Skip to content

Commit

Permalink
Fix: Fixed Drift within pra_application attribute in zpa_policy_crede…
Browse files Browse the repository at this point in the history
…ntial_access_rule (#491)
  • Loading branch information
willguibr authored Sep 23, 2024
1 parent bf55dfe commit 0922d72
Show file tree
Hide file tree
Showing 9 changed files with 81 additions and 76 deletions.
12 changes: 12 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,17 @@
# Changelog

## 3.33.4 (September, 23 2024)

### Notes

- Release date: **(September, 23 2024)**
- Supported Terraform version: **v1.x**

### Bug Fixes
- [PR #492](/~https://github.com/zscaler/terraform-provider-zpa/pull/492) - Fixed drift within attribute `zpa_policy_credential_access_rule`.
- [PR #492](/~https://github.com/zscaler/terraform-provider-zpa/pull/492) - Fixed detachement function within `zpa_segment_group`
~> **NOTE** This fix does not affect existing configurations.

## 3.33.3 (September, 18 2024)

### Notes
Expand Down
6 changes: 3 additions & 3 deletions GNUmakefile
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,14 @@ test\:integration\:zpa:
build13: GOOS=$(shell go env GOOS)
build13: GOARCH=$(shell go env GOARCH)
ifeq ($(OS),Windows_NT) # is Windows_NT on XP, 2000, 7, Vista, 10...
build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.3/$(GOOS)_$(GOARCH)
build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.4/$(GOOS)_$(GOARCH)
else
build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.3/$(GOOS)_$(GOARCH)
build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.4/$(GOOS)_$(GOARCH)
endif
build13: fmtcheck
@echo "==> Installing plugin to $(DESTINATION)"
@mkdir -p $(DESTINATION)
go build -o $(DESTINATION)/terraform-provider-zpa_v3.33.3
go build -o $(DESTINATION)/terraform-provider-zpa_v3.33.4

vet:
@echo "==> Checking source code against go vet and staticcheck"
Expand Down
14 changes: 13 additions & 1 deletion docs/guides/release-notes.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,22 @@ Track all ZPA Terraform provider's releases. New resources, features, and bug fi

---

``Last updated: v3.33.3``
``Last updated: v3.33.4``

---

## 3.33.4 (September, 23 2024)

### Notes

- Release date: **(September, 23 2024)**
- Supported Terraform version: **v1.x**

### Bug Fixes
- [PR #492](/~https://github.com/zscaler/terraform-provider-zpa/pull/492) - Fixed drift within attribute `zpa_policy_credential_access_rule`.
- [PR #492](/~https://github.com/zscaler/terraform-provider-zpa/pull/492) - Fixed detachement function within `zpa_segment_group`
~> **NOTE** This fix does not affect existing configurations.

## 3.33.3 (September, 18 2024)

### Notes
Expand Down
1 change: 1 addition & 0 deletions zpa/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -1227,6 +1227,7 @@ func ConvertV1ResponseToV2Request(v1Response policysetcontrollerv2.PolicyRuleRes
PolicySetID: v1Response.PolicySetID,
Operator: v1Response.Operator,
CustomMsg: v1Response.CustomMsg,
MicroTenantID: v1Response.MicroTenantID,
ZpnIsolationProfileID: v1Response.ZpnIsolationProfileID,
ZpnInspectionProfileID: v1Response.ZpnInspectionProfileID,
Conditions: make([]policysetcontrollerv2.PolicyRuleResourceConditions, 0),
Expand Down
13 changes: 7 additions & 6 deletions zpa/resource_zpa_policy_access_timeout_rule_v2.go
Original file line number Diff line number Diff line change
Expand Up @@ -301,7 +301,13 @@ func resourcePolicyTimeoutRuleV2Update(d *schema.ResourceData, meta interface{})

func resourcePolicyTimeoutRuleV2Delete(d *schema.ResourceData, meta interface{}) error {
zClient := meta.(*Client)

service := zClient.PolicySetControllerV2

microTenantID := GetString(d.Get("microtenant_id"))
if microTenantID != "" {
service = service.WithMicroTenant(microTenantID)
}

// Assume "TIMEOUT_POLICY" is the policy type for this resource. Adjust as needed.
policySetID, err := fetchPolicySetIDByType(zClient, "TIMEOUT_POLICY", microTenantID)
Expand All @@ -311,13 +317,8 @@ func resourcePolicyTimeoutRuleV2Delete(d *schema.ResourceData, meta interface{})

log.Printf("[INFO] Deleting policy set rule with id %v\n", d.Id())

service := zClient.PolicySetControllerV2
if microTenantID != "" {
service = service.WithMicroTenant(microTenantID)
}

if _, err := policysetcontrollerv2.Delete(service, policySetID, d.Id()); err != nil {
return err
return fmt.Errorf("failed to delete policy timeout rule: %w", err)
}

return nil
Expand Down
11 changes: 5 additions & 6 deletions zpa/resource_zpa_policy_capabilities_access_rule.go
Original file line number Diff line number Diff line change
Expand Up @@ -307,21 +307,20 @@ func resourcePolicyCapabilitiesAccessRuleUpdate(d *schema.ResourceData, meta int

func resourcePolicyCapabilitiesAccessRuleDelete(d *schema.ResourceData, meta interface{}) error {
zClient := meta.(*Client)
service := zClient.PolicySetControllerV2

microTenantID := GetString(d.Get("microtenant_id"))
if microTenantID != "" {
service = service.WithMicroTenant(microTenantID)
}

// Assume "CAPABILITIES_POLICY" is the policy type for this resource. Adjust as needed.
policySetID, err := fetchPolicySetIDByType(zClient, "CAPABILITIES_POLICY", microTenantID)
if err != nil {
return err
}

log.Printf("[INFO] Deleting policy set rule with id %v\n", d.Id())

service := zClient.PolicySetControllerV2
if microTenantID != "" {
service = service.WithMicroTenant(microTenantID)
}

if _, err := policysetcontrollerv2.Delete(service, policySetID, d.Id()); err != nil {
return err
}
Expand Down
22 changes: 16 additions & 6 deletions zpa/resource_zpa_policy_credential_access_rule.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package zpa

import (
"fmt"
"log"
"net/http"

Expand Down Expand Up @@ -213,6 +214,15 @@ func resourcePolicyCredentialAccessRuleRead(d *schema.ResourceData, meta interfa
_ = d.Set("conditions", flattenConditionsV2(v2PolicyRule.Conditions))
_ = d.Set("credential", flattenCredential(resp.Credential))

// Ensure microtenant_id is being correctly set in state
if v2PolicyRule.MicroTenantID != "" {
log.Printf("[INFO] Setting microtenant_id in state: %s\n", v2PolicyRule.MicroTenantID)
_ = d.Set("microtenant_id", v2PolicyRule.MicroTenantID)
} else {
log.Printf("[WARN] microtenant_id is empty in response.")
_ = d.Set("microtenant_id", "")
}

return nil
}

Expand Down Expand Up @@ -259,7 +269,12 @@ func resourcePolicyCredentialAccessRuleUpdate(d *schema.ResourceData, meta inter

func resourcePolicyCredentialAccessRuleDelete(d *schema.ResourceData, meta interface{}) error {
zClient := meta.(*Client)
service := zClient.PolicySetControllerV2

microTenantID := GetString(d.Get("microtenant_id"))
if microTenantID != "" {
service = service.WithMicroTenant(microTenantID)
}

policySetID, err := fetchPolicySetIDByType(zClient, "CREDENTIAL_POLICY", microTenantID)
if err != nil {
Expand All @@ -268,13 +283,8 @@ func resourcePolicyCredentialAccessRuleDelete(d *schema.ResourceData, meta inter

log.Printf("[INFO] Deleting policy credential rule with id %v\n", d.Id())

service := zClient.PolicySetControllerV2
if microTenantID != "" {
service = service.WithMicroTenant(microTenantID)
}

if _, err := policysetcontrollerv2.Delete(service, policySetID, d.Id()); err != nil {
return err
return fmt.Errorf("failed to delete policy credential rule: %w", err)
}

return nil
Expand Down
1 change: 1 addition & 0 deletions zpa/resource_zpa_pra_portal_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ func resourcePRAPortalController() *schema.Resource {
"certificate_id": {
Type: schema.TypeString,
Optional: true,
Computed: true,
Description: "The unique identifier of the certificate",
},
"user_notification": {
Expand Down
77 changes: 23 additions & 54 deletions zpa/resource_zpa_segment_group.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ import (

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
client "github.com/zscaler/zscaler-sdk-go/v2/zpa"
"github.com/zscaler/zscaler-sdk-go/v2/zpa/services"
"github.com/zscaler/zscaler-sdk-go/v2/zpa/services/policysetcontroller"
"github.com/zscaler/zscaler-sdk-go/v2/zpa/services/segmentgroup"
)

Expand Down Expand Up @@ -178,53 +180,38 @@ func resourceSegmentGroupUpdate(d *schema.ResourceData, meta interface{}) error
return resourceSegmentGroupRead(d, meta)
}

/*
func detachSegmentGroupFromAllPolicyRules(id string, policySetControllerService *services.Service) {
func detachSegmentGroupFromAllPolicyRules(d *schema.ResourceData, policySetControllerService *services.Service) {
policyRulesDetchLock.Lock()
defer policyRulesDetchLock.Unlock()
var rules []policysetcontroller.PolicyRule
types := []string{"ACCESS_POLICY", "TIMEOUT_POLICY", "SIEM_POLICY", "CLIENT_FORWARDING_POLICY", "INSPECTION_POLICY"}
for _, t := range types {
policySet, _, err := policysetcontroller.GetByPolicyType(policySetControllerService, t)
if err != nil {
continue
}
r, _, err := policysetcontroller.GetAllByType(policySetControllerService, t)
if err != nil {
continue
}
for _, rule := range r {
rule.PolicySetID = policySet.ID
rules = append(rules, rule)
}
accessPolicySet, _, err := policysetcontroller.GetByPolicyType(policySetControllerService, "ACCESS_POLICY")
if err != nil {
return
}
rules, _, err := policysetcontroller.GetAllByType(policySetControllerService, "ACCESS_POLICY")
if err != nil {
return
}
for _, rule := range rules {
ids := []policysetcontroller.AppConnectorGroups{}
changed := false
for i, condition := range rule.Conditions {
operands := []policysetcontroller.Operands{}
for _, op := range condition.Operands {
if op.ObjectType == "APP_GROUP" && op.LHS == "id" && op.RHS == id {
changed = true
continue
}
operands = append(operands, op)
for _, app := range rule.AppConnectorGroups {
if app.ID == d.Id() {
changed = true
continue
}
rule.Conditions[i].Operands = operands
}
if len(rule.Conditions) == 0 {
rule.Conditions = []policysetcontroller.Conditions{}
ids = append(ids, policysetcontroller.AppConnectorGroups{
ID: app.ID,
})
}
rule.AppConnectorGroups = ids
if changed {
if _, err := policysetcontroller.UpdateRule(policySetControllerService, rule.PolicySetID, rule.ID, &rule); err != nil {
microTenantID := GetString(d.Get("microtenant_id"))
if _, err := policysetcontroller.UpdateRule(policySetControllerService.WithMicroTenant(microTenantID), accessPolicySet.ID, rule.ID, &rule); err != nil {
continue
}
}
}
}
*/

func resourceSegmentGroupDelete(d *schema.ResourceData, meta interface{}) error {
zClient := meta.(*Client)
Expand All @@ -243,34 +230,16 @@ func resourceSegmentGroupDelete(d *schema.ResourceData, meta interface{}) error
log.Printf("[INFO] Deleting app connector group ID: %v\n", d.Id())

//detach app connector group from all access policy rules
detachAppConnectorGroupFromAllAccessPolicyRules(d, policySetControllerService)
detachSegmentGroupFromAllPolicyRules(d, policySetControllerService)

if _, err := segmentgroup.Delete(service, d.Id()); err != nil {
return err
}
d.SetId("")
log.Printf("[INFO] app connector group deleted")
log.Printf("[INFO] segment group deleted")
return nil
}

// func resourceSegmentGroupDelete(d *schema.ResourceData, meta interface{}) error {
// zClient := meta.(*Client)
// microTenantID := GetString(d.Get("microtenant_id"))
// policySetControllerService := zClient.PolicySetController.WithMicroTenant(microTenantID)
// service := zClient.SegmentGroup.WithMicroTenant(microTenantID)

// log.Printf("[INFO] Deleting segment group ID: %v\n", d.Id())

// detachSegmentGroupFromAllPolicyRules(d.Id(), policySetControllerService)

// if _, err := segmentgroup.Delete(service, d.Id()); err != nil {
// return err
// }
// d.SetId("")
// log.Printf("[INFO] segment group deleted")
// return nil
// }

func expandSegmentGroup(d *schema.ResourceData) segmentgroup.SegmentGroup {
segmentGroup := segmentgroup.SegmentGroup{
ID: d.Id(),
Expand Down

0 comments on commit 0922d72

Please sign in to comment.