diff --git a/.github/actions/plan_apply/action.yml b/.github/actions/plan_apply/action.yml
deleted file mode 100644
index 958fdae..0000000
--- a/.github/actions/plan_apply/action.yml
+++ /dev/null
@@ -1,101 +0,0 @@
-name: 'TF plan/apply'
-description: 'Runs Terraform plan and/or apply for a specified path.'
-inputs:
- tf_version:
- description: 'TF version used.'
- required: true
- path:
- description: 'Path to Terraform module.'
- required: true
- do_apply:
- description: When set to true runs also apply
- type: boolean
- default: false
- idempotence:
- description: When set to true runs plan to on already applied configuration
- type: boolean
- default: true
-
-runs:
- using: "composite"
- steps:
-
- - name: setup Terraform
- uses: hashicorp/setup-terraform@v2
- with:
- terraform_version: ${{ inputs.tf_version }}
-
- - name: set UUID and provider values value
- id: uuid
- shell: bash
- env:
- TPATH: ${{ inputs.path }}
- run: |
- echo "uuid=$(uuidgen | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
-
- - name: login to Azure
- uses: azure/login@v1
- with:
- client-id: ${{ env.ARM_CLIENT_ID }}
- tenant-id: ${{ env.ARM_TENANT_ID }}
- subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }}
-
- - name: plan infrastructure
- id: plan
- if: inputs.do_apply == 'false'
- env:
- TPATH: ${{ inputs.path }}
- ARM_USE_OIDC: true
- UUID: ${{ steps.uuid.outputs.uuid }}
- ARM_SKIP_PROVIDER_REGISTRATION: true
- shell: bash
- run: |
- echo "::group::TERRAFORM PLAN"
- cd "$GITHUB_WORKSPACE/$TPATH"
- make plan
- echo "::endgroup::"
-
- - name: create infrastructure
- id: apply
- if: inputs.do_apply == 'true'
- env:
- TPATH: ${{ inputs.path }}
- ARM_USE_OIDC: true
- UUID: ${{ steps.uuid.outputs.uuid }}
- ARM_SKIP_PROVIDER_REGISTRATION: true
- shell: bash
- run: |
- echo "::group::TERRAFORM APPLY"
- cd "$GITHUB_WORKSPACE/$TPATH"
- make apply
- echo "::endgroup::"
-
- - name: test idempotence
- id: idempotence
- if: inputs.do_apply == 'true' && inputs.idempotence == 'true'
- env:
- TPATH: ${{ inputs.path }}
- ARM_USE_OIDC: true
- UUID: ${{ steps.uuid.outputs.uuid }}
- ARM_SKIP_PROVIDER_REGISTRATION: true
- shell: bash
- run: |
- echo "::group::TERRAFORM IDEMPOTENCE"
- cd "$GITHUB_WORKSPACE/$TPATH"
- make idempotence
- echo "::endgroup::"
-
- - name: run destroy
- id: destroy
- if: inputs.do_apply == 'true'
- env:
- TPATH: ${{ inputs.path }}
- ARM_USE_OIDC: true
- UUID: ${{ steps.uuid.outputs.uuid }}
- ARM_SKIP_PROVIDER_REGISTRATION: true
- shell: bash
- run: |
- cd "$GITHUB_WORKSPACE/$TPATH"
- echo "::group::TERRAFORM DESTROY"
- make destroy
- echo "::endgroup::"
diff --git a/.github/sub_cleanup/action.yml b/.github/sub_cleanup/action.yml
deleted file mode 100644
index 1a33b71..0000000
--- a/.github/sub_cleanup/action.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-name: 'Subscription cleanup'
-description: 'Cleans up subscription in case the job was cancelled.'
-runs:
- using: "composite"
- steps:
-
- - name: login to Azure
- uses: azure/login@v1
- with:
- client-id: ${{ env.ARM_CLIENT_ID }}
- tenant-id: ${{ env.ARM_TENANT_ID }}
- subscription-id: ${{ env.ARM_SUBSCRIPTION_ID }}
-
- - name: delete resource groups
- shell: bash
- run: |
- echo "::group::CLEANUP"
-
- set +e
- for RG in $(az group list --query "[?properties.provisioningState=='Succeeded']" | jq -r '.[] | select(.name | contains("ghci")) | .name'); do
- echo " deleting: $RG"
- az group delete -g ${RG} -y --no-wait
-
- E_CODE=$?
- # check the az group delete exit code
- if [ ! $E_CODE -eq 0 ] && [ ! $E_CODE -eq 3 ]; then
- # when exit code is 3 it means that the group is no longer available (deleted for example)
- # hence we skip that error as it is not relevant for us
- # we do honor every other non 0 exit code though
- exit $E_CODE
- fi
- done
- set -e
- echo "::endgroup::"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..fcd11b0
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,89 @@
+name: Terraform checks
+on: [push, pull_request]
+
+jobs:
+ terraform-linter:
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v1
+
+ - name: Terraform Format
+ id: fmt
+ run: terraform fmt -check -recursive
+
+ - name: Terraform Init
+ id: init-zpa-app-connector-group
+ run: |
+ cd modules/terraform-zpa-app-connector-group
+ terraform init
+
+ - name: Terraform Validate
+ id: validate-zpa-app-connector-group
+ run: |
+ cd modules/terraform-zpa-app-connector-group
+ terraform validate -no-color
+
+ - name: Terraform Init
+ id: init-zpa-provisioning-key
+ run: |
+ cd modules/terraform-zpa-provisioning-key
+ terraform init
+
+ - name: Terraform Validate
+ id: validate-zpa-provisioning-key
+ run: |
+ cd modules/terraform-zpa-provisioning-key
+ terraform validate -no-color
+
+ - name: Terraform Init
+ id: init-zsac-acvm-azure
+ run: |
+ cd modules/terraform-zsac-acvm-azure
+ terraform init
+
+ - name: Terraform Validate
+ id: validate-zsac-acvm-azure
+ run: |
+ cd modules/terraform-zsac-acvm-azure
+ terraform validate -no-color
+
+ - name: Terraform Init
+ id: init-zsac-bastion-azure
+ run: |
+ cd modules/terraform-zsac-bastion-azure
+ terraform init
+
+ - name: Terraform Validate
+ id: validate-zsac-bastion-azure
+ run: |
+ cd modules/terraform-zsac-bastion-azure
+ terraform validate -no-color
+
+ - name: Terraform Init
+ id: init-zsac-network-azure
+ run: |
+ cd modules/terraform-zsac-network-azure
+ terraform init
+
+ - name: Terraform Validate
+ id: validate-zsac-network-azure
+ run: |
+ cd modules/terraform-zsac-network-azure
+ terraform validate -no-color
+
+ - name: Terraform Init
+ id: init-zsac-nsg-azure
+ run: |
+ cd modules/terraform-zsac-nsg-azure
+ terraform init
+
+ - name: Terraform Validate
+ id: validate-zsac-nsg-azure
+ run: |
+ cd modules/terraform-zsac-nsg-azure
+ terraform validate -no-color
diff --git a/.github/workflows/lint_pr_title.yml b/.github/workflows/lint_pr_title.yml
deleted file mode 100644
index de7d643..0000000
--- a/.github/workflows/lint_pr_title.yml
+++ /dev/null
@@ -1,21 +0,0 @@
-# DESCRIPTION:
-# A workflow used to verify if PR titles matches conventional commits strategy.
-# END
-
-name: Lint PR Title
-run-name: "Lint PR - (#${{ github.event.number }}) ${{ github.event.pull_request.title }}"
-
-permissions:
- pull-requests: read
-
-on:
- pull_request_target:
- types:
- - opened
- - edited
- - ready_for_review
-
-jobs:
- lint_pr_title:
- name: Lint PR
- uses: zscaler/terraform-modules-zscaler-ci-workflows/.github/workflows/lint_pr_title.yml@v1.0.0
diff --git a/.github/workflows/pr_ci.yml b/.github/workflows/pr_ci.yml
deleted file mode 100644
index 92e6f46..0000000
--- a/.github/workflows/pr_ci.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: PR CI
-run-name: "CI pipeline for PR - (#${{ github.event.number }}) ${{ github.event.pull_request.title }}"
-
-permissions:
- contents: read
- actions: read
- id-token: write
-
-on:
- pull_request:
- types:
- - opened
- - reopened
- - synchronize
- - ready_for_review
- branches: ['master']
-
-jobs:
- pr_ci_wrkflw:
- name: Run CI
- uses: zscaler/terraform-modules-zscaler-ci-workflows/.github/workflows/pr_ci.yml@v1.0.0
- secrets: inherit
- if: github.actor != 'dependabot[bot]'
- with:
- cloud: azure
- tf_version: 1.2 1.3 1.4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ae72136..5601264 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,24 +1,37 @@
-name: Release CI
-run-name: "Continous Release"
-
-
-permissions:
- contents: write
- issues: read
- id-token: write
+name: Release
on:
workflow_dispatch:
- schedule:
- - cron: '0 1 * * 4' # this means every Thursday @1am UTC
+ push:
+ branches:
+ - main
+ - master
+ paths:
+ - '**/*.tpl'
+ - '**/*.py'
+ - '**/*.tf'
+ - '.github/workflows/release.yml'
jobs:
- release_wrkflw:
- name: Do release
- uses: zscaler/terraform-modules-zscaler-ci-workflows/.github/workflows/release_ci.yml@v1.0.0
- secrets: inherit
- with:
- cloud: azure
- max_parallel: 10
- tf_version: 1.2 1.3 1.4 1.5
- do_apply: true
+ release:
+ name: Release
+ runs-on: ubuntu-latest
+ # Skip running release workflow on forks
+ if: github.repository_owner == 'zscaler'
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+ with:
+ persist-credentials: false
+ fetch-depth: 0
+
+ - name: Release
+ uses: cycjimmy/semantic-release-action@v2
+ with:
+ semantic_version: 18.0.0
+ extra_plugins: |
+ @semantic-release/changelog@6.0.0
+ @semantic-release/git@10.0.0
+ conventional-changelog-conventionalcommits@4.6.3
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index c09ae1d..1a27a08 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -29,4 +29,4 @@ jobs:
days-before-close: 10
delete-branch: true
close-issue-message: This issue was automatically closed because of stale in 10 days
- close-pr-message: This PR was automatically closed because of stale in 10 days
+ close-pr-message: This PR was automatically closed because of stale in 10 days
\ No newline at end of file
diff --git a/.github/workflows/tf_validate_ver.yml b/.github/workflows/tf_validate_ver.yml
deleted file mode 100644
index 7e4d0c4..0000000
--- a/.github/workflows/tf_validate_ver.yml
+++ /dev/null
@@ -1,63 +0,0 @@
----
-name: TF Validate
-# description: Validate examples and modules against variety of TF versions
-
-on:
- workflow_dispatch:
-
-env:
- # tf_versions needs to be a string of TF versions we would like to test against
- # versions have to be space delimited
- # when providing only major.minor version the latest patch level will be used
- tf_versions: 0.15 1.0 1.1 1.2
-
-jobs:
- prerequisites:
- name: gather prerequisites
- runs-on: ubuntu-latest
- outputs:
- modules: ${{ steps.preqs.outputs.modules }}
- examples: ${{ steps.preqs.outputs.examples }}
- tf_versions: ${{ steps.preqs.outputs.tf_versions }}
- steps:
- - name: checkout code
- uses: actions/checkout@v3
- - name: set outputs
- id: preqs
- run: |
- echo "::set-output name=modules::$(find modules -maxdepth 1 -mindepth 1 -type d -not \( -name ".?*" \) | jq -R -s -c 'split("\n")[:-1]')"
- echo "::set-output name=examples::$(find examples -maxdepth 1 -mindepth 1 -type d -not \( -name ".?*" \) | jq -R -s -c 'split("\n")[:-1]')"
- echo "::set-output name=tf_versions::$(echo ${tf_versions}| tr " " "\n" | jq -R -s -c 'split("\n")[:-1]')"
-
- modules:
- needs: [prerequisites]
- runs-on: ubuntu-latest
- strategy:
- matrix:
- tf_versions: ${{ fromJson(needs.prerequisites.outputs.tf_versions) }}
- modules: ${{ fromJson(needs.prerequisites.outputs.modules) }}
- name: '${{ matrix.modules }}@${{ matrix.tf_versions }}'
- steps:
- - name: checkout code
- uses: actions/checkout@v3
- - name: run validation
- uses: ./.github/actions/validate_tf
- with:
- path: ${{ matrix.modules }}
- tf_version: ${{ matrix.tf_versions }}
- examples:
- needs: [prerequisites]
- runs-on: ubuntu-latest
- strategy:
- matrix:
- tf_versions: ${{ fromJson(needs.prerequisites.outputs.tf_versions) }}
- examples: ${{ fromJson(needs.prerequisites.outputs.examples) }}
- name: '${{ matrix.examples }}@${{ matrix.tf_versions }}'
- steps:
- - name: checkout code
- uses: actions/checkout@v3
- - name: run validation
- uses: ./.github/actions/validate_tf
- with:
- path: ${{ matrix.examples }}
- tf_version: ${{ matrix.tf_versions }}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index ae0ca2a..a50ad9c 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,39 +1,40 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.81.0
+ rev: v1.85.0
hooks:
- id: terraform_fmt
- id: terraform_validate
- id: terraform_docs
args:
- - '--args=--lockfile=false'
+ - "--args=--lockfile=false"
- id: terraform_tflint
args:
- - '--args=--only=terraform_deprecated_interpolation'
- - '--args=--only=terraform_deprecated_index'
- - '--args=--only=terraform_unused_declarations'
- - '--args=--only=terraform_comment_syntax'
- - '--args=--only=terraform_documented_outputs'
- - '--args=--only=terraform_documented_variables'
- - '--args=--only=terraform_typed_variables'
- - '--args=--only=terraform_module_pinned_source'
- - '--args=--only=terraform_naming_convention'
- - '--args=--only=terraform_required_version'
- - '--args=--only=terraform_required_providers'
- - '--args=--only=terraform_standard_module_structure'
- - '--args=--only=terraform_workspace_remote'
- - repo: https://github.com/pre-commit/pre-commit-hooks
- rev: v4.3.0
- hooks:
- - id: check-merge-conflict
- - id: end-of-file-fixer
+ - "--args=--only=terraform_deprecated_interpolation"
+ - "--args=--only=terraform_deprecated_index"
+ - "--args=--only=terraform_unused_declarations"
+ - "--args=--only=terraform_comment_syntax"
+ - "--args=--only=terraform_documented_outputs"
+ - "--args=--only=terraform_documented_variables"
+ - "--args=--only=terraform_typed_variables"
+ - "--args=--only=terraform_module_pinned_source"
+ - "--args=--only=terraform_naming_convention"
+ - "--args=--only=terraform_required_version"
+ - "--args=--only=terraform_required_providers"
+ - "--args=--only=terraform_standard_module_structure"
+ - "--args=--only=terraform_workspace_remote"
+
+ # - repo: https://github.com/pre-commit/pre-commit-hooks
+ # rev: v4.5.0
+ # hooks:
+ # - id: check-merge-conflict
+ # - id: end-of-file-fixer
- repo: https://github.com/jorisroovers/gitlint
- rev: v0.17.0
+ rev: v0.19.1
hooks:
- id: gitlint
- - repo: https://github.com/ZscalerCWP/iac-pre-commit-hooks
- rev: v0.0.1
- hooks:
- - id: zscaler-iac-scanner
+ # - repo: https://github.com/Yelp/detect-secrets
+ # rev: v1.4.0
+ # hooks:
+ # - id: detect-secrets
diff --git a/.releaserc.json b/.releaserc.json
index 9c87443..c18762a 100644
--- a/.releaserc.json
+++ b/.releaserc.json
@@ -1,45 +1,45 @@
{
"branches": [
- "master",
- "develop"
+ "main",
+ "master"
],
+ "ci": false,
"plugins": [
[
"@semantic-release/commit-analyzer",
{
- "releaseRules": [
- {
- "breaking": true,
- "release": "minor"
- },
- {
- "type": "feat",
- "release": "patch"
- },
- {
- "type": "feat",
- "scope": "MAJOR",
- "release": "major"
- }
- ]
+ "preset": "conventionalcommits"
}
],
- "@semantic-release/release-notes-generator",
[
- "@semantic-release/git",
+ "@semantic-release/release-notes-generator",
{
- "assets": [
- "README.md"
- ],
- "message": "chore(release): ${nextRelease.version}\n\n${nextRelease.notes}"
+ "preset": "conventionalcommits"
}
],
[
"@semantic-release/github",
{
- "successComment": ":tada: This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:\n\nThe release is available on [Terraform Registry](https://registry.terraform.io/modules/zscaler/zpa-app-connector-modules/azurerm/latest) and [GitHub release](../releases/tag/v${nextRelease.version})\n\n> Posted by [semantic-release](https://github.com/semantic-release/semantic-release) bot"
+ "successComment": "This ${issue.pull_request ? 'PR is included' : 'issue has been resolved'} in version ${nextRelease.version} :tada:",
+ "labels": false,
+ "releasedLabels": false
+ }
+ ],
+ [
+ "@semantic-release/changelog",
+ {
+ "changelogFile": "CHANGELOG.md",
+ "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
+ }
+ ],
+ [
+ "@semantic-release/git",
+ {
+ "assets": [
+ "CHANGELOG.md"
+ ],
+ "message": "chore(release): version ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
}
]
- ],
- "preset": "conventionalcommits"
-}
+ ]
+}
\ No newline at end of file
diff --git a/examples/ac/README.md b/examples/ac/README.md
index 5479f38..fffd0e6 100644
--- a/examples/ac/README.md
+++ b/examples/ac/README.md
@@ -48,9 +48,9 @@ From ac directory execute:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| [azurerm](#requirement\_azurerm) | ~> 3.31.0 |
-| [local](#requirement\_local) | ~> 2.2.0 |
-| [null](#requirement\_null) | ~> 3.1.0 |
+| [azurerm](#requirement\_azurerm) | ~> 3.80.0 |
+| [local](#requirement\_local) | ~> 2.4.0 |
+| [null](#requirement\_null) | ~> 3.2.0 |
| [random](#requirement\_random) | ~> 3.3.0 |
| [tls](#requirement\_tls) | ~> 3.4.0 |
| [zpa](#requirement\_zpa) | >=2.3.2 |
@@ -59,7 +59,7 @@ From ac directory execute:
| Name | Version |
|------|---------|
-| [local](#provider\_local) | ~> 2.2.0 |
+| [local](#provider\_local) | ~> 2.4.0 |
| [random](#provider\_random) | ~> 3.3.0 |
| [tls](#provider\_tls) | ~> 3.4.0 |
diff --git a/examples/ac/versions.tf b/examples/ac/versions.tf
index f2ec844..0829d13 100755
--- a/examples/ac/versions.tf
+++ b/examples/ac/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.31.0"
+ version = "~> 3.80.0"
}
random = {
source = "hashicorp/random"
@@ -10,11 +10,11 @@ terraform {
}
local = {
source = "hashicorp/local"
- version = "~> 2.2.0"
+ version = "~> 2.4.0"
}
null = {
source = "hashicorp/null"
- version = "~> 3.1.0"
+ version = "~> 3.2.0"
}
tls = {
source = "hashicorp/tls"
diff --git a/examples/base/README.md b/examples/base/README.md
index d63aa73..d47144a 100644
--- a/examples/base/README.md
+++ b/examples/base/README.md
@@ -40,9 +40,9 @@ From base directory execute:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| [azurerm](#requirement\_azurerm) | ~> 3.31.0 |
-| [local](#requirement\_local) | ~> 2.2.0 |
-| [null](#requirement\_null) | ~> 3.1.0 |
+| [azurerm](#requirement\_azurerm) | ~> 3.80.0 |
+| [local](#requirement\_local) | ~> 2.4.0 |
+| [null](#requirement\_null) | ~> 3.2.0 |
| [random](#requirement\_random) | ~> 3.3.0 |
| [tls](#requirement\_tls) | ~> 3.4.0 |
@@ -50,7 +50,7 @@ From base directory execute:
| Name | Version |
|------|---------|
-| [local](#provider\_local) | ~> 2.2.0 |
+| [local](#provider\_local) | ~> 2.4.0 |
| [random](#provider\_random) | ~> 3.3.0 |
| [tls](#provider\_tls) | ~> 3.4.0 |
diff --git a/examples/base/versions.tf b/examples/base/versions.tf
index 87661bd..9714af7 100755
--- a/examples/base/versions.tf
+++ b/examples/base/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.31.0"
+ version = "~> 3.80.0"
}
random = {
source = "hashicorp/random"
@@ -10,11 +10,11 @@ terraform {
}
local = {
source = "hashicorp/local"
- version = "~> 2.2.0"
+ version = "~> 2.4.0"
}
null = {
source = "hashicorp/null"
- version = "~> 3.1.0"
+ version = "~> 3.2.0"
}
tls = {
source = "hashicorp/tls"
diff --git a/examples/base_ac/README.md b/examples/base_ac/README.md
index 2424a38..ecfa46d 100644
--- a/examples/base_ac/README.md
+++ b/examples/base_ac/README.md
@@ -45,20 +45,20 @@ From base_ac directory execute:
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| [azurerm](#requirement\_azurerm) | ~> 3.31.0 |
-| [local](#requirement\_local) | ~> 2.2.0 |
-| [null](#requirement\_null) | ~> 3.1.0 |
-| [random](#requirement\_random) | ~> 3.3.0 |
-| [tls](#requirement\_tls) | ~> 3.4.0 |
-| [zpa](#requirement\_zpa) | >=2.3.2 |
+| [azurerm](#requirement\_azurerm) | ~> 3.80.0 |
+| [local](#requirement\_local) | ~> 2.4.0 |
+| [null](#requirement\_null) | ~> 3.2.0 |
+| [random](#requirement\_random) | ~> 3.6.0 |
+| [tls](#requirement\_tls) | ~> 4.0.0 |
+| [zpa](#requirement\_zpa) | ~> 3.0.0 |
## Providers
| Name | Version |
|------|---------|
-| [local](#provider\_local) | ~> 2.2.0 |
-| [random](#provider\_random) | ~> 3.3.0 |
-| [tls](#provider\_tls) | ~> 3.4.0 |
+| [local](#provider\_local) | ~> 2.4.0 |
+| [random](#provider\_random) | ~> 3.6.0 |
+| [tls](#provider\_tls) | ~> 4.0.0 |
## Modules
diff --git a/examples/base_ac/versions.tf b/examples/base_ac/versions.tf
index 9599b00..cbe142b 100755
--- a/examples/base_ac/versions.tf
+++ b/examples/base_ac/versions.tf
@@ -2,27 +2,27 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.31.0"
+ version = "~> 3.80.0"
}
random = {
source = "hashicorp/random"
- version = "~> 3.3.0"
+ version = "~> 3.6.0"
}
local = {
source = "hashicorp/local"
- version = "~> 2.2.0"
+ version = "~> 2.4.0"
}
null = {
source = "hashicorp/null"
- version = "~> 3.1.0"
+ version = "~> 3.2.0"
}
tls = {
source = "hashicorp/tls"
- version = "~> 3.4.0"
+ version = "~> 4.0.0"
}
zpa = {
source = "zscaler/zpa"
- version = ">=2.3.2"
+ version = "~> 3.0.0"
}
}
required_version = ">= 0.13.7, < 2.0.0"
diff --git a/modules/terraform-zpa-app-connector-group/README.md b/modules/terraform-zpa-app-connector-group/README.md
index acb3cd6..f9de25d 100644
--- a/modules/terraform-zpa-app-connector-group/README.md
+++ b/modules/terraform-zpa-app-connector-group/README.md
@@ -8,13 +8,13 @@ This module provides the resources necessary to create a new ZPA App Connector G
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| [zpa](#requirement\_zpa) | >=2.3.2 |
+| [zpa](#requirement\_zpa) | ~> 3.0.0 |
## Providers
| Name | Version |
|------|---------|
-| [zpa](#provider\_zpa) | >=2.3.2 |
+| [zpa](#provider\_zpa) | ~> 3.0.0 |
## Modules
diff --git a/modules/terraform-zpa-app-connector-group/versions.tf b/modules/terraform-zpa-app-connector-group/versions.tf
index 06bd71d..ae954f0 100755
--- a/modules/terraform-zpa-app-connector-group/versions.tf
+++ b/modules/terraform-zpa-app-connector-group/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
zpa = {
source = "zscaler/zpa"
- version = ">=2.3.2"
+ version = "~> 3.0.0"
}
}
required_version = ">= 0.13.7, < 2.0.0"
diff --git a/modules/terraform-zpa-provisioning-key/README.md b/modules/terraform-zpa-provisioning-key/README.md
index b5e1ba7..5aa1e81 100644
--- a/modules/terraform-zpa-provisioning-key/README.md
+++ b/modules/terraform-zpa-provisioning-key/README.md
@@ -10,13 +10,13 @@ There is a "BYO" option where you can conditionally create new or reference an e
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| [zpa](#requirement\_zpa) | >=2.3.2 |
+| [zpa](#requirement\_zpa) | ~> 3.0.0 |
## Providers
| Name | Version |
|------|---------|
-| [zpa](#provider\_zpa) | >=2.3.2 |
+| [zpa](#provider\_zpa) | ~> 3.0.0 |
## Modules
diff --git a/modules/terraform-zpa-provisioning-key/versions.tf b/modules/terraform-zpa-provisioning-key/versions.tf
index 06bd71d..ae954f0 100755
--- a/modules/terraform-zpa-provisioning-key/versions.tf
+++ b/modules/terraform-zpa-provisioning-key/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
zpa = {
source = "zscaler/zpa"
- version = ">=2.3.2"
+ version = "~> 3.0.0"
}
}
required_version = ">= 0.13.7, < 2.0.0"
diff --git a/modules/terraform-zsac-acvm-azure/README.md b/modules/terraform-zsac-acvm-azure/README.md
index caca7e8..78fec7b 100644
--- a/modules/terraform-zsac-acvm-azure/README.md
+++ b/modules/terraform-zsac-acvm-azure/README.md
@@ -18,15 +18,15 @@ az vm image terms accept --urn zscaler:zscaler-private-access:zpa-con-azure:late
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| [azurerm](#requirement\_azurerm) | ~> 3.31.0 |
-| [local](#requirement\_local) | ~> 2.2.0 |
-| [null](#requirement\_null) | ~> 3.1.0 |
+| [azurerm](#requirement\_azurerm) | ~> 3.80.0 |
+| [local](#requirement\_local) | ~> 2.4.0 |
+| [null](#requirement\_null) | ~> 3.2.0 |
## Providers
| Name | Version |
|------|---------|
-| [azurerm](#provider\_azurerm) | ~> 3.31.0 |
+| [azurerm](#provider\_azurerm) | ~> 3.80.0 |
## Modules
diff --git a/modules/terraform-zsac-acvm-azure/versions.tf b/modules/terraform-zsac-acvm-azure/versions.tf
index 7dffff6..4c27508 100755
--- a/modules/terraform-zsac-acvm-azure/versions.tf
+++ b/modules/terraform-zsac-acvm-azure/versions.tf
@@ -2,15 +2,15 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.31.0"
+ version = "~> 3.80.0"
}
local = {
source = "hashicorp/local"
- version = "~> 2.2.0"
+ version = "~> 2.4.0"
}
null = {
source = "hashicorp/null"
- version = "~> 3.1.0"
+ version = "~> 3.2.0"
}
}
required_version = ">= 0.13.7, < 2.0.0"
diff --git a/modules/terraform-zsac-bastion-azure/README.md b/modules/terraform-zsac-bastion-azure/README.md
index ddeaa34..087ed45 100644
--- a/modules/terraform-zsac-bastion-azure/README.md
+++ b/modules/terraform-zsac-bastion-azure/README.md
@@ -8,13 +8,13 @@ This module creates all Azure VM, NSG, and Public IP resources needed to deploy
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| [azurerm](#requirement\_azurerm) | ~> 3.31.0 |
+| [azurerm](#requirement\_azurerm) | ~> 3.80.0 |
## Providers
| Name | Version |
|------|---------|
-| [azurerm](#provider\_azurerm) | ~> 3.31.0 |
+| [azurerm](#provider\_azurerm) | ~> 3.80.0 |
## Modules
diff --git a/modules/terraform-zsac-bastion-azure/versions.tf b/modules/terraform-zsac-bastion-azure/versions.tf
index a4d64c7..a5700fb 100755
--- a/modules/terraform-zsac-bastion-azure/versions.tf
+++ b/modules/terraform-zsac-bastion-azure/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.31.0"
+ version = "~> 3.80.0"
}
}
required_version = ">= 0.13.7, < 2.0.0"
diff --git a/modules/terraform-zsac-network-azure/README.md b/modules/terraform-zsac-network-azure/README.md
index fcb5e41..75b9d07 100644
--- a/modules/terraform-zsac-network-azure/README.md
+++ b/modules/terraform-zsac-network-azure/README.md
@@ -8,15 +8,15 @@ This module has multi-purpose use and is leveraged by all other Zscaler App Conn
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| [azurerm](#requirement\_azurerm) | ~> 3.31.0 |
-| [local](#requirement\_local) | ~> 2.2.0 |
-| [null](#requirement\_null) | ~> 3.1.0 |
+| [azurerm](#requirement\_azurerm) | ~> 3.80.0 |
+| [local](#requirement\_local) | ~> 2.4.0 |
+| [null](#requirement\_null) | ~> 3.2.0 |
## Providers
| Name | Version |
|------|---------|
-| [azurerm](#provider\_azurerm) | ~> 3.31.0 |
+| [azurerm](#provider\_azurerm) | ~> 3.80.0 |
## Modules
diff --git a/modules/terraform-zsac-network-azure/versions.tf b/modules/terraform-zsac-network-azure/versions.tf
index 7dffff6..4c27508 100755
--- a/modules/terraform-zsac-network-azure/versions.tf
+++ b/modules/terraform-zsac-network-azure/versions.tf
@@ -2,15 +2,15 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.31.0"
+ version = "~> 3.80.0"
}
local = {
source = "hashicorp/local"
- version = "~> 2.2.0"
+ version = "~> 2.4.0"
}
null = {
source = "hashicorp/null"
- version = "~> 3.1.0"
+ version = "~> 3.2.0"
}
}
required_version = ">= 0.13.7, < 2.0.0"
diff --git a/modules/terraform-zsac-nsg-azure/README.md b/modules/terraform-zsac-nsg-azure/README.md
index 1983958..612ba22 100644
--- a/modules/terraform-zsac-nsg-azure/README.md
+++ b/modules/terraform-zsac-nsg-azure/README.md
@@ -8,13 +8,13 @@ This module can be used to create default interface NSG resources for App Connec
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| [azurerm](#requirement\_azurerm) | ~> 3.31.0 |
+| [azurerm](#requirement\_azurerm) | ~> 3.80.0 |
## Providers
| Name | Version |
|------|---------|
-| [azurerm](#provider\_azurerm) | ~> 3.31.0 |
+| [azurerm](#provider\_azurerm) | ~> 3.80.0 |
## Modules
diff --git a/modules/terraform-zsac-nsg-azure/versions.tf b/modules/terraform-zsac-nsg-azure/versions.tf
index a4d64c7..a5700fb 100755
--- a/modules/terraform-zsac-nsg-azure/versions.tf
+++ b/modules/terraform-zsac-nsg-azure/versions.tf
@@ -2,7 +2,7 @@ terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
- version = "~> 3.31.0"
+ version = "~> 3.80.0"
}
}
required_version = ">= 0.13.7, < 2.0.0"
diff --git a/scripts/install.sh b/scripts/install.sh
new file mode 100644
index 0000000..895ff4e
--- /dev/null
+++ b/scripts/install.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/bash
+
+# install.sh - prepare the dependencies for the run.sh
+#
+# It only handles installing from scratch and will probably fail on a subsequent run.
+# It overuses the &&, &, and backslash line continuation so it could be easily converted
+# into a Dockerfile, just by adding `RUN` directives (and `COPY requirements.txt .`).
+
+set -euo pipefail
+
+cd "$(dirname $0)"
+
+curl -sL https://github.com/terraform-docs/terraform-docs/releases/download/v0.15.0/terraform-docs-v0.15.0-linux-amd64.tar.gz > terraform-docs.tar.gz & \
+curl -sL https://github.com/tfsec/tfsec/releases/download/v0.34.0/tfsec-linux-amd64 > tfsec & \
+curl -sL https://github.com/terraform-linters/tflint/releases/download/v0.29.0/tflint_linux_amd64.zip > tflint.zip & \
+wait
+echo Finished successfully all parallel downloads ------------------------------------------------------------------
+
+tar zxf terraform-docs.tar.gz
+rm terraform-docs.tar.gz
+mv terraform-docs /usr/local/bin/
+
+chmod +x tfsec
+mv tfsec /usr/local/bin/
+
+unzip tflint.zip
+rm tflint.zip
+mv tflint /usr/local/bin/
+
+git --version
+terraform-docs --version
+tfsec --version
+tflint --version
+terraform version
+
+echo "Also, the newest release: $(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-linux-amd64")"
+echo "Also, the newest release: $(curl -s https://api.github.com/repos/tfsec/tfsec/releases/latest | grep -o -E "https://.+?tfsec-linux-amd64")"
+echo "Also, the newest release: $(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")"
+
+python3 -m pip install -r requirements.txt
\ No newline at end of file
diff --git a/scripts/requirements.txt b/scripts/requirements.txt
new file mode 100644
index 0000000..e066573
--- /dev/null
+++ b/scripts/requirements.txt
@@ -0,0 +1,83 @@
+#
+# This file is autogenerated by pip-compile
+# To update, run:
+#
+# pip-compile requirements.txt
+#
+appdirs==1.4.4
+ # via
+ # -r requirements.txt
+ # virtualenv
+cfgv==3.2.0
+ # via
+ # -r requirements.txt
+ # pre-commit
+click==7.1.2
+ # via
+ # -r requirements.txt
+ # pip-tools
+distlib==0.3.1
+ # via
+ # -r requirements.txt
+ # virtualenv
+filelock==3.0.12
+ # via
+ # -r requirements.txt
+ # virtualenv
+identify==2.2.4
+ # via
+ # -r requirements.txt
+ # pre-commit
+importlib-metadata==4.0.1
+ # via
+ # -r requirements.txt
+ # pep517
+ # pre-commit
+ # virtualenv
+importlib-resources==5.1.2
+ # via
+ # -r requirements.txt
+ # pre-commit
+ # virtualenv
+nodeenv==1.6.0
+ # via
+ # -r requirements.txt
+ # pre-commit
+pep517==0.10.0
+ # via
+ # -r requirements.txt
+ # pip-tools
+pip-tools==6.1.0
+ # via -r requirements.txt
+pre-commit==2.17.0
+ # via -r requirements.txt
+pyyaml==5.4.1
+ # via
+ # -r requirements.txt
+ # pre-commit
+six==1.16.0
+ # via
+ # -r requirements.txt
+ # virtualenv
+toml==0.10.2
+ # via
+ # -r requirements.txt
+ # pep517
+ # pre-commit
+typing-extensions==3.10.0.0
+ # via
+ # -r requirements.txt
+ # importlib-metadata
+virtualenv==20.4.6
+ # via
+ # -r requirements.txt
+ # pre-commit
+zipp==3.4.1
+ # via
+ # -r requirements.txt
+ # importlib-metadata
+ # importlib-resources
+ # pep517
+
+# The following packages are considered to be unsafe in a requirements file:
+# pip
\ No newline at end of file
diff --git a/scripts/run.sh b/scripts/run.sh
new file mode 100644
index 0000000..bf34c5d
--- /dev/null
+++ b/scripts/run.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/bash
+
+# run.sh - Run the usual pre-commit checks.
+
+set -euo pipefail
+
+pre-commit autoupdate
+pre-commit run --all-files terraform_fmt
+pre-commit run --all-files terraform_docs
+pre-commit run --all-files terraform_tflint
+pre-commit run --all-files check-merge-conflict
+pre-commit run --all-files end-of-file-fixer
\ No newline at end of file