Updated tcp/udp ports app_segment_inspection (#177)

* Updated zpa_application_segment_pra * Updated Changelog * Updated tcp/udp ports app_segment_inspection * Updated appsegment inspection * Updated application_segment
zscaler · Aug 30, 2022 · eb49f9c · eb49f9c
1 parent f33c671
commit eb49f9c
Show file tree

Hide file tree

Showing 4 changed files with 83 additions and 67 deletions.
diff --git a/zpa/resource_zpa_application_segment.go b/zpa/resource_zpa_application_segment.go
@@ -134,11 +134,6 @@ func resourceApplicationSegment() *schema.Resource {
 					"CONTINUOUS",
 				}, false),
 			},
-			"select_connector_close_to_app": {
-				Type:     schema.TypeBool,
-				Optional: true,
-				Computed: true,
-			},
 			"icmp_access_type": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -195,14 +190,6 @@ func resourceApplicationSegment() *schema.Resource {
 	}
 }
 
-func applicationSegmentValidation(appSegment applicationsegment.ApplicationSegmentResource) error {
-
-	if appSegment.SelectConnectorCloseToApp && appSegment.UDPAppPortRange != nil {
-		return fmt.Errorf("selecting app connector closer to app can be only enabled for tcp applications")
-	}
-	return nil
-}
-
 func resourceApplicationSegmentCreate(d *schema.ResourceData, m interface{}) error {
 	zClient := m.(*Client)
 
@@ -212,9 +199,6 @@ func resourceApplicationSegmentCreate(d *schema.ResourceData, m interface{}) err
 		log.Println("[ERROR] Please provde a valid segment group for the application segment")
 		return fmt.Errorf("please provde a valid segment group for the application segment")
 	}
-	if err := applicationSegmentValidation(req); err != nil {
-		return err
-	}
 	resp, _, err := zClient.applicationsegment.Create(req)
 	if err != nil {
 		return err
@@ -253,7 +237,6 @@ func resourceApplicationSegmentRead(d *schema.ResourceData, m interface{}) error
 	_ = d.Set("enabled", resp.Enabled)
 	_ = d.Set("health_check_type", resp.HealthCheckType)
 	_ = d.Set("health_reporting", resp.HealthReporting)
-	_ = d.Set("select_connector_close_to_app", resp.SelectConnectorCloseToApp)
 	_ = d.Set("icmp_access_type", resp.IcmpAccessType)
 	_ = d.Set("ip_anchored", resp.IpAnchored)
 	_ = d.Set("is_cname_enabled", resp.IsCnameEnabled)
@@ -297,9 +280,6 @@ func resourceApplicationSegmentUpdate(d *schema.ResourceData, m interface{}) err
 		log.Println("[ERROR] Please provde a valid segment group for the application segment")
 		return fmt.Errorf("please provde a valid segment group for the application segment")
 	}
-	if err := applicationSegmentValidation(req); err != nil {
-		return err
-	}
 	if _, err := zClient.applicationsegment.Update(id, req); err != nil {
 		return err
 	}
@@ -359,25 +339,24 @@ func expandStringInSlice(d *schema.ResourceData, key string) []string {
 
 func expandApplicationSegmentRequest(d *schema.ResourceData, zClient *Client, id string) applicationsegment.ApplicationSegmentResource {
 	details := applicationsegment.ApplicationSegmentResource{
-		SegmentGroupID:            d.Get("segment_group_id").(string),
-		SegmentGroupName:          d.Get("segment_group_name").(string),
-		BypassType:                d.Get("bypass_type").(string),
-		ConfigSpace:               d.Get("config_space").(string),
-		PassiveHealthEnabled:      d.Get("passive_health_enabled").(bool),
-		IcmpAccessType:            d.Get("icmp_access_type").(string),
-		Description:               d.Get("description").(string),
-		DomainNames:               SetToStringList(d, "domain_names"),
-		DoubleEncrypt:             d.Get("double_encrypt").(bool),
-		Enabled:                   d.Get("enabled").(bool),
-		HealthCheckType:           d.Get("health_check_type").(string),
-		HealthReporting:           d.Get("health_reporting").(string),
-		SelectConnectorCloseToApp: d.Get("select_connector_close_to_app").(bool),
-		IpAnchored:                d.Get("ip_anchored").(bool),
-		IsCnameEnabled:            d.Get("is_cname_enabled").(bool),
-		Name:                      d.Get("name").(string),
-		ServerGroups:              expandAppServerGroups(d),
-		TCPAppPortRange:           []common.NetworkPorts{},
-		UDPAppPortRange:           []common.NetworkPorts{},
+		SegmentGroupID:       d.Get("segment_group_id").(string),
+		SegmentGroupName:     d.Get("segment_group_name").(string),
+		BypassType:           d.Get("bypass_type").(string),
+		ConfigSpace:          d.Get("config_space").(string),
+		PassiveHealthEnabled: d.Get("passive_health_enabled").(bool),
+		IcmpAccessType:       d.Get("icmp_access_type").(string),
+		Description:          d.Get("description").(string),
+		DomainNames:          SetToStringList(d, "domain_names"),
+		DoubleEncrypt:        d.Get("double_encrypt").(bool),
+		Enabled:              d.Get("enabled").(bool),
+		HealthCheckType:      d.Get("health_check_type").(string),
+		HealthReporting:      d.Get("health_reporting").(string),
+		IpAnchored:           d.Get("ip_anchored").(bool),
+		IsCnameEnabled:       d.Get("is_cname_enabled").(bool),
+		Name:                 d.Get("name").(string),
+		ServerGroups:         expandAppServerGroups(d),
+		TCPAppPortRange:      []common.NetworkPorts{},
+		UDPAppPortRange:      []common.NetworkPorts{},
 	}
 	remoteTCPAppPortRanges := []string{}
 	remoteUDPAppPortRanges := []string{}

diff --git a/zpa/resource_zpa_application_segment_inspection.go b/zpa/resource_zpa_application_segment_inspection.go
@@ -82,6 +82,15 @@ func resourceApplicationSegmentInspection() *schema.Resource {
 				Description: "UDP port ranges used to access the app.",
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
+			"config_space": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					"DEFAULT",
+					"SIEM",
+				}, false),
+				Default: "DEFAULT",
+			},
 			"description": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -294,12 +303,11 @@ func resourceApplicationSegmentInspection() *schema.Resource {
 func resourceApplicationSegmentInspectionCreate(d *schema.ResourceData, m interface{}) error {
 	zClient := m.(*Client)
 
-	req := expandInspectionApplicationSegment(d)
-	log.Printf("[INFO] Creating inspection application segment request\n%+v\n", req)
-
+	req := expandInspectionApplicationSegment(d, zClient, "")
+	log.Printf("[INFO] Creating application segment request\n%+v\n", req)
 	if req.SegmentGroupID == "" {
-		log.Println("[ERROR] Please provde a valid segment group for the inspection application segment")
-		return fmt.Errorf("please provde a valid segment group for the inspection application segment")
+		log.Println("[ERROR] Please provde a valid segment group for the application segment")
+		return fmt.Errorf("please provde a valid segment group for the application segment")
 	}
 
 	resp, _, err := zClient.applicationsegmentinspection.Create(req)
@@ -331,6 +339,7 @@ func resourceApplicationSegmentInspectionRead(d *schema.ResourceData, m interfac
 	_ = d.Set("segment_group_id", resp.SegmentGroupID)
 	_ = d.Set("segment_group_name", resp.SegmentGroupName)
 	_ = d.Set("bypass_type", resp.BypassType)
+	_ = d.Set("config_space", resp.ConfigSpace)
 	_ = d.Set("domain_names", resp.DomainNames)
 	_ = d.Set("name", resp.Name)
 	_ = d.Set("description", resp.Description)
@@ -344,15 +353,12 @@ func resourceApplicationSegmentInspectionRead(d *schema.ResourceData, m interfac
 	_ = d.Set("health_reporting", resp.HealthReporting)
 	_ = d.Set("tcp_port_ranges", resp.TCPPortRanges)
 	_ = d.Set("udp_port_ranges", resp.UDPPortRanges)
+	_ = d.Set("server_groups", flattenInspectionAppServerGroupsSimple(resp))
 
 	if err := d.Set("common_apps_dto", flattenInspectionCommonAppsDto(resp.InspectionAppDto)); err != nil {
 		return fmt.Errorf("failed to read common application in application segment %s", err)
 	}
 
-	if err := d.Set("server_groups", flattenInspectionAppServerGroups(resp.AppServerGroups)); err != nil {
-		return fmt.Errorf("failed to read app server groups %s", err)
-	}
-
 	if err := d.Set("tcp_port_range", flattenNetworkPorts(resp.TCPAppPortRange)); err != nil {
 		return err
 	}
@@ -365,12 +371,24 @@ func resourceApplicationSegmentInspectionRead(d *schema.ResourceData, m interfac
 
 }
 
+func flattenInspectionAppServerGroupsSimple(serverGroup *applicationsegmentinspection.AppSegmentInspection) []interface{} {
+	result := make([]interface{}, 1)
+	mapIds := make(map[string]interface{})
+	ids := make([]string, len(serverGroup.AppServerGroups))
+	for i, group := range serverGroup.AppServerGroups {
+		ids[i] = group.ID
+	}
+	mapIds["id"] = ids
+	result[0] = mapIds
+	return result
+}
+
 func resourceApplicationSegmentInspectionUpdate(d *schema.ResourceData, m interface{}) error {
 	zClient := m.(*Client)
 
 	id := d.Id()
 	log.Printf("[INFO] Updating inspection application segment ID: %v\n", id)
-	req := expandInspectionApplicationSegment(d)
+	req := expandInspectionApplicationSegment(d, zClient, id)
 
 	if d.HasChange("segment_group_id") && req.SegmentGroupID == "" {
 		log.Println("[ERROR] Please provde a valid segment group for the inspection application segment")
@@ -424,10 +442,11 @@ func detachInspectionPortalsFromGroup(client *Client, segmentID, segmentGroupID
 
 }
 
-func expandInspectionApplicationSegment(d *schema.ResourceData) applicationsegmentinspection.AppSegmentInspection {
+func expandInspectionApplicationSegment(d *schema.ResourceData, zClient *Client, id string) applicationsegmentinspection.AppSegmentInspection {
 	details := applicationsegmentinspection.AppSegmentInspection{
 		SegmentGroupID:       d.Get("segment_group_id").(string),
 		BypassType:           d.Get("bypass_type").(string),
+		ConfigSpace:          d.Get("config_space").(string),
 		PassiveHealthEnabled: d.Get("passive_health_enabled").(bool),
 		ICMPAccessType:       d.Get("icmp_access_type").(string),
 		Description:          d.Get("description").(string),
@@ -452,20 +471,38 @@ func expandInspectionApplicationSegment(d *schema.ResourceData) applicationsegme
 	if d.HasChange("server_groups") {
 		details.AppServerGroups = expandInspectionAppServerGroups(d)
 	}
-	TCPAppPortRange := expandNetwokPorts(d, "tcp_port_range")
-	if TCPAppPortRange != nil {
-		details.TCPAppPortRange = TCPAppPortRange
+	remoteTCPAppPortRanges := []string{}
+	remoteUDPAppPortRanges := []string{}
+	if zClient != nil && id != "" {
+		resource, _, err := zClient.applicationsegment.Get(id)
+		if err == nil {
+			remoteTCPAppPortRanges = resource.TCPPortRanges
+			remoteUDPAppPortRanges = resource.UDPPortRanges
+		}
 	}
-	UDPAppPortRange := expandNetwokPorts(d, "udp_port_range")
-	if UDPAppPortRange != nil {
-		details.UDPAppPortRange = UDPAppPortRange
+	TCPAppPortRange := expandAppSegmentNetwokPorts(d, "tcp_port_range")
+	TCPAppPortRanges := convertToPortRange(d.Get("tcp_port_ranges").([]interface{}))
+	if isSameSlice(TCPAppPortRange, TCPAppPortRanges) || isSameSlice(TCPAppPortRange, remoteTCPAppPortRanges) {
+		details.TCPPortRanges = TCPAppPortRanges
+	} else {
+		details.TCPPortRanges = TCPAppPortRange
 	}
-	if d.HasChange("udp_port_ranges") {
-		details.UDPPortRanges = convertToListString(d.Get("udp_port_ranges"))
+
+	UDPAppPortRange := expandAppSegmentNetwokPorts(d, "udp_port_range")
+	UDPAppPortRanges := convertToPortRange(d.Get("udp_port_ranges").([]interface{}))
+	if isSameSlice(UDPAppPortRange, UDPAppPortRanges) || isSameSlice(UDPAppPortRange, remoteUDPAppPortRanges) {
+		details.UDPPortRanges = UDPAppPortRanges
+	} else {
+		details.UDPPortRanges = UDPAppPortRange
 	}
-	if d.HasChange("tcp_port_ranges") {
-		details.TCPPortRanges = convertToListString(d.Get("tcp_port_ranges"))
+
+	if details.TCPPortRanges == nil {
+		details.TCPPortRanges = []string{}
 	}
+	if details.UDPPortRanges == nil {
+		details.UDPPortRanges = []string{}
+	}
+
 	return details
 }
 

diff --git a/zpa/resource_zpa_application_segment_inspection_test.go b/zpa/resource_zpa_application_segment_inspection_test.go
@@ -74,7 +74,7 @@ func testAccCheckApplicationSegmentInspectionDestroy(s *terraform.State) error {
 			continue
 		}
 
-		_, _, err := client.applicationsegment.GetByName(rs.Primary.Attributes["name"])
+		_, _, err := client.applicationsegmentinspection.GetByName(rs.Primary.Attributes["name"])
 		if err == nil {
 			return fmt.Errorf("Inspection Application Segment still exists")
 		}

diff --git a/zpa/resource_zpa_application_segment_pra_test.go b/zpa/resource_zpa_application_segment_pra_test.go
@@ -70,13 +70,13 @@ func testAccCheckApplicationSegmentPRADestroy(s *terraform.State) error {
 	client := testAccProvider.Meta().(*Client)
 
 	for _, rs := range s.RootModule().Resources {
-		if rs.Type != resourcetype.ZPAApplicationSegment {
+		if rs.Type != resourcetype.ZPAApplicationSegmentPRA {
 			continue
 		}
 
-		_, _, err := client.applicationsegment.GetByName(rs.Primary.Attributes["name"])
+		_, _, err := client.applicationsegmentpra.GetByName(rs.Primary.Attributes["name"])
 		if err == nil {
-			return fmt.Errorf("Application Segment still exists")
+			return fmt.Errorf("Application Segment PRA still exists")
 		}
 
 		return nil
@@ -88,10 +88,10 @@ func testAccCheckApplicationSegmentPRAExists(resource string, segment *applicati
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[resource]
 		if !ok {
-			return fmt.Errorf("Application Segment Not found: %s", resource)
+			return fmt.Errorf("Application Segment PRA Not found: %s", resource)
 		}
 		if rs.Primary.ID == "" {
-			return fmt.Errorf("no Application Segment ID is set")
+			return fmt.Errorf("no Application Segment PRA ID is set")
 		}
 		client := testAccProvider.Meta().(*Client)
 		resp, _, err := client.applicationsegmentpra.GetByName(rs.Primary.Attributes["name"])
@@ -114,7 +114,7 @@ func testAccCheckApplicationSegmentPRAConfigure(resourceTypeAndName, generatedNa
 // segment group resource
 %s
 
-// application segment resource
+// application segment pra resource
 %s
 
 data "%s" "%s" {