From 7fa9f70e4366bb48d88f5015b1d07dc2336e6c87 Mon Sep 17 00:00:00 2001 From: William Guilherme Date: Wed, 20 Sep 2023 14:22:45 -0700 Subject: [PATCH] (fix) Added rule reorder support for all policy types (#369) * (fix) Added rule reorder support for all policy types * (doc): Fix changelog and release-notes * (doc) fix index and resource-importer document --- CHANGELOG.md | 19 +++++++++++++++++ GNUmakefile | 6 +++--- docs/guides/release-notes.md | 21 ++++++++++++++++++- docs/guides/resource-importer.md | 6 +++++- docs/index.md | 2 +- .../zpa_policy_access_rule_reorder.md | 5 ++++- zpa/common.go | 21 ++++++++++++++++++- ...browser_isolation_external_profile_test.go | 2 +- zpa/provider_sweeper_test.go | 11 +++++----- zpa/provider_test.go | 3 +-- zpa/resource_zpa_service_edge_group.go | 6 +++--- 11 files changed, 83 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1eb737ee..5a6ac443 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # Changelog +## 3.0.1-beta (September, 20 2023) + +### Notes + +- Release date: **(September, 20 2023)** +- Supported Terraform version: **v1.x** + +### Fixes + +- [PR #369](https://github.com/zscaler/terraform-provider-zpa/pull/369) - Added fix to resource `zpa_policy_access_rule_reorder` to support multiple policy types. The reorder operation is now supported for the following policy types: + - ``ACCESS_POLICY or GLOBAL_POLICY`` + - ``TIMEOUT_POLICY or REAUTH_POLICY`` + - ``BYPASS_POLICY or CLIENT_FORWARDING_POLICY`` + - ``INSPECTION_POLICY`` + - ``ISOLATION_POLICY`` + - ``CREDENTIAL_POLICY`` + - ``CAPABILITIES_POLICY`` + - ``CLIENTLESS_SESSION_PROTECTION_POLICY`` + ## 3.0.0-beta (September, 18 2023) ### Notes diff --git a/GNUmakefile b/GNUmakefile index c8ae84a3..06acfc3d 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -46,15 +46,15 @@ testacc: build13: GOOS=$(shell go env GOOS) build13: GOARCH=$(shell go env GOARCH) ifeq ($(OS),Windows_NT) # is Windows_NT on XP, 2000, 7, Vista, 10... -build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.0.0-beta/$(GOOS)_$(GOARCH) +build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.0.1-beta/$(GOOS)_$(GOARCH) else -build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.0.0-beta/$(GOOS)_$(GOARCH) +build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.0.1-beta/$(GOOS)_$(GOARCH) endif build13: fmtcheck go mod tidy && go mod vendor @echo "==> Installing plugin to $(DESTINATION)" @mkdir -p $(DESTINATION) - go build -o $(DESTINATION)/terraform-provider-zpa_v3.0.0-beta + go build -o $(DESTINATION)/terraform-provider-zpa_v3.0.1-beta lint: vendor @echo "✓ Linting source code with https://staticcheck.io/ ..." diff --git a/docs/guides/release-notes.md b/docs/guides/release-notes.md index 4b8a7f49..4a97b21c 100644 --- a/docs/guides/release-notes.md +++ b/docs/guides/release-notes.md @@ -12,10 +12,29 @@ Track all ZPA Terraform provider's releases. New resources, features, and bug fi --- -``Last updated: v3.0.0-beta`` +``Last updated: v3.0.1-beta`` --- +## 3.0.1-beta (September, 20 2023) + +### Notes + +- Release date: **(September, 20 2023)** +- Supported Terraform version: **v1.x** + +### Fixes + +- [PR #369](https://github.com/zscaler/terraform-provider-zpa/pull/369) - Added fix to resource `zpa_policy_access_rule_reorder` to support multiple policy types. The reorder operation is now supported for the following policy types: + - ``ACCESS_POLICY or GLOBAL_POLICY`` + - ``TIMEOUT_POLICY or REAUTH_POLICY`` + - ``BYPASS_POLICY or CLIENT_FORWARDING_POLICY`` + - ``INSPECTION_POLICY`` + - ``ISOLATION_POLICY`` + - ``CREDENTIAL_POLICY`` + - ``CAPABILITIES_POLICY`` + - ``CLIENTLESS_SESSION_PROTECTION_POLICY`` + ## 3.0.0-beta (September, 18 2023) ### Notes diff --git a/docs/guides/resource-importer.md b/docs/guides/resource-importer.md index c1af0915..3281c76a 100644 --- a/docs/guides/resource-importer.md +++ b/docs/guides/resource-importer.md @@ -4,7 +4,10 @@ page_title: "Resource Importer" # Zscaler Terraformer Tool -!> **Disclaimer:** Please refer to our [General Support Statement](support.md) before proceeding with the use of this provider. +Support Disclaimer + +------- +-> **Disclaimer:** Please refer to our [General Support Statement](support.md) before proceeding with the use of this provider. You can also refer to our [troubleshooting guide](troubleshooting.md) for guidance on typical problems. ## Overview @@ -19,6 +22,7 @@ write the Terraform configuration to describe them. > NOTE: This tool has been developed and tested with Terraform v1.x.x only. [![Zscaler Terraformer Migration Tool](https://raw.githubusercontent.com/zscaler/zscaler-terraformer/master/images/zscaler_terraformer.svg)](https://community.zscaler.com/zenith/s/question/0D54u00009evlDrCAI/video-zscaler-terraformer-migration-tool-launch) + ## Usage ```bash diff --git a/docs/index.md b/docs/index.md index 0706901f..d2b0b27a 100644 --- a/docs/index.md +++ b/docs/index.md @@ -14,7 +14,7 @@ Use the navigation on the left to read about the available resources. Support Disclaimer ------- -!> **Disclaimer:** Please refer to our [General Support Statement](guides/support.md) before proceeding with the use of this provider. +-> **Disclaimer:** Please refer to our [General Support Statement](guides/support.md) before proceeding with the use of this provider. You can also refer to our [troubleshooting guide](guides/troubleshooting.md) for guidance on typical problems. ## Zenith Community - ZPA Terraform Provider Introduction diff --git a/docs/resources/zpa_policy_access_rule_reorder.md b/docs/resources/zpa_policy_access_rule_reorder.md index 845ea1c9..2b5405b5 100644 --- a/docs/resources/zpa_policy_access_rule_reorder.md +++ b/docs/resources/zpa_policy_access_rule_reorder.md @@ -109,12 +109,15 @@ resource "zpa_policy_access_rule_reorder" "access_policy_reorder" { ### Required * `name` - (Required) This is the name of the policy rule. -* `policy_set_id` - (Required) Use [zpa_policy_type](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_policy_type) data source to retrieve the necessary policy Set ID ``policy_set_id`` * `policy_type` (Required) - Supported values: * ``ACCESS_POLICY or GLOBAL_POLICY`` * ``TIMEOUT_POLICY or REAUTH_POLICY`` * ``BYPASS_POLICY or CLIENT_FORWARDING_POLICY`` * ``INSPECTION_POLICY`` + * ``ISOLATION_POLICY`` + * ``CREDENTIAL_POLICY`` + * ``CAPABILITIES_POLICY`` + * ``CLIENTLESS_SESSION_PROTECTION_POLICY`` ## Attributes Reference diff --git a/zpa/common.go b/zpa/common.go index c5b05b91..bb78d1ce 100644 --- a/zpa/common.go +++ b/zpa/common.go @@ -687,14 +687,33 @@ func GetString(v interface{}) string { return fmt.Sprintf("%v", v) } +var AllowedPolicyTypes = map[string]struct{}{ + "ACCESS_POLICY": {}, + "GLOBAL_POLICY": {}, + "TIMEOUT_POLICY": {}, + "REAUTH_POLICY": {}, + "CLIENT_FORWARDING_POLICY": {}, + "BYPASS_POLICY": {}, + "ISOLATION_POLICY": {}, + "INSPECTION_POLICY": {}, + "CREDENTIAL_POLICY": {}, + "CAPABILITIES_POLICY": {}, + "CLIENTLESS_SESSION_PROTECTION_POLICY": {}, +} + func GetGlobalPolicySetByPolicyType(policysetcontroller policysetcontroller.Service, policyType string) (*policysetcontroller.PolicySet, error) { + // Check if the provided policy type is allowed + if _, ok := AllowedPolicyTypes[policyType]; !ok { + return nil, fmt.Errorf("invalid policy type: %s", policyType) + } + policySetsMutex.Lock() defer policySetsMutex.Unlock() if p, ok := policySets[policyType]; ok { return &p, nil } - globalPolicySet, _, err := policysetcontroller.GetByPolicyType("ACCESS_POLICY") + globalPolicySet, _, err := policysetcontroller.GetByPolicyType(policyType) if err != nil { return nil, err } diff --git a/zpa/data_source_zpa_cloud_browser_isolation_external_profile_test.go b/zpa/data_source_zpa_cloud_browser_isolation_external_profile_test.go index 83305bab..aa382721 100644 --- a/zpa/data_source_zpa_cloud_browser_isolation_external_profile_test.go +++ b/zpa/data_source_zpa_cloud_browser_isolation_external_profile_test.go @@ -31,4 +31,4 @@ func TestAccDataSourceCBIExternalProfile_Basic(t *testing.T) { }, }) } -*/ \ No newline at end of file +*/ diff --git a/zpa/provider_sweeper_test.go b/zpa/provider_sweeper_test.go index 72d4a45f..bfe9ab5e 100644 --- a/zpa/provider_sweeper_test.go +++ b/zpa/provider_sweeper_test.go @@ -98,6 +98,7 @@ func setupSweeper(resourceType string, del func(*testClient) error) { }, }) } + /* //TODO: Tests is failing on QA2 tenant. Needs further investigation. func sweepTestAppConnectorGroup(client *testClient) error { @@ -367,11 +368,11 @@ func sweepTestLSSConfigController(client *testClient) error { */ var defaultPolicyNames = map[string]string{ - "ACCESS_POLICY": "Global_Policy", - "TIMEOUT_POLICY": "ReAuth_Policy", - "CLIENT_FORWARDING_POLICY": "Bypass_Policy", - "INSPECTION_POLICY": "Inspection_Policy", - "ISOLATION_POLICY": "Isolation_Policy", + "ACCESS_POLICY": "Global_Policy", + "TIMEOUT_POLICY": "ReAuth_Policy", + "CLIENT_FORWARDING_POLICY": "Bypass_Policy", + "INSPECTION_POLICY": "Inspection_Policy", + "ISOLATION_POLICY": "Isolation_Policy", } func sweepTestAccessPolicyRuleByType(client *testClient) error { diff --git a/zpa/provider_test.go b/zpa/provider_test.go index 8fe1f96b..946e339d 100644 --- a/zpa/provider_test.go +++ b/zpa/provider_test.go @@ -62,8 +62,7 @@ func TestMain(m *testing.M) { setupSweeper(resourcetype.ZPACBIExternalIsolationProfile, sweepTestCBIExternalProfile) } - - resource.TestMain(m) + resource.TestMain(m) } func TestProvider(t *testing.T) { diff --git a/zpa/resource_zpa_service_edge_group.go b/zpa/resource_zpa_service_edge_group.go index 360b4f1b..171f2fb3 100644 --- a/zpa/resource_zpa_service_edge_group.go +++ b/zpa/resource_zpa_service_edge_group.go @@ -55,9 +55,9 @@ func resourceServiceEdgeGroup() *schema.Resource { Computed: true, }, "country_code": { - Type: schema.TypeString, - Optional: true, - Computed: true, + Type: schema.TypeString, + Optional: true, + Computed: true, ValidateFunc: validateCountryCode, }, "description": {