Fix: Fixed Access Policy v2 Flattening and Expanding common functions

zscaler · Jul 31, 2024 · fcc87d5 · fcc87d5
1 parent 2a0648c
commit fcc87d5
Show file tree

Hide file tree

Showing 7 changed files with 213 additions and 17 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,10 +1,10 @@
 # Changelog
 
-## 3.321.0 (July, 30 2024)
+## 3.32.1 (July, 31 2024)
 
 ### Notes
 
-- Release date: **(July, 30 2024)**
+- Release date: **(July, 31 2024)**
 - Supported Terraform version: **v1.x**
 
 ### Bug Fixes
@@ -17,6 +17,15 @@
  - [PR #473](https://github.com/zscaler/terraform-provider-zpa/pull/473) Added missing `microtenant_id` attribute to nested block `clientless_apps` in the resource and data source `zpa_application_segment_browser_access`.
   ~> **NOTE** Although that's a safe change, it may cause a temporary drift in order to update the statefile.
 
+ - [PR #473](https://github.com/zscaler/terraform-provider-zpa/pull/473) Fixed drift related to common flattening and expand functions for all v2 Access policy resources.
+  ~> **NOTE** This fix does not affect existing configurations using the `v2` policy type.
+
+
+### Documentation
+- [PR #473](https://github.com/zscaler/terraform-provider-zpa/pull/473) Added documentation examples for the following resources and datasources:
+  - ``zpa_service_edge_assistant_schedule``
+  - ``zpa_policy_credential_rule``
+
 ## 3.32.0 (July, 24 2024)
 
 ### Notes

diff --git a/docs/guides/release-notes.md b/docs/guides/release-notes.md
@@ -12,15 +12,15 @@ Track all ZPA Terraform provider's releases. New resources, features, and bug fi
 
 ---
 
-``Last updated: v3.321.0``
+``Last updated: v3.32.1``
 
 ---
 
-## 3.321.0 (July, 30 2024)
+## 3.32.1 (July, 31 2024)
 
 ### Notes
 
-- Release date: **(July, 30 2024)**
+- Release date: **(July, 31 2024)**
 - Supported Terraform version: **v1.x**
 
 ### Bug Fixes
@@ -33,6 +33,14 @@ Track all ZPA Terraform provider's releases. New resources, features, and bug fi
  - [PR #473](https://github.com/zscaler/terraform-provider-zpa/pull/473) Added missing `microtenant_id` attribute to nested block `clientless_apps` in the resource and data source `zpa_application_segment_browser_access`.
   ~> **NOTE** Although that's a safe change, it may cause a temporary drift in order to update the statefile.
 
+ - [PR #473](https://github.com/zscaler/terraform-provider-zpa/pull/473) Fixed drift related to common flattening and expand functions for all v2 Access policy resources.
+  ~> **NOTE** This fix does not affect existing configurations using the `v2` policy type.
+
+### Documentation
+- [PR #473](https://github.com/zscaler/terraform-provider-zpa/pull/473) Added documentation examples for the following resources and datasources:
+  - ``zpa_service_edge_assistant_schedule``
+  - ``zpa_policy_credential_rule``
+
 ## 3.32.0 (July, 24 2024)
 
 ### Notes

diff --git a/examples/zpa_policy_credential_rule/basic.tf b/examples/zpa_policy_credential_rule/basic.tf
@@ -0,0 +1,154 @@
+resource "zpa_segment_group" "this" {
+  name        = "Example_Segment_Group"
+  description = "Example_Segment_Group"
+  enabled     = true
+}
+
+resource "zpa_application_segment_pra" "this" {
+  name             = "ZPA_PRA_Example"
+  description      = "ZPA_PRA_Example"
+  enabled          = true
+  health_reporting = "ON_ACCESS"
+  bypass_type      = "NEVER"
+  is_cname_enabled = true
+  tcp_port_range = [
+    {
+    from = "3389"
+    to = "3389"
+    },
+    {
+    from = "22"
+    to = "22"
+    }
+  ]
+  domain_names     = ["ssh_pra.example.com", "rdp_pra.example.com"]
+  segment_group_id = zpa_segment_group.this.id
+  common_apps_dto {
+    apps_config {
+      name                 = "rdp_pra.example.com"
+      domain               = "rdp_pra.example.com"
+      application_protocol = "RDP"
+      connection_security  = "ANY"
+      application_port     = "3389"
+      enabled              = true
+      app_types            = ["SECURE_REMOTE_ACCESS"]
+    }
+    apps_config {
+      name                 = "ssh_pra.example.com"
+      domain               = "ssh_pra.example.com"
+      application_protocol = "SSH"
+      application_port     = "22"
+      enabled              = true
+      app_types            = ["SECURE_REMOTE_ACCESS"]
+    }
+  }
+}
+
+data "zpa_application_segment_by_type" "ssh_pra" {
+  application_type = "SECURE_REMOTE_ACCESS"
+  name             = "ssh_pra"
+  depends_on       = [zpa_application_segment_pra.this]
+}
+
+data "zpa_application_segment_by_type" "rdp_pra" {
+  application_type = "SECURE_REMOTE_ACCESS"
+  name             = "rdp_pra"
+  depends_on       = [zpa_application_segment_pra.this]
+}
+
+data "zpa_ba_certificate" "this" {
+  name = "pra01.bd-hashicorp.com"
+}
+
+data "zpa_idp_controller" "this" {
+  name = "BD_Okta_Users"
+}
+
+data "zpa_scim_groups" "a000" {
+  name     = "A000"
+  idp_name = "BD_Okta_Users"
+}
+
+data "zpa_saml_attribute" "email_user_sso" {
+  name     = "Email_BD_Okta_Users"
+  idp_name = "BD_Okta_Users"
+}
+
+resource "zpa_pra_portal_controller" "this" {
+  name                      = "pra01.bd-hashicorp.com"
+  description               = "pra01.bd-hashicorp.com"
+  enabled                   = true
+  domain                    = "pra01.bd-hashicorp.com"
+  certificate_id            = data.zpa_ba_certificate.this.id
+  user_notification         = "Created with Terraform"
+  user_notification_enabled = true
+}
+
+resource "zpa_pra_console_controller" "rdp_pra" {
+  name        = "RDP_PRA_Console"
+  description = "Created with Terraform"
+  enabled     = true
+  pra_application {
+    id = data.zpa_application_segment_by_type.rdp_pra.id
+  }
+  pra_portals {
+    id = [zpa_pra_portal_controller.this.id]
+  }
+}
+
+resource "zpa_pra_console_controller" "ssh_pra" {
+  name        = "SSH_PRA_Console"
+  description = "Created with Terraform"
+  enabled     = true
+  pra_application {
+    id = data.zpa_application_segment_by_type.ssh_pra.id
+  }
+  pra_portals {
+    id = [zpa_pra_portal_controller.this.id]
+  }
+}
+
+resource "zpa_pra_credential_controller" "this" {
+    name = "John Carrow"
+    description = "Created with Terraform"
+    credential_type = "USERNAME_PASSWORD"
+    user_domain = "acme.com"
+    username = "jcarrow"
+    password = "************"
+}
+
+resource "zpa_policy_credential_rule" "this" {
+  name          = "Example_Credential_Rule"
+  description   = "Example_Credential_Rule"
+  action        = "INJECT_CREDENTIALS"
+
+  credential {
+    id = zpa_pra_credential_controller.this.id
+  }
+
+  conditions {
+    operator = "OR"
+    operands {
+      object_type = "CONSOLE"
+      values      = [ zpa_pra_console_controller.rdp_pra.id, zpa_pra_console_controller.ssh_pra.id ]
+    }
+  }
+
+  conditions {
+    operator = "OR"
+    operands {
+      object_type = "SAML"
+      entry_values {
+        rhs = "[email protected]"
+        lhs = data.zpa_saml_attribute.email_user_sso.id
+      }
+    }
+    operands {
+      object_type = "SCIM_GROUP"
+      entry_values {
+        rhs = data.zpa_scim_groups.a000.id
+        lhs = data.zpa_idp_controller.this.id
+      }
+    }
+  }
+}
diff --git a/examples/zpa_service_edge_assistant_schedule/basic.tf b/examples/zpa_service_edge_assistant_schedule/basic.tf
@@ -0,0 +1,6 @@
+resource "zpa_service_edge_assistant_schedule" "this" {
+  frequency = "days"
+  frequency_interval = "7"
+  enabled = true
+  delete_disabled = true
+}
diff --git a/examples/zpa_service_edge_assistant_schedule/datasource.tf b/examples/zpa_service_edge_assistant_schedule/datasource.tf
@@ -0,0 +1,13 @@
+// Retrieve All Assistant Schedules
+data "zpa_service_edge_assistant_schedule" "this" {}
+
+// Retrieve A Specific Assistant Schedule by ID
+data "zpa_service_edge_assistant_schedule" "this" {
+    id = "1"
+}
+
+// Retrieve A Specific Assistant Schedule by the Customer ID
+data "zpa_service_edge_assistant_schedule" "this" {
+    customer_id = "1234567891012"
+}
+
diff --git a/zpa/common.go b/zpa/common.go
@@ -827,7 +827,7 @@ func GetGlobalPolicySetByPolicyType(client *Client, policyType string) (*policys
 }
 
 //######################################################################################################################
-//######################################## ZPA ACCESS POLICY V2 COMMON CONDITIONS FUNCTIONS ########################################
+//################################ ZPA ACCESS POLICY V2 COMMON CONDITIONS FUNCTIONS ####################################
 //######################################################################################################################
 
 func ExpandPolicyConditionsV2(d *schema.ResourceData) ([]policysetcontrollerv2.PolicyRuleResourceConditions, error) {
@@ -852,7 +852,6 @@ func ExpandPolicyConditionsV2(d *schema.ResourceData) ([]policysetcontrollerv2.P
 		}
 		return conditionSets, nil
 	}
-
 	return []policysetcontrollerv2.PolicyRuleResourceConditions{}, nil
 }
 
@@ -910,7 +909,6 @@ func expandOperandsListV2(ops interface{}) ([]policysetcontrollerv2.PolicyRuleRe
 	return []policysetcontrollerv2.PolicyRuleResourceOperands{}, nil
 }
 
-// flattenConditions flattens the conditions part of the policy rule into a format suitable for Terraform schema.
 func flattenConditionsV2(conditions []policysetcontrollerv2.PolicyRuleResourceConditions) []interface{} {
 	if conditions == nil {
 		return nil
@@ -926,21 +924,20 @@ func flattenConditionsV2(conditions []policysetcontrollerv2.PolicyRuleResourceCo
 	return c
 }
 
-// flattenOperands flattens the operands part of the conditions into a format suitable for Terraform schema.
 func flattenOperandsV2(operands []policysetcontrollerv2.PolicyRuleResourceOperands) []interface{} {
 	if operands == nil {
 		return nil
 	}
 
-	o := make([]interface{}, len(operands)) // Simplified slice initialization
+	o := make([]interface{}, len(operands))
 	for i, operand := range operands {
 		operandMap := make(map[string]interface{})
 		operandMap["object_type"] = operand.ObjectType
 
 		if len(operand.Values) > 0 {
 			operandMap["values"] = operand.Values
 		} else {
-			operandMap["values"] = []interface{}{} // Ensure "values" key exists with an empty slice if no values are present.
+			operandMap["values"] = []interface{}{}
 		}
 
 		entryValues := make([]interface{}, len(operand.EntryValuesLHSRHS))
@@ -954,7 +951,7 @@ func flattenOperandsV2(operands []policysetcontrollerv2.PolicyRuleResourceOperan
 		if len(entryValues) > 0 {
 			operandMap["entry_values"] = entryValues
 		} else {
-			operandMap["entry_values"] = []interface{}{} // Ensure "entry_values" key exists with an empty slice if no entry values are present.
+			operandMap["entry_values"] = []interface{}{}
 		}
 
 		o[i] = operandMap

diff --git a/zpa/resource_zpa_policy_access_forwarding_rule_v2_test.go b/zpa/resource_zpa_policy_access_forwarding_rule_v2_test.go
@@ -134,8 +134,13 @@ data "zpa_idp_controller" "bd_user_okta" {
     name = "BD_Okta_Users"
 }
 
-data "zpa_scim_groups" "contractors" {
-	name     = "Contractors"
+data "zpa_scim_groups" "a000" {
+	name     = "A000"
+	idp_name = "BD_Okta_Users"
+}
+
+data "zpa_scim_groups" "b000" {
+	name     = "B000"
 	idp_name = "BD_Okta_Users"
 }
 
@@ -152,14 +157,18 @@ resource "%s" "%s" {
 			rhs = false
 		  }
 		}
-	  }
+	}
 	conditions {
 	operator = "OR"
 	operands {
 		object_type = "SCIM_GROUP"
 		entry_values {
-		lhs = data.zpa_idp_controller.bd_user_okta.id
-		rhs = data.zpa_scim_groups.contractors.id
+			lhs = data.zpa_idp_controller.bd_user_okta.id
+			rhs = data.zpa_scim_groups.a000.id
+		}
+		entry_values {
+			lhs = data.zpa_idp_controller.bd_user_okta.id
+			rhs = data.zpa_scim_groups.b000.id
 		}
 	}
 	}