SSPROD-48664 - update(org): include/exclude optional fields

modules/onboarding/organizational.tf

@@ -20,7 +20,7 @@ resource "aws_cloudformation_stack_set" "stackset" {
   name             = local.onboarding_role_name
   tags             = var.tags
   permission_model = "SERVICE_MANAGED"
-  capabilities     = ["CAPABILITY_NAMED_IAM"]
+  capabilities = ["CAPABILITY_NAMED_IAM"]
 
   managed_execution {
     active = true
@@ -88,7 +88,10 @@ resource "aws_cloudformation_stack_set_instance" "stackset_instance" {
 }
 
 resource "sysdig_secure_organization" "aws_organization" {
-  count                   = var.is_organizational ? 1 : 0
-  management_account_id   = sysdig_secure_cloud_auth_account.cloud_auth_account.id
-  organizational_unit_ids = var.organizational_unit_ids
+  count                          = var.is_organizational ? 1 : 0
+  management_account_id          = sysdig_secure_cloud_auth_account.cloud_auth_account.id
+  included_organizational_groups = var.include_ouids
+  excluded_organizational_groups = var.exclude_ouids
+  included_cloud_accounts        = var.include_accounts
+  excluded_cloud_accounts        = var.exclude_accounts
 }

modules/onboarding/variables.tf

@@ -8,12 +8,6 @@ variable "is_organizational" {
   description = "true/false whether secure-for-cloud should be deployed in an organizational setup (all accounts of org) or not (only on default aws provider account)"
 }
 
-variable "organizational_unit_ids" {
-  description = "restrict onboarding to a set of organizational unit identifiers whose child accounts and organizational units are to be onboarded. Default: onboard all organizational units"
-  type        = set(string)
-  default     = []
-}
-
 variable "region" {
   type        = string
   default     = ""
@@ -51,4 +45,28 @@ variable "is_gov_cloud_onboarding" {
   type        = bool
   default     = false
   description = "true/false whether secure-for-cloud should be deployed in a govcloud account/org or not"
+}
+
+variable "include_ouids" {
+  description = "(Optional) ouids to include for organization"
+  type        = set(string)
+  default     = []
+}
+
+variable "exclude_ouids" {
+  description = "(Optional) ouids to exclude for organization"
+  type        = set(string)
+  default     = []
+}
+
+variable "include_accounts" {
+  description = "(Optional) accounts to include for organization"
+  type        = set(string)
+  default     = []
+}
+
+variable "exclude_accounts" {
+  description = "(Optional) accounts to exclude for organization"
+  type        = set(string)
+  default     = []
 }

modules/onboarding/versions.tf

@@ -9,9 +9,10 @@ terraform {
       source  = "hashicorp/random"
       version = ">= 3.1"
     }
+    # TODO: testing only, update when TF provider is released
     sysdig = {
-      source  = "sysdiglabs/sysdig"
-      version = "~> 1.39"
+      source = "local/sysdiglabs/sysdig"
+      version = "~> 1.0.0"
     }
   }
 }

test/examples/organization/onboarding_with_cspm.tf

@@ -1,8 +1,9 @@
 terraform {
   required_providers {
+# TODO: testing only, update when TF provider is released
     sysdig = {
-      source  = "sysdiglabs/sysdig"
-      version = "~> 1.38"
+      source = "local/sysdiglabs/sysdig"
+      version = "~> 1.0.0"
     }
   }
 }