feat: Updated ZPA App Connector Image to GCP Marketplace (#6)

feat: Updated ZPA App Connector Image to GCP Marketplace

.releaserc.json

@@ -11,12 +11,6 @@
         "preset": "conventionalcommits"
       }
     ],
-    [
-      "@semantic-release/release-notes-generator",
-      {
-        "preset": "conventionalcommits"
-      }
-    ],
     [
       "@semantic-release/github",
       {
@@ -25,13 +19,6 @@
         "releasedLabels": false
       }
     ],
-    [
-      "@semantic-release/changelog",
-      {
-        "changelogFile": "CHANGELOG.md",
-        "changelogTitle": "# Changelog\n\nAll notable changes to this project will be documented in this file."
-      }
-    ],
     [
       "@semantic-release/git",
       {

examples/ac/README.md

@@ -40,18 +40,18 @@ From ac directory execute:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 5.38.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 6.4.0 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | ~> 2.5.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | ~> 3.2.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.6.0 |
 | <a name="requirement_tls"></a> [tls](#requirement\_tls) | ~> 4.0.0 |
-| <a name="requirement_zpa"></a> [zpa](#requirement\_zpa) | ~> 3.32.0 |
+| <a name="requirement_zpa"></a> [zpa](#requirement\_zpa) | ~> 3.33.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | ~> 5.38.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | ~> 6.4.0 |
 | <a name="provider_local"></a> [local](#provider\_local) | ~> 2.5.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | ~> 3.6.0 |
 | <a name="provider_tls"></a> [tls](#provider\_tls) | ~> 4.0.0 |
@@ -70,11 +70,13 @@ From ac directory execute:
 | Name | Type |
 |------|------|
 | [local_file.private_key](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [local_file.rhel9_user_data_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [local_file.testbed](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [local_file.user_data_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [tls_private_key.key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [google_compute_image.zs_ac_img](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |
+| [google_compute_image.appconnector](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |
+| [google_compute_image.rhel_9_latest](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |
 | [google_compute_zones.available](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_zones) | data source |
 
 ## Inputs
@@ -118,6 +120,7 @@ From ac directory execute:
 | <a name="input_subnet_ac"></a> [subnet\_ac](#input\_subnet\_ac) | A subnet IP CIDR for the App Connector VPC | `string` | `"10.0.1.0/24"` | no |
 | <a name="input_subnet_bastion"></a> [subnet\_bastion](#input\_subnet\_bastion) | A subnet IP CIDR for the greenfield/test bastion host in the Management VPC | `string` | `"10.0.0.0/24"` | no |
 | <a name="input_tls_key_algorithm"></a> [tls\_key\_algorithm](#input\_tls\_key\_algorithm) | algorithm for tls\_private\_key resource | `string` | `"RSA"` | no |
+| <a name="input_use_zscaler_image"></a> [use\_zscaler\_image](#input\_use\_zscaler\_image) | By default, App Connector will deploy via the Zscaler Latest Image. Setting this to false will deploy the latest Red Hat Enterprise Linux 9 Image instead | `bool` | `true` | no |
 | <a name="input_zones"></a> [zones](#input\_zones) | (Optional) Availability zone names. Only required if automatic zones selection based on az\_count is undesirable | `list(string)` | `[]` | no |
 
 ## Outputs

examples/ac/main.tf

@@ -92,7 +92,41 @@ module "zpa_provisioning_key" {
 
 
 ################################################################################
-# 4. Create specified number AC VMs per ac_count which will span equally across 
+# A. Create the user_data file with necessary bootstrap variables for App
+#    Connector registration. Used if variable use_zscaler_ami is set to true.
+################################################################################
+locals {
+  appuserdata = <<APPUSERDATA
+#!/bin/bash
+#Stop the App Connector service which was auto-started at boot time
+systemctl stop zpa-connector
+#Create a file from the App Connector provisioning key created in the ZPA Admin Portal
+#Make sure that the provisioning key is between double quotes
+echo "${module.zpa_provisioning_key.provisioning_key}" > /opt/zscaler/var/provision_key
+
+#Run a yum update to apply the latest patches
+yum update -y
+
+#Start the App Connector service to enroll it in the ZPA cloud
+systemctl start zpa-connector
+
+#Wait for the App Connector to download latest build
+sleep 60
+
+#Stop and then start the App Connector for the latest build
+systemctl stop zpa-connector
+systemctl start zpa-connector
+APPUSERDATA
+}
+
+resource "local_file" "user_data_file" {
+  count    = var.use_zscaler_image == true ? 1 : 0
+  content  = local.appuserdata
+  filename = "./user_data"
+}
+
+################################################################################
+# 5. Create specified number AC VMs per ac_count which will span equally across 
 #    designated availability zones per az_count. E.g. ac_count set to 4 and 
 #    az_count set to 2 will create 2x ACs in AZ1 and 2x ACs in AZ2
 ################################################################################
@@ -144,21 +178,35 @@ RHEL9USERDATA
 }
 
 # Write the file to local filesystem for storage/reference
-resource "local_file" "user_data_file" {
+resource "local_file" "rhel9_user_data_file" {
+  count    = var.use_zscaler_image == true ? 0 : 1
   content  = local.rhel9userdata
   filename = "./user_data"
 }
 
+################################################################################
+# Locate Latest App Connector Image on Google Markeplace by Project and Name
+################################################################################
+data "google_compute_image" "appconnector" {
+  count   = var.use_zscaler_image ? 1 : 0
+  project = "mpi-zpa-gcp-marketplace"
+  name    = "zpa-connector-el9-2024-08"
+}
+
 
 ################################################################################
 # Locate Latest Red Hat Enterprise Linux 9 Image for instance use
 ################################################################################
-data "google_compute_image" "zs_ac_img" {
+data "google_compute_image" "rhel_9_latest" {
   count   = var.image_name != "" ? 0 : 1
   family  = "rhel-9"
   project = "rhel-cloud"
 }
 
+locals {
+  image_selected = try(data.google_compute_image.appconnector[0].self_link, data.google_compute_image.rhel_9_latest[0].self_link)
+}
+
 ################################################################################
 # Query for active list of available zones for var.region
 ################################################################################
@@ -186,5 +234,5 @@ module "ac_vm" {
   user_data           = local.rhel9userdata
   ac_count            = var.ac_count
   acvm_vpc_subnetwork = module.network.ac_subnet
-  image_name          = var.image_name != "" ? var.image_name : data.google_compute_image.zs_ac_img[0].self_link
+  image_name          = var.image_name != "" ? var.image_name : local.image_selected
 }

examples/ac/terraform.tfvars

@@ -131,7 +131,7 @@
 
 ## Note: It is NOT RECOMMENDED to statically set AC image versions. Zscaler recommends always running/deploying the latest version template
 
-#image_id                                   = "rhel-9-v20240709"
+# use_zscaler_image = true
 
 
 #####################################################################################################################

examples/ac/variables.tf

@@ -100,6 +100,11 @@ variable "image_name" {
   default     = ""
 }
 
+variable "use_zscaler_image" {
+  default     = true
+  type        = bool
+  description = "By default, App Connector will deploy via the Zscaler Latest Image. Setting this to false will deploy the latest Red Hat Enterprise Linux 9 Image instead"
+}
 
 # ZPA Provider specific variables for App Connector Group and Provisioning Key creation
 variable "byo_provisioning_key" {

examples/ac/versions.tf

@@ -2,7 +2,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "~> 5.38.0"
+      version = "~> 6.4.0"
     }
     random = {
       source  = "hashicorp/random"
@@ -22,7 +22,7 @@ terraform {
     }
     zpa = {
       source  = "zscaler/zpa"
-      version = "~> 3.32.0"
+      version = "~> 3.33.0"
     }
   }
 

examples/base_ac/README.md

@@ -40,18 +40,18 @@ From base_ac directory execute:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 5.38.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 6.4.0 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | ~> 2.5.0 |
 | <a name="requirement_null"></a> [null](#requirement\_null) | ~> 3.2.0 |
 | <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.6.0 |
 | <a name="requirement_tls"></a> [tls](#requirement\_tls) | ~> 4.0.0 |
-| <a name="requirement_zpa"></a> [zpa](#requirement\_zpa) | ~> 3.32.0 |
+| <a name="requirement_zpa"></a> [zpa](#requirement\_zpa) | ~> 3.33.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | ~> 5.38.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | ~> 6.4.0 |
 | <a name="provider_local"></a> [local](#provider\_local) | ~> 2.5.0 |
 | <a name="provider_random"></a> [random](#provider\_random) | ~> 3.6.0 |
 | <a name="provider_tls"></a> [tls](#provider\_tls) | ~> 4.0.0 |
@@ -71,11 +71,13 @@ From base_ac directory execute:
 | Name | Type |
 |------|------|
 | [local_file.private_key](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [local_file.rhel9_user_data_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [local_file.testbed](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [local_file.user_data_file](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
 | [random_string.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource |
 | [tls_private_key.key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource |
-| [google_compute_image.zs_ac_img](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |
+| [google_compute_image.appconnector](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |
+| [google_compute_image.rhel_9_latest](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_image) | data source |
 | [google_compute_zones.available](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_zones) | data source |
 
 ## Inputs
@@ -102,7 +104,7 @@ From base_ac directory execute:
 | <a name="input_byo_provisioning_key_name"></a> [byo\_provisioning\_key\_name](#input\_byo\_provisioning\_key\_name) | Existing App Connector Provisioning Key name | `string` | `"provisioning-key-tf"` | no |
 | <a name="input_credentials"></a> [credentials](#input\_credentials) | Path to the service account json file for terraform to authenticate to Google Cloud | `string` | n/a | yes |
 | <a name="input_enrollment_cert"></a> [enrollment\_cert](#input\_enrollment\_cert) | Get name of ZPA enrollment cert to be used for App Connector provisioning | `string` | `"Connector"` | no |
-| <a name="input_image_name"></a> [image\_name](#input\_image\_name) | Custom image name to be used for deploying App Connector appliances. Ideally all VMs should be on the same Image as templates always pull the latest from Google Marketplace. This variable is provided if a customer desires to override/retain an old ami for existing deployments rather than upgrading and forcing a replacement. It is also inputted as a list to facilitate if a customer desired to manually upgrade select CCs deployed based on the cc\_count index | `string` | `""` | no |
+| <a name="input_image_name"></a> [image\_name](#input\_image\_name) | Custom image name to be used for deploying App Connector appliances. Ideally all VMs should be on the same Image as templates always pull the latest from Google Marketplace. This variable is provided if a customer desires to override/retain an old image for existing deployments rather than upgrading and forcing a replacement. It is also inputted as a list to facilitate if a customer desired to manually upgrade select ACs deployed based on the ac\_count index | `string` | `""` | no |
 | <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | The name prefix for all your resources | `string` | `"zsac"` | no |
 | <a name="input_project"></a> [project](#input\_project) | Google Cloud project name | `string` | n/a | yes |
 | <a name="input_provisioning_key_association_type"></a> [provisioning\_key\_association\_type](#input\_provisioning\_key\_association\_type) | Specifies the provisioning key type for App Connectors or ZPA Private Service Edges. The supported values are CONNECTOR\_GRP and SERVICE\_EDGE\_GRP | `string` | `"CONNECTOR_GRP"` | no |
@@ -112,6 +114,7 @@ From base_ac directory execute:
 | <a name="input_subnet_ac"></a> [subnet\_ac](#input\_subnet\_ac) | A subnet IP CIDR for the App Connector VPC | `string` | `"10.0.1.0/24"` | no |
 | <a name="input_subnet_bastion"></a> [subnet\_bastion](#input\_subnet\_bastion) | A subnet IP CIDR for the greenfield/test bastion host in the Management VPC | `string` | `"10.0.0.0/24"` | no |
 | <a name="input_tls_key_algorithm"></a> [tls\_key\_algorithm](#input\_tls\_key\_algorithm) | algorithm for tls\_private\_key resource | `string` | `"RSA"` | no |
+| <a name="input_use_zscaler_image"></a> [use\_zscaler\_image](#input\_use\_zscaler\_image) | By default, App Connector will deploy via the Zscaler Latest Image. Setting this to false will deploy the latest Red Hat Enterprise Linux 9 Image instead | `bool` | `true` | no |
 | <a name="input_zones"></a> [zones](#input\_zones) | (Optional) Availability zone names. Only required if automatic zones selection based on az\_count is undesirable | `list(string)` | `[]` | no |
 
 ## Outputs

examples/base_ac/main.tf

@@ -97,6 +97,39 @@ module "zpa_provisioning_key" {
   byo_provisioning_key_name         = var.byo_provisioning_key_name
 }
 
+################################################################################
+# A. Create the user_data file with necessary bootstrap variables for App
+#    Connector registration. Used if variable use_zscaler_ami is set to true.
+################################################################################
+locals {
+  appuserdata = <<APPUSERDATA
+#!/bin/bash
+#Stop the App Connector service which was auto-started at boot time
+systemctl stop zpa-connector
+#Create a file from the App Connector provisioning key created in the ZPA Admin Portal
+#Make sure that the provisioning key is between double quotes
+echo "${module.zpa_provisioning_key.provisioning_key}" > /opt/zscaler/var/provision_key
+
+#Run a yum update to apply the latest patches
+yum update -y
+
+#Start the App Connector service to enroll it in the ZPA cloud
+systemctl start zpa-connector
+
+#Wait for the App Connector to download latest build
+sleep 60
+
+#Stop and then start the App Connector for the latest build
+systemctl stop zpa-connector
+systemctl start zpa-connector
+APPUSERDATA
+}
+
+resource "local_file" "user_data_file" {
+  count    = var.use_zscaler_image == true ? 1 : 0
+  content  = local.appuserdata
+  filename = "./user_data"
+}
 
 ################################################################################
 # 5. Create specified number AC VMs per ac_count which will span equally across 
@@ -151,21 +184,34 @@ RHEL9USERDATA
 }
 
 # Write the file to local filesystem for storage/reference
-resource "local_file" "user_data_file" {
+resource "local_file" "rhel9_user_data_file" {
+  count    = var.use_zscaler_image == true ? 0 : 1
   content  = local.rhel9userdata
   filename = "./user_data"
 }
 
+################################################################################
+# Locate Latest App Connector Image on Google Markeplace by Project and Name
+################################################################################
+data "google_compute_image" "appconnector" {
+  count   = var.use_zscaler_image ? 1 : 0
+  project = "mpi-zpa-gcp-marketplace"
+  name    = "zpa-connector-el9-2024-08"
+}
+
 
 ################################################################################
-# Locate Latest Red Hat Enterprise Linux 9 AMI for instance use
+# Locate Latest Red Hat Enterprise Linux 9 Image for instance use
 ################################################################################
-data "google_compute_image" "zs_ac_img" {
+data "google_compute_image" "rhel_9_latest" {
   count   = var.image_name != "" ? 0 : 1
   family  = "rhel-9"
   project = "rhel-cloud"
 }
 
+locals {
+  image_selected = try(data.google_compute_image.appconnector[0].self_link, data.google_compute_image.rhel_9_latest[0].self_link)
+}
 
 ################################################################################
 # Query for active list of available zones for var.region
@@ -191,8 +237,8 @@ module "ac_vm" {
   zones               = local.zones_list
   acvm_instance_type  = var.acvm_instance_type
   ssh_key             = tls_private_key.key.public_key_openssh
-  user_data           = local.rhel9userdata
+  user_data           = var.use_zscaler_image == true ? local.appuserdata : local.rhel9userdata
   ac_count            = var.ac_count
   acvm_vpc_subnetwork = module.network.ac_subnet
-  image_name          = var.image_name != "" ? var.image_name : data.google_compute_image.zs_ac_img[0].self_link
+  image_name          = var.image_name != "" ? var.image_name : local.image_selected
 }

examples/base_ac/terraform.tfvars

@@ -76,7 +76,7 @@
 ##    Due to GCP character constraints, there are validations where this value must be 12 or less characters and only
 ##    lower case.
 
-#name_prefix                                = "zsac"
+# name_prefix                                = "zsac"
 
 ## 9. App Connector GCP Compute Instance size selection. Uncomment acvm_instance_type line with desired vm size to change.
 ##    (Default: n2-standard-4)
@@ -118,7 +118,7 @@
 ## Note: By setting zone names here, Terraform will ignore any value set for variable az_count. We also cannot verify the availability correct naming syntax
 ##       of the names set.
 
-#zones                                      = ["us-central1-a","us-central1-b"]
+# zones                                      = ["us-central1-a","us-central1-b"]
 
 ## 12. The number of App Connector appliances to provision per Instance Group/Availability Zone.
 ##    (Default: varies per deployment type template)
@@ -131,4 +131,4 @@
 
 ## Note: It is NOT RECOMMENDED to statically set AC image versions. Zscaler recommends always running/deploying the latest version template
 
-#image_id                                   = "rhel-9-v20240709"
+# use_zscaler_image = true