feat: Added ZPA Emergency Access resource (#434)

* feat: Added ZPA Emergency Access resource

* Fix Policy Access v2 tests

* doc: Updated changelog and release-notes

CHANGELOG.md

@@ -1,35 +1,39 @@
 # Changelog
 
-## 3.2.0 (March, xx 2024)
+## 3.2.0 (March, 27 2024)
 
 ### Notes
 
-- Release date: **(March, xx 2024)**
+- Release date: **(March, 27 2024)**
 - Supported Terraform version: **v1.x**
 
 ### NEW - RESOURCES, DATA SOURCES, PROPERTIES, ATTRIBUTES:
 
 ### NEW RESOURCES AND DATASOURCES:
-* New datasource: `zpa_pra_approval_controller` retrieve Privileged Remote Access Approval [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/425)
-* New resource: `zpa_pra_approval_controller` manages Privileged Remote Access Approval [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/425)
-* New datasource: `zpa_pra_portal_controller` retrieve Privileged Remote Access Portal [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/425)
-* New resource: `zpa_pra_portal_controller` manages Privileged Remote Access Portal [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/425)
-* New datasource: `zpa_pra_credential_controller` retrieve Privileged Remote Access Credential [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/425)
-* New resource: `zpa_pra_credential_controller` manages Privileged Remote Access Credential [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/425)
-* New datasource: `zpa_pra_console_controller` retrieve Privileged Remote Access Console [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/425)
-* New resource: `zpa_pra_console_controller` manages Privileged Remote Access Console [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/425)
+* New datasource: `zpa_pra_approval_controller` retrieve Privileged Remote Access Approval [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
+* New resource: `zpa_pra_approval_controller` manages Privileged Remote Access Approval [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
+* New datasource: `zpa_pra_portal_controller` retrieve Privileged Remote Access Portal [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
+* New resource: `zpa_pra_portal_controller` manages Privileged Remote Access Portal [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
+* New datasource: `zpa_pra_credential_controller` retrieve Privileged Remote Access Credential [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
+* New resource: `zpa_pra_credential_controller` manages Privileged Remote Access Credential [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
+* New datasource: `zpa_pra_console_controller` retrieve Privileged Remote Access Console [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
+* New resource: `zpa_pra_console_controller` manages Privileged Remote Access Console 
+[PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
 * New Resources: Introduced new Policy Access resources that are managed via a new `v2` API endpoint:
   - `zpa_policy_access_rule_v2` manages access policy rule via `v2` API endpoint [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
   - `zpa_policy_forwarding_rule_v2` manages access policy forwarding rule via `v2` API endpoint [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
   - `zpa_policy_isolation_rule_v2` manages access policy isolation rule via `v2` API endpoint [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
   - `zpa_policy_inspection_rule_v2` manages access policy inspection rule via `v2` API endpoint [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
   - `zpa_policy_timeout_rule_v2` manages access policy timeout rule via `v2` API endpoint [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
-  - `zpa_policy_redirection_rule` manages redirection access policy via `v2` API endpoint [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/425)
+  - `zpa_policy_redirection_rule` manages redirection access policy via `v2` API endpoint [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
   - `zpa_policy_credential_rule` manages access policy credential rule via `v2` API endpoint [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
   - `zpa_policy_capabilities_rule` manages access policy capabilities rule via `v2` API endpoint [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)
 
     ⚠️ **WARNING:**: Notice that any Access Policy `v2` is a new resource and uses a different HCL format structure. If you decide to migrate to the new v2 resources, notice that this is considered a breaking change and must be done carefully. This warning only applies for those with existing `v1` Access Policy HCL format structure.
 
+[PR #434](/~https://github.com/zscaler/terraform-provider-zpa/pull/434)
+* New resource: `zpa_emergency_access_user` manages Emergency Access Users 
+
 ### NEW PROPERTIES
 * New Properties: The resource `zpa_ba_certificate` now displays the attributes `valid_from_in_epochsec` and `valid_to_in_epochsec` in human readable `RFC1123` format
 * New Properties: The provider now includes support to `ZPATWO` cloud [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)

docs/guides/release-notes.md

@@ -16,11 +16,11 @@ Track all ZPA Terraform provider's releases. New resources, features, and bug fi
 
 ---
 
-## 3.2.0 (March, xx 2024)
+## 3.2.0 (March, 27 2024)
 
 ### Notes
 
-- Release date: **(March, xx 2024)**
+- Release date: **(March, 27 2024)**
 - Supported Terraform version: **v1.x**
 
 ### NEW - RESOURCES, DATA SOURCES, PROPERTIES, ATTRIBUTES:
@@ -46,6 +46,9 @@ Track all ZPA Terraform provider's releases. New resources, features, and bug fi
 
     ⚠️ **WARNING:**: Notice that any Access Policy `v2` is a new resource and uses a different HCL format structure. If you decide to migrate to the new v2 resources, notice that this is considered a breaking change and must be done carefully. This warning only applies for those with existing `v1` Access Policy HCL format structure.
 
+[PR #434](/~https://github.com/zscaler/terraform-provider-zpa/pull/434)
+* New resource: `zpa_emergency_access_user` manages Emergency Access Users 
+
 ### NEW PROPERTIES
 * New Properties: The resource `zpa_ba_certificate` now displays the attributes `valid_from_in_epochsec` and `valid_to_in_epochsec` in human readable `RFC1123` format
 * New Properties: The provider now includes support to `ZPATWO` cloud [PR #432](/~https://github.com/zscaler/terraform-provider-zpa/pull/432)

docs/index.md

@@ -40,14 +40,14 @@ provider "zpa" {
   zpa_customer_id       = "xxxxxxxxxxxxxxxx"
 }
 
-resouce "zpa_application_segment" "app_segment" {
+resouce "zpa_application_segment" "this" {
   # ...
 }
 ```
 
 ## Example Usage ZPA Beta, GOV, GOVUS, Preview, and Dev Cloud
 
-For customers who want to use this provider with ZPA Beta, Gov, Preview, and Dev Cloud, the following variable credentials `zpa_cloud` followed by the value `BETA`, `GOV`, `GOVUS`, or `PREVIEW` values or via environment variable `ZPA_CLOUD=BETA`, `ZPA_CLOUD=GOV`, `ZPA_CLOUD=GOVUS`, `ZPA_CLOUD=PREVIEW`, `ZPA_CLOUD=DEV`are required.
+For customers who want to use this provider with ZPA Beta, Gov, Preview, and Dev Cloud, the following variable credentials `zpa_cloud` followed by the value `BETA`, `ZPATWO`, `GOV`, `GOVUS`, or `PREVIEW` values or via environment variable `ZPA_CLOUD=BETA`, `ZPA_CLOUD=ZPATWO`, `ZPA_CLOUD=GOV`, `ZPA_CLOUD=GOVUS`, `ZPA_CLOUD=PREVIEW`, `ZPA_CLOUD=DEV`are required.
 
 ```hcl
 # Configure ZPA provider source and version

docs/resources/zpa_emergency_access_user.md

@@ -0,0 +1,36 @@
+---
+subcategory: "Emergency Access"
+layout: "zscaler"
+page_title: "ZPA: emergency_access_user"
+description: |-
+  Creates and manages emergency access users.
+---
+
+# Resource: zpa_emergency_access_user
+
+The **zpa_emergency_access_user** Create emergency access users with permissions limited to privileged approvals in the specified IdP that is enabled for emergency access.
+
+## Example Usage
+
+```hcl
+resource "zpa_emergency_access_user" "this" {
+    email_id = "usertest@example.com"
+    first_name = "User"
+    last_name = "Test"
+    user_id = "usertest"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `email_id` - (Required) The email address of the emergency access user, as provided by the admin
+* `first_name` - (Required) The first name of the emergency access user.
+* `last_name` - (Required) The last name of the emergency access user, as provided by the admin
+* `user_id` - (Required) The unique identifier of the emergency access user.
+
+## Import
+
+The `zpa_emergency_access_user` do not support resource import.
+

go.sum

@@ -34,6 +34,8 @@ dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
 dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak=
+github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/Kunde21/markdownfmt/v3 v3.1.0 h1:KiZu9LKs+wFFBQKhrZJrFZwtLnCCWJahL+S+E/3VnM0=
 github.com/Kunde21/markdownfmt/v3 v3.1.0/go.mod h1:tPXN1RTyOzJwhfHoon9wUr4HGYmWgVxSQN6VBJDkrVc=
@@ -86,6 +88,8 @@ github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQ
 github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
 github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZlaQsNA=
 github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8=
+github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4=
+github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
@@ -133,6 +137,8 @@ github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lK
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
+github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
 github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
 github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
@@ -291,6 +297,8 @@ github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHW
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dvMUtDTo2cv8=
+github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg=
 github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
 github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4=
 github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
@@ -353,6 +361,10 @@ github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLA
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA=
 github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU=
+github.com/okta/okta-sdk-golang/v2 v2.20.0 h1:EDKM+uOPfihOMNwgHMdno+NAsIfyXkVnoFAYVPay0YU=
+github.com/okta/okta-sdk-golang/v2 v2.20.0/go.mod h1:FMy5hN5G8Rd/VoS0XrfyPPhIfOVo78ZK7lvwiQRS2+U=
+github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627 h1:pSCLCl6joCFRnjpeojzOpEYs4q7Vditq8fySFG5ap3Y=
+github.com/patrickmn/go-cache v0.0.0-20180815053127-5633e0862627/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
 github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4=
 github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI=

zpa/common/resourcetype/resource_type.go

@@ -16,6 +16,7 @@ const (
 	ZPACBIBannerController             = "zpa_cloud_browser_isolation_banner"
 	ZPACBICertificate                  = "zpa_cloud_browser_isolation_certificate"
 	ZPACBIExternalIsolationProfile     = "zpa_cloud_browser_isolation_external_profile"
+	ZPAEmergencyAccess                 = "zpa_emergency_access_user"
 	ZPAPolicyType                      = "zpa_policy_type"
 	ZPAPolicyAccessRule                = "zpa_policy_access_rule"
 	ZPAPolicyAccessRuleV2              = "zpa_policy_access_rule_v2"

zpa/common/testing/variable/variable.go

@@ -192,3 +192,10 @@ const (
 	PraConsoleEnabled           = true
 	PraIconText                 = "RDP Console"
 )
+
+// Console Controller
+const (
+	EmgFirstName = "User"
+	EmgLastName  = "Test01"
+	EmgUserID    = "usertest02"
+)

zpa/config.go

@@ -21,6 +21,7 @@ import (
 	"github.com/zscaler/zscaler-sdk-go/v2/zpa/services/cloudbrowserisolation/isolationprofile"
 	"github.com/zscaler/zscaler-sdk-go/v2/zpa/services/cloudconnectorgroup"
 	"github.com/zscaler/zscaler-sdk-go/v2/zpa/services/customerversionprofile"
+	"github.com/zscaler/zscaler-sdk-go/v2/zpa/services/emergencyaccess"
 	"github.com/zscaler/zscaler-sdk-go/v2/zpa/services/enrollmentcert"
 	"github.com/zscaler/zscaler-sdk-go/v2/zpa/services/idpcontroller"
 	"github.com/zscaler/zscaler-sdk-go/v2/zpa/services/inspectioncontrol/inspection_custom_controls"
@@ -70,6 +71,7 @@ type Client struct {
 	cloudconnectorgroup            cloudconnectorgroup.Service
 	customerversionprofile         customerversionprofile.Service
 	clienttypes                    clienttypes.Service
+	emergencyaccess                emergencyaccess.Service
 	enrollmentcert                 enrollmentcert.Service
 	idpcontroller                  idpcontroller.Service
 	inspection_custom_controls     inspection_custom_controls.Service
@@ -138,6 +140,7 @@ func (c *Config) Client() (*Client, error) {
 		clienttypes:                    *clienttypes.New(zpaClient),
 		cloudconnectorgroup:            *cloudconnectorgroup.New(zpaClient),
 		customerversionprofile:         *customerversionprofile.New(zpaClient),
+		emergencyaccess:                *emergencyaccess.New(zpaClient),
 		enrollmentcert:                 *enrollmentcert.New(zpaClient),
 		idpcontroller:                  *idpcontroller.New(zpaClient),
 		inspection_custom_controls:     *inspection_custom_controls.New(zpaClient),

zpa/provider.go

@@ -65,6 +65,7 @@ func ZPAProvider() *schema.Provider {
 			"zpa_cloud_browser_isolation_certificate":      resourceCBICertificates(),
 			"zpa_cloud_browser_isolation_external_profile": resourceCBIExternalProfile(),
 			"zpa_cloud_browser_isolation_banner":           resourceCBIBanners(),
+			"zpa_emergency_access_user":                    resourceEmergencyAccess(),
 			"zpa_segment_group":                            resourceSegmentGroup(),
 			"zpa_server_group":                             resourceServerGroup(),
 			"zpa_policy_access_rule_reorder":               resourcePolicyAccessRuleReorder(),

zpa/resource_zpa_cloud_browser_isolation_banner_test.go

@@ -141,51 +141,3 @@ data "%s" "%s" {
 		resourcetype.ZPACBIBannerController, resourceName,
 	)
 }
-
-/*
-func testAccCheckCBIBannerConfigure(resourceTypeAndName, generatedName, primaryColor, textColor, notificationTitle, NotificationText string, banner, persist bool, logo string) string {
-	return fmt.Sprintf(`
-// cbi banner resource
-%s
-
-data "%s" "%s" {
-  id = "${%s.id}"
-}
-`,
-		// resource variables
-		CBIBannerResourceHCL(generatedName, primaryColor, textColor, notificationTitle, NotificationText, banner, persist, logo),
-
-		// data source variables
-		resourcetype.ZPACBIBannerController,
-		generatedName,
-		resourceTypeAndName,
-	)
-}
-
-func CBIBannerResourceHCL(generatedName, primaryColor, textColor, notificationTitle, NotificationText string, banner, persist bool, logo string) string {
-	return fmt.Sprintf(`
-resource "%s" "%s" {
-	name = "tf-acc-test-%s"
-	primary_color = "%s"
-	text_color = "%s"
-	notification_title = "%s"
-	notification_text = "%s"
-	banner = "%s"
-	persist = "%s"
-	logo = "%s"
-}
-`,
-		// resource variables
-		resourcetype.ZPACBIBannerController,
-		generatedName,
-		generatedName,
-		primaryColor,
-		textColor,
-		notificationTitle,
-		NotificationText,
-		strconv.FormatBool(banner),
-		strconv.FormatBool(persist),
-		logo,
-	)
-}
-*/