diff --git a/CHANGELOG.md b/CHANGELOG.md index ea8201e6..0cd5954f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,10 +1,10 @@ # Changelog -## 3.3.30 (June, 2 2024) +## 3.3.25 (July, 2 2024) ### Notes -- Release date: **(June, 14 2024)** +- Release date: **(July, 2 2024)** - Supported Terraform version: **v1.x** ### Deprecations @@ -12,6 +12,10 @@ - ``zpa_application_segment_browser_access``: `cname`, `hidden`, `local_name`, `path` - ``zpa_application_segment_pra``: `cname`, `segment_group_name` +### Bug Fixes +- [PR #468](https://github.com/zscaler/terraform-provider-zpa/pull/468) Fixed `zpa_application_segment_inspection` drift issues within `common_apps_dto` and `tcp_port_range` + + ## 3.3.24 (June, 14 2024) ### Notes diff --git a/docs/guides/release-notes.md b/docs/guides/release-notes.md index ad8ce52e..c77e7061 100644 --- a/docs/guides/release-notes.md +++ b/docs/guides/release-notes.md @@ -12,10 +12,25 @@ Track all ZPA Terraform provider's releases. New resources, features, and bug fi --- -``Last updated: v3.3.24`` +``Last updated: v3.3.25`` --- +## 3.3.25 (July, 2 2024) + +### Notes + +- Release date: **(July, 2 2024)** +- Supported Terraform version: **v1.x** + +### Deprecations +- [PR #468](https://github.com/zscaler/terraform-provider-zpa/pull/468) The following attributes are not deprecated: + - ``zpa_application_segment_browser_access``: `cname`, `hidden`, `local_name`, `path` + - ``zpa_application_segment_pra``: `cname`, `segment_group_name` + +### Bug Fixes +- [PR #468](https://github.com/zscaler/terraform-provider-zpa/pull/468) Fixed `zpa_application_segment_inspection` drift issues within `common_apps_dto` and `tcp_port_range` + ## 3.3.24 (June, 14 2024) ### Notes diff --git a/docs/resources/zpa_application_segment_inspection.md b/docs/resources/zpa_application_segment_inspection.md index 5a50755c..46eea91d 100644 --- a/docs/resources/zpa_application_segment_inspection.md +++ b/docs/resources/zpa_application_segment_inspection.md @@ -72,8 +72,9 @@ The following arguments are supported: - `tcp_port_ranges` - (List of String) TCP port ranges used to access the app. - `udp_port_ranges` - (List of String) UDP port ranges used to access the app. +!> **WARNING:** Removing PRA applications from the `common_apps_dto.apps_config` block will cause the provider to force a replacement of the application segment. + -> **NOTE:** TCP and UDP ports can also be defined using the following model: --> **NOTE:** When removing TCP and/or UDP ports, parameter must be defined but set as empty due to current API behavior. - `tcp_port_range` - (Block Set) TCP port ranges used to access the app. - `from:` (String) The starting port for a port range. diff --git a/go.mod b/go.mod index b6132b6a..f72f48e1 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/hashicorp/terraform-plugin-docs v0.19.4 github.com/hashicorp/terraform-plugin-sdk v1.17.2 github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 - github.com/zscaler/zscaler-sdk-go/v2 v2.61.4 + github.com/zscaler/zscaler-sdk-go/v2 v2.61.5 ) require ( diff --git a/go.sum b/go.sum index 551dad5f..c10da85a 100644 --- a/go.sum +++ b/go.sum @@ -441,8 +441,8 @@ github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgr github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0= -github.com/zscaler/zscaler-sdk-go/v2 v2.61.4 h1:sXzIUt0QZrvBDDEOfroMsHn2jMe9WlB+qH1YXA/47Ho= -github.com/zscaler/zscaler-sdk-go/v2 v2.61.4/go.mod h1:9x0nZWvx01g0VN0G+PqijowyN9fI4H+O8ekflXS+h/c= +github.com/zscaler/zscaler-sdk-go/v2 v2.61.5 h1:dgLbmndNxELtp9/IEqEsPhkAo3RACCMgioVaJDx0rbo= +github.com/zscaler/zscaler-sdk-go/v2 v2.61.5/go.mod h1:9x0nZWvx01g0VN0G+PqijowyN9fI4H+O8ekflXS+h/c= go.abhg.dev/goldmark/frontmatter v0.2.0 h1:P8kPG0YkL12+aYk2yU3xHv4tcXzeVnN+gU0tJ5JnxRw= go.abhg.dev/goldmark/frontmatter v0.2.0/go.mod h1:XqrEkZuM57djk7zrlRUB02x8I5J0px76YjkOzhB4YlU= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= diff --git a/zpa/resource_zpa_application_segment_inspection.go b/zpa/resource_zpa_application_segment_inspection.go index acd0f376..e98f91df 100644 --- a/zpa/resource_zpa_application_segment_inspection.go +++ b/zpa/resource_zpa_application_segment_inspection.go @@ -61,11 +61,6 @@ func resourceApplicationSegmentInspection() *schema.Resource { Type: schema.TypeString, Required: true, }, - "segment_group_name": { - Type: schema.TypeString, - Optional: true, - Computed: true, - }, "bypass_type": { Type: schema.TypeString, Optional: true, @@ -205,7 +200,6 @@ func resourceApplicationSegmentInspection() *schema.Resource { "common_apps_dto": { Type: schema.TypeSet, Optional: true, - ForceNew: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -215,54 +209,50 @@ func resourceApplicationSegmentInspection() *schema.Resource { ForceNew: true, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ - "name": { + "id": { Type: schema.TypeString, - Optional: true, - ForceNew: true, + Computed: true, }, - "description": { + "name": { Type: schema.TypeString, Optional: true, - ForceNew: true, }, "enabled": { Type: schema.TypeBool, Optional: true, - ForceNew: true, + Computed: true, }, "app_types": { Type: schema.TypeSet, Optional: true, - ForceNew: true, Elem: &schema.Schema{Type: schema.TypeString}, }, "application_port": { Type: schema.TypeString, Optional: true, - ForceNew: true, }, "application_protocol": { Type: schema.TypeString, Optional: true, - ForceNew: true, + // ForceNew: true, ValidateFunc: validation.StringInSlice([]string{ "HTTP", "HTTPS", }, false), }, "certificate_id": { - Type: schema.TypeString, - ForceNew: true, + Type: schema.TypeString, + // ForceNew: true, Optional: true, }, "domain": { - Type: schema.TypeString, - ForceNew: true, + Type: schema.TypeString, + // ForceNew: true, Optional: true, }, "trust_untrusted_cert": { - Type: schema.TypeBool, - ForceNew: true, + Type: schema.TypeBool, + // ForceNew: true, Optional: true, }, }, @@ -348,7 +338,6 @@ func resourceApplicationSegmentInspectionRead(d *schema.ResourceData, m interfac log.Printf("[INFO] Getting sra application segment:\n%+v\n", resp) d.SetId(resp.ID) _ = d.Set("segment_group_id", resp.SegmentGroupID) - _ = d.Set("segment_group_name", resp.SegmentGroupName) _ = d.Set("bypass_type", resp.BypassType) _ = d.Set("config_space", resp.ConfigSpace) _ = d.Set("domain_names", resp.DomainNames) @@ -371,7 +360,7 @@ func resourceApplicationSegmentInspectionRead(d *schema.ResourceData, m interfac _ = d.Set("udp_port_ranges", convertPortsToListString(resp.UDPAppPortRange)) _ = d.Set("server_groups", flattenInspectionAppServerGroupsSimple(resp.AppServerGroups)) - if err := d.Set("common_apps_dto", flattenInspectionCommonAppsDto(d, resp.InspectionAppDto)); err != nil { + if err := d.Set("common_apps_dto", flattenInspectionCommonAppsDto(resp.InspectionAppDto)); err != nil { return fmt.Errorf("failed to read common application in application segment %s", err) } @@ -379,18 +368,22 @@ func resourceApplicationSegmentInspectionRead(d *schema.ResourceData, m interfac return err } - if err := d.Set("tcp_port_range", flattenNetworkPorts(resp.UDPAppPortRange)); err != nil { + if err := d.Set("udp_port_range", flattenNetworkPorts(resp.UDPAppPortRange)); err != nil { return err } return nil } func flattenInspectionAppServerGroupsSimple(serverGroup []applicationsegmentinspection.AppServerGroups) []interface{} { - ids := make([]interface{}, len(serverGroup)) + result := make([]interface{}, 1) + mapIds := make(map[string]interface{}) + ids := make([]string, len(serverGroup)) for i, group := range serverGroup { ids[i] = group.ID } - return ids + mapIds["id"] = ids + result[0] = mapIds + return result } func resourceApplicationSegmentInspectionUpdate(d *schema.ResourceData, m interface{}) error { @@ -459,34 +452,11 @@ func resourceApplicationSegmentInspectionDelete(d *schema.ResourceData, m interf return nil } -/* - func detachInspectionPortalsFromGroup(client *Client, segmentID, segmentGroupID string) error { - log.Printf("[INFO] Detaching inspection application segment %s from segment group: %s\n", segmentID, segmentGroupID) - service := client.SegmentGroup - - segGroup, _, err := segmentgroup.Get(service, segmentGroupID) - if err != nil { - log.Printf("[error] Error while getting segment group id: %s", segmentGroupID) - return err - } - adaptedApplications := []segmentgroup.Application{} - for _, app := range segGroup.Applications { - if app.ID != segmentID { - adaptedApplications = append(adaptedApplications, app) - } - } - segGroup.Applications = adaptedApplications - _, err = segmentgroup.Update(service, segmentGroupID, segGroup) - return err - } -*/ - func expandInspectionApplicationSegment(d *schema.ResourceData, zClient *Client, id string) applicationsegmentinspection.AppSegmentInspection { details := applicationsegmentinspection.AppSegmentInspection{ ID: d.Id(), Name: d.Get("name").(string), SegmentGroupID: d.Get("segment_group_id").(string), - SegmentGroupName: d.Get("segment_group_name").(string), BypassType: d.Get("bypass_type").(string), ConfigSpace: d.Get("config_space").(string), ICMPAccessType: d.Get("icmp_access_type").(string), @@ -512,9 +482,6 @@ func expandInspectionApplicationSegment(d *schema.ResourceData, zClient *Client, if d.HasChange("name") { details.Name = d.Get("name").(string) } - if d.HasChange("segment_group_name") { - details.SegmentGroupName = d.Get("segment_group_name").(string) - } if d.HasChange("server_groups") { details.AppServerGroups = expandInspectionAppServerGroups(d) } @@ -561,20 +528,12 @@ func expandInspectionApplicationSegment(d *schema.ResourceData, zClient *Client, func expandInspectionCommonAppsDto(d *schema.ResourceData) applicationsegmentinspection.CommonAppsDto { result := applicationsegmentinspection.CommonAppsDto{} - appsConfigInterface, ok := d.GetOk("common_apps_dto") - if !ok { - return result - } - appsConfigSet, ok := appsConfigInterface.(*schema.Set) - if !ok { - return result - } - for _, appconf := range appsConfigSet.List() { - appConfMap, ok := appconf.(map[string]interface{}) - if !ok { - return result + if commonAppsInterface, ok := d.GetOk("common_apps_dto"); ok { + commonAppsList := commonAppsInterface.(*schema.Set).List() + if len(commonAppsList) > 0 { + commonAppMap := commonAppsList[0].(map[string]interface{}) + result.AppsConfig = expandInspectionAppsConfig(commonAppMap["apps_config"]) } - result.AppsConfig = expandInspectionAppsConfig(appConfMap["apps_config"]) } return result } @@ -596,7 +555,6 @@ func expandInspectionAppsConfig(appsConfigInterface interface{}) []applicationse appTypes := SetToStringSlice(appTypesSet) commonAppConfigDto = append(commonAppConfigDto, applicationsegmentinspection.AppsConfig{ Name: commonAppConfig["name"].(string), - Description: commonAppConfig["description"].(string), Enabled: commonAppConfig["enabled"].(bool), ApplicationPort: commonAppConfig["application_port"].(string), ApplicationProtocol: commonAppConfig["application_protocol"].(string), @@ -632,38 +590,31 @@ func expandInspectionAppServerGroups(d *schema.ResourceData) []applicationsegmen return []applicationsegmentinspection.AppServerGroups{} } -func flattenInspectionCommonAppsDto(d *schema.ResourceData, apps []applicationsegmentinspection.InspectionAppDto) []interface{} { - commonApp := make([]interface{}, 1) - commonApp[0] = map[string]interface{}{ - "apps_config": flattenInspectionAppsConfig(d, apps), - } - return commonApp -} - -func flattenInspectionAppsConfig(d *schema.ResourceData, appConfigs []applicationsegmentinspection.InspectionAppDto) []interface{} { - cApp := expandInspectionCommonAppsDto(d) - - appConfig := make([]interface{}, len(appConfigs)) - for i, val := range appConfigs { +func flattenInspectionCommonAppsDto(apps []applicationsegmentinspection.InspectionAppDto) []interface{} { + commonAppsDto := make([]interface{}, 1) + appsConfig := make([]interface{}, len(apps)) + for i, app := range apps { appTypes := []string{} - for _, a := range cApp.AppsConfig { - if a.Name == val.Name { - appTypes = a.AppTypes - } + if app.ApplicationProtocol == "HTTP" || app.ApplicationProtocol == "HTTPS" { + appTypes = append(appTypes, "INSPECT") } - appConfig[i] = map[string]interface{}{ - "name": val.Name, - "description": val.Description, - "enabled": val.Enabled, - "domain": val.Domain, - "application_port": val.ApplicationPort, - "certificate_id": val.CertificateID, - "application_protocol": val.ApplicationProtocol, - "trust_untrusted_cert": val.TrustUntrustedCert, + appConfigMap := map[string]interface{}{ + "id": app.ID, + "name": app.Name, + "enabled": app.Enabled, + "domain": app.Domain, + "application_port": app.ApplicationPort, + "certificate_id": app.CertificateID, + "application_protocol": app.ApplicationProtocol, + "trust_untrusted_cert": app.TrustUntrustedCert, "app_types": appTypes, } + appsConfig[i] = appConfigMap + } + commonAppsDto[0] = map[string]interface{}{ + "apps_config": appsConfig, } - return appConfig + return commonAppsDto } func validateProtocolAndCertID(d *schema.ResourceData) error { diff --git a/zpa/resource_zpa_application_segment_inspection_test.go b/zpa/resource_zpa_application_segment_inspection_test.go index ca3f7223..97ecf9f0 100644 --- a/zpa/resource_zpa_application_segment_inspection_test.go +++ b/zpa/resource_zpa_application_segment_inspection_test.go @@ -58,11 +58,11 @@ func TestAccResourceApplicationSegmentInspectionBasic(t *testing.T) { ), }, // Import test - // { - // ResourceName: appSegmentTypeAndName, - // ImportState: true, - // ImportStateVerify: true, - // }, + { + ResourceName: appSegmentTypeAndName, + ImportState: true, + ImportStateVerify: true, + }, }, }) } diff --git a/zpa/resource_zpa_application_segment_pra.go b/zpa/resource_zpa_application_segment_pra.go index 28aaa023..f78195ab 100644 --- a/zpa/resource_zpa_application_segment_pra.go +++ b/zpa/resource_zpa_application_segment_pra.go @@ -89,7 +89,6 @@ func resourceApplicationSegmentPRA() *schema.Resource { Description: "UDP port ranges used to access the app.", Elem: &schema.Schema{Type: schema.TypeString}, }, - "config_space": { Type: schema.TypeString, Optional: true, @@ -385,6 +384,11 @@ func resourceApplicationSegmentPRAUpdate(d *schema.ResourceData, m interface{}) zClient := m.(*Client) service := zClient.ApplicationSegmentPRA + microTenantID := GetString(d.Get("microtenant_id")) + if microTenantID != "" { + service = service.WithMicroTenant(microTenantID) + } + id := d.Id() log.Printf("[INFO] Updating pra application segment ID: %v\n", id) req := expandSRAApplicationSegment(d, zClient, id) @@ -439,7 +443,7 @@ func resourceApplicationSegmentPRADelete(d *schema.ResourceData, m interface{}) } } } - log.Printf("[INFO] Deleting sra application segment with id %v\n", id) + log.Printf("[INFO] Deleting pra application segment with id %v\n", id) if _, err := applicationsegmentpra.Delete(service, id); err != nil { return err }