refactor: zsec zssupport lookup resiliency

zscaler · Oct 8, 2024 · 9f9d338 · 9f9d338
1 parent 2e863b6
commit 9f9d338
Showing 1 changed file with 28 additions and 7 deletions.
diff --git a/examples/zsec b/examples/zsec
@@ -1573,14 +1573,35 @@ first_run="yes"
                     echo "Setting security group rule to ${GREEN}$support_server_ip_default${RESET}"
                     echo "export TF_VAR_zssupport_server='$support_server_ip_default'" >> .zsecrc
                 else
-                    echo "Resolving remotesupport.$zscaler_cloud to IP for Security Group rule..."
-                    support_server_ip=$(dig +short remotesupport.$zscaler_cloud 2>&1 > /dev/null || true) 
-                        if [[ $(support_server_ip 2>&1) =~ "command not found" ]]; then
-                            echo "dig command missing on host. Trying alernative resolution method..."
-                            support_server_ip=$(getent ahostsv4 remotesupport.$zscaler_cloud | awk '{print $1}' | head -1)
+                    dns_commands=(
+                        "dig +short remotesupport.$zscaler_cloud 2>/dev/null || true"
+                        "getent ahostsv4 remotesupport.$zscaler_cloud 2>/dev/null | awk '{print \$1}' | head -1 || true"
+                        "host remotesupport.$zscaler_cloud 2>/dev/null | awk '/has address/ { print \$4 ; exit }' || true"
+                        "nslookup remotesupport.$zscaler_cloud 2>/dev/null | awk '/^Address: / { print \$2 ; exit }' || true"
+                    )
+
+                    for command in "${dns_commands[@]}"; do
+                    support_server_ip=$(eval "$command")
+                        if [[ $support_server_ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+                            echo "${GREEN}Outbound rule permitting TCP/12002 access to $support_server_ip/32 will be created${RESET}"
+                            echo "export TF_VAR_zssupport_server='$support_server_ip/32'" >> .zsecrc
+                            break
+                        fi
+                    done
+
+                    if [[ $support_server_ip == '' ]]; then
+                        if [[ "$zscaler_cloud" == "zscalerten.net" ]]; then
+                            support_server_ip="136.226.24.62"
+                        elif [[ "$zscaler_cloud" == "zscalergov.net" ]]; then
+                            support_server_ip="136.226.16.141"
+                        else
+                            support_server_ip="199.168.148.101"
                         fi
-                    echo "${GREEN}Outbound rule permitting TCP/12002 access to $support_server_ip/32 will be created${RESET}"
-                    echo "export TF_VAR_zssupport_server='$support_server_ip/32'" >> .zsecrc
+                        echo "Unable to lookup ip for remotesupport.$zscaler_cloud. Defaulting to static mapping"
+                        echo "${GREEN}Outbound rule permitting TCP/12002 access to $support_server_ip/32 will be created${RESET}"
+                        echo "${YELLOW}Caution: Verify that this IP is correct for your Zscaler Cloud $zscaler_cloud${RESET}"
+                        echo "export TF_VAR_zssupport_server='$support_server_ip/32'" >> .zsecrc
+                    fi
                 fi
             break
             ;;