From 986dbb2f349b961e1fc85be7064ce5ea4ba45c2d Mon Sep 17 00:00:00 2001 From: William Guilherme Date: Sun, 18 Aug 2024 18:10:08 -1000 Subject: [PATCH] Fix: Added Validation for zia_forwarding_control_rule (#366) * Fix: Added Validation for zia_forwarding_control_rule * gh: Disabled ZIA_ZS2 and ZIA_ZS3 workflows * fix: Added new functionality paramenters to datasource zia_traffic_forwarding_gre_vip_recommended_list * Fix: Fixed Web DLP Rule test --- .github/workflows/zia-test.yml | 6 +- CHANGELOG.md | 53 ++++++--- GNUmakefile | 14 +-- ...fic_forwarding_gre_vip_recommended_list.md | 36 +++++- docs/guides/release-notes.md | 79 ++++++++----- go.mod | 2 +- go.sum | 4 +- zia/common/version.go | 2 +- ...fic_forwarding_gre_vip_recommended_list.go | 77 +++++++++++-- zia/resource_zia_auth_settings_urls.go | 10 ++ zia/resource_zia_dlp_web_rules_test.go | 33 ++---- zia/resource_zia_forwarding_control_rule.go | 109 +++++++++--------- zia/resource_zia_security_policy_settings.go | 10 ++ zia/resource_zia_url_categories.go | 10 +- zia/utils.go | 24 ++++ zia/version.go | 2 +- 16 files changed, 315 insertions(+), 156 deletions(-) diff --git a/.github/workflows/zia-test.yml b/.github/workflows/zia-test.yml index a8ab875a..f5d5b582 100644 --- a/.github/workflows/zia-test.yml +++ b/.github/workflows/zia-test.yml @@ -94,9 +94,9 @@ jobs: environment: # - ZIA_ZSCLOUD - ZIA_ZS0 - - ZIA_ZS1 - - ZIA_ZS2 - - ZIA_ZS3 + # - ZIA_ZS1 + # - ZIA_ZS2 + # - ZIA_ZS3 environment: ${{ matrix.environment }} steps: - name: Checkout code diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f6db0e2..475ede08 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,26 @@ # Changelog +## 3.0.2 (August, xx 2024) + +### Notes + +- Release date: **(August, xx 2024)** +- Supported Terraform version: **v1.x** + +### Bug Fixes + +- [PR #366](https://github.com/zscaler/terraform-provider-zia/pull/366) - Implemented runtime validation for resource: `zia_forwarding_control_rule`. The provider now validates incompatible attributes during the plan and apply stages at the schema level. +- [PR #366](https://github.com/zscaler/terraform-provider-zia/pull/366) - Fixed the datasource `zia_traffic_forwarding_gre_vip_recommended_list` to allow Geo location information override when needed. The datasource now supports the following optional attributes: + - `routable_ip` - (Boolean) The routable IP address. + - `within_country_only` - (Boolean) Search within country only. + - `include_private_service_edge` - (Boolean) Include ZIA Private Service Edge VIPs. + - `include_current_vips` - (Boolean) Include currently assigned VIPs. + - `latitude` - (Number) The latitude coordinate of the GRE tunnel source. + - `longitude` - (Number) The longitude coordinate of the GRE tunnel source. + - `subcloud` - (String) The longitude coordinate of the GRE tunnel source. + +- [PR #366](https://github.com/zscaler/terraform-provider-zia/pull/366) - Added centralized semaphore functionality to manipulate concurrent request limitations. + ## 3.0.1 (August, 13 2024) ### Notes @@ -9,11 +30,11 @@ ### Bug Fixes -- [PR #365](https://github.com/zscaler/terraform-provider-zia/365) - Fixed `ports` attribute in `zia_location_management` resource to support `TypeSet` with elements of `TypeInt`. +- [PR #365](https://github.com/zscaler/terraform-provider-zia/pull/365) - Fixed `ports` attribute in `zia_location_management` resource to support `TypeSet` with elements of `TypeInt`. ### Documentation -- [PR #365](https://github.com/zscaler/terraform-provider-zia/365) - Updated documentation for resources: `zia_location_management` and `zia_cloud_app_control_rule` +- [PR #365](https://github.com/zscaler/terraform-provider-zia/pull/365) - Updated documentation for resources: `zia_location_management` and `zia_cloud_app_control_rule` ## 3.0.0 (August, 12 2024) @@ -24,15 +45,15 @@ ### Enhancements -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Added new resource and datasource `zia_cloud_app_control_rule` for Cloud Application Control rule management. -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Added new datasource `zia_dlp_dictionary_predefined_identifiers` to retrieve DLP Dictionary Hierarchical Identifiers. The information can be used when configuring DLP Dictionary resource attribute `hierarchical_identifiers` to clone predefined dictionaries. -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Added new attribute `hierarchical_identifiers` to `zia_dlp_dictionaries` resource. -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Enhanced `zia_security_settings` to support maximum number of blacklist urls. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Added new resource and datasource `zia_cloud_app_control_rule` for Cloud Application Control rule management. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Added new datasource `zia_dlp_dictionary_predefined_identifiers` to retrieve DLP Dictionary Hierarchical Identifiers. The information can be used when configuring DLP Dictionary resource attribute `hierarchical_identifiers` to clone predefined dictionaries. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Added new attribute `hierarchical_identifiers` to `zia_dlp_dictionaries` resource. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Enhanced `zia_security_settings` to support maximum number of blacklist urls. ### Bug Fixes -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Added Semaphore retry logic to resource ``zia_url_categories`` to assist with rate limiting management. -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Fixed `ports` attribute in `zia_location_management` resource to support `TypeList`. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Added Semaphore retry logic to resource ``zia_url_categories`` to assist with rate limiting management. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Fixed `ports` attribute in `zia_location_management` resource to support `TypeList`. ## 2.91.4 (July, 3 2024) @@ -43,7 +64,7 @@ ### Bug Fixes -- [PR #357](https://github.com/zscaler/terraform-provider-zia/357) - Fixed ``zia_url_filtering_rules`` drift due to attribute conversion ``validatidy_start_time`` and ``validity_end_time``. +- [PR #357](https://github.com/zscaler/terraform-provider-zia/pull/357) - Fixed ``zia_url_filtering_rules`` drift due to attribute conversion ``validatidy_start_time`` and ``validity_end_time``. ## 2.91.3 (July, 2 2024) @@ -54,8 +75,8 @@ ### Bug Fix -- [PR #356](https://github.com/zscaler/terraform-provider-zia/356) - Fixed ``zia_url_filtering_rules`` schema validation to ensure proper validation during plan and apply stages. -- [PR #356](https://github.com/zscaler/terraform-provider-zia/356) - Fixed ``zia_location_management`` drift due to missing `state` attribute in the READ function. +- [PR #356](https://github.com/zscaler/terraform-provider-zia/pull/356) - Fixed ``zia_url_filtering_rules`` schema validation to ensure proper validation during plan and apply stages. +- [PR #356](https://github.com/zscaler/terraform-provider-zia/pull/356) - Fixed ``zia_location_management`` drift due to missing `state` attribute in the READ function. ## 2.91.2 (July, 2 2024) @@ -66,7 +87,7 @@ ### Bug Fix -- [PR #356](https://github.com/zscaler/terraform-provider-zia/356) - Fixed ``zia_url_filtering_rules`` schema validation to ensure proper validation during plan and apply stages. +- [PR #356](https://github.com/zscaler/terraform-provider-zia/pull/356) - Fixed ``zia_url_filtering_rules`` schema validation to ensure proper validation during plan and apply stages. ## 2.91.1 (June, 29 2024) @@ -77,8 +98,8 @@ ### Bug Fix -- [PR #354](https://github.com/zscaler/terraform-provider-zia/354) - Fixed go.mod and go.sum -- [PR #354](https://github.com/zscaler/terraform-provider-zia/354) - Fixed computed attributes in the schema +- [PR #354](https://github.com/zscaler/terraform-provider-zia/pull/354) - Fixed go.mod and go.sum +- [PR #354](https://github.com/zscaler/terraform-provider-zia/pull/354) - Fixed computed attributes in the schema ## 2.91.0 (June, 19 2024) @@ -89,7 +110,7 @@ ### BREAKING CHANGES and ENHACEMENTS -- [PR #350](https://github.com/zscaler/terraform-provider-zia/350) +- [PR #350](https://github.com/zscaler/terraform-provider-zia/pull/350) - `zia_url_filtering_rules` - The provider now explicitly validates during the plan and apply stages which attributes can be set based on the `action` value. - `zia_url_filtering_rules` - The provider now allows for the use of `RFC1123` date and time format i.e `Sun, 16 Jun 2024 15:04:05 UTC` when setting the attributes `validity_start_time` and `validity_end_time` instead of the native epoch unix format. @@ -104,7 +125,7 @@ ### Internal Changes -- [PR #350](https://github.com/zscaler/terraform-provider-zia/350) - Upgraded to [Zscaler-SDK-GO](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.61.0). The upgrade supports easier ZIA API Client instantiation for existing and new resources. +- [PR #350](https://github.com/zscaler/terraform-provider-zia/pull/350) - Upgraded to [Zscaler-SDK-GO](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.61.0). The upgrade supports easier ZIA API Client instantiation for existing and new resources. - [PR #350](https://github.com/zscaler/terraform-provider-zpa/pull/350) Upgraded ``releaser.yml`` to [GoReleaser v6](https://github.com/goreleaser/goreleaser-action/releases/tag/v6.0.0) ## 2.9.0 (May, 22 2024) - BREAKING CHANGE diff --git a/GNUmakefile b/GNUmakefile index e798d222..eff9a3fa 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -40,14 +40,14 @@ sweep: test: echo $(TEST) | \ - xargs -t -n4 go test $(TESTARGS) $(TEST_FILTER) -timeout=30s -parallel=1 + xargs -t -n4 go test $(TESTARGS) $(TEST_FILTER) -timeout=30s -parallel=5 testacc: TF_ACC=1 go test $(TEST) $(TESTARGS) $(TEST_FILTER) -timeout 120m test\:integration\:zia: @echo "$(COLOR_ZSCALER)Running zia integration tests...$(COLOR_NONE)" - @TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 1 -timeout 120m + @TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 5 -timeout 120m go tool cover -html=coverage.out -o coverage.html # Default set of integration tests to run for ZscalerOne @@ -118,7 +118,7 @@ integration_tests := $(subst $(space),\|,$(INTEGRATION_TESTS)) # Target to run integration tests for ZscalerOne test\:integration\:zscalerone: @echo "Running integration tests for ZscalerOne..." - @TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 1 -timeout 120m -run ^$(integration_tests)$$ + @TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 5 -timeout 120m -run ^$(integration_tests)$$ go tool cover -html=coverage.out -o coverage.html # Default set of integration tests to run for ZscalerOne @@ -190,20 +190,20 @@ integration_zs2_tests := $(subst $(space),\|,$(ZS_INTEGRATION_TESTS)) # Target to run integration tests for ZscalerTwo test\:integration\:zscalertwo: @echo "Running integration tests for ZscalerTwo..." - @TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 1 -timeout 120m -run ^$(integration_zs2_tests)$$ + @TF_ACC=1 go test -v -race -cover -coverprofile=coverage.out -covermode=atomic ./zia -parallel 5 -timeout 120m -run ^$(integration_zs2_tests)$$ go tool cover -html=coverage.out -o coverage.html build13: GOOS=$(shell go env GOOS) build13: GOARCH=$(shell go env GOARCH) ifeq ($(OS),Windows_NT) # is Windows_NT on XP, 2000, 7, Vista, 10... -build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/3.0.1/$(GOOS)_$(GOARCH) +build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/3.0.2/$(GOOS)_$(GOARCH) else -build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/3.0.1/$(GOOS)_$(GOARCH) +build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/3.0.2/$(GOOS)_$(GOARCH) endif build13: fmtcheck @echo "==> Installing plugin to $(DESTINATION)" @mkdir -p $(DESTINATION) - go build -o $(DESTINATION)/terraform-provider-zia_v3.0.1 + go build -o $(DESTINATION)/terraform-provider-zia_v3.0.2 coverage: test @echo "✓ Opening coverage for unit tests ..." diff --git a/docs/data-sources/zia_traffic_forwarding_gre_vip_recommended_list.md b/docs/data-sources/zia_traffic_forwarding_gre_vip_recommended_list.md index aa6c2957..98abb55b 100644 --- a/docs/data-sources/zia_traffic_forwarding_gre_vip_recommended_list.md +++ b/docs/data-sources/zia_traffic_forwarding_gre_vip_recommended_list.md @@ -19,7 +19,18 @@ data "zia_traffic_forwarding_gre_vip_recommended_list" "this"{ source_ip = "1.1.1.1" required_count = 2 } +``` + +## Example Usage - With Overridden Geo Coordinates +```hcl +# ZIA Traffic Forwarding - GRE VIP Recommended List +data "zia_traffic_forwarding_gre_vip_recommended_list" "this"{ + source_ip = "1.1.1.1" + required_count = 2 + latitude = 22.2914 + longitude = 114.1445 +} ``` ## Argument Reference @@ -32,9 +43,26 @@ The following arguments are supported: ## Attribute Reference -In addition to all arguments above, the following attributes are exported: +In addition to all arguments above, the following optional attributes can be used to manipulate the recommended list filtering: * `source_ip` - (String) The public source IP address. -* `virtual_ip` - (String) GRE cluster virtual IP address (VIP) -* `private_service_edge` - (Boolean) Set to true if the virtual IP address (VIP) is a ZIA Private Service Edge -* `datacenter` - (String) Data center information +* `routable_ip` - (Boolean) The routable IP address. +* `within_country_only` - (Boolean) Search within country only. +* `include_private_service_edge` - (Boolean) Include ZIA Private Service Edge VIPs. +* `include_current_vips` - (Boolean) Include currently assigned VIPs. +* `latitude` - (Number) The latitude coordinate of the GRE tunnel source. +* `longitude` - (Number) The longitude coordinate of the GRE tunnel source. +* `subcloud` - (String) The longitude coordinate of the GRE tunnel source. + +In addition to all arguments above, the following optional attributes are exported: + +* `list` - The list of all recommended returned Virtual IP Addresses (VIPs) + * `id` - (Number) Unique identifer of the GRE virtual IP address (VIP) + * `virtual_ip` - (String) GRE cluster virtual IP address (VIP) + * `private_service_edge` - (Boolean) Set to true if the virtual IP address (VIP) is a ZIA Private Service Edge + * `datacenter` - (String) Data center information + * `city` - (String) Data center city information + * `country_code` - (String) Data center country code information in ISO 3166 Alpha-2 + * `region` - (String) Data center region information. + * `latitude` - (Number) The latitude coordinate of the GRE tunnel source. + * `longitude` - (Number) The longitude coordinate of the GRE tunnel source. diff --git a/docs/guides/release-notes.md b/docs/guides/release-notes.md index d07069b1..be1e3db6 100644 --- a/docs/guides/release-notes.md +++ b/docs/guides/release-notes.md @@ -12,10 +12,31 @@ description: |- Track all ZIA Terraform provider's releases. New resources, features, and bug fixes will be tracked here. --- -``Last updated: v3.0.1`` +``Last updated: v3.0.2`` --- +## 3.0.2 (August, xx 2024) + +### Notes + +- Release date: **(August, xx 2024)** +- Supported Terraform version: **v1.x** + +### Bug Fixes + +- [PR #366](https://github.com/zscaler/terraform-provider-zia/pull/366) - Implemented runtime validation for resource: `zia_forwarding_control_rule`. The provider now validates incompatible attributes during the plan and apply stages at the schema level. +- [PR #366](https://github.com/zscaler/terraform-provider-zia/pull/366) - Fixed the datasource `zia_traffic_forwarding_gre_vip_recommended_list` to allow Geo location information override when needed. The datasource now supports the following optional attributes: + - `routable_ip` - (Boolean) The routable IP address. + - `within_country_only` - (Boolean) Search within country only. + - `include_private_service_edge` - (Boolean) Include ZIA Private Service Edge VIPs. + - `include_current_vips` - (Boolean) Include currently assigned VIPs. + - `latitude` - (Number) The latitude coordinate of the GRE tunnel source. + - `longitude` - (Number) The longitude coordinate of the GRE tunnel source. + - `subcloud` - (String) The longitude coordinate of the GRE tunnel source. + +- [PR #366](https://github.com/zscaler/terraform-provider-zia/pull/366) - Added centralized semaphore functionality to manipulate concurrent request limitations. + ## 3.0.1 (August, 13 2024) ### Notes @@ -25,11 +46,11 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Bug Fixes -- [PR #365](https://github.com/zscaler/terraform-provider-zia/365) - Fixed `ports` attribute in `zia_location_management` resource to support `TypeSet` with elements of `TypeInt`. +- [PR #365](https://github.com/zscaler/terraform-provider-zia/pull/365) - Fixed `ports` attribute in `zia_location_management` resource to support `TypeSet` with elements of `TypeInt`. ### Documentation -- [PR #365](https://github.com/zscaler/terraform-provider-zia/365) - Updated documentation for resources: `zia_location_management` and `zia_cloud_app_control_rule` +- [PR #365](https://github.com/zscaler/terraform-provider-zia/pull/365) - Updated documentation for resources: `zia_location_management` and `zia_cloud_app_control_rule` ## 3.0.0 (August, 12 2024) @@ -40,15 +61,15 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Enhancements -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Added new resource and datasource `zia_cloud_app_control_rule` for Cloud Application Control rule management. -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Added new datasource `zia_dlp_dictionary_predefined_identifiers` to retrieve DLP Dictionary Hierarchical Identifiers. The information can be used when configuring DLP Dictionary resource attribute `hierarchical_identifiers` to clone predefined dictionaries. -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Added new attribute `hierarchical_identifiers` to `zia_dlp_dictionaries` resource. -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Enhanced `zia_security_settings` to support maximum number of blacklist urls. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Added new resource and datasource `zia_cloud_app_control_rule` for Cloud Application Control rule management. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Added new datasource `zia_dlp_dictionary_predefined_identifiers` to retrieve DLP Dictionary Hierarchical Identifiers. The information can be used when configuring DLP Dictionary resource attribute `hierarchical_identifiers` to clone predefined dictionaries. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Added new attribute `hierarchical_identifiers` to `zia_dlp_dictionaries` resource. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Enhanced `zia_security_settings` to support maximum number of blacklist urls. ### Bug Fixes -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Added Semaphore retry logic to resource ``zia_url_categories`` to assist with rate limiting management. -- [PR #361](https://github.com/zscaler/terraform-provider-zia/361) - Fixed `ports` attribute in `zia_location_management` resource to support `TypeList`. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Added Semaphore retry logic to resource ``zia_url_categories`` to assist with rate limiting management. +- [PR #361](https://github.com/zscaler/terraform-provider-zia/pull/361) - Fixed `ports` attribute in `zia_location_management` resource to support `TypeList`. ## 2.91.4 (July, 3 2024) @@ -59,7 +80,7 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Bug Fix -- [PR #357](https://github.com/zscaler/terraform-provider-zia/357) - Fixed ``zia_url_filtering_rules`` drift due to attribute conversion ``validatidy_start_time`` and ``validity_end_time``. +- [PR #357](https://github.com/zscaler/terraform-provider-zia/pull/357) - Fixed ``zia_url_filtering_rules`` drift due to attribute conversion ``validatidy_start_time`` and ``validity_end_time``. ## 2.91.3 (July, 2 2024) @@ -70,8 +91,8 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Bug Fix -- [PR #356](https://github.com/zscaler/terraform-provider-zia/356) - Fixed ``zia_url_filtering_rules`` schema validation to ensure proper validation during plan and apply stages. -- [PR #356](https://github.com/zscaler/terraform-provider-zia/356) - Fixed ``zia_location_management`` drift due to missing `state` attribute in the READ function. +- [PR #356](https://github.com/zscaler/terraform-provider-zia/pull/356) - Fixed ``zia_url_filtering_rules`` schema validation to ensure proper validation during plan and apply stages. +- [PR #356](https://github.com/zscaler/terraform-provider-zia/pull/356) - Fixed ``zia_location_management`` drift due to missing `state` attribute in the READ function. ## 2.91.2 (July, 2 2024) @@ -82,7 +103,7 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Bug Fix -- [PR #356](https://github.com/zscaler/terraform-provider-zia/356) - Fixed ``zia_url_filtering_rules`` schema validation to ensure proper validation during plan and apply stages. +- [PR #356](https://github.com/zscaler/terraform-provider-zia/pull/356) - Fixed ``zia_url_filtering_rules`` schema validation to ensure proper validation during plan and apply stages. ## 2.91.1 (June, 29 2024) @@ -93,8 +114,8 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Bug Fix -- [PR #354](https://github.com/zscaler/terraform-provider-zia/354) - Fixed go.mod and go.sum -- [PR #354](https://github.com/zscaler/terraform-provider-zia/354) - Fixed computed attributes in the schema +- [PR #354](https://github.com/zscaler/terraform-provider-zia/pull/354) - Fixed go.mod and go.sum +- [PR #354](https://github.com/zscaler/terraform-provider-zia/pull/354) - Fixed computed attributes in the schema ## 2.91.0 (June, 19 2024) @@ -105,7 +126,7 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### BREAKING CHANGES and ENHACEMENTS -- [PR #350](https://github.com/zscaler/terraform-provider-zia/350) +- [PR #350](https://github.com/zscaler/terraform-provider-zia/pull/350) - `zia_url_filtering_rules` - The provider now explicitly validates during the plan and apply stages which attributes can be set based on the `action` value. - `zia_url_filtering_rules` - The provider now allows for the use of `RFC1123` date and time format i.e `Sun, 16 Jun 2024 15:04:05 UTC` when setting the attributes `validity_start_time` and `validity_end_time` instead of the native epoch unix format. @@ -120,7 +141,7 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Internal Changes -- [PR #350](https://github.com/zscaler/terraform-provider-zia/350) - Upgraded to [Zscaler-SDK-GO](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.61.0). The upgrade supports easier ZIA API Client instantiation for existing and new resources. +- [PR #350](https://github.com/zscaler/terraform-provider-zia/pull/350) - Upgraded to [Zscaler-SDK-GO](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.61.0). The upgrade supports easier ZIA API Client instantiation for existing and new resources. - [PR #350](https://github.com/zscaler/terraform-provider-zpa/pull/350) Upgraded ``releaser.yml`` to [GoReleaser v6](https://github.com/goreleaser/goreleaser-action/releases/tag/v6.0.0) ## 2.9.1 (June, 14 2024) @@ -132,8 +153,8 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Internal Changes -- [PR #350](https://github.com/zscaler/terraform-provider-zia/350) - Upgraded to [Zscaler-SDK-GO](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.61.0). The upgrade supports easier ZIA API Client instantiation for existing and new resources. -- [PR #350](https://github.com/zscaler/terraform-provider-zpa/pull/350) Upgraded ``releaser.yml`` to [GoReleaser v6](https://github.com/goreleaser/goreleaser-action/releases/tag/v6.0.0) +- [PR #350](https://github.com/zscaler/terraform-provider-zia/pull/350) - Upgraded to [Zscaler-SDK-GO](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.61.0). The upgrade supports easier ZIA API Client instantiation for existing and new resources. +- [PR #350](https://github.com/zscaler/terraform-provider-zpa/pull/pull/350) Upgraded ``releaser.yml`` to [GoReleaser v6](https://github.com/goreleaser/goreleaser-action/releases/tag/v6.0.0) ## 2.9.0 (May, 22 2024) - BREAKING CHANGE @@ -144,10 +165,10 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Bug Fixes - BREAKING CHANGE -- [PR #345](https://github.com/zscaler/terraform-provider-zia/345) - The attribute `ocr_enabled` has been deprecated at the upstream API and is no longer accepted. The OCR feature must be enabled via the [DLP Advanced Settings](https://help.zscaler.com/zia/configuring-dlp-advanced-settings). +- [PR #345](https://github.com/zscaler/terraform-provider-zia/pull/345) - The attribute `ocr_enabled` has been deprecated at the upstream API and is no longer accepted. The OCR feature must be enabled via the [DLP Advanced Settings](https://help.zscaler.com/zia/configuring-dlp-advanced-settings). **NOTE** DLP engines support OCR scanning of `PNG`, `JPEG`, `TIFF`, and `BMP` files. -- [PR #345](https://github.com/zscaler/terraform-provider-zia/345) - Implemented Fix for `zia_dlp_web_rules` for new attributes `parent_rule` and `sub_rules`. A parent rule must be configured with rank 0 and prior to any potential subrule. It is not possible to add existing rules as as subrules under the parent rule. +- [PR #345](https://github.com/zscaler/terraform-provider-zia/pull/345) - Implemented Fix for `zia_dlp_web_rules` for new attributes `parent_rule` and `sub_rules`. A parent rule must be configured with rank 0 and prior to any potential subrule. It is not possible to add existing rules as as subrules under the parent rule. ## 2.8.31 (May, 21 2024) @@ -160,7 +181,7 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi - [PR #344](https://github.com/zscaler/terraform-provider-zia/344) - Fixed `id` conversion for the resource `zia_traffic_forwarding_vpn_credentials` to ensure proper state file setting. -- [PR #344](https://github.com/zscaler/terraform-provider-zia/344) - Upgraded to [Zscaler-SDK-GO v2.5.2](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.5.2) +- [PR #344](https://github.com/zscaler/terraform-provider-zia/pull/344) - Upgraded to [Zscaler-SDK-GO v2.5.2](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.5.2) ## 2.8.3 (May, 7 2024) @@ -171,8 +192,8 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Enhancements -- [PR #340](https://github.com/zscaler/terraform-provider-zia/340) - Added new ZIA URL Filtering Rule attribute `source_ip_groups` to resources: `zia_url_filtering_rules` and `zia_dlp_web_rules` -- [PR #340](https://github.com/zscaler/terraform-provider-zia/340) - Upgraded to [Zscaler-GO-SDK v2.5.0](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.5.0) +- [PR #340](https://github.com/zscaler/terraform-provider-zia/pull/340) - Added new ZIA URL Filtering Rule attribute `source_ip_groups` to resources: `zia_url_filtering_rules` and `zia_dlp_web_rules` +- [PR #340](https://github.com/zscaler/terraform-provider-zia/pull/340) - Upgraded to [Zscaler-GO-SDK v2.5.0](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.5.0) ## 2.8.21 (April, 8 2024) @@ -183,7 +204,7 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Enhancements -- [PR #336](https://github.com/zscaler/terraform-provider-zia/336) - Upgraded provider to [Zscaler-SDK-GO v2.4.35](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.4.35) +- [PR #336](https://github.com/zscaler/terraform-provider-zia/pull/336) - Upgraded provider to [Zscaler-SDK-GO v2.4.35](https://github.com/zscaler/zscaler-sdk-go/releases/tag/v2.4.35) ## 2.8.2 (April, 8 2024) @@ -194,7 +215,7 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Enhancements -- [PR #332](https://github.com/zscaler/terraform-provider-zia/332) - Implemented optional environment variable `ZIA_ACTIVATION` for optional configuration activation. This is an improved version of the initial release [v2.8.0](https://github.com/zscaler/terraform-provider-zia/releases/tag/v2.8.0) where activations were done implicitly for every resource. With this enhancement the activation will only occur when this environment variable is set to true. +- [PR #332](https://github.com/zscaler/terraform-provider-zia/pull/332) - Implemented optional environment variable `ZIA_ACTIVATION` for optional configuration activation. This is an improved version of the initial release [v2.8.0](https://github.com/zscaler/terraform-provider-zia/releases/tag/v2.8.0) where activations were done implicitly for every resource. With this enhancement the activation will only occur when this environment variable is set to true. ## 2.8.1 (March, 27 2024) @@ -216,11 +237,11 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Enhacements -- [PR #330](https://github.com/zscaler/terraform-provider-zia/330) - Implemented auto activation functionality to all supported resources. Configurations will now be activated during `CREATE`, `UPDATE` AND `DELETE` actions when executing `terraform apply` or `terraform destroy`, which removes the need of out of band activation or the use of the resource: `zia_activation_status`. +- [PR #330](https://github.com/zscaler/terraform-provider-zia/pull/330) - Implemented auto activation functionality to all supported resources. Configurations will now be activated during `CREATE`, `UPDATE` AND `DELETE` actions when executing `terraform apply` or `terraform destroy`, which removes the need of out of band activation or the use of the resource: `zia_activation_status`. ### Fixes -- [PR #330](https://github.com/zscaler/terraform-provider-zia/330) - Fixed `zia_user_management` resource to support activation pre and post user enrolment using `BASIC` authentication method. +- [PR #330](https://github.com/zscaler/terraform-provider-zia/pull/330) - Fixed `zia_user_management` resource to support activation pre and post user enrolment using `BASIC` authentication method. ## 2.7.33 (March, 6 2024) @@ -231,7 +252,7 @@ Track all ZIA Terraform provider's releases. New resources, features, and bug fi ### Enhacements -- [PR #325](https://github.com/zscaler/terraform-provider-zia/325) Updated [support guide](/docs/guides/support.md) with new Zscaler support model. +- [PR #325](https://github.com/zscaler/terraform-provider-zia/pull/325) Updated [support guide](/docs/guides/support.md) with new Zscaler support model. - [PR #325](https://github.com/zscaler/terraform-provider-zia/pull/325) - Added support to import of the following resources: - ``zia_auth_settings_urls`` - ``zia_sandbox_behavioral_analysis`` diff --git a/go.mod b/go.mod index 256fa80c..a90bc8c6 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-hclog v1.6.3 github.com/hashicorp/terraform-plugin-sdk v1.17.2 github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 - github.com/zscaler/zscaler-sdk-go/v2 v2.72.0 + github.com/zscaler/zscaler-sdk-go/v2 v2.72.1 ) require ( diff --git a/go.sum b/go.sum index 9e65fc0b..b3c3ee2f 100644 --- a/go.sum +++ b/go.sum @@ -388,8 +388,8 @@ github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgr github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0= -github.com/zscaler/zscaler-sdk-go/v2 v2.72.0 h1:VJNdLcZjd806cgVLrjvBVOhiNUTO6LC0HTwA/GiIDZw= -github.com/zscaler/zscaler-sdk-go/v2 v2.72.0/go.mod h1:dgtdfvnrFyuv1X3Knv5cjW1DNnQ3z/a4lU3uoYnxwcE= +github.com/zscaler/zscaler-sdk-go/v2 v2.72.1 h1:DWaAryGp6HJDrHlMGMGN+Ym8fYrfjRlKcVyU5ZFEiqg= +github.com/zscaler/zscaler-sdk-go/v2 v2.72.1/go.mod h1:dgtdfvnrFyuv1X3Knv5cjW1DNnQ3z/a4lU3uoYnxwcE= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= diff --git a/zia/common/version.go b/zia/common/version.go index 94d47a45..8b9bbea5 100644 --- a/zia/common/version.go +++ b/zia/common/version.go @@ -1,6 +1,6 @@ package common -var version = "3.0.0" +var version = "3.0.2" // Version returns version of provider func Version() string { diff --git a/zia/data_source_zia_traffic_forwarding_gre_vip_recommended_list.go b/zia/data_source_zia_traffic_forwarding_gre_vip_recommended_list.go index 8ae04843..bf975636 100644 --- a/zia/data_source_zia_traffic_forwarding_gre_vip_recommended_list.go +++ b/zia/data_source_zia_traffic_forwarding_gre_vip_recommended_list.go @@ -1,7 +1,7 @@ package zia import ( - "fmt" + "net/url" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/trafficforwarding/virtualipaddress" @@ -20,6 +20,34 @@ func dataSourceTrafficForwardingGreVipRecommendedList() *schema.Resource { Optional: true, Default: 5, }, + "routable_ip": { + Type: schema.TypeBool, + Optional: true, + }, + "within_country_only": { + Type: schema.TypeBool, + Optional: true, + }, + "include_private_service_edge": { + Type: schema.TypeBool, + Optional: true, + }, + "include_current_vips": { + Type: schema.TypeBool, + Optional: true, + }, + "latitude": { + Type: schema.TypeFloat, + Optional: true, + }, + "longitude": { + Type: schema.TypeFloat, + Optional: true, + }, + "subcloud": { + Type: schema.TypeString, + Optional: true, + }, "list": { Type: schema.TypeList, Computed: true, @@ -72,18 +100,51 @@ func dataSourceTrafficForwardingGreVipRecommendedListRead(d *schema.ResourceData zClient := m.(*Client) service := zClient.virtualipaddress - count, ok := getIntFromResourceData(d, "required_count") - if !ok { - count = 1 + // Gather parameters from schema + sourceIP := d.Get("source_ip").(string) + requiredCount := d.Get("required_count").(int) + + // Initialize the list of options + var options []func(*url.Values) + + // Add the sourceIP as an option + if sourceIP != "" { + options = append(options, virtualipaddress.WithSourceIP(sourceIP)) + } + + if v, ok := d.GetOk("routable_ip"); ok { + options = append(options, virtualipaddress.WithRoutableIP(v.(bool))) + } + if v, ok := d.GetOk("within_country_only"); ok { + options = append(options, virtualipaddress.WithWithinCountryOnly(v.(bool))) + } + if v, ok := d.GetOk("include_private_service_edge"); ok { + options = append(options, virtualipaddress.WithIncludePrivateServiceEdge(v.(bool))) } - sourceIP, ok := getStringFromResourceData(d, "source_ip") - if !ok { - return fmt.Errorf("please provide a source_ip for the vips list") + if v, ok := d.GetOk("include_current_vips"); ok { + options = append(options, virtualipaddress.WithIncludeCurrentVips(v.(bool))) } - resp, err := virtualipaddress.GetZSGREVirtualIPList(service, sourceIP, count) + if v, ok := d.GetOk("latitude"); ok { + options = append(options, virtualipaddress.WithLatitude(v.(float64))) + } + if v, ok := d.GetOk("longitude"); ok { + options = append(options, virtualipaddress.WithLongitude(v.(float64))) + } + if v, ok := d.GetOk("subcloud"); ok { + options = append(options, virtualipaddress.WithSubcloud(v.(string))) + } + + // Call the new function with the options + resp, err := virtualipaddress.GetVIPRecommendedList(service, options...) if err != nil { return err } + + // Trim the list to the required count, if necessary + if len(*resp) > requiredCount { + *resp = (*resp)[:requiredCount] + } + d.SetId(sourceIP) _ = d.Set("list", flattenVIPList(*resp)) diff --git a/zia/resource_zia_auth_settings_urls.go b/zia/resource_zia_auth_settings_urls.go index 11c9bc4c..80df55b7 100644 --- a/zia/resource_zia_auth_settings_urls.go +++ b/zia/resource_zia_auth_settings_urls.go @@ -68,6 +68,11 @@ func expandAuthSettingsUrls(d *schema.ResourceData) user_authentication_settings } func resourceAuthSettingsUrlsCreate(d *schema.ResourceData, m interface{}) error { + + // Acquire semaphore before making an API request + apiSemaphore <- struct{}{} + defer func() { <-apiSemaphore }() // Release semaphore after the request is done + zClient := m.(*Client) service := zClient.user_authentication_settings @@ -93,6 +98,11 @@ func resourceAuthSettingsUrlsCreate(d *schema.ResourceData, m interface{}) error } func resourceAuthSettingsUrlsUpdate(d *schema.ResourceData, m interface{}) error { + + // Acquire semaphore before making an API request + apiSemaphore <- struct{}{} + defer func() { <-apiSemaphore }() // Release semaphore after the request is done + zClient := m.(*Client) service := zClient.user_authentication_settings diff --git a/zia/resource_zia_dlp_web_rules_test.go b/zia/resource_zia_dlp_web_rules_test.go index 78bdbb83..baaf109f 100644 --- a/zia/resource_zia_dlp_web_rules_test.go +++ b/zia/resource_zia_dlp_web_rules_test.go @@ -19,19 +19,16 @@ func TestAccResourceDlpWebRules_Basic(t *testing.T) { var rules dlp_web_rules.WebDLPRules resourceTypeAndName, _, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.DLPWebRules) - initialName := "tf-acc-test-" + generatedName - updatedName := "tf-updated-" + generatedName - resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testAccCheckDlpWebRulesDestroy, Steps: []resource.TestStep{ { - Config: testAccCheckDlpWebRulesConfigure(resourceTypeAndName, initialName, variable.DLPWebRuleDesc, variable.DLPRuleResourceAction, variable.DLPRuleResourceState), + Config: testAccCheckDlpWebRulesConfigure(resourceTypeAndName, generatedName, variable.DLPWebRuleDesc, variable.DLPRuleResourceAction, variable.DLPRuleResourceState), Check: resource.ComposeTestCheckFunc( testAccCheckDlpWebRulesExists(resourceTypeAndName, &rules), - resource.TestCheckResourceAttr(resourceTypeAndName, "name", initialName), + resource.TestCheckResourceAttr(resourceTypeAndName, "name", "tf-acc-test-"+generatedName), resource.TestCheckResourceAttr(resourceTypeAndName, "description", variable.DLPWebRuleDesc), resource.TestCheckResourceAttr(resourceTypeAndName, "action", variable.DLPRuleResourceAction), resource.TestCheckResourceAttr(resourceTypeAndName, "state", variable.DLPRuleResourceState), @@ -43,10 +40,10 @@ func TestAccResourceDlpWebRules_Basic(t *testing.T) { // Update test { - Config: testAccCheckDlpWebRulesConfigure(resourceTypeAndName, updatedName, variable.DLPWebRuleDesc, variable.DLPRuleResourceAction, variable.DLPRuleResourceState), + Config: testAccCheckDlpWebRulesConfigure(resourceTypeAndName, generatedName, variable.DLPWebRuleDesc, variable.DLPRuleResourceAction, variable.DLPRuleResourceState), Check: resource.ComposeTestCheckFunc( testAccCheckDlpWebRulesExists(resourceTypeAndName, &rules), - resource.TestCheckResourceAttr(resourceTypeAndName, "name", updatedName), + resource.TestCheckResourceAttr(resourceTypeAndName, "name", "tf-acc-test-"+generatedName), resource.TestCheckResourceAttr(resourceTypeAndName, "description", variable.DLPWebRuleDesc), resource.TestCheckResourceAttr(resourceTypeAndName, "action", variable.DLPRuleResourceAction), resource.TestCheckResourceAttr(resourceTypeAndName, "state", variable.DLPRuleResourceState), @@ -113,22 +110,10 @@ func testAccCheckDlpWebRulesExists(resource string, rule *dlp_web_rules.WebDLPRu apiClient := testAccProvider.Meta().(*Client) service := apiClient.dlp_web_rules - var receivedRule *dlp_web_rules.WebDLPRules - - // Integrate retry here - retryErr := RetryOnError(func() error { - var innerErr error - receivedRule, innerErr = dlp_web_rules.Get(service, id) - if innerErr != nil { - return fmt.Errorf("failed fetching resource %s. Recevied error: %s", resource, innerErr) - } - return nil - }) - - if retryErr != nil { - return retryErr + receivedRule, err := dlp_web_rules.Get(service, id) + if err != nil { + return fmt.Errorf("failed fetching resource %s. Recevied error: %s", resource, err) } - *rule = *receivedRule return nil } @@ -184,12 +169,12 @@ data "zia_dlp_engines" "this" { } resource "%s" "%s" { - name = "%s" + name = "tf-acc-test-%s" description = "%s" action = "%s" state = "%s" order = 1 - rank = 0 + rank = 7 protocols = ["FTP_RULE", "HTTPS_RULE", "HTTP_RULE"] without_content_inspection = true file_types = [ "ALL_OUTBOUND" ] diff --git a/zia/resource_zia_forwarding_control_rule.go b/zia/resource_zia_forwarding_control_rule.go index 9925d28e..9d32b3bb 100644 --- a/zia/resource_zia_forwarding_control_rule.go +++ b/zia/resource_zia_forwarding_control_rule.go @@ -1,6 +1,7 @@ package zia import ( + "context" "fmt" "log" "strconv" @@ -24,6 +25,59 @@ func resourceForwardingControlRule() *schema.Resource { Read: resourceForwardingControlRuleRead, Update: resourceForwardingControlRuleUpdate, Delete: resourceForwardingControlRuleDelete, + CustomizeDiff: func(ctx context.Context, d *schema.ResourceDiff, meta interface{}) error { + forwardMethod := d.Get("forward_method").(string) + ruleType := d.Get("type").(string) + + // Function to check if an attribute is set + isSet := func(attr string) bool { + _, ok := d.GetOk(attr) + return ok + } + + // Validate the constraints based on the rule type and forward method + if ruleType == "FORWARDING" { + switch forwardMethod { + case "ZPA": + requiredAttrs := []string{"zpa_app_segments", "zpa_gateway"} + var missingAttrs []string + for _, attr := range requiredAttrs { + if !isSet(attr) { + missingAttrs = append(missingAttrs, attr) + } + } + if len(missingAttrs) > 0 { + return fmt.Errorf("the following attributes are required for ZPA forwarding: %v", missingAttrs) + } + + case "DIRECT": + prohibitedAttrs := []string{"zpa_gateway", "proxy_gateway", "zpa_app_segments", "zpa_application_segments", "zpa_application_segment_groups"} + for _, attr := range prohibitedAttrs { + if isSet(attr) { + return fmt.Errorf("%s attribute cannot be set when type is 'FORWARDING' and forward_method is 'DIRECT'", attr) + } + } + + case "PROXYCHAIN": + if !isSet("proxy_gateway") { + return fmt.Errorf("proxy gateway is mandatory for Proxy Chaining forwarding") + } + prohibitedAttrs := []string{"zpa_gateway", "zpa_app_segments", "zpa_application_segments", "zpa_application_segment_groups"} + for _, attr := range prohibitedAttrs { + if isSet(attr) { + return fmt.Errorf("%s attribute cannot be set when type is 'FORWARDING' and forward_method is 'PROXYCHAIN'", attr) + } + } + } + } + + // Combined validation: `dest_addresses` and `dest_countries` can only be set when `forward_method` is either `PROXYCHAIN` or `DIRECT` + if (isSet("dest_addresses") || isSet("dest_countries") || isSet("dest_ip_categories")) && forwardMethod != "PROXYCHAIN" && forwardMethod != "DIRECT" { + return fmt.Errorf("dest_addresses, dest_countries and dest_ip_categories can only be set when forward_method is either 'PROXYCHAIN' or 'DIRECT'") + } + + return nil + }, Timeouts: &schema.ResourceTimeout{ Create: schema.DefaultTimeout(60 * time.Minute), Update: schema.DefaultTimeout(60 * time.Minute), @@ -171,53 +225,6 @@ func resourceForwardingControlRule() *schema.Resource { } } -func validateForwardingRuleConstraints(d *schema.ResourceData) error { - forwardMethod := d.Get("forward_method").(string) - ruleType := d.Get("type").(string) - - isSet := func(attr string) bool { - _, ok := d.GetOk(attr) - return ok - } - - if ruleType == "FORWARDING" { - switch forwardMethod { - case "ZPA": - requiredAttrs := []string{"zpa_app_segments", "zpa_gateway"} - var missingAttrs []string - for _, attr := range requiredAttrs { - if !isSet(attr) { - missingAttrs = append(missingAttrs, attr) - } - } - if len(missingAttrs) > 0 { - return fmt.Errorf("the following attributes are required for ZPA forwarding: %v", missingAttrs) - } - - case "DIRECT": - prohibitedAttrs := []string{"zpa_gateway", "proxy_gateway", "zpa_app_segments", "zpa_application_segments", "zpa_application_segment_groups"} - for _, attr := range prohibitedAttrs { - if isSet(attr) { - return fmt.Errorf("%s attribute cannot be set when type is 'FORWARDING' and forward_method is 'DIRECT'", attr) - } - } - - case "PROXYCHAIN": - if !isSet("proxy_gateway") { - return fmt.Errorf("proxy gateway is mandatory for Proxy Chaining forwarding") - } - prohibitedAttrs := []string{"zpa_gateway", "zpa_app_segments", "zpa_application_segments", "zpa_application_segment_groups"} - for _, attr := range prohibitedAttrs { - if isSet(attr) { - return fmt.Errorf("%s attribute cannot be set when type is 'FORWARDING' and forward_method is 'PROXYCHAIN'", attr) - } - } - } - } - - return nil -} - func validatePredefinedRules(req forwarding_rules.ForwardingRules) error { if req.Name == "Client Connector Traffic Direct" || req.Name == "ZPA Pool For Stray Traffic" { return fmt.Errorf("predefined rule '%s' cannot be deleted", req.Name) @@ -230,10 +237,6 @@ func validatePredefinedRules(req forwarding_rules.ForwardingRules) error { func resourceForwardingControlRuleCreate(d *schema.ResourceData, m interface{}) error { - if err := validateForwardingRuleConstraints(d); err != nil { - return err - } - zClient := m.(*Client) service := zClient.forwarding_rules @@ -395,10 +398,6 @@ func resourceForwardingControlRuleUpdate(d *schema.ResourceData, m interface{}) log.Printf("[ERROR] forwarding control rule ID not set: %v\n", id) } - if err := validateForwardingRuleConstraints(d); err != nil { - return err - } - log.Printf("[INFO] Updating zia forwarding control rule ID: %v\n", id) req := expandForwardingControlRule(d) diff --git a/zia/resource_zia_security_policy_settings.go b/zia/resource_zia_security_policy_settings.go index 9e8d973e..ce989086 100644 --- a/zia/resource_zia_security_policy_settings.go +++ b/zia/resource_zia_security_policy_settings.go @@ -74,6 +74,11 @@ func expandSecurityPolicySettings(d *schema.ResourceData) security_policy_settin } func resourceSecurityPolicySettingsCreate(d *schema.ResourceData, m interface{}) error { + + // Acquire semaphore before making an API request + apiSemaphore <- struct{}{} + defer func() { <-apiSemaphore }() // Release semaphore after the request is done + zClient := m.(*Client) service := zClient.security_policy_settings listUrls := expandSecurityPolicySettings(d) @@ -99,6 +104,11 @@ func resourceSecurityPolicySettingsCreate(d *schema.ResourceData, m interface{}) } func resourceSecurityPolicySettingsUpdate(d *schema.ResourceData, m interface{}) error { + + // Acquire semaphore before making an API request + apiSemaphore <- struct{}{} + defer func() { <-apiSemaphore }() // Release semaphore after the request is done + zClient := m.(*Client) service := zClient.security_policy_settings listUrls := expandSecurityPolicySettings(d) diff --git a/zia/resource_zia_url_categories.go b/zia/resource_zia_url_categories.go index f768e1cd..a9d5a465 100644 --- a/zia/resource_zia_url_categories.go +++ b/zia/resource_zia_url_categories.go @@ -13,7 +13,7 @@ import ( ) // Allows only one API request at a time -var urlCategoriesSemaphore = make(chan struct{}, 1) +// var urlCategoriesSemaphore = make(chan struct{}, 1) func resourceURLCategories() *schema.Resource { return &schema.Resource{ @@ -198,8 +198,8 @@ func resourceURLCategories() *schema.Resource { func resourceURLCategoriesCreate(d *schema.ResourceData, m interface{}) error { // Acquire semaphore before making an API request - urlCategoriesSemaphore <- struct{}{} - defer func() { <-urlCategoriesSemaphore }() // Release semaphore after the request is done + apiSemaphore <- struct{}{} + defer func() { <-apiSemaphore }() // Release semaphore after the request is done zClient := m.(*Client) service := zClient.urlcategories @@ -299,8 +299,8 @@ func flattenScopesLite(scopes *urlcategories.URLCategory) []interface{} { func resourceURLCategoriesUpdate(d *schema.ResourceData, m interface{}) error { // Acquire semaphore before making an API request - urlCategoriesSemaphore <- struct{}{} - defer func() { <-urlCategoriesSemaphore }() // Release semaphore after the request is done + apiSemaphore <- struct{}{} + defer func() { <-apiSemaphore }() // Release semaphore after the request is done zClient := m.(*Client) service := zClient.urlcategories diff --git a/zia/utils.go b/zia/utils.go index db41a6b8..14f9e2ec 100644 --- a/zia/utils.go +++ b/zia/utils.go @@ -278,3 +278,27 @@ func isSingleDigitDay(timeStr string) bool { day := parts[1] return len(day) == 1 } + +// Global semaphore for controlling concurrent API requests +var apiSemaphore = make(chan struct{}, 1) // Default to 1, meaning only 1 API request at a time + +// SetSemaphoreSize allows adjusting the size of the semaphore globally +func SetSemaphoreSize(size int) { + apiSemaphore = make(chan struct{}, size) +} + +// WithSemaphore handles acquiring and releasing a semaphore around an API call. +func WithSemaphore(apiCall func() error) error { + // Acquire semaphore before making an API request + apiSemaphore <- struct{}{} + defer func() { <-apiSemaphore }() // Release semaphore after the request is done + + // Execute the actual API call + err := apiCall() + if err != nil { + log.Printf("[ERROR] API call failed: %v", err) + return err + } + + return nil +} diff --git a/zia/version.go b/zia/version.go index 19708fad..9df9aada 100644 --- a/zia/version.go +++ b/zia/version.go @@ -1,4 +1,4 @@ package zia // ProviderVersion is set at build-time in the release process -var ProviderVersion = "3.0.0" +var ProviderVersion = "3.0.2"