feat: Added support to Policy Access Redirection rule resource

CHANGELOG.md

@@ -1,10 +1,22 @@
 # Changelog
 
-## 3.1.0 (January, 17 2023)
+## 3.10.0 (February, 13 2024)
 
 ### Notes
 
-- Release date: **(January, 17 2023)**
+- Release date: **(February, 13 2024)**
+- Supported Terraform version: **v1.x**
+
+### Enhacements
+
+- [PR #418](https://github.com/zscaler/terraform-provider-zpa/pull/418) - ✨ Added support for ZPA Policy Access Redirection Rule
+  - **NOTE** This feature is in limited availability. Contact Zscaler Support to enable this feature for your organization.
+
+## 3.1.0 (January, 17 2024)
+
+### Notes
+
+- Release date: **(January, 17 2024)**
 - Supported Terraform version: **v1.x**
 
 ### Enhacements

docs/guides/release-notes.md

@@ -12,15 +12,27 @@ Track all ZPA Terraform provider's releases. New resources, features, and bug fi
 
 ---
 
-``Last updated: v3.1.0``
+``Last updated: v3.10.0``
 
 ---
 
-## 3.1.0 (January, 17 2023) - Unreleased
+## 3.10.0 (February, 13 2024)
 
 ### Notes
 
-- Release date: **(January, 17 2023)**
+- Release date: **(February, 13 2024)**
+- Supported Terraform version: **v1.x**
+
+### Enhacements
+
+- [PR #418](https://github.com/zscaler/terraform-provider-zpa/pull/418) - ✨ Added support for ZPA Policy Access Redirection Rule
+  - **NOTE** This feature is in limited availability. Contact Zscaler Support to enable this feature for your organization.
+
+## 3.1.0 (January, 17 2024)
+
+### Notes
+
+- Release date: **(January, 17 2024)**
 - Supported Terraform version: **v1.x**
 
 ### Enhacements

docs/resources/zpa_policy_redirection_rule.md

@@ -0,0 +1,106 @@
+---
+subcategory: "Policy Set Controller"
+layout: "zscaler"
+page_title: "ZPA: zpa_policy_redirection_rule"
+description: |-
+  Creates and manages ZPA Policy Access Redirection Rule.
+---
+
+# Resource: zpa_policy_redirection_rule
+
+The **zpa_policy_redirection_rule** resource creates and manages policy access redirection rule in the Zscaler Private Access cloud.
+
+  ⚠️ **WARNING:**: The attribute ``rule_order`` is now deprecated in favor of the new resource  [``policy_access_rule_reorder``](zpa_policy_access_rule_reorder.md)
+
+## Example Usage
+
+```hcl
+# Get Redirection Access Policy ID
+data "zpa_policy_type" "this" {
+  policy_type = "REDIRECTION_POLICY"
+}
+
+# Get Service Edge Group ID
+data "zpa_service_edge_group" "this" {
+ name = "Example"
+}
+
+#Create Policy Access Rule
+resource "zpa_policy_redirection_rule" "this" {
+  name                          = "Example"
+  description                   = "Example"
+  action                        = "REDIRECT_ALWAYS"
+  operator = "AND"
+  policy_set_id = data.zpa_policy_type.this.id
+
+  conditions {
+    negated = false
+    operator = "OR"
+    operands {
+      object_type = "CLIENT_TYPE"
+      lhs         = "id"
+      rhs         = "zpn_client_type_branch_connector"
+    }
+    operands {
+      object_type = "CLIENT_TYPE"
+      lhs         = "id"
+      rhs         = "zpn_client_type_edge_connector"
+   }
+  }
+  service_edge_groups {
+    id = [ data.zpa_service_edge_group.this.id ]
+  }
+}
+```
+
+### Required
+
+* `name` - (Required) This is the name of the policy rule.
+* `policy_set_id` - (Required) Use [zpa_policy_type](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_policy_type) data source to retrieve the necessary policy Set ID ``policy_set_id``
+
+## Attributes Reference
+
+* `action` (Optional) This is for providing the rule action. Supported values: ``REDIRECT_DEFAULT``, ``REDIRECT_PREFERRED``, and ``REDIRECT_ALWAYS``
+* `description` (Optional) This is the description of the access policy rule.
+* `operator` (Optional) Supported values: ``AND``, ``OR``
+* `rule_order` - (Deprecated)
+
+  ⚠️ **WARNING:**: The attribute ``rule_order`` is now deprecated in favor of the new resource  [``policy_access_rule_reorder``](zpa_policy_access_rule_reorder.md)
+
+* `conditions` - (Optional)
+  * `negated` - (Optional) Supported values: ``true`` or ``false``
+  * `operator` (Optional) Supported values: ``AND``, and ``OR``
+
+  * `operands` (Optional) - Operands block must be repeated if multiple per `object_type` conditions are to be added to the rule.
+    * `name` (Optional)
+    * `lhs` (Optional) LHS must always carry the string value ``id`` or the attribute ID of the resource being associated with the rule.
+    * `rhs` (Optional) RHS is either the ID attribute of a resource or fixed string value. Refer to the chart below for further details.
+    * `idp_id` (Optional)
+    * `object_type` (Optional) This is for specifying the policy critiera. Supported values: `CLIENT_TYPE`
+    * `CLIENT_TYPE` (Optional) - The below options are the only ones supported in an access policy rule.
+      * `zpn_client_type_machine_tunnel`
+      * `zpn_client_type_edge_connector`
+      * `zpn_client_type_zapp`
+      * `zpn_client_type_branch_connector`
+
+* `service_edge_groups`
+  * `id` - (Optional) The ID of an service edge group resource
+
+## Import
+
+Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language.
+[Visit](https://github.com/zscaler/zscaler-terraformer)
+
+Policy access rule can be imported by using `<POLICY ACCESS REDIRECTION RULE ID>` as the import ID.
+
+For example:
+
+```shell
+terraform import zpa_policy_redirection_rule.example <policy_access_rule_id>
+```
+
+## LHS and RHS Values
+
+| Object Type | LHS| RHS
+|----------|-----------|----------
+| [CLIENT_TYPE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_access_policy_client_types) | ``"id"`` | ``zpn_client_type_machine_tunnel``, ``zpn_client_type_edge_connector``, ``zpn_client_type_zapp``, ``zpn_client_type_branch_connector``  |

examples/zpa_policy_access_timeout_rule/README.md

@@ -0,0 +1,22 @@
+# Create Policy Timeout Rule
+
+This example will show you how to create a policy timeout rule.
+This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/policy-set-controller).
+
+To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md)
+
+## Run the example
+
+From inside of this directory:
+
+```bash
+terraform init
+terraform plan -out theplan
+terraform apply theplan
+```
+
+## Destroy 💥
+
+```bash
+terraform destroy
+```

examples/zpa_policy_redirection_rule/README.md

@@ -0,0 +1,22 @@
+# Create Policy Redirection Rule
+
+This example will show you how to create a policy redirection rule to allow you to set criteria for preferring ZPA Private Service Edges over ZPA Public Service Edges
+This example codifies [this API](https://help.zscaler.com/zpa/about-redirection-policy).
+
+To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md)
+
+## Run the example
+
+From inside of this directory:
+
+```bash
+terraform init
+terraform plan -out theplan
+terraform apply theplan
+```
+
+## Destroy 💥
+
+```bash
+terraform destroy
+```

examples/zpa_policy_redirection_rule/main.tf

@@ -0,0 +1,36 @@
+data "zpa_policy_type" "this" {
+  policy_type = "REDIRECTION_POLICY"
+}
+
+
+data "zpa_service_edge_group" "this" {
+ name = "Example"
+}
+
+resource "zpa_policy_redirection_rule" "this" {
+  name                          = "Example"
+  description                   = "Example"
+  action                        = "REDIRECT_ALWAYS"
+  operator = "AND"
+  policy_set_id = data.zpa_policy_type.this.id
+
+  conditions {
+    negated = false
+    operator = "OR"
+	    operands {
+            object_type = "CLIENT_TYPE"
+            lhs         = "id"
+            rhs         = "zpn_client_type_branch_connector"
+	}
+	    operands {
+            object_type = "CLIENT_TYPE"
+            lhs         = "id"
+            rhs         = "zpn_client_type_edge_connector"
+	}
+  }
+  service_edge_groups {
+    id = [ data.zpa_service_edge_group.this.id ]
+  }
+}
+
+// ZPA Private Service Edge groups must be empty when the Private Service Edge Selection Method is Default.

examples/zpa_policy_type/datasource.tf

@@ -3,21 +3,21 @@ data "zpa_policy_type" "access_policy" {
     policy_type = "ACCESS_POLICY"
 }
 
-// Get information for "TIMEOUT_POLICY" ID
-data "zpa_policy_type" "timeout_policy" {
-    policy_type = "TIMEOUT_POLICY"
-}
-
-// Get information for "REAUTH_POLICY" ID
-data "zpa_policy_type" "reauth_policy" {
-    policy_type = "REAUTH_POLICY"
+// Get information for "CAPABILITIES_POLICY" ID
+data "zpa_policy_type" "capabilities_policy" {
+    policy_type = "CAPABILITIES_POLICY"
 }
 
 // Get information for "CLIENT_FORWARDING_POLICY" ID
 data "zpa_policy_type" "client_forwarding_policy" {
     policy_type = "CLIENT_FORWARDING_POLICY"
 }
 
+// Get information for "CREDENTIAL_POLICY" ID
+data "zpa_policy_type" "credential_policy" {
+    policy_type = "CREDENTIAL_POLICY"
+}
+
 // Get information for "INSPECTION_POLICY" ID
 data "zpa_policy_type" "inspection_policy" {
     policy_type = "INSPECTION_POLICY"
@@ -26,4 +26,20 @@ data "zpa_policy_type" "inspection_policy" {
 // Get information for "INSPECTION_POLICY" ID
 data "zpa_policy_type" "inspection_policy" {
     policy_type = "ISOLATION_POLICY"
-}
+}
+
+
+// Get information for "REAUTH_POLICY" ID
+data "zpa_policy_type" "reauth_policy" {
+    policy_type = "REAUTH_POLICY"
+}
+
+// Get information for "TIMEOUT_POLICY" ID
+data "zpa_policy_type" "timeout_policy" {
+    policy_type = "TIMEOUT_POLICY"
+}
+
+data "zpa_policy_type" "inspection_policy" {
+    policy_type = "REDIRECTION_POLICY"
+}
+

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/terraform-plugin-docs v0.18.0
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.32.0
-	github.com/zscaler/zscaler-sdk-go/v2 v2.3.8
+	github.com/zscaler/zscaler-sdk-go/v2 v2.3.9
 )
 
 require (

go.sum

@@ -412,8 +412,8 @@ github.com/zclconf/go-cty v1.14.2 h1:kTG7lqmBou0Zkx35r6HJHUQTvaRPr5bIAf3AoHS0izI
 github.com/zclconf/go-cty v1.14.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
-github.com/zscaler/zscaler-sdk-go/v2 v2.3.8 h1:ajdAHp0SSbY5BahC2EfQo/812v2QwpKaDjsnwtYSbAM=
-github.com/zscaler/zscaler-sdk-go/v2 v2.3.8/go.mod h1:v8TLsPbVlQ3kAvGs8sIWsuhSAVggLbowiyDzaGYPWKg=
+github.com/zscaler/zscaler-sdk-go/v2 v2.3.9 h1:7EcMIOKJqHABJonOdQEE/i4zjmGnZtxvr4O5woPJy9w=
+github.com/zscaler/zscaler-sdk-go/v2 v2.3.9/go.mod h1:v8TLsPbVlQ3kAvGs8sIWsuhSAVggLbowiyDzaGYPWKg=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=

zpa/data_source_zpa_policy_type.go

@@ -62,6 +62,7 @@ func dataSourcePolicyType() *schema.Resource {
 					"CLIENT_FORWARDING_POLICY", "BYPASS_POLICY",
 					"ISOLATION_POLICY", "INSPECTION_POLICY",
 					"SIEM_POLICY", "CREDENTIAL_POLICY", "CAPABILITIES_POLICY",
+					"REDIRECTION_POLICY",
 				}, false),
 			},
 			"rules": {

zpa/provider.go

@@ -73,6 +73,7 @@ func ZPAProvider() *schema.Provider {
 			"zpa_policy_timeout_rule":                      resourcePolicyTimeoutRule(),
 			"zpa_policy_forwarding_rule":                   resourcePolicyForwardingRule(),
 			"zpa_policy_isolation_rule":                    resourcePolicyIsolationRule(),
+			"zpa_policy_redirection_rule":                  resourcePolicyRedictionRule(),
 			"zpa_provisioning_key":                         resourceProvisioningKey(),
 			"zpa_service_edge_group":                       resourceServiceEdgeGroup(),
 			"zpa_lss_config_controller":                    resourceLSSConfigController(),