Skip to content

Commit

Permalink
Fix: Fixed drifts and CodeQL warnings (#473)
Browse files Browse the repository at this point in the history 
* Fix: Fixed drifts and CodeQL warnings
* doc: Fixed Policy Rule documentation
  • Loading branch information
@willguibr
willguibr authored Jul 25, 2024
1 parent 6188d6f commit 38c84d2
Show file tree
Hide file tree
Showing 24 changed files with 377 additions and 242 deletions.
171 changes: 82 additions & 89 deletions .github/workflows/zpa-test.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,88 @@ on:
workflow_dispatch:

jobs:
# zpa-qa1-tenants:
zpa-qa1-tenants:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
goVersion: ["1.22"]
environment:
- ZPA_QA_TENANT01
- ZPA_QA_TENANT02
environment: ${{ matrix.environment }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.goVersion }}

- name: Clean existing Go modules
run: go clean -modcache

- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Setup Go Tools
run: make tools

- name: Download Go Dependencies
run: |
go mod tidy && go mod vendor
- name: Setup Go Tools
run: make tools

- name: Check Formatting
run: make fmtcheck

# - name: Vet Code
# run: make vet

- name: Lint Code
run: make lint

- name: Check Build
run: make build

- name: Run tests with retry
uses: nick-fields/retry@v3
with:
max_attempts: 1
timeout_minutes: 30 # Adjust as needed
command: |
make sweep
make test:integration:zpa
make sweep
env:
ZPA_CLIENT_ID: ${{ secrets.ZPA_CLIENT_ID }}
ZPA_CLIENT_SECRET: ${{ secrets.ZPA_CLIENT_SECRET }}
ZPA_CUSTOMER_ID: ${{ secrets.ZPA_CUSTOMER_ID }}
ZPA_CLOUD: ${{ secrets.ZPA_CLOUD }}
TF_ACC: ${{ secrets.TF_ACC }}
ZPA_ACC_TEST_FORCE_SWEEPERS: ${{ secrets.ZPA_ACC_TEST_FORCE_SWEEPERS }}

# zpa-qa2-tenants:
# runs-on: ubuntu-latest
# strategy:
# fail-fast: false
# matrix:
# goVersion: ["1.22"]
# goVersion: ["1.21"]
# environment:
# - ZPA_QA_TENANT01
# - ZPA_QA_TENANT02
# - ZPA_QA2_TENANT01
# # - ZPA_QA2_TENANT02
# environment: ${{ matrix.environment }}
# steps:
# - name: Checkout code
Expand Down Expand Up @@ -95,15 +168,15 @@ jobs:
# file: ./coverage.out
# fail_ci_if_error: true

# zpa-qa2-tenants:
# zpa-beta-tenants:
# needs: [zpa-qa1-tenants]
# runs-on: ubuntu-latest
# strategy:
# fail-fast: false
# matrix:
# goVersion: ["1.21"]
# goVersion: ["1.22"]
# environment:
# - ZPA_QA2_TENANT01
# # - ZPA_QA2_TENANT02
# - ZPA_BETA_TENANT01
# environment: ${{ matrix.environment }}
# steps:
# - name: Checkout code
Expand Down Expand Up @@ -168,88 +241,8 @@ jobs:
# TF_ACC: ${{ secrets.TF_ACC }}
# ZPA_ACC_TEST_FORCE_SWEEPERS: ${{ secrets.ZPA_ACC_TEST_FORCE_SWEEPERS }}

# - name: Publish test coverage
# uses: codecov/codecov-action@v4
# with:
# token: ${{ secrets.CODECOV_TOKEN }}
# file: ./coverage.out
# fail_ci_if_error: true

zpa-beta-tenants:
# needs: [zpa-qa1-tenants, zpa-qa2-tenants]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
goVersion: ["1.22"]
environment:
- ZPA_BETA_TENANT01
environment: ${{ matrix.environment }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: ${{ matrix.goVersion }}

- name: Clean existing Go modules
run: go clean -modcache

- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Setup Go Tools
run: make tools

- name: Download Go Dependencies
run: |
go mod tidy && go mod vendor
- name: Setup Go Tools
run: make tools

- name: Check Formatting
run: make fmtcheck

# - name: Vet Code
# run: make vet

- name: Lint Code
run: make lint

- name: Check Build
run: make build

- name: Run tests with retry
uses: nick-fields/retry@v3
with:
max_attempts: 1
timeout_minutes: 30 # Adjust as needed
command: |
make sweep
make test:integration:zpa
make sweep
env:
ZPA_CLIENT_ID: ${{ secrets.ZPA_CLIENT_ID }}
ZPA_CLIENT_SECRET: ${{ secrets.ZPA_CLIENT_SECRET }}
ZPA_CUSTOMER_ID: ${{ secrets.ZPA_CUSTOMER_ID }}
ZPA_CLOUD: ${{ secrets.ZPA_CLOUD }}
TF_ACC: ${{ secrets.TF_ACC }}
ZPA_ACC_TEST_FORCE_SWEEPERS: ${{ secrets.ZPA_ACC_TEST_FORCE_SWEEPERS }}

zpa-prod-tenants:
needs: [zpa-beta-tenants]
needs: [zpa-qa1-tenants]
runs-on: ubuntu-latest
strategy:
fail-fast: false
Expand Down
12 changes: 6 additions & 6 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,18 @@
- Release date: **(July, 11 2024)**
- Supported Terraform version: **v1.x**

### Deprecations
- [PR #471](https://github.com/zscaler/terraform-provider-zpa/pull/468) The following attributes are not deprecated:
### BREAKING CHANGES - Deprecations
- [PR #471](https://github.com/zscaler/terraform-provider-zpa/pull/471) The following attributes are not deprecated:
- ``zpa_application_segment_browser_access``: `cname`, `hidden`, `local_name`, `path`
- ``zpa_application_segment_pra``: `cname`, `segment_group_name`

### Bug Fixes
- [PR #471](https://github.com/zscaler/terraform-provider-zpa/pull/468) Fixed `zpa_application_segment_inspection` drift issues within `common_apps_dto` and `tcp_port_range`
- [PR #471](https://github.com/zscaler/terraform-provider-zpa/pull/468) Fixed `zpa_inspection_custom_controls` drift issues `protocol_type` attribute
- [PR #471](https://github.com/zscaler/terraform-provider-zpa/pull/468) Fixed `zpa_inspection_custom_controls`import issues.
- [PR #471](https://github.com/zscaler/terraform-provider-zpa/pull/471) Fixed `zpa_application_segment_inspection` drift issues within `common_apps_dto` and `tcp_port_range`
- [PR #471](https://github.com/zscaler/terraform-provider-zpa/pull/471) Fixed `zpa_inspection_custom_controls` drift issues `protocol_type` attribute
- [PR #471](https://github.com/zscaler/terraform-provider-zpa/pull/471) Fixed `zpa_inspection_custom_controls`import issues.

### Enhancements
- [PR #471](https://github.com/zscaler/terraform-provider-zpa/pull/468) Added new attributes to `zpa_cloud_browser_isolation_external_profile`:
- [PR #471](https://github.com/zscaler/terraform-provider-zpa/pull/471) Added new attributes to `zpa_cloud_browser_isolation_external_profile`:
- `flattened_pdf` - Enable to allow downloading of flattened files from isolation container to your local computer.

**NOTE** `flattened_pdf` must be set to `false` when `upload_download` is set to `all`
Expand Down
6 changes: 3 additions & 3 deletions GNUmakefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,14 @@ test\:integration\:zpa:
build13: GOOS=$(shell go env GOOS)
build13: GOARCH=$(shell go env GOARCH)
ifeq ($(OS),Windows_NT) # is Windows_NT on XP, 2000, 7, Vista, 10...
build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.31.0/$(GOOS)_$(GOARCH)
build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.32.0/$(GOOS)_$(GOARCH)
else
build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.31.0/$(GOOS)_$(GOARCH)
build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.32.0/$(GOOS)_$(GOARCH)
endif
build13: fmtcheck
@echo "==> Installing plugin to $(DESTINATION)"
@mkdir -p $(DESTINATION)
go build -o $(DESTINATION)/terraform-provider-zpa_v3.31.0
go build -o $(DESTINATION)/terraform-provider-zpa_v3.32.0

vet:
@echo "==> Checking source code against go vet and staticcheck"
Expand Down
145 changes: 145 additions & 0 deletions docs/resources/zpa_policy_redirection_rule.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,145 @@
---
page_title: "zpa_policy_redirection_rule Resource - terraform-provider-zpa"
subcategory: "Policy Set Controller"
description: |-
Official documentation https://help.zscaler.com/zpa/about-redirection-policy
API documentation https://help.zscaler.com/zpa/configuring-redirection-policies-using-api
Creates and manages ZPA Policy Access Redirection Rule.
---

# zpa_policy_redirection_rule (Resource)

* [Official documentation](https://help.zscaler.com/zpa/about-redirection-policy)
* [API documentation](https://help.zscaler.com/zpa/configuring-redirection-policies-using-api)

The **zpa_policy_redirection_rule** resource creates a policy redirection access rule in the Zscaler Private Access cloud.

⚠️ **WARNING:**: The attribute ``rule_order`` is now deprecated in favor of the new resource [``policy_access_rule_reorder``](zpa_policy_access_rule_reorder.md)

## Example Usage - REDIRECT_DEFAULT

```terraform
resource "zpa_policy_redirection_rule" "this" {
name = "Example"
description = "Example"
action = "REDIRECT_DEFAULT"
conditions {
operator = "OR"
operands {
object_type = "CLIENT_TYPE"
values = ["zpn_client_type_branch_connector"]
}
}
}
```

## Example Usage - REDIRECT_PREFERRED

```terraform
data "zpa_service_edge_group" "this" {
name = "Service_Edge_Group01
}
resource "zpa_policy_redirection_rule" "this" {
name = "Example"
description = "Example"
action = "REDIRECT_PREFERRED"
conditions {
operator = "OR"
operands {
object_type = "CLIENT_TYPE"
values = ["zpn_client_type_branch_connector"]
}
}
service_edge_groups {
id = [ data.zpa_service_edge_group.this.id ]
}
}
```

## Example Usage - REDIRECT_ALWAYS

```terraform
data "zpa_service_edge_group" "this" {
name = "Service_Edge_Group01
}
resource "zpa_policy_redirection_rule" "this" {
name = "Example"
description = "Example"
action = "REDIRECT_ALWAYS"
conditions {
operator = "OR"
operands {
object_type = "CLIENT_TYPE"
values = ["zpn_client_type_branch_connector"]
}
}
service_edge_groups {
id = [ data.zpa_service_edge_group.this.id ]
}
}
```

## Schema

### Required

- `name` (String) This is the name of the forwarding policy rule.
- `action` (String) This is for providing the rule action.
* The supported actions for a policy isolation rule are: ``BYPASS_ISOLATE``, or ``ISOLATE``
- `zpn_isolation_profile_id` (String) Use [zpa_isolation_profile](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_isolation_profile) data source to retrieve the necessary Isolation profile ID ``zpn_isolation_profile_id``

### Optional

- `policy_set_id` - (String) Use [zpa_policy_type](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_policy_type) data source to retrieve the necessary policy Set ID ``policy_set_id``
~> **NOTE** As of v3.2.0 the ``policy_set_id`` attribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.
- `description` - (String) This is the description of the access policy rule.
- `operator` (String) Supported values: ``AND``, ``OR``
- `rule_order` (String, Deprecated)

⚠️ **WARNING:**: The attribute ``rule_order`` is now deprecated in favor of the new resource [``policy_access_rule_reorder``](zpa_policy_access_rule_reorder.md)

- `microtenant_id` (String) The ID of the microtenant the resource is to be associated with.

⚠️ **WARNING:**: The attribute ``microtenant_id`` is optional and requires the microtenant license and feature flag enabled for the respective tenant. The provider also supports the microtenant ID configuration via the environment variable `ZPA_MICROTENANT_ID` which is the recommended method.

- `conditions` (Block Set)
Specifies the set of conditions for the policy rule.
- `operator` (String) Supported values: ``AND``, and ``OR``
- `microtenant_id` (String) The ID of the microtenant the resource is to be associated with.

⚠️ **WARNING:**: The attribute ``microtenant_id`` is optional and requires the microtenant license and feature flag enabled for the respective tenant. The provider also supports the microtenant ID configuration via the environment variable `ZPA_MICROTENANT_ID` which is the recommended method.

- `operands` (Block Set) - Operands block must be repeated if multiple per `object_type` conditions are to be added to the rule.
- `lhs` (String) LHS must always carry the string value ``id`` or the attribute ID of the resource being associated with the rule.
- `rhs` (String) RHS is either the ID attribute of a resource or fixed string value. Refer to the chart below for further details.
- `idp_id` (String)
- `object_type` (String) This is for specifying the policy critiera. Supported values: `CLIENT_TYPE`, `COUNTRY_CODE`.
- `CLIENT_TYPE` (String) - The below options are the only ones supported in a timeout policy rule.
- ``zpn_client_type_machine_tunnel``
- ``zpn_client_type_edge_connector``
- ``zpn_client_type_zapp``
- ``zpn_client_type_zapp_partner``
- ``zpn_client_type_branch_connector``

- `COUNTRY_CODE` (String) - Use a standard 2 letter `ISO3166 Alpha2` Country codes. See list [here](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes)
- `microtenant_id` (String) The ID of the microtenant the resource is to be associated with.

⚠️ **WARNING:**: The attribute ``microtenant_id`` is optional and requires the microtenant license and feature flag enabled for the respective tenant. The provider also supports the microtenant ID configuration via the environment variable `ZPA_MICROTENANT_ID` which is the recommended method.

## Import

Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language.
[Visit](https://github.com/zscaler/zscaler-terraformer)

Policy Access Isolation Rule can be imported by using `<POLICY REDIRECTION RULE ID>` as the import ID.

For example:

```shell
terraform import zpa_policy_isolation_rule.example <rule_id>
```
Loading

0 comments on commit 38c84d2

Please sign in to comment.