fix: Added zia_url_filtering_rule new attribute source_ip_groups and …

…SDK upgrade to v2.5.0 (#340)

* fix: Added zia_url_filtering_rule new attribute source_ip_groups and SDK upgrade to v2.5.0
* fix: Updated GNUmakefile and gitignore
* fix: Readjusted go test parallel to 1

.gitignore

@@ -52,4 +52,6 @@ dist/
 goreleaser.sh
 local_dev/
 local_dev/*
-my.secrets
+my.secrets
+coverage.out
+coverage.html

CHANGELOG.md

@@ -1,5 +1,17 @@
 # Changelog
 
+## 2.8.3 (May, 7 2024)
+
+### Notes
+
+- Release date: **(May, 7 2024)**
+- Supported Terraform version: **v1.x**
+
+### Enhancements
+
+- [PR #340](https://github.com/zscaler/terraform-provider-zia/340) - Added new ZIA URL Filtering Rule attribute `source_ip_groups` to resources: `zia_url_filtering_rules` and `zia_dlp_web_rules`
+- [PR #340](https://github.com/zscaler/terraform-provider-zia/340) - Upgraded to [Zscaler-GO-SDK v2.5.0](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.5.0)
+
 ## 2.8.21 (April, 8 2024)
 
 ### Notes

GNUmakefile

@@ -40,14 +40,14 @@ sweep:
 
 test:
 	echo $(TEST) | \
-		xargs -t -n4 go test $(TESTARGS) $(TEST_FILTER) -timeout=30s -parallel=10
+		xargs -t -n4 go test $(TESTARGS) $(TEST_FILTER) -timeout=30s -parallel=1
 
 testacc:
 	TF_ACC=1 go test $(TEST) $(TESTARGS) $(TEST_FILTER) -timeout 120m
 
 test\:integration\:zia:
 	@echo "$(COLOR_ZSCALER)Running zia integration tests...$(COLOR_NONE)"
-	@TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 20 -timeout 120m
+	@TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 1 -timeout 120m
 	go tool cover -html=coverage.out -o coverage.html
 
 # Default set of integration tests to run for ZscalerOne
@@ -116,7 +116,7 @@ integration_tests := $(subst $(space),\|,$(INTEGRATION_TESTS))
 # Target to run integration tests for ZscalerOne
 test\:integration\:zscalerone:
 	@echo "Running integration tests for ZscalerOne..."
-	@TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 20 -timeout 120m -run ^$(integration_tests)$$
+	@TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 1 -timeout 120m -run ^$(integration_tests)$$
 	go tool cover -html=coverage.out -o coverage.html
 
 # Default set of integration tests to run for ZscalerOne
@@ -188,20 +188,20 @@ integration_zs2_tests := $(subst $(space),\|,$(ZS_INTEGRATION_TESTS))
 # Target to run integration tests for ZscalerTwo
 test\:integration\:zscalertwo:
 	@echo "Running integration tests for ZscalerTwo..."
-	@TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 20 -timeout 120m -run ^$(integration_zs2_tests)$$
+	@TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 1 -timeout 120m -run ^$(integration_zs2_tests)$$
 	go tool cover -html=coverage.out -o coverage.html
 
 build13: GOOS=$(shell go env GOOS)
 build13: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
-build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.8.23/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.8.3/$(GOOS)_$(GOARCH)
 else
-build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.8.23/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.8.3/$(GOOS)_$(GOARCH)
 endif
 build13: fmtcheck
 	@echo "==> Installing plugin to $(DESTINATION)"
 	@mkdir -p $(DESTINATION)
-	go build -o $(DESTINATION)/terraform-provider-zia_v2.8.23
+	go build -o $(DESTINATION)/terraform-provider-zia_v2.8.3
 
 coverage: test
 	@echo "✓ Opening coverage for unit tests ..."

docs/guides/release-notes.md

@@ -12,10 +12,22 @@ description: |-
 Track all ZIA Terraform provider's releases. New resources, features, and bug fixes will be tracked here.
 
 ---
-``Last updated: v2.8.21``
+``Last updated: v2.8.3``
 
 ---
 
+## 2.8.3 (May, 7 2024)
+
+### Notes
+
+- Release date: **(May, 7 2024)**
+- Supported Terraform version: **v1.x**
+
+### Enhancements
+
+- [PR #340](https://github.com/zscaler/terraform-provider-zia/340) - Added new ZIA URL Filtering Rule attribute `source_ip_groups` to resources: `zia_url_filtering_rules` and `zia_dlp_web_rules`
+- [PR #340](https://github.com/zscaler/terraform-provider-zia/340) - Upgraded to [Zscaler-GO-SDK v2.5.0](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.5.0)
+
 ## 2.8.21 (April, 8 2024)
 
 ### Notes

docs/resources/zia_dlp_web_rules.md

@@ -208,9 +208,12 @@ The following arguments are supported:
 * `time_windows` - (Optional) The Name-ID pairs of time windows to which the DLP policy rule must be applied. Maximum of up to `2` time intervals. When not used it implies `always` to apply the rule to all time intervals.
   * `id` - (Optional) Identifier that uniquely identifies an entity
 
-* `labels` The Name-ID pairs of rule labels associated to the DLP policy rule.
+* `labels` - (List of Object) The Name-ID pairs of rule labels associated to the DLP policy rule.
   * `id` - (Optional) Identifier that uniquely identifies an entity
 
+* `source_ip_groups` - (List of Object) The source ip groups to which the DLP policy rule applies
+  * `id` - (Optional) Source IP address groups for which the rule is applicable.
+
 * `icap_server` The DLP server, using ICAP, to which the transaction content is forwarded.
   * `id` - (Optional) Identifier that uniquely identifies an entity
 

docs/resources/zia_url_filtering_rules.md

@@ -110,12 +110,15 @@ The following arguments are supported:
 * `override_groups` - (List of Object) Name-ID pairs of users for which this rule can be overridden. Applicable only if blockOverride is set to `true`, action is `BLOCK` and overrideGroups is not set.If this overrideUsers is not set, `BLOCK` action can be overridden for any group.
   * `id` - (Optional) Identifier that uniquely identifies an entity
 
-* `location_groups` - (List of Object) The location groups to which the Firewall Filtering policy rule applies
+* `location_groups` - (List of Object) The location groups to which the URL Filtering policy rule applies
   * `id` - (Optional) Identifier that uniquely identifies an entity
 
-* `labels`
+* `labels` - (List of Object) The rule labels to which the URL Filtering policy rule applies
   * `id` - (Optional) Identifier that uniquely identifies an entity
 
+* `source_ip_groups` - (List of Object) The source ip groups to which the URL Filtering policy rule applies
+  * `id` - (Optional) Source IP address groups for which the rule is applicable.
+
 * `workload_groups` (Optional) The list of preconfigured workload groups to which the policy must be applied
   * `id` - (Optional) A unique identifier assigned to the workload group
   * `name` - (Optional) The name of the workload group

go.mod

@@ -2,7 +2,7 @@ module github.com/zscaler/terraform-provider-zia/v2
 
 go 1.21
 
-toolchain go1.22.0
+toolchain go1.22.2
 
 require (
 	github.com/biter777/countries v1.7.4
@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/go-hclog v1.6.3
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0
-	github.com/zscaler/zscaler-sdk-go/v2 v2.4.35
+	github.com/zscaler/zscaler-sdk-go/v2 v2.5.0
 )
 
 require (
@@ -59,7 +59,7 @@ require (
 	golang.org/x/mod v0.15.0 // indirect
 	golang.org/x/net v0.23.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect
 	google.golang.org/grpc v1.61.1 // indirect

go.sum

@@ -387,8 +387,8 @@ github.com/zclconf/go-cty v1.14.2 h1:kTG7lqmBou0Zkx35r6HJHUQTvaRPr5bIAf3AoHS0izI
 github.com/zclconf/go-cty v1.14.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
-github.com/zscaler/zscaler-sdk-go/v2 v2.4.35 h1:+fDOsg3m9IrWX2unV3/9880lLJZVHtxIlTmVEAGqvhU=
-github.com/zscaler/zscaler-sdk-go/v2 v2.4.35/go.mod h1:tkYuT8WhbBCr/0itvRY123NiYp82V/BLN9it0BY48Gw=
+github.com/zscaler/zscaler-sdk-go/v2 v2.5.0 h1:HMbSSdsdtOpbSXw7+zvgqeRVLu888Ofasm7/IiFiFWI=
+github.com/zscaler/zscaler-sdk-go/v2 v2.5.0/go.mod h1:fg09cxBT9mpphzOPpE0iGBpOudhbwPtFAtNkBoXTJ54=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -548,8 +548,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

version

@@ -1 +1 @@
-2.8.21
+2.8.3

zia/common/version.go

@@ -1,6 +1,6 @@
 package common
 
-var version = "2.8.21"
+var version = "2.8.3"
 
 // Version returns version of provider
 func Version() string {

zia/data_source_zia_dlp_web_rules.go

@@ -368,6 +368,32 @@ func dataSourceDlpWebRules() *schema.Resource {
 					},
 				},
 			},
+			"source_ip_groups": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: "The Name-ID pairs of Source IP Groups associated to the DLP policy rule.",
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:        schema.TypeInt,
+							Computed:    true,
+							Description: "Identifier that uniquely identifies an entity",
+						},
+						"name": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: "Identifier that uniquely identifies an entity",
+						},
+						"extensions": {
+							Type:     schema.TypeMap,
+							Computed: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+					},
+				},
+			},
 			"dlp_download_scan_enabled": {
 				Type:        schema.TypeBool,
 				Computed:    true,
@@ -651,6 +677,9 @@ func dataSourceDlpWebRulesRead(d *schema.ResourceData, m interface{}) error {
 		if err := d.Set("labels", flattenIDExtensions(resp.Labels)); err != nil {
 			return err
 		}
+		if err := d.Set("source_ip_groups", flattenIDExtensions(resp.SourceIpGroups)); err != nil {
+			return err
+		}
 		if err := d.Set("excluded_groups", flattenIDExtensions(resp.ExcludedGroups)); err != nil {
 			return err
 		}

zia/data_source_zia_url_filtering_rules.go

@@ -297,6 +297,29 @@ func dataSourceURLFilteringRules() *schema.Resource {
 					},
 				},
 			},
+			"source_ip_groups": {
+				Type:     schema.TypeList,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"id": {
+							Type:     schema.TypeInt,
+							Computed: true,
+						},
+						"name": {
+							Type:     schema.TypeString,
+							Computed: true,
+						},
+						"extensions": {
+							Type:     schema.TypeMap,
+							Computed: true,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+						},
+					},
+				},
+			},
 			"devices": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -606,7 +629,9 @@ func dataSourceURLFilteringRulesRead(d *schema.ResourceData, m interface{}) erro
 		if err := d.Set("labels", flattenIDNameExtensions(resp.Labels)); err != nil {
 			return err
 		}
-
+		if err := d.Set("source_ip_groups", flattenIDNameExtensions(resp.SourceIPGroups)); err != nil {
+			return err
+		}
 		if err := d.Set("last_modified_by", flattenLastModifiedBy(resp.LastModifiedBy)); err != nil {
 			return err
 		}

zia/resource_zia_dlp_web_rules.go

@@ -217,6 +217,7 @@ func resourceDlpWebRules() *schema.Resource {
 			"dlp_engines":              setIDsSchemaTypeCustom(intPtr(4), "The list of DLP engines to which the DLP policy rule must be applied."),
 			"time_windows":             setIDsSchemaTypeCustom(intPtr(2), "list of time interval during which rule must be enforced."),
 			"labels":                   setIDsSchemaTypeCustom(intPtr(1), "list of Labels that are applicable to the rule."),
+			"source_ip_groups":         setIDsSchemaTypeCustom(nil, "list of source ip groups"),
 			"url_categories":           setIDsSchemaTypeCustom(nil, "The list of URL categories to which the DLP policy rule must be applied."),
 			"auditor":                  setSingleIDSchemaTypeCustom("The auditor to which the DLP policy rule must be applied."),
 			"notification_template":    setSingleIDSchemaTypeCustom("The template used for DLP notification emails."),
@@ -425,6 +426,9 @@ func resourceDlpWebRulesRead(d *schema.ResourceData, m interface{}) error {
 	if err := d.Set("excluded_users", flattenIDExtensions(resp.ExcludedUsers)); err != nil {
 		return err
 	}
+	if err := d.Set("source_ip_groups", flattenIDs(resp.SourceIpGroups)); err != nil {
+		return err
+	}
 	if err := d.Set("workload_groups", flattenWorkloadGroups(resp.WorkloadGroups)); err != nil {
 		return fmt.Errorf("error setting workload_groups: %s", err)
 	}
@@ -581,6 +585,7 @@ func expandDlpWebRules(d *schema.ResourceData) dlp_web_rules.WebDLPRules {
 		ExcludedUsers:            expandIDNameExtensionsSet(d, "excluded_groups"),
 		ExcludedGroups:           expandIDNameExtensionsSet(d, "excluded_departments"),
 		ExcludedDepartments:      expandIDNameExtensionsSet(d, "excluded_users"),
+		SourceIpGroups:           expandIDNameExtensionsSet(d, "source_ip_groups"),
 		IncludedDomainProfiles:   expandIDNameExtensionsSet(d, "included_domain_profiles"),
 		ExcludedDomainProfiles:   expandIDNameExtensionsSet(d, "excluded_domain_profiles"),
 		WorkloadGroups:           expandWorkloadGroups(d, "workload_groups"),

zia/resource_zia_url_filtering_rules.go

@@ -186,12 +186,13 @@ func resourceURLFilteringRules() *schema.Resource {
 			"departments":            setIDsSchemaTypeCustom(intPtr(8), "Name-ID pairs of departments for which rule must be applied"),
 			"users":                  setIDsSchemaTypeCustom(intPtr(4), "Name-ID pairs of users for which rule must be applied"),
 			"time_windows":           setIDsSchemaTypeCustom(nil, "Name-ID pairs of time interval during which rule must be enforced."),
-			"override_users":         setIDsSchemaTypeCustom(nil, "Name-ID pairs of users for which this rule can be overridden."),
+			"override_users":         setIDsSchemaTypeCustom(intPtr(4), "Name-ID pairs of users for which this rule can be overridden."),
 			"override_groups":        setIDsSchemaTypeCustom(intPtr(8), "Name-ID pairs of groups for which this rule can be overridden."),
 			"device_groups":          setIDsSchemaTypeCustom(nil, "This field is applicable for devices that are managed using Zscaler Client Connector."),
 			"devices":                setIDsSchemaTypeCustom(nil, "Name-ID pairs of devices for which rule must be applied."),
 			"location_groups":        setIDsSchemaTypeCustom(intPtr(32), "Name-ID pairs of the location groups to which the rule must be applied."),
 			"labels":                 setIDsSchemaTypeCustom(nil, "The URL Filtering rule's label."),
+			"source_ip_groups":       setIDsSchemaTypeCustom(nil, "list of source ip groups"),
 			"workload_groups":        setIdNameSchemaCustom(255, "The list of preconfigured workload groups to which the policy must be applied"),
 			"device_trust_levels":    getDeviceTrustLevels(),
 			"user_risk_score_levels": getUserRiskScoreLevels(),
@@ -411,6 +412,9 @@ func resourceURLFilteringRulesRead(d *schema.ResourceData, m interface{}) error
 	if err := d.Set("devices", flattenIDs(resp.Devices)); err != nil {
 		return err
 	}
+	if err := d.Set("source_ip_groups", flattenIDs(resp.SourceIPGroups)); err != nil {
+		return err
+	}
 	if err := d.Set("workload_groups", flattenWorkloadGroups(resp.WorkloadGroups)); err != nil {
 		return fmt.Errorf("error setting workload_groups: %s", err)
 	}
@@ -554,6 +558,7 @@ func expandURLFilteringRules(d *schema.ResourceData) urlfilteringpolicies.URLFil
 		Labels:         expandIDNameExtensionsSet(d, "labels"),
 		DeviceGroups:   expandIDNameExtensionsSet(d, "device_groups"),
 		Devices:        expandIDNameExtensionsSet(d, "devices"),
+		SourceIPGroups: expandIDNameExtensionsSet(d, "source_ip_groups"),
 		WorkloadGroups: expandWorkloadGroups(d, "workload_groups"),
 		CBIProfile:     expandCBIProfile(d),
 	}

zia/version.go

@@ -1,4 +1,4 @@
 package zia
 
 // ProviderVersion is set at build-time in the release process
-var ProviderVersion = "2.8.21"
+var ProviderVersion = "2.8.3"