
73 | case "Select Project":
74 | value = false
75 | case "All Resources":
76 | value = true
77 | }
78 |
79 | return &value
80 | }
81 |
--------------------------------------------------------------------------------
/internal/provider/resource_report.go:
--------------------------------------------------------------------------------
1 | package provider
2 |
3 | import (
4 | "context"
5 |
6 | "github.com/hashicorp/terraform-plugin-log/tflog"
7 | "github.com/hashicorp/terraform-plugin-sdk/v2/diag"
8 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
9 |
10 | "wiz.io/hashicorp/terraform-provider-wiz/internal/client"
11 | "wiz.io/hashicorp/terraform-provider-wiz/internal/wiz"
12 | )
13 |
14 | // CreateReport struct
15 | type CreateReport struct {
16 | CreateReport wiz.CreateReportPayload `json:"createReport"`
17 | }
18 |
19 | // UpdateReport struct
20 | type UpdateReport struct {
21 | UpdateReport wiz.Report `json:"updateReport"`
22 | }
23 |
24 | // DeleteReport struct
25 | type DeleteReport struct {
26 | DeleteReport wiz.DeleteReportPayload `json:"deleteReport"`
27 | }
28 |
29 | // ReadReportPayload struct -- updates
30 | type ReadReportPayload struct {
31 | Report wiz.Report `json:"report"`
32 | }
33 |
34 | func resourceWizReportDelete(ctx context.Context, d *schema.ResourceData, m interface{}) (diags diag.Diagnostics) {
35 | tflog.Info(ctx, "resourceWizReportDelete called...")
36 |
37 | // check the id
38 | if d.Id() == "" {
39 | return nil
40 | }
41 |
42 | // define the graphql query
43 | query := `mutation DeleteReport (
44 | $input: DeleteReportInput!
45 | ) {
46 | deleteReport(
47 | input: $input
48 | ) {
49 | _stub
50 | }
51 | }`
52 |
53 | // populate the graphql variables
54 | vars := &wiz.DeleteReportInput{}
55 | vars.ID = d.Id()
56 |
57 | // process the request
58 | data := &UpdateReport{}
59 | requestDiags := client.ProcessRequest(ctx, m, vars, data, query, "report", "delete")
60 | diags = append(diags, requestDiags...)
61 | if len(diags) > 0 {
62 | return diags
63 | }
64 |
65 | return diags
66 | }
67 |
--------------------------------------------------------------------------------
/internal/provider/resource_saml_group_mapping_test.go:
--------------------------------------------------------------------------------
1 | package provider
2 |
3 | import (
4 | "reflect"
5 |
6 | "wiz.io/hashicorp/terraform-provider-wiz/internal/wiz"
7 |
8 | "testing"
9 | )
10 |
11 | func TestExtractIDsFromSamlIdpGroupMappingImportID(t *testing.T) {
12 | testCases := []struct {
13 | name string
14 | input string
15 | expectedMapping SAMLGroupMappingsImport
16 | expectErr bool
17 | }{
18 | {
19 | name: "Valid ID",
20 | input: "link|samlIdpID|providerGroupID:role:projectID1,projectID2",
21 | expectedMapping: SAMLGroupMappingsImport{SamlIdpID: "samlIdpID", GroupMappings: []wiz.SAMLGroupDetailsInput{{ProviderGroupID: "providerGroupID", Role: "role", Projects: []string{"projectID1", "projectID2"}}}},
22 | expectErr: false,
23 | },
24 | {
25 | name: "Valid ID global mapping",
26 | input: "link|samlIdpID|providerGroupID:role",
27 | expectedMapping: SAMLGroupMappingsImport{SamlIdpID: "samlIdpID", GroupMappings: []wiz.SAMLGroupDetailsInput{{ProviderGroupID: "providerGroupID", Role: "role", Projects: nil}}},
28 | expectErr: false,
29 | },
30 | {
31 | name: "Invalid ID",
32 | input: "invalidId",
33 | expectedMapping: SAMLGroupMappingsImport{},
34 | expectErr: true,
35 | },
36 | {
37 | name: "Invalid ID length",
38 | input: "link|samlIdpId",
39 | expectedMapping: SAMLGroupMappingsImport{},
40 | expectErr: true,
41 | },
42 | }
43 |
44 | for _, tc := range testCases {
45 | t.Run(tc.name, func(t *testing.T) {
46 | mapping, err := extractIDsFromSamlIdpGroupMappingImportID(tc.input)
47 | if (err != nil) != tc.expectErr {
48 | t.Errorf("Expected error: %v, got: %v", tc.expectErr, err)
49 | }
50 | if !reflect.DeepEqual(mapping, tc.expectedMapping) {
51 | t.Errorf("Expected mapping: %+v, got: %+v", tc.expectedMapping, mapping)
52 | }
53 | })
54 | }
55 | }
56 |
--------------------------------------------------------------------------------
/internal/provider/resource_service_account_test.go:
--------------------------------------------------------------------------------
1 | package provider
2 |
3 | /*
4 | import (
5 | "testing"
6 |
7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
8 | )
9 |
10 | const testAccResourceServiceAccount = `
11 | resource "wiz_service_account" "foo" {
12 | name = "foo"
13 | scopes = [
14 | "read:projects",
15 | ]
16 | }
17 | `
18 |
19 | func TestAccWizServiceAccount_basic(t *testing.T) {
20 | resource.UnitTest(t, resource.TestCase{
21 | PreCheck: func() { testAccPreCheck(t) },
22 | ProviderFactories: providerFactories,
23 | Steps: []resource.TestStep{
24 | {
25 | Config: testAccResourceServiceAccount,
26 | Check: resource.ComposeTestCheckFunc(
27 | resource.TestCheckResourceAttrSet(
28 | "wiz_service_account.foo",
29 | "name",
30 | ),
31 | ),
32 | },
33 | },
34 | })
35 | }
36 | */
37 |
--------------------------------------------------------------------------------
/internal/provider/resource_user_test.go:
--------------------------------------------------------------------------------
1 | package provider
2 |
3 | import (
4 | "context"
5 | "reflect"
6 | "testing"
7 |
8 | "wiz.io/hashicorp/terraform-provider-wiz/internal/wiz"
9 | )
10 |
11 | func TestFlattenAssignedProjectIDs(t *testing.T) {
12 | ctx := context.Background()
13 |
14 | expected := []interface{}{
15 | "2dc9a5ee-b52e-41a2-a13f-75c57d466acf",
16 | "bc0dc093-e74e-4eea-9734-e3e5cfe1ecab",
17 | }
18 |
19 | var expanded = []wiz.Project{
20 | {
21 | ID: "2dc9a5ee-b52e-41a2-a13f-75c57d466acf",
22 | },
23 | {
24 | ID: "bc0dc093-e74e-4eea-9734-e3e5cfe1ecab",
25 | },
26 | }
27 |
28 | assignedProjectIDs := flattenAssignedProjectIDs(ctx, expanded)
29 |
30 | if !reflect.DeepEqual(assignedProjectIDs, expected) {
31 | t.Fatalf(
32 | "Got:\n\n%#v\n\nExpected:\n\n%#v\n",
33 | assignedProjectIDs,
34 | expected,
35 | )
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/internal/utils/helper_functions.go:
--------------------------------------------------------------------------------
1 | package utils
2 |
3 | import (
4 | "encoding/json"
5 | "fmt"
6 | "reflect"
7 | )
8 |
9 | // PrettyPrint prints a struct in formatted json
10 | func PrettyPrint(i interface{}) string {
11 | s, _ := json.MarshalIndent(i, "", "\t")
12 | return string(s)
13 | }
14 |
15 | // ConvertListToString converts schema.TypeList to a slice of strings
16 | func ConvertListToString(input []interface{}) []string {
17 | strings := make([]string, 0)
18 | for _, b := range input {
19 | strings = append(strings, b.(string))
20 | }
21 | return strings
22 | }
23 |
24 | // ConvertBoolToPointer converts a bool to a pointer to bool
25 | func ConvertBoolToPointer(in bool) *bool {
26 | t := new(bool)
27 | *t = in
28 | return t
29 | }
30 |
31 | // SliceOfStringToMDUList converts a slice of string to an ordered markdown list
32 | func SliceOfStringToMDUList(input []string) string {
33 | var output string
34 | output = fmt.Sprintf("\n")
35 | for _, a := range input {
36 | output = output + fmt.Sprintf(" - %s\n", a)
37 | }
38 | return output
39 | }
40 |
41 | // Missing returns the elements in a that are missing from b
42 | func Missing(a, b []string) []string {
43 | type void struct{}
44 |
45 | // create map with length of the 'a' slice
46 | ma := make(map[string]void, len(a))
47 | diffs := []string{}
48 | // Convert first slice to map with empty struct (0 bytes)
49 | for _, ka := range a {
50 | ma[ka] = void{}
51 | }
52 | // find missing values in a
53 | for _, kb := range b {
54 | if _, ok := ma[kb]; !ok {
55 | diffs = append(diffs, kb)
56 | }
57 | }
58 | return diffs
59 | }
60 |
61 | // Unique returns the unique values in a slice of strings
62 | func Unique(s []string) []string {
63 | inResult := make(map[string]bool)
64 | var result []string
65 | for _, str := range s {
66 | if _, ok := inResult[str]; !ok {
67 | inResult[str] = true
68 | result = append(result, str)
69 | }
70 | }
71 | return result
72 | }
73 |
74 | // ConvertSliceToGenericArray returns a generic array from a slice of strings
75 | func ConvertSliceToGenericArray(s []string) []interface{} {
76 | var output = make([]interface{}, 0)
77 | for _, b := range s {
78 | output = append(output, b)
79 | }
80 | return output
81 | }
82 |
83 | // RemoveNullAndEmptyValues removes null and empty values from a nested map limited in depth traversal
84 | func RemoveNullAndEmptyValues(m map[string]interface{}, depth int) {
85 | if depth == 0 {
86 | return
87 | }
88 | for k, v := range m {
89 | if v == nil || (reflect.TypeOf(v).Kind() == reflect.String && v.(string) == "") {
90 | delete(m, k)
91 | } else if childMap, ok := v.(map[string]interface{}); ok {
92 | RemoveNullAndEmptyValues(childMap, depth-1)
93 | } else if childSlice, ok := v.([]interface{}); ok {
94 | for _, child := range childSlice {
95 | if childMap, ok := child.(map[string]interface{}); ok {
96 | RemoveNullAndEmptyValues(childMap, depth-1)
97 | }
98 | }
99 | }
100 | }
101 | }
102 |
--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
1 | package main
2 |
3 | import (
4 | "flag"
5 |
6 | "github.com/hashicorp/terraform-plugin-sdk/v2/plugin"
7 |
8 | "wiz.io/hashicorp/terraform-provider-wiz/internal/provider"
9 | )
10 |
11 | //go:generate terraform fmt -recursive ./examples/
12 | //go:generate go run github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs
13 |
14 | var (
15 | // these will be set by the goreleaser configuration
16 | // to appropriate values for the compiled binary
17 | version string = "dev"
18 |
19 | // goreleaser can also pass the specific commit if you want
20 | commit string = ""
21 | )
22 |
23 | func main() {
24 | var debugMode bool
25 |
26 | flag.BoolVar(&debugMode, "debug", false, "set to true to run the provider with support for debuggers like delve")
27 | flag.Parse()
28 |
29 | opts := &plugin.ServeOpts{
30 | Debug: debugMode,
31 |
32 | // TODO: update this string with the full name of your provider as used in your configs
33 | ProviderAddr: "wiz.io/hashicorp/wiz",
34 |
35 | ProviderFunc: provider.New(version),
36 | }
37 |
38 | plugin.Serve(opts)
39 | }
40 |
--------------------------------------------------------------------------------
/schema/README.md:
--------------------------------------------------------------------------------
1 | # Wiz Schema
2 |
3 | This directory contains informatoin on obtainign the GraphQL schema from Wiz to use for development purposes.
4 | Retrieval of this schema requires Wiz credentials.
5 |
6 | The schema rendered usign these steps assists with the development of the wiz package.
7 |
8 | ## User Reflection to Obtain the Schema
9 |
10 | Retrieve the JSON representation of the schema using reflection from the Wiz API using the following query.
11 |
12 | ```
13 | fragment FullType on __Type {
14 | kind
15 | name
16 | fields(includeDeprecated: true) {
17 | name
18 | args {
19 | ...InputValue
20 | }
21 | type {
22 | ...TypeRef
23 | }
24 | isDeprecated
25 | deprecationReason
26 | }
27 | inputFields {
28 | ...InputValue
29 | }
30 | interfaces {
31 | ...TypeRef
32 | }
33 | enumValues(includeDeprecated: true) {
34 | name
35 | isDeprecated
36 | deprecationReason
37 | }
38 | possibleTypes {
39 | ...TypeRef
40 | }
41 | }
42 | fragment InputValue on __InputValue {
43 | name
44 | type {
45 | ...TypeRef
46 | }
47 | defaultValue
48 | }
49 | fragment TypeRef on __Type {
50 | kind
51 | name
52 | ofType {
53 | kind
54 | name
55 | ofType {
56 | kind
57 | name
58 | ofType {
59 | kind
60 | name
61 | ofType {
62 | kind
63 | name
64 | ofType {
65 | kind
66 | name
67 | ofType {
68 | kind
69 | name
70 | ofType {
71 | kind
72 | name
73 | }
74 | }
75 | }
76 | }
77 | }
78 | }
79 | }
80 | }
81 | query IntrospectionQuery {
82 | __schema {
83 | queryType {
84 | name
85 | }
86 | mutationType {
87 | name
88 | }
89 | types {
90 | ...FullType
91 | }
92 | directives {
93 | name
94 | locations
95 | args {
96 | ...InputValue
97 | }
98 | }
99 | }
100 | }
101 | ```
102 |
103 | ## Convert the JSON schema to GraphQAL SDL
104 |
105 | Conver the JSON representation to GraphQL SDL using graphql-json-to-sdl.
106 | See https://github.com/CDThomas/graphql-json-to-sdl
107 |
--------------------------------------------------------------------------------
/templates/index.md.tmpl:
--------------------------------------------------------------------------------
1 | ---
2 | page_title: "Wiz Provider"
3 | description: |-
4 | Terraform provider to manage Wiz resources
5 | ---
6 |
7 | # {{.ProviderName}}
8 |
9 | The Wiz Terraform provider is designed to work with [Wiz](https://wiz.io/).
10 |
11 | The "wiz" provider manages resources typically manually managed in the [Wiz web interface](https://app.wiz.io/). You must configure the provider with the proper credentials before you can use it.
12 |
13 | Use the navigation to the left to read about the available resources.
14 |
15 | ## Example Usage
16 |
17 | {{ tffile "examples/provider/provider.tf" }}
18 |
19 | > **WARNING** Hard-coded credentials are not recommended in any Terraform configuration and risks secret leakage should this file ever be committed to a public version control system.
20 |
21 |
22 | {{ .SchemaMarkdown | trimspace }}
23 |
--------------------------------------------------------------------------------
/terraform-registry-manifest.json:
--------------------------------------------------------------------------------
1 | {
2 | "version": 1,
3 | "metadata": {
4 | "protocol_versions": ["5.0"]
5 | }
6 | }
7 |
--------------------------------------------------------------------------------
/tools.go:
--------------------------------------------------------------------------------
1 | //go:build tools
2 | // +build tools
3 |
4 | package tools
5 |
6 | import (
7 | // document generation
8 | _ "github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs"
9 | )
10 |
--------------------------------------------------------------------------------