Unable to manage wiz_control_associations (changing cspm controls is not allowed)

[gramsa49]

Terraform Version and Provider Version

Terraform v1.3.3 terraform-provider-wiz v1.0.7

Affected Resource(s)

• wiz_control_association

Terraform Configuration Files

Use any Wiz managed control with a custom security sub-category.

Debug Output

{
  "data": {
    "updateControls": {
      "successCount": 0,
      "failCount": 1,
      "errors": [
        {
          "reason": "changing cspm controls is not allowed",
          "control": {
            "id": "014e7d8a-1c95-5220-9852-ffbbcd438f55"
          }
        }
      ]
    }
  }
}

Expected Behavior

Should be able to both define and destroy security sub-category/control associations.

Actual Behavior

Error returned

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[cvirtucio]

something seems to be clobbering control_ids during the Delete() phase that happens when the control association is getting recreated. this comes up empty, so you only get the securitySubCategoriesToRemove in the UpdateControlsInput struct when the request goes out to Wiz's API.

[cvirtucio]

this fix worked for us: https://github.com/AxtonGrams/terraform-provider-wiz/pull/163