feat: ✨Added New ZPA Gateway Resource (#293)

* feat: Added ZPA Gateway Feature

* fix: Fix firewall filtering rule test order

* fix: Fixed acceptance tests

* (feat): Added Forwarding Control ZPA Gateway resource

* (feat): Added Forwarding Control Policy ZPA Gateway Data Source

* fix: fixed zpa gateway drift

* feat: Added ZPA Gateway Resource

* [feat]: ✨Added forward control zpa gateway

* (doc) updated changelog and release-notes

* fix: fix github action workflow

* fix: Fixed linter best practice

* fix: Fixed linter best practice

* fix: Fixed admin users resource

* fix: Fixed admin users resource

* fix: Fixed admin users resource

.github/workflows/reuse-zia-tests.yml

@@ -14,6 +14,8 @@ on:
         required: true
       ZIA_CLOUD:
         required: true
+      ZIA_SANDBOX_TOKEN:
+        required: true
       ZIA_ACC_TEST_FORCE_SWEEPERS:
         required: true
       TF_ACC:
@@ -66,15 +68,12 @@ jobs:
           command: |
             make sweep
             go test -v -cover ./zia -v -parallel 30 -timeout 120m
-            go mod vendor && go mod tidy
-            go build ./cli/ziaActivator.go
-            mv ziaActivator /usr/local/bin
             make sweep
-            ziaActivator
         env:
           ZIA_USERNAME: ${{ secrets.ZIA_USERNAME }}
           ZIA_PASSWORD: ${{ secrets.ZIA_PASSWORD }}
           ZIA_API_KEY: ${{ secrets.ZIA_API_KEY }}
           ZIA_CLOUD: ${{ secrets.ZIA_CLOUD }}
+          ZIA_SANDBOX_TOKEN: ${{ secrets.ZIA_SANDBOX_TOKEN }}
           ZIA_ACC_TEST_FORCE_SWEEPERS: ${{ secrets.ZIA_ACC_TEST_FORCE_SWEEPERS }}
           TF_ACC: ${{ secrets.TF_ACC }}

.github/workflows/test.yml

@@ -20,37 +20,45 @@ on:
   workflow_dispatch:
 
 jobs:
-  zs2-tests:
+  zs-beta-tests:
     uses: ./.github/workflows/reuse-zia-tests.yml
     with:
-      environment: ZS2_CLOUD
+      environment: ZS_BETA_CLOUD
     secrets:
       ZIA_USERNAME: ${{ secrets.ZIA_USERNAME }}
       ZIA_PASSWORD: ${{ secrets.ZIA_PASSWORD }}
       ZIA_API_KEY: ${{ secrets.ZIA_API_KEY }}
       ZIA_CLOUD: ${{ secrets.ZIA_CLOUD }}
-      ZIA_ACC_TEST_FORCE_SWEEPERS: ${{ secrets.ZIA_ACC_TEST_FORCE_SWEEPERS }}
+      ZIA_SANDBOX_TOKEN: ${{ secrets.ZIA_SANDBOX_TOKEN }}
       TF_ACC: ${{ secrets.TF_ACC }}
-  zs3-tests:
+      ZIA_ACC_TEST_FORCE_SWEEPERS: ${{ secrets.ZIA_ACC_TEST_FORCE_SWEEPERS }}
+
+  zs2-tests:
     uses: ./.github/workflows/reuse-zia-tests.yml
     with:
-      environment: ZS3_CLOUD
+      environment: ZS2_CLOUD
     secrets:
       ZIA_USERNAME: ${{ secrets.ZIA_USERNAME }}
       ZIA_PASSWORD: ${{ secrets.ZIA_PASSWORD }}
       ZIA_API_KEY: ${{ secrets.ZIA_API_KEY }}
       ZIA_CLOUD: ${{ secrets.ZIA_CLOUD }}
+      ZIA_SANDBOX_TOKEN: ${{ secrets.ZIA_SANDBOX_TOKEN }}
       ZIA_ACC_TEST_FORCE_SWEEPERS: ${{ secrets.ZIA_ACC_TEST_FORCE_SWEEPERS }}
       TF_ACC: ${{ secrets.TF_ACC }}
-  zs-beta-tests:
+    needs:
+      - zs-beta-tests
+
+  zs3-tests:
     uses: ./.github/workflows/reuse-zia-tests.yml
     with:
-      environment: ZS_BETA_CLOUD
+      environment: ZS3_CLOUD
     secrets:
       ZIA_USERNAME: ${{ secrets.ZIA_USERNAME }}
       ZIA_PASSWORD: ${{ secrets.ZIA_PASSWORD }}
       ZIA_API_KEY: ${{ secrets.ZIA_API_KEY }}
       ZIA_CLOUD: ${{ secrets.ZIA_CLOUD }}
-      TF_ACC: ${{ secrets.TF_ACC }}
+      ZIA_SANDBOX_TOKEN: ${{ secrets.ZIA_SANDBOX_TOKEN }}
       ZIA_ACC_TEST_FORCE_SWEEPERS: ${{ secrets.ZIA_ACC_TEST_FORCE_SWEEPERS }}
-
+      TF_ACC: ${{ secrets.TF_ACC }}
+    needs:
+      - zs-beta-tests

.goreleaser.yml

@@ -3,40 +3,40 @@
 before:
   hooks:
     # this is just an example and not a requirement for provider building/publishing
-    - go mod vendor && go mod tidy
+    - go mod tidy
 builds:
-- env:
-    # goreleaser does not work with CGO, it could also complicate
-    # usage by users in CI/CD systems like Terraform Cloud where
-    # they are unable to install libraries.
-    - CGO_ENABLED=0
-  mod_timestamp: '{{ .CommitTimestamp }}'
-  flags:
-    - -trimpath
-  ldflags:
-    - '-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}'
-  goos:
-    - freebsd
-    - windows
-    - linux
-    - darwin
-  goarch:
-    - amd64
-    - '386'
-    - arm
-    - arm64
-  ignore:
-    - goos: darwin
-      goarch: '386'
-  binary: '{{ .ProjectName }}_v{{ .Version }}'
+  - env:
+      # goreleaser does not work with CGO, it could also complicate
+      # usage by users in CI/CD systems like Terraform Cloud where
+      # they are unable to install libraries.
+      - CGO_ENABLED=0
+    mod_timestamp: "{{ .CommitTimestamp }}"
+    flags:
+      - -trimpath
+    ldflags:
+      - "-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}"
+    goos:
+      - freebsd
+      - windows
+      - linux
+      - darwin
+    goarch:
+      - amd64
+      - "386"
+      - arm
+      - arm64
+    ignore:
+      - goos: darwin
+        goarch: "386"
+    binary: "{{ .ProjectName }}_v{{ .Version }}"
 archives:
-- format: zip
-  name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}'
+  - format: zip
+    name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
 checksum:
   extra_files:
-    - glob: 'terraform-registry-manifest.json'
-      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
-  name_template: '{{ .ProjectName }}_{{ .Version }}_SHA256SUMS'
+    - glob: "terraform-registry-manifest.json"
+      name_template: "{{ .ProjectName }}_{{ .Version }}_manifest.json"
+  name_template: "{{ .ProjectName }}_{{ .Version }}_SHA256SUMS"
   algorithm: sha256
 signs:
   - artifacts: checksum
@@ -53,8 +53,8 @@ signs:
 release:
   # Visit your project's GitHub Releases page to publish this release.
   extra_files:
-    - glob: 'terraform-registry-manifest.json'
-      name_template: '{{ .ProjectName }}_{{ .Version }}_manifest.json'
+    - glob: "terraform-registry-manifest.json"
+      name_template: "{{ .ProjectName }}_{{ .Version }}_manifest.json"
   # If you want to manually examine the release before its live, uncomment this line:
   # github:
   #   owner: zscaler

CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## 2.7.0 (December, xx 2023)
+
+### Notes
+
+- Release date: **(December, xx 2023)**
+- Supported Terraform version: **v1.x**
+
+### Enhancements
+
+NEW - RESOURCES, DATA SOURCES
+
+- [PR #293](https://github.com/zscaler/terraform-provider-zia/pull/293) - ✨ Added support for ZIA 🆕 Custom ZPA Gateway for use with Forwarding Control policy to forward traffic to ZPA for Source IP Anchoring.
+- [PR #294](https://github.com/zscaler/terraform-provider-zia/pull/294) - ✨ Added support for ZIA 🆕 Forwarding Control Rule configuration.
+
 ## 2.6.6 (November, 23 2023)
 
 ### Notes
@@ -647,4 +661,4 @@ The  following resources are supported:
 
 - Static IP: Added ``ForceNew`` option to ``ip_address`` in the schema, so the resource will be destroyed and recreated [PR#40](https://github.com/zscaler/terraform-provider-zia/pull/40)
 
-- VPN Credentials: Added ``ForceNew`` option to ``type`` in the schema, so the resource will be destroyed and recreated if the type of the VPN resource needs to be changed from ``IP`` to ``UFQDN`` and vice-versa [PR#41](https://github.com/zscaler/terraform-provider-zia/pull/41)
+- VPN Credentials: Added ``ForceNew`` option to ``type`` in the schema, so the resource will be destroyed and recreated if the type of the VPN resource needs to be changed from ``IP`` to ``UFQDN`` and vice-versa [PR#41](https://github.com/zscaler/terraform-provider-zia/pull/41)

GNUmakefile

@@ -21,7 +21,6 @@ TESTARGS?=-test.v
 default: build
 
 dep: # Download required dependencies
-	go mod tidy
 
 build: fmtcheck
 	go install
@@ -46,15 +45,14 @@ testacc:
 build13: GOOS=$(shell go env GOOS)
 build13: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
-build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.6.6/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.7.0/$(GOOS)_$(GOARCH)
 else
-build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.6.6/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.7.0/$(GOOS)_$(GOARCH)
 endif
 build13: fmtcheck
-	go mod tidy && go mod vendor
 	@echo "==> Installing plugin to $(DESTINATION)"
 	@mkdir -p $(DESTINATION)
-	go build -o $(DESTINATION)/terraform-provider-zia_v2.6.6
+	go build -o $(DESTINATION)/terraform-provider-zia_v2.7.0
 
 vet:
 	@echo "==> Checking source code against go vet and staticcheck"
@@ -74,9 +72,15 @@ fmtcheck:
 errcheck:
 	@sh -c "'$(CURDIR)/scripts/errcheck.sh'"
 
-fmt-docs:
-	@echo "✓ Formatting code samples in documentation"
-	@terrafmt fmt -p '*.md' .
+tools:
+	@which $(GOFMT) || go install mvdan.cc/[email protected]
+	@which $(TFPROVIDERLINT) || go install github.com/bflad/tfproviderlint/cmd/[email protected]
+	@which $(STATICCHECK) || go install honnef.co/go/tools/cmd/[email protected]
+
+tools-update:
+	@go install mvdan.cc/[email protected]
+	@go install github.com/bflad/tfproviderlint/cmd/[email protected]
+	@go install honnef.co/go/tools/cmd/[email protected]
 
 vendor-status:
 	@govendor status
@@ -89,41 +93,6 @@ test-compile:
 	fi
 	go test -c $(TEST) $(TESTARGS)
 
-lint:
-	@echo "==> Checking source code against linters..."
-	@$(TFPROVIDERLINT) \
-		-c 1 \
-		-AT001 \
-    -R004 \
-		-S001 \
-		-S002 \
-		-S003 \
-		-S004 \
-		-S005 \
-		-S007 \
-		-S008 \
-		-S009 \
-		-S010 \
-		-S011 \
-		-S012 \
-		-S013 \
-		-S014 \
-		-S015 \
-		-S016 \
-		-S017 \
-		-S019 \
-		./$(PKG_NAME)
-
-tools:
-	@which $(GOFMT) || go install mvdan.cc/[email protected]
-	@which $(TFPROVIDERLINT) || go install github.com/bflad/tfproviderlint/cmd/[email protected]
-	@which $(STATICCHECK) || go install honnef.co/go/tools/cmd/[email protected]
-
-tools-update:
-	@go install mvdan.cc/[email protected]
-	@go install github.com/bflad/tfproviderlint/cmd/[email protected]
-	@go install honnef.co/go/tools/cmd/[email protected]
-
 ziaActivator: GOOS=$(shell go env GOOS)
 ziaActivator: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
@@ -144,10 +113,15 @@ ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO)))
 endif
 	@$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME)
 
+website-lint:
+	@echo "==> Checking website against linters..."
+	@misspell -error -source=text website/
+
 website-test:
 ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO)))
 	echo "$(WEBSITE_REPO) not found in your GOPATH (necessary for layouts and assets), get-ting..."
 	git clone https://$(WEBSITE_REPO) $(GOPATH)/src/$(WEBSITE_REPO)
 endif
 	@$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider-test PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME)
+
 .PHONY: build test testacc vet fmt fmtcheck errcheck tools vendor-status test-compile website-lint website website-test

docs/data-sources/zia_forwarding_control_zpa_gateway.md

@@ -0,0 +1,41 @@
+---
+subcategory: "Forwarding Control Policy"
+layout: "zscaler"
+page_title: "ZIA): forwarding_control_zpa_gateway"
+description: |-
+  Get information about forwarding control zpa gateway used in IP Source Anchoring.
+
+---
+# Data Source: forwarding_control_zpa_gateway
+
+Use the **forwarding_control_zpa_gateway** data source to get information about a forwarding control zpa gateway used in IP Source Anchoring integration between Zscaler Internet Access and Zscaler Private Access. This data source can then be associated with a ZIA Forwarding Control Rule.
+
+## Example Usage
+
+```hcl
+# ZIA Forwarding Control - ZPA Gateway
+data "zia_forwarding_control_zpa_gateway" "this" {
+  name = "ZPA_GW01"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) The name of the forwarding control ZPA Gateway to be exported.
+* `id` - (Optional) The ID of the forwarding control ZPA Gateway resource.
+
+## Attribute Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `description` - (string) - Additional details about the ZPA gateway
+* `last_modified_by` - (list) -  Information about the admin user that last modified the ZPA gateway
+  * `id` - (int) - Identifier that uniquely identifies an entity
+  * `name` - (string) - The configured name of the entity
+* `last_modified_time` - (int) - Timestamp when the ZPA gateway was last modified
+* `type` - (string) - Indicates whether the ZPA gateway is configured for Zscaler Internet Access (using option ZPA) or Zscaler Cloud Connector (using option ECZPA)
+* `zpa_server_group` - () - The ZPA Server Group that is configured for Source IP Anchoring
+  * `external_id` - (string) An external identifier used for an entity that is managed outside of ZIA. Examples include zpaServerGroup and zpaAppSegments. This field is not applicable to ZIA-managed entities.
+  * `name` - (string) The configured name of the entity

docs/guides/release-notes.md

@@ -12,10 +12,24 @@ description: |-
 Track all ZIA Terraform provider's releases. New resources, features, and bug fixes will be tracked here.
 
 ---
-``Last updated: v2.6.6``
+``Last updated: v2.7.0``
 
 ---
 
+## 2.7.0 (December, xx 2023)
+
+### Notes
+
+- Release date: **(December, xx 2023)**
+- Supported Terraform version: **v1.x**
+
+### Enhancements
+
+NEW - RESOURCES, DATA SOURCES
+
+- [PR #293](https://github.com/zscaler/terraform-provider-zia/pull/293) - ✨ Added support for ZIA 🆕 Custom ZPA Gateway for use with Forwarding Control policy to forward traffic to ZPA for Source IP Anchoring.
+- [PR #294](https://github.com/zscaler/terraform-provider-zia/pull/294) - ✨ Added support for ZIA 🆕 Forwarding Control Rule configuration.
+
 ## 2.6.6 (November, 23 2023)
 
 ### Notes
@@ -746,4 +760,4 @@ The  following resources are supported:
 - New Data Source: data_source_zia_url_filtering_rules 🆕
 - New Data Source: data_source_zia_user_management_departments 🆕
 - New Data Source: data_source_zia_user_management_groups 🆕
-- New Data Source: data_source_zia_user_management_users 🆕
+- New Data Source: data_source_zia_user_management_users 🆕