├── .github ├── CONTRIBUTING.md ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── MAINTAINING.md ├── SUPPORT.md ├── dependabot.yml ├── pull_request_template.md └── workflows │ ├── codeql-analysis.yml │ ├── release.yml │ ├── stale.yml │ └── zpa-test.yml ├── .gitignore ├── .golangci.toml ├── .golangci.yml ├── .goreleaser.yml ├── CHANGELOG.md ├── CODE_OF_CONDUCT.md ├── GNUmakefile ├── LICENSE ├── README.md ├── codecov.yml ├── docs ├── data-sources │ ├── zpa_access_policy_client_types.md │ ├── zpa_access_policy_platforms.md │ ├── zpa_app_connector_assistant_schedule.md │ ├── zpa_app_connector_controller.md │ ├── zpa_app_connector_group.md │ ├── zpa_application_segment.md │ ├── zpa_application_segment_browser_access.md │ ├── zpa_application_segment_by_type.md │ ├── zpa_application_segment_inspection.md │ ├── zpa_application_segment_pra.md │ ├── zpa_application_server.md │ ├── zpa_ba_certificate.md │ ├── zpa_cloud_browser_isolation_banner.md │ ├── zpa_cloud_browser_isolation_certificate.md │ ├── zpa_cloud_browser_isolation_external_profile.md │ ├── zpa_cloud_browser_isolation_region.md │ ├── zpa_cloud_browser_isolation_zpa_profile.md │ ├── zpa_cloud_connector_group.md │ ├── zpa_customer_version_profile.md │ ├── zpa_enrollment_cert.md │ ├── zpa_idp_controller.md │ ├── zpa_inspection_all_predefined_controls.md │ ├── zpa_inspection_custom_control.md │ ├── zpa_inspection_predefined_controls.md │ ├── zpa_inspection_profile.md │ ├── zpa_isolation_profile.md │ ├── zpa_lss_config_client_types.md │ ├── zpa_lss_config_controller.md │ ├── zpa_lss_config_log_type_formats.md │ ├── zpa_lss_config_status_codes.md │ ├── zpa_machine_group.md │ ├── zpa_microtenant_controller.md │ ├── zpa_policy_type.md │ ├── zpa_posture_profile.md │ ├── zpa_pra_approval_controller.md │ ├── zpa_pra_console_controller.md │ ├── zpa_pra_credential_controller.md │ ├── zpa_pra_credential_pool.md │ ├── zpa_pra_portal_controller.md │ ├── zpa_provisioning_key.md │ ├── zpa_saml_attribute.md │ ├── zpa_scim_attribute_header.md │ ├── zpa_scim_groups.md │ ├── zpa_segment_group.md │ ├── zpa_server_group.md │ ├── zpa_service_edge_assistant_schedule.md │ ├── zpa_service_edge_controller.md │ ├── zpa_service_edge_group.md │ └── zpa_trusted_network.md ├── guides │ ├── release-notes.md │ ├── resource-importer.md │ ├── support.md │ └── troubleshooting.md ├── index.md └── resources │ ├── zpa_app_connector_assistant_schedule.md │ ├── zpa_app_connector_group.md │ ├── zpa_application_segment.md │ ├── zpa_application_segment_browser_access.md │ ├── zpa_application_segment_inspection.md │ ├── zpa_application_segment_pra.md │ ├── zpa_application_server.md │ ├── zpa_ba_certificate.md │ ├── zpa_cloud_browser_isolation_banner.md │ ├── zpa_cloud_browser_isolation_certificate.md │ ├── zpa_cloud_browser_isolation_external_profile.md │ ├── zpa_emergency_access_user.md │ ├── zpa_inspection_custom_controls.md │ ├── zpa_inspection_profile.md │ ├── zpa_lss_app_connector_metrics.md │ ├── zpa_lss_app_connector_status.md │ ├── zpa_lss_app_protection.md │ ├── zpa_lss_audit_logs.md │ ├── zpa_lss_config_controller.md │ ├── zpa_lss_config_user_activity.md │ ├── zpa_lss_config_user_status.md │ ├── zpa_lss_private_service_edge_status.md │ ├── zpa_lss_private_service_metrics.md │ ├── zpa_lss_web_browser.md │ ├── zpa_microtenant_controller.md │ ├── zpa_policy_access_rule.md │ ├── zpa_policy_access_rule_application_segment.md │ ├── zpa_policy_access_rule_browser_access.md │ ├── zpa_policy_access_rule_posture_profile.md │ ├── zpa_policy_access_rule_reorder.md │ ├── zpa_policy_access_rule_risk_factor.md │ ├── zpa_policy_access_rule_saml.md │ ├── zpa_policy_access_rule_scim_attribute.md │ ├── zpa_policy_access_rule_scim_group.md │ ├── zpa_policy_access_rule_trusted_networks.md │ ├── zpa_policy_access_rule_v2.md │ ├── zpa_policy_browser_protection_rule.md │ ├── zpa_policy_capabilities_rule.md │ ├── zpa_policy_credential_rule.md │ ├── zpa_policy_forwarding_rule.md │ ├── zpa_policy_forwarding_rule_v2.md │ ├── zpa_policy_inspection_rule.md │ ├── zpa_policy_inspection_rule_v2.md │ ├── zpa_policy_isolation_rule.md │ ├── zpa_policy_isolation_rule_v2.md │ ├── zpa_policy_redirection_rule.md │ ├── zpa_policy_timeout_rule.md │ ├── zpa_policy_timeout_rule_v2.md │ ├── zpa_pra_approval_controller.md │ ├── zpa_pra_console_controller.md │ ├── zpa_pra_credential_controller.md │ ├── zpa_pra_credential_pool.md │ ├── zpa_pra_portal_controller.md │ ├── zpa_provisioning_key.md │ ├── zpa_segment_group.md │ ├── zpa_server_group.md │ ├── zpa_service_edge_assistant_schedule.md │ └── zpa_service_edge_group.md ├── examples ├── zpa_app_connector_assistant_schedule │ ├── basic.tf │ └── datasource.tf ├── zpa_app_connector_controller │ └── datasource.tf ├── zpa_app_connector_group │ ├── README.md │ ├── basic.tf │ └── datasource.tf ├── zpa_app_server_controller │ ├── README.md │ ├── basic_v1.tf │ ├── basic_v2.tf │ └── datasource.tf ├── zpa_application_segment │ ├── README.md │ ├── basic_v1.tf │ └── basic_v2.tf ├── zpa_application_segment_browser_access │ ├── README.md │ ├── basic_v1.tf │ └── basic_v2.tf ├── zpa_application_segment_by_type │ └── datasource.tf ├── zpa_application_segment_inspection │ ├── README.md │ ├── basic_v1.tf │ └── datasource.tf ├── zpa_application_segment_pra │ ├── README.md │ ├── basic_v1.tf │ └── datasource.tf ├── zpa_ba_certificate │ ├── README.md │ ├── basic.tf │ └── datasource.tf ├── zpa_cloud_browser_isolation_banner │ ├── basic.tf │ └── datasource.tf ├── zpa_cloud_browser_isolation_certificate │ ├── README.md │ ├── basic.tf │ └── datasource.tf ├── zpa_cloud_browser_isolation_external_profile │ ├── README.md │ ├── basic.tf │ └── datasource.tf ├── zpa_cloud_browser_isolation_region │ ├── README.md │ └── datasource.tf ├── zpa_cloud_browser_isolation_zpa_profile │ ├── README.md │ └── datasource.tf ├── zpa_cloud_connectors │ ├── README.md │ └── datasource.tf ├── zpa_customer_version_profile │ ├── README.md │ └── datasource.tf ├── zpa_enrollment_cert │ ├── README.md │ └── datasource.tf ├── zpa_idp_controller │ ├── README.md │ └── datasource.tf ├── zpa_inspection_all_predefined_controls │ └── datasource.tf ├── zpa_inspection_custom_control │ ├── README.md │ ├── basic_v1.tf │ └── basic_v2.tf ├── zpa_inspection_predefined_controls │ └── datasource.tf ├── zpa_inspection_profile │ ├── basic_v1.tf │ ├── basicv1.tf │ └── datasource.tf ├── zpa_isolation_profile │ ├── README.md │ └── datasource.tf ├── zpa_lss_config_controller │ ├── README.md │ ├── lss_app_connector_metrics.tf │ ├── lss_app_protection.tf │ ├── lss_app_pse_metrics.tf │ ├── lss_config_application_segment.tf │ ├── lss_config_datasource.tf │ ├── lss_config_log_type_app_connector_status.tf │ ├── lss_config_log_type_audit_log.tf │ ├── lss_config_log_type_audit_log_locals.tf │ ├── lss_config_log_type_browser_access.tf │ ├── lss_config_log_type_user_activity.tf │ ├── lss_config_log_type_user_status.tf │ ├── lss_config_segment_group.tf │ ├── lss_private_service_edge_status.tf │ └── lss_web_browser.tf ├── zpa_machine_group │ ├── README.md │ └── datasource.tf ├── zpa_microtenant_controller │ ├── README.md │ └── main.tf ├── zpa_policy_access_forwarding_rule │ ├── README.md │ └── main.tf ├── zpa_policy_access_inspection_rule │ ├── README.md │ ├── basic_bypass_inspect_v1.tf │ └── basic_policy_inspect_v1.tf ├── zpa_policy_access_isolation_rule │ └── main.tf ├── zpa_policy_access_rule │ ├── README.md │ ├── main.tf │ └── zpa_policy_access_rule_CrowdStrike.tf ├── zpa_policy_access_rule_crwd_pre_zta_saml │ ├── README.md │ └── zpa_policy_access_rule_crwd_pre_zta_saml.tf ├── zpa_policy_access_rule_crwd_pre_zta_scim_group │ ├── README.md │ └── zpa_policy_access_rule_crwd_pre_zta_scim_group.tf ├── zpa_policy_access_rule_reorder │ ├── README.md │ ├── advanced.tf │ └── basic.tf ├── zpa_policy_access_rule_scim_attribute │ └── main.tf ├── zpa_policy_access_rule_trusted_network │ ├── README.md │ └── zpa_policy_access_rule_trusted_network.tf ├── zpa_policy_access_rule_v2 │ ├── README.md │ └── main.tf ├── zpa_policy_access_timeout_rule │ └── main.tf ├── zpa_policy_credential_rule │ └── basic.tf ├── zpa_policy_type │ ├── README.md │ └── datasource.tf ├── zpa_posture_profile │ ├── README.md │ └── main.tf ├── zpa_pra_approval_controller │ └── basic.tf ├── zpa_pra_console_controller │ └── basic.tf ├── zpa_pra_credential_controller │ └── basic.tf ├── zpa_pra_credential_pool │ ├── basic.tf │ └── datasource.tf ├── zpa_pra_portal_controller │ ├── README.md │ └── basic.tf ├── zpa_provisioning_key │ ├── README.md │ ├── datasource_provisioning_key_app_connector_group.tf │ ├── datasource_provisioning_key_service_edge_group.tf │ ├── provisioning_key_app_connector_group.tf │ └── provisioning_key_service_edge_group.tf ├── zpa_saml_attribute │ ├── README.md │ └── main.tf ├── zpa_scim_attribute_header │ ├── README.md │ └── main.tf ├── zpa_scim_groups │ ├── README.md │ └── main.tf ├── zpa_segment_group │ ├── README.md │ └── main.tf ├── zpa_server_group │ ├── README.md │ └── main.tf ├── zpa_service_edge_assistant_schedule │ ├── basic.tf │ └── datasource.tf ├── zpa_service_edge_controller │ └── datasource.tf ├── zpa_service_edge_group │ ├── README.md │ └── main.tf └── zpa_trusted_network │ ├── README.md │ └── datasource.tf ├── go.mod ├── go.sum ├── images ├── zpa_app_connector_group.svg ├── zpa_application_segments.svg ├── zpa_application_servers.svg ├── zpa_browser_access_application_segments.svg ├── zpa_provisioning_key.svg ├── zpa_segment_groups.svg ├── zpa_server_groups.svg └── zpa_terraform_provider_introduction.svg ├── main.go ├── scripts ├── changelog-links.sh ├── errcheck.sh ├── gen_version.py ├── gofmtcheck.sh ├── gogetcookie.sh ├── release-notes.sh ├── release.sh ├── reset_vendor.py ├── update_vendor.py └── upgrade-namespace.py ├── terraform-registry-manifest.json ├── tools.go └── zpa ├── common.go ├── common ├── resourcetype │ └── resource_type.go ├── testing │ ├── method │ │ └── method.go │ └── variable │ │ └── variable.go └── version.go ├── config.go ├── data_source_zpa_access_policy_client_types.go ├── data_source_zpa_access_policy_client_types_test.go ├── data_source_zpa_access_policy_platform.go ├── data_source_zpa_access_policy_platform_test.go ├── data_source_zpa_app_connector_assistant_schedule.go ├── data_source_zpa_app_connector_assistant_schedule_test.go ├── data_source_zpa_app_connector_controller.go ├── data_source_zpa_app_connector_controller_test.go ├── data_source_zpa_app_connector_group.go ├── data_source_zpa_app_connector_group_test.go ├── data_source_zpa_app_server_controller.go ├── data_source_zpa_app_server_controller_test.go ├── data_source_zpa_application_segment.go ├── data_source_zpa_application_segment_browser_access.go ├── data_source_zpa_application_segment_browser_access_test.go ├── data_source_zpa_application_segment_by_type.go ├── data_source_zpa_application_segment_by_type_test.go ├── data_source_zpa_application_segment_inspection.go ├── data_source_zpa_application_segment_inspection_test.go ├── data_source_zpa_application_segment_pra.go ├── data_source_zpa_application_segment_pra_test.go ├── data_source_zpa_application_segment_test.go ├── data_source_zpa_ba_certificate.go ├── data_source_zpa_ba_certificate_test.go ├── data_source_zpa_cloud_browser_isolation_banner.go ├── data_source_zpa_cloud_browser_isolation_banner_test.go ├── data_source_zpa_cloud_browser_isolation_certificate.go ├── data_source_zpa_cloud_browser_isolation_certificate_test.go ├── data_source_zpa_cloud_browser_isolation_external_profile.go ├── data_source_zpa_cloud_browser_isolation_external_profile_test.go ├── data_source_zpa_cloud_browser_isolation_region.go ├── data_source_zpa_cloud_browser_isolation_region_test.go ├── data_source_zpa_cloud_browser_isolation_zpaprofiles.go ├── data_source_zpa_cloud_browser_isolation_zpaprofiles_test.go ├── data_source_zpa_cloud_connector_group.go ├── data_source_zpa_cloud_connector_group_test.go ├── data_source_zpa_customer_version_profile.go ├── data_source_zpa_customer_version_profile_test.go ├── data_source_zpa_enrollement_cert.go ├── data_source_zpa_enrollement_cert_test.go ├── data_source_zpa_idp_controller.go ├── data_source_zpa_idp_controller_test.go ├── data_source_zpa_inspection_all_predefined_controls.go ├── data_source_zpa_inspection_all_predefined_controls_test.go ├── data_source_zpa_inspection_custom_controls.go ├── data_source_zpa_inspection_custom_controls_test.go ├── data_source_zpa_inspection_predefined_controls.go ├── data_source_zpa_inspection_predefined_controls_test.go ├── data_source_zpa_inspection_profile.go ├── data_source_zpa_inspection_profile_test.go ├── data_source_zpa_isolation_profiles.go ├── data_source_zpa_isolation_profiles_test.go ├── data_source_zpa_lss_config_client_types.go ├── data_source_zpa_lss_config_client_types_test.go ├── data_source_zpa_lss_config_controller.go ├── data_source_zpa_lss_config_controller_test.go ├── data_source_zpa_lss_config_log_types_formats.go ├── data_source_zpa_lss_config_log_types_formats_test.go ├── data_source_zpa_lss_config_status_codes.go ├── data_source_zpa_lss_config_status_codes_test.go ├── data_source_zpa_machine_group.go ├── data_source_zpa_machine_group_test.go ├── data_source_zpa_microtenant_controller.go ├── data_source_zpa_microtenant_controller_test.go ├── data_source_zpa_policy_type.go ├── data_source_zpa_policy_type_test.go ├── data_source_zpa_posture_profile.go ├── data_source_zpa_posture_profile_test.go ├── data_source_zpa_pra_approval.go ├── data_source_zpa_pra_approval_test.go ├── data_source_zpa_pra_console.go ├── data_source_zpa_pra_console_test.go ├── data_source_zpa_pra_credential_controller.go ├── data_source_zpa_pra_credential_controller_test.go ├── data_source_zpa_pra_credential_pool.go ├── data_source_zpa_pra_credential_pool_test.go ├── data_source_zpa_pra_portal_controller.go ├── data_source_zpa_pra_portal_controller_test.go ├── data_source_zpa_provisioning_key.go ├── data_source_zpa_provisioning_key_test.go ├── data_source_zpa_saml_attribute.go ├── data_source_zpa_saml_attribute_test.go ├── data_source_zpa_scim_attribute_header.go ├── data_source_zpa_scim_attribute_header_test.go ├── data_source_zpa_scim_group.go ├── data_source_zpa_scim_group_test.go ├── data_source_zpa_segment_group.go ├── data_source_zpa_segment_group_test.go ├── data_source_zpa_server_group.go ├── data_source_zpa_server_group_test.go ├── data_source_zpa_service_edge.go ├── data_source_zpa_service_edge_assistant_schedule.go ├── data_source_zpa_service_edge_assistant_schedule_test.go ├── data_source_zpa_service_edge_group.go ├── data_source_zpa_service_edge_group_test.go ├── data_source_zpa_trusted_network.go ├── data_source_zpa_trusted_network_test.go ├── provider.go ├── provider_sweeper_test.go ├── provider_test.go ├── resource_zpa_app_connector_assistant_schedule.go ├── resource_zpa_app_connector_assistant_schedule_test.go ├── resource_zpa_app_connector_group.go ├── resource_zpa_app_connector_group_test.go ├── resource_zpa_app_server_controller.go ├── resource_zpa_app_server_controller_test.go ├── resource_zpa_application_segment.go ├── resource_zpa_application_segment_browser_access.go ├── resource_zpa_application_segment_browser_access_test.go ├── resource_zpa_application_segment_inspection.go ├── resource_zpa_application_segment_inspection_test.go ├── resource_zpa_application_segment_pra.go ├── resource_zpa_application_segment_pra_test.go ├── resource_zpa_application_segment_test.go ├── resource_zpa_ba_certificate.go ├── resource_zpa_ba_certificate_test.go ├── resource_zpa_cloud_browser_isolation_banner.go ├── resource_zpa_cloud_browser_isolation_banner_test.go ├── resource_zpa_cloud_browser_isolation_certificate.go ├── resource_zpa_cloud_browser_isolation_certificate_test.go ├── resource_zpa_cloud_browser_isolation_external_profile.go ├── resource_zpa_cloud_browser_isolation_external_profile_test.go ├── resource_zpa_emergency_access.go ├── resource_zpa_inspection_custom_controls.go ├── resource_zpa_inspection_custom_controls_test.go ├── resource_zpa_inspection_profile.go ├── resource_zpa_inspection_profile_test.go ├── resource_zpa_lss_config_controller.go ├── resource_zpa_lss_config_controller_test.go ├── resource_zpa_microtenant_controller.go ├── resource_zpa_microtenant_controller_test.go ├── resource_zpa_policy_access_browser_protection_rule_v2.go ├── resource_zpa_policy_access_forwarding_rule.go ├── resource_zpa_policy_access_forwarding_rule_test.go ├── resource_zpa_policy_access_forwarding_rule_v2.go ├── resource_zpa_policy_access_forwarding_rule_v2_test.go ├── resource_zpa_policy_access_inspection_rule.go ├── resource_zpa_policy_access_inspection_rule_test.go ├── resource_zpa_policy_access_inspection_rule_v2.go ├── resource_zpa_policy_access_inspection_rule_v2_test.go ├── resource_zpa_policy_access_isolation_rule.go ├── resource_zpa_policy_access_isolation_rule_test.go ├── resource_zpa_policy_access_isolation_rule_v2.go ├── resource_zpa_policy_access_isolation_rule_v2_test.go ├── resource_zpa_policy_access_redirection_rule.go ├── resource_zpa_policy_access_redirection_rule_test.go ├── resource_zpa_policy_access_rule.go ├── resource_zpa_policy_access_rule_reorder.go ├── resource_zpa_policy_access_rule_reorder_test.go ├── resource_zpa_policy_access_rule_test.go ├── resource_zpa_policy_access_rule_v2.go ├── resource_zpa_policy_access_rule_v2_test.go ├── resource_zpa_policy_access_timeout_rule.go ├── resource_zpa_policy_access_timeout_rule_test.go ├── resource_zpa_policy_access_timeout_rule_v2.go ├── resource_zpa_policy_access_timeout_rule_v2_test.go ├── resource_zpa_policy_capabilities_access_rule.go ├── resource_zpa_policy_capabilities_access_rule_test.go ├── resource_zpa_policy_credential_access_rule.go ├── resource_zpa_policy_credential_access_rule_test.go ├── resource_zpa_pra_approval.go ├── resource_zpa_pra_approval_test.go ├── resource_zpa_pra_console_controller.go ├── resource_zpa_pra_console_controller_test.go ├── resource_zpa_pra_credential_controller.go ├── resource_zpa_pra_credential_controller_test.go ├── resource_zpa_pra_credential_pool.go ├── resource_zpa_pra_credential_pool_test.go ├── resource_zpa_pra_portal_controller.go ├── resource_zpa_pra_portal_controller_test.go ├── resource_zpa_provisioning_key.go ├── resource_zpa_provisioning_key_test.go ├── resource_zpa_segment_group.go ├── resource_zpa_segment_group_test.go ├── resource_zpa_server_group.go ├── resource_zpa_server_group_test.go ├── resource_zpa_service_edge_assistant_schedule.go ├── resource_zpa_service_edge_assistant_schedule_test.go ├── resource_zpa_service_edge_group.go ├── resource_zpa_service_edge_group_test.go ├── utils.go ├── utils_for_test.go ├── validator.go └── version.go /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: 🚀 Feature Request 3 | about: I have a suggestion (and might want to implement myself 🙂)! 4 | labels: enhancement 5 | --- 6 | 7 | 8 | 9 | # Community Note 10 | 11 | - Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request 12 | - Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request 13 | - If you are interested in working on this issue or have submitted a pull request, please leave a comment 14 | 15 | 16 | 17 | ## Description 18 | 19 | 20 | 21 | ### New or Affected Resource(s) 22 | 23 | 24 | 25 | - zpa_XXXXX 26 | 27 | ### Potential Terraform Configuration 28 | 29 | 30 | 31 | ```terraform 32 | # Copy-paste your Terraform configurations here - for large Terraform configs, 33 | # please use a service like Dropbox and share a link to the ZIP file. For 34 | # security, you can also encrypt the files using our GPG public key. 35 | ``` 36 | 37 | ### References 38 | 39 | 44 | 45 | - #0000 46 | -------------------------------------------------------------------------------- /.github/SUPPORT.md: -------------------------------------------------------------------------------- 1 | # Support 2 | 3 | Terraform is a mature project with a growing community. There are active, dedicated people willing to help you through various mediums. 4 | 5 | Take a look at those mediums listed at 6 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # To get started with Dependabot version updates, you'll need to specify which 2 | # package ecosystems to update and where the package manifests are located. 3 | # Please see the documentation for all configuration options: 4 | # https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 5 | 6 | version: 2 7 | updates: 8 | - package-ecosystem: "gomod" 9 | directory: "/" 10 | schedule: 11 | interval: "weekly" 12 | - package-ecosystem: "github-actions" 13 | directory: "/" 14 | schedule: 15 | interval: "weekly" 16 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | Provide a general summary of your changes in the title above. You should 2 | remove this overview, any sections and any section descriptions you 3 | don't need below before submitting. There isn't a strict requirement to 4 | use this template if you can structure your description and still cover 5 | these points. 6 | 7 | ## Description 8 | 9 | Describe your changes in detail through motivation and context. Why is 10 | this change required? What problem does it solve? If it fixes an open 11 | issue, link to the issue using GitHub's closing issues keywords[1]. 12 | 13 | ## Has your change been tested? 14 | 15 | Explain how the change has been tested and what you ran to confirm your 16 | change affects other parts of the code. Automated tests are generally 17 | expected and changes without tests should explain why they aren't 18 | required. 19 | 20 | ## Screenshots (if appropriate): 21 | 22 | ## Types of changes 23 | 24 | What sort of change does your code introduce/modify? 25 | 26 | - [ ] Bug fix (non-breaking change which fixes an issue) 27 | - [ ] New feature (non-breaking change which adds functionality) 28 | - [ ] Breaking change (fix or feature that would cause existing functionality to change) 29 | 30 | ## Checklist: 31 | 32 | - [ ] My code follows the code style of this project. 33 | - [ ] My change requires a change to the documentation. 34 | - [ ] I have updated the documentation accordingly. 35 | - [ ] I have added tests to cover my changes. 36 | - [ ] All new and existing tests passed. 37 | - [ ] This change is using publicly documented and stable APIs. 38 | 39 | [1]: https://help.github.com/articles/closing-issues-using-keywords/ 40 | -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- 1 | name: "CodeQL" 2 | 3 | on: 4 | push: 5 | branches: [ master ] 6 | pull_request: 7 | branches: [ master ] 8 | schedule: 9 | - cron: '41 1 * * 0' 10 | workflow_dispatch: 11 | 12 | 13 | jobs: 14 | analyze: 15 | name: Analyze 16 | runs-on: ubuntu-latest 17 | 18 | strategy: 19 | fail-fast: false 20 | matrix: 21 | language: [ 'go' ] 22 | 23 | steps: 24 | - name: Checkout repository 25 | uses: actions/checkout@v4 26 | 27 | - name: Setup Go 28 | uses: actions/setup-go@v5 29 | with: 30 | go-version: 1.22.x 31 | 32 | - name: Initialize CodeQL 33 | uses: github/codeql-action/init@v3 34 | with: 35 | languages: ${{ matrix.language }} 36 | 37 | - name: Autobuild 38 | uses: github/codeql-action/autobuild@v3 39 | 40 | - name: Perform CodeQL Analysis 41 | uses: github/codeql-action/analyze@v3 -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | # This GitHub action can publish assets for release when a tag is created. 2 | # Currently its setup to run on any tag that matches the pattern "v*" (ie. v0.1.0). 3 | # 4 | # This uses an action (hashicorp/ghaction-import-gpg) that assumes you set your 5 | # private key in the `GPG_PRIVATE_KEY` secret and passphrase in the `PASSPHRASE` 6 | # secret. If you would rather own your own GPG handling, please fork this action 7 | # or use an alternative one for key handling. 8 | # 9 | # You will need to pass the `--batch` flag to `gpg` in your signing step 10 | # in `goreleaser` to indicate this is being used in a non-interactive mode. 11 | # 12 | name: Release 13 | on: 14 | push: 15 | tags: 16 | - 'v*' 17 | 18 | permissions: 19 | contents: write 20 | 21 | jobs: 22 | goreleaser: 23 | runs-on: ubuntu-latest 24 | steps: 25 | - name: Checkout 26 | uses: actions/checkout@v4 27 | 28 | - name: Unshallow 29 | run: git fetch --prune --unshallow 30 | 31 | - name: Set up Go 32 | uses: actions/setup-go@v5 33 | with: 34 | go-version: "1.21" 35 | 36 | - name: Import GPG key 37 | id: import_gpg 38 | uses: crazy-max/ghaction-import-gpg@v6 39 | with: 40 | gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} 41 | passphrase: ${{ secrets.PASSPHRASE }} 42 | 43 | - name: Run GoReleaser 44 | uses: goreleaser/goreleaser-action@v6 45 | with: 46 | distribution: goreleaser 47 | version: '~> v2' 48 | args: release --clean # Changed --rm-dist to --clean as per the deprecation notice 49 | env: 50 | GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }} 51 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 52 | -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | name: "Stale issues and pull requests" 2 | on: 3 | schedule: 4 | - cron: '0 0 * * *' 5 | 6 | jobs: 7 | stale: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - uses: actions/stale@v9 11 | with: 12 | repo-token: ${{ secrets.GITHUB_TOKEN }} 13 | days-before-stale: 60 14 | days-before-close: 5 15 | exempt-issue-label: 'needs-triage' 16 | exempt-pr-label: 'needs-triage' 17 | operations-per-run: 100 18 | stale-issue-label: 'stale' 19 | stale-issue-message: | 20 | 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days' 21 | 22 | If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you! 23 | stale-pr-label: 'stale' 24 | stale-pr-message: | 25 | Marking this pull request as stale due to inactivity. This helps our maintainers find and focus on the active pull requests. If this pull request receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label. 26 | 27 | If this pull request was automatically closed and you feel this pull request should be reopened, we encourage creating a new pull request linking back to this one for added context. Thank you! 28 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | *.dll 3 | *.exe 4 | .DS_Store 5 | example.tf 6 | terraform.tfplan 7 | vars.tf 8 | terraform.tfstate 9 | terraform.txt 10 | terraform.tfstate.backup 11 | .terraform.lock.hcl 12 | .terraform.tfstate.lock.info 13 | bin/ 14 | modules-dev/ 15 | /pkg/ 16 | website/.vagrant 17 | website/.bundle 18 | website/build 19 | website/node_modules 20 | .vagrant/ 21 | *.backup 22 | ./*.tfstate 23 | .terraform/ 24 | *.log 25 | *.bak 26 | *~ 27 | .*.swp 28 | .idea 29 | .vscode 30 | *.iml 31 | *.test 32 | *.iml 33 | log.txt 34 | 35 | website/vendor 36 | 37 | # Test exclusions 38 | !command/test-fixtures/**/*.tfstate 39 | !command/test-fixtures/**/.terraform/ 40 | 41 | # Keep windows files with windows line endings 42 | *.winfile eol=crlf 43 | /.vs 44 | node_modules 45 | vendor 46 | vendor/modules.txt 47 | examples/script.sh 48 | examples/quick-refactor.sh 49 | examples/terraform-set-logging.sh 50 | examples/all_together 51 | goreleaser.sh 52 | dist/ 53 | dist/* 54 | local_test/ 55 | local_test/* 56 | acceptance_test.yml 57 | .VSCodeCounter 58 | zpacoverage.out 59 | zpacoverage.html -------------------------------------------------------------------------------- /.golangci.toml: -------------------------------------------------------------------------------- 1 | [run] 2 | deadline = "10m" 3 | tests = true 4 | 5 | [linters] 6 | disable-all = true 7 | enable = [ 8 | "gofmt", 9 | "goimports", 10 | "deadcode", 11 | "gosimple", 12 | "govet", 13 | "ineffassign", 14 | "structcheck", 15 | "unused", 16 | "varcheck", 17 | ] -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- 1 | issues: 2 | exclude: 3 | - 'not declared by package utf8' 4 | - 'unicode/utf8/utf8.go' 5 | exclude-rules: 6 | - path: ./zpa 7 | linters: 8 | - staticcheck 9 | text: SA1019 -------------------------------------------------------------------------------- /.goreleaser.yml: -------------------------------------------------------------------------------- 1 | # Visit https://goreleaser.com for documentation on how to customize this 2 | # behavior. 3 | version: 2 4 | 5 | before: 6 | hooks: 7 | # this is just an example and not a requirement for provider building/publishing 8 | - go mod tidy 9 | builds: 10 | - env: 11 | # goreleaser does not work with CGO, it could also complicate 12 | # usage by users in CI/CD systems like Terraform Cloud where 13 | # they are unable to install libraries. 14 | - CGO_ENABLED=0 15 | mod_timestamp: "{{ .CommitTimestamp }}" 16 | flags: 17 | - -trimpath 18 | ldflags: 19 | - "-s -w -X main.version={{.Version}} -X main.commit={{.Commit}}" 20 | goos: 21 | - freebsd 22 | - windows 23 | - linux 24 | - darwin 25 | goarch: 26 | - amd64 27 | - "386" 28 | - arm 29 | - arm64 30 | ignore: 31 | - goos: darwin 32 | goarch: "386" 33 | binary: "{{ .ProjectName }}_v{{ .Version }}" 34 | archives: 35 | - format: zip 36 | name_template: "{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}" 37 | checksum: 38 | extra_files: 39 | - glob: "terraform-registry-manifest.json" 40 | name_template: "{{ .ProjectName }}_{{ .Version }}_manifest.json" 41 | name_template: "{{ .ProjectName }}_{{ .Version }}_SHA256SUMS" 42 | algorithm: sha256 43 | signs: 44 | - artifacts: checksum 45 | args: 46 | # if you are using this in a GitHub action or some other automated pipeline, you 47 | # need to pass the batch flag to indicate its not interactive. 48 | - "--batch" 49 | - "--local-user" 50 | - "{{ .Env.GPG_FINGERPRINT }}" # set this environment variable for your signing key 51 | - "--output" 52 | - "${signature}" 53 | - "--detach-sign" 54 | - "${artifact}" 55 | release: 56 | extra_files: 57 | - glob: "terraform-registry-manifest.json" 58 | name_template: "{{ .ProjectName }}_{{ .Version }}_manifest.json" 59 | # If you want to manually examine the release before its live, uncomment this line: 60 | # github: 61 | # owner: zscaler 62 | # name: terraform-provider-zpa 63 | draft: true 64 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 [Zscaler](https://github.com/zscaler) 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /codecov.yml: -------------------------------------------------------------------------------- 1 | ignore: 2 | - "vendor/**/*" 3 | - "dist/**/*" 4 | 5 | coverage: 6 | status: 7 | project: 8 | default: 9 | target: 85% #overall project / repo coverage 10 | 11 | patch: 12 | service: 13 | target: 60% 14 | threshold: 30% 15 | flags: 16 | - zpaprovider 17 | 18 | comment: 19 | layout: "reach, diff, flags, files" 20 | behavior: default 21 | require_changes: false # if true: only post the comment if coverage changes 22 | require_base: yes # [yes :: must have a base report to post] 23 | require_head: yes # [yes :: must have a head report to post] 24 | branches: 25 | - master 26 | 27 | flags: 28 | zpaprovider: 29 | carryforward: true 30 | paths: 31 | - zpa/*.go 32 | 33 | github_checks: 34 | annotations: true -------------------------------------------------------------------------------- /docs/data-sources/zpa_access_policy_platforms.md: -------------------------------------------------------------------------------- 1 | --- 2 | page_title: "zpa_access_policy_platforms Data Source - terraform-provider-zpa" 3 | subcategory: "Policy Set Controller" 4 | description: |- 5 | Get information about all platforms for the specified customer. 6 | --- 7 | 8 | # zpa_access_policy_platforms (Data Source) 9 | 10 | Use the **zpa_access_policy_platforms** data source to get information about all platforms for the specified customer in the Zscaler Private Access cloud. This data source can be optionally used when defining the following policy types: 11 | - ``zpa_policy_access_rule`` 12 | - ``zpa_policy_timeout_rule`` 13 | - ``zpa_policy_forwarding_rule`` 14 | - ``zpa_policy_isolation_rule`` 15 | - ``zpa_policy_inspection_rule`` 16 | 17 | The ``object_type`` attribute must be defined as "PLATFORM" in the policy operand condition. To learn more see the To learn more see the [Getting Platform Types for a Customer](https://help.zscaler.com/zpa/configuring-access-policies-using-api#getPlatformTypes) 18 | 19 | -> **NOTE** By Default the ZPA provider will return all platform types 20 | 21 | ## Example Usage 22 | 23 | ```terraform 24 | data "zpa_access_policy_platforms" "this" { 25 | } 26 | ``` 27 | 28 | ## Schema 29 | 30 | ### Read-Only 31 | 32 | The following values are returned: 33 | 34 | * `"android" = "Android"` 35 | * `"id" = "platforms"` 36 | * `"ios" = "iOS"` 37 | * `"linux" = "Linux"` 38 | * `"mac" = "Mac"` 39 | * `"windows" = "Windows"` 40 | 41 | To learn more see the [Getting Platform Types for a Customer](https://help.zscaler.com/zpa/configuring-access-policies-using-api#getPlatformTypes) 42 | -------------------------------------------------------------------------------- /docs/data-sources/zpa_cloud_browser_isolation_banner.md: -------------------------------------------------------------------------------- 1 | --- 2 | page_title: "zpa_cloud_browser_isolation_banner Data Source - terraform-provider-zpa" 3 | subcategory: "Cloud Browser Isolation" 4 | description: |- 5 | Official documentation https://help.zscaler.com/isolation/adding-banner-theme-isolation-end-user-notification-zpa 6 | Get information about Cloud Browser Isolation Regions. 7 | --- 8 | 9 | # zpa_cloud_browser_isolation_banner (Data Source) 10 | 11 | * [Official documentation](https://help.zscaler.com/isolation/adding-banner-theme-isolation-end-user-notification-zpa) 12 | 13 | Use the **zpa_cloud_browser_isolation_banner** data source to get information about Cloud Browser Isolation banner. This data source information is required as part of the attribute `banner_id` when creating an Cloud Browser Isolation External Profile ``zpa_cloud_browser_isolation_external_profile`` 14 | 15 | **NOTE:** To ensure consistent search results across data sources, please avoid using multiple spaces or special characters in your search queries. 16 | 17 | ## Example Usage 18 | 19 | ```terraform 20 | # Retrieve CBI Region ID and Name 21 | data "zpa_cloud_browser_isolation_banner" "this" { 22 | name = "Default" 23 | } 24 | ``` 25 | 26 | ## Schema 27 | 28 | ### Required 29 | 30 | The following arguments are supported: 31 | 32 | * `name` - (Required) The name of the CBI banner to be exported. 33 | * `id` - (Optional) The id of the CBI banner to be exported. 34 | 35 | ### Read-Only 36 | 37 | In addition to all arguments above, the following attributes are exported: 38 | 39 | * `primary_color` - (string) - The Banner Primary Color code in hexadecimal way to represent the color of the banner in RGB format 40 | * `text_color` - (string) - The Banner Text Color code in hexadecimal way to represent the color of the text in RGB format 41 | * `notification_title` - (string) The Banner Notification Title 42 | * `notification_text` - (string) The Banner Notification Text 43 | * `logo` - (string) - The Logo Image (.jpeg or .png; Maximum file size is 100KB.) 44 | * `banner` - (bool) - Show Welcome Notification 45 | * `Persist` - (bool) - Persist the default banner 46 | * `is_default` - (bool) - Use the default banner 47 | -------------------------------------------------------------------------------- /docs/data-sources/zpa_cloud_browser_isolation_certificate.md: -------------------------------------------------------------------------------- 1 | --- 2 | page_title: "zpa_cloud_browser_isolation_certificate Data Source - terraform-provider-zpa" 3 | subcategory: "Cloud Browser Isolation" 4 | description: |- 5 | Official documentation https://help.zscaler.com/isolation/about-custom-root-certificates-cloud-browser-isolation 6 | Get information about CBI Certificate for the customer based on the specified ID. 7 | --- 8 | 9 | # zpa_cloud_browser_isolation_certificate (Data Source) 10 | 11 | * [Official documentation](https://help.zscaler.com/isolation/adding-banner-theme-isolation-end-user-notification-zpa) 12 | 13 | Use the **zpa_cloud_browser_isolation_certificate** data source to get information about Cloud Browser Isolation Certificate. This data source information is required as part of the attribute `certificate_ids` when creating an Cloud Browser Isolation External Profile ``zpa_cloud_browser_isolation_external_profile`` 14 | 15 | **NOTE:** To ensure consistent search results across data sources, please avoid using multiple spaces or special characters in your search queries. 16 | 17 | ## Example Usage 18 | 19 | ```terraform 20 | # Retrieve CBI Certificate ID and Name 21 | data "zpa_cloud_browser_isolation_certificate" "this" { 22 | name = "Zscaler Root Certificate" 23 | } 24 | ``` 25 | 26 | ## Schema 27 | 28 | ### Required 29 | 30 | The following arguments are supported: 31 | 32 | * `name` - (Required) The name of the CBI certificate to be exported. 33 | * `id` - (Optional) The id of the CBI certificate to be exported. 34 | 35 | ### Read-Only 36 | 37 | * N/A 38 | 39 | ~> **Warning**: Notice that certificate and public_keys are omitted from the output. 40 | -------------------------------------------------------------------------------- /docs/data-sources/zpa_cloud_browser_isolation_region.md: -------------------------------------------------------------------------------- 1 | --- 2 | page_title: "cloud_browser_isolation_region Data Source - terraform-provider-zpa" 3 | subcategory: "Cloud Browser Isolation" 4 | description: |- 5 | Get information about Cloud Browser Isolation Regions. 6 | --- 7 | 8 | # zpa_cloud_browser_isolation_region (Data Source) 9 | 10 | Use the **zpa_cloud_browser_isolation_region** data source to get information about Cloud Browser Isolation regions such as ID and Name. This data source information is required as part of the attribute `region_ids` when creating an Cloud Browser Isolation External Profile ``zpa_cloud_browser_isolation_external_profile`` 11 | 12 | **NOTE:** To ensure consistent search results across data sources, please avoid using multiple spaces or special characters in your search queries. 13 | 14 | ## Example Usage 15 | 16 | ```terraform 17 | # Retrieve CBI Region ID and Name 18 | data "zpa_cloud_browser_isolation_region" "this" { 19 | name = "Singapore" 20 | } 21 | ``` 22 | 23 | ## Schema 24 | 25 | ### Required 26 | 27 | The following arguments are supported: 28 | 29 | * `name` - (Required) The name of the CBI region to be exported. 30 | 31 | ### Read-Only 32 | 33 | In addition to all arguments above, the following attributes are exported: 34 | 35 | * `id` - (string) - ID information of the CBI region 36 | -------------------------------------------------------------------------------- /docs/data-sources/zpa_cloud_browser_isolation_zpa_profile.md: -------------------------------------------------------------------------------- 1 | --- 2 | page_title: "zpa_cloud_browser_isolation_zpa_profile Data Source - terraform-provider-zpa" 3 | subcategory: "Cloud Browser Isolation" 4 | description: |- 5 | Get information about an Isolation Profile in Zscaler Private Access cloud. 6 | --- 7 | 8 | # zpa_cloud_browser_isolation_zpa_profile (Data Source) 9 | 10 | Use the **zpa_cloud_browser_isolation_zpa_profile** data source to get information about an isolation profile in the Zscaler Private Access cloud. This data source is required when configuring an isolation policy rule resource 11 | 12 | **NOTE:** To ensure consistent search results across data sources, please avoid using multiple spaces or special characters in your search queries. 13 | 14 | ## Example Usage 15 | 16 | ```terraform 17 | data "zpa_cloud_browser_isolation_zpa_profile" "this" { 18 | name = "ZPA_Profile" 19 | } 20 | ``` 21 | 22 | ## Schema 23 | 24 | ### Required 25 | 26 | * `name` - (String) This field defines the name of the isolation profile. 27 | 28 | ### Read-Only 29 | 30 | In addition to all arguments above, the following attributes are exported: 31 | 32 | * `id` - (String) This field defines the id of the isolation profile. 33 | * `description` - (string) 34 | * `enabled` - (string) 35 | * `cbi_tenant_id` - (string) 36 | * `cbi_profile_id` - (string) 37 | * `cbi_url` - (string) 38 | * `creation_time` - (string) 39 | * `modified_by` - (string) 40 | * `modified_time` - (string) 41 | -------------------------------------------------------------------------------- /docs/data-sources/zpa_isolation_profile.md: -------------------------------------------------------------------------------- 1 | --- 2 | page_title: "zpa_isolation_profile Data Source - terraform-provider-zpa" 3 | subcategory: "Cloud Browser Isolation" 4 | layout: "zscaler" 5 | page_title: "ZPA: isolation_profile" 6 | description: |- 7 | Official documentation https://help.zscaler.com/isolation/creating-isolation-profiles-zpa 8 | API documentation https://help.zscaler.com/zpa/obtaining-isolation-profile-details-using-api 9 | Get information about an Isolation Profile in Zscaler Private Access cloud. 10 | --- 11 | 12 | # zpa_isolation_profile (Data Source) 13 | 14 | * [Official documentation](https://help.zscaler.com/isolation/creating-isolation-profiles-zpa) 15 | * [API documentation](https://help.zscaler.com/zpa/obtaining-isolation-profile-details-using-api) 16 | 17 | Use the **zpa_isolation_profile** data source to get information about an isolation profile in the Zscaler Private Access cloud. This data source is required when configuring an isolation policy rule resource 18 | 19 | **NOTE:** To ensure consistent search results across data sources, please avoid using multiple spaces or special characters in your search queries. 20 | 21 | ## Example Usage 22 | 23 | ```terraform 24 | data "zpa_isolation_profile" "isolation_profile" { 25 | name = "zpa_isolation_profile" 26 | } 27 | ``` 28 | 29 | ## Schema 30 | 31 | ### Required 32 | 33 | * `name` - (Required) This field defines the name of the isolation profile. 34 | 35 | ### Read-Only 36 | 37 | In addition to all arguments above, the following attributes are exported: 38 | 39 | * `id` - (Optional) This field defines the id of the isolation profile. 40 | * `description` - (string) 41 | * `enabled` - (string) 42 | * `isolation_profile_id` - (string) 43 | * `isolation_tenant_id` - (string) 44 | * `isolation_url` - (string) 45 | * `creation_time` - (string) 46 | * `modified_by` - (string) 47 | * `modified_time` - (string) 48 | * `microtenant_id` (string) The ID of the microtenant the resource is to be associated with. 49 | * `microtenant_name` (string) The name of the microtenant the resource is to be associated with. 50 | -------------------------------------------------------------------------------- /docs/data-sources/zpa_lss_config_client_types.md: -------------------------------------------------------------------------------- 1 | --- 2 | page_title: "zpa_lss_config_client_types Data Source - terraform-provider-zpa" 3 | subcategory: "Log Streaming (LSS)" 4 | description: |- 5 | Official documentation https://help.zscaler.com/zpa/about-log-streaming-service/API documentation https://help.zscaler.com/zpa/configuring-log-streaming-service-configurations-using-api 6 | Get information about all LSS client type details. 7 | --- 8 | 9 | # zpa_lss_config_client_types (Data Source) 10 | 11 | * [Official documentation](https://help.zscaler.com/zpa/about-log-streaming-service) 12 | * [API documentation](https://help.zscaler.com/zpa/configuring-log-streaming-service-configurations-using-api) 13 | 14 | Use the **zpa_lss_config_client_types** data source to get information about all LSS client types in the Zscaler Private Access cloud. This data source is required when the defining a policy rule resource for an object type as `CLIENT_TYPE` parameter in the LSS Config Controller resource is set. To learn more see the To learn more see the [Getting Details of All LSS Status Codes](https://help.zscaler.com/zpa/log-streaming-service-configuration-use-cases#GettingLSSClientTypes) 15 | 16 | -> **NOTE** By Default the ZPA provider will return all client types 17 | 18 | ## Example Usage 19 | 20 | ```terraform 21 | data "zpa_lss_config_client_types" "example" { 22 | } 23 | ``` 24 | 25 | ### Read-Only 26 | 27 | The following arguments are supported: 28 | 29 | * `"zpn_client_type_edge_connector" = "Cloud Connector"` 30 | * `"zpn_client_type_exporter" = "Web Browser` 31 | * `"zpn_client_type_ip_anchoring" = "ZIA Service Edge"` 32 | * `"zpn_client_type_machine_tunnel" = "Machine Tunnel"` 33 | * `"zpn_client_type_slogger" = "ZPA LSS"` 34 | * `"zpn_client_type_zapp" = "Client Connector"` 35 | 36 | To learn more see the [Getting Details of All LSS Status Codes](https://help.zscaler.com/zpa/log-streaming-service-configuration-use-cases#GettingLSSClientTypes) 37 | -------------------------------------------------------------------------------- /docs/data-sources/zpa_lss_config_status_codes.md: -------------------------------------------------------------------------------- 1 | --- 2 | subcategory: "Log Streaming (LSS)" 3 | layout: "zscaler" 4 | page_title: "ZPA: lss_config_status_codes" 5 | description: |- 6 | Official documentation https://help.zscaler.com/zpa/about-log-streaming-service/ 7 | API documentation https://help.zscaler.com/zpa/configuring-log-streaming-service-configurations-using-api 8 | Get information about all LSS status codes details. 9 | --- 10 | 11 | # zpa_lss_config_status_codes (Data Source) 12 | 13 | * [Official documentation](https://help.zscaler.com/zpa/about-log-streaming-service) 14 | * [API documentation](https://help.zscaler.com/zpa/configuring-log-streaming-service-configurations-using-api) 15 | 16 | Use the **zpa_lss_config_status_codes** data source to get information about all LSS status codes in the Zscaler Private Access cloud. This data source is required when the `filter` parameter in the LSS Config Controller resource is set. To learn more see the [Getting Details of All LSS Status Codes](https://help.zscaler.com/zpa/log-streaming-service-configuration-use-cases#GettingLSSStatusCodes) 17 | 18 | -> **NOTE** By Default the ZPA provider will return all status codes 19 | 20 | ## Example Usage 21 | 22 | ```terraform 23 | data "zpa_lss_config_status_codes" "this" { 24 | } 25 | ``` 26 | 27 | ## Argument Reference 28 | 29 | The following arguments are supported: 30 | 31 | To learn more see the [Getting Details of All LSS Status Codes](https://help.zscaler.com/zpa/log-streaming-service-configuration-use-cases#GettingLSSStatusCodes) 32 | -------------------------------------------------------------------------------- /docs/data-sources/zpa_microtenant_controller.md: -------------------------------------------------------------------------------- 1 | --- 2 | page_title: "zpa_microtenant_controller Data Source - terraform-provider-zpa" 3 | subcategory: "Microtenant Controller" 4 | description: |- 5 | Official documentation https://help.zscaler.com/zpa/about-microtenants 6 | API documentation https://help.zscaler.com/zpa/configuring-microtenants-using-api 7 | Get information about Microtenants in Zscaler Private Access cloud. 8 | --- 9 | 10 | # zpa_microtenant_controller (Data Source) 11 | 12 | * [Official documentation](https://help.zscaler.com/zpa/about-microtenants) 13 | * [API documentation](https://help.zscaler.com/zpa/configuring-microtenants-using-api) 14 | 15 | The **zpa_microtenant_controller** data source to get information about a machine group created in the Zscaler Private Access cloud. This data source allows administrators to retrieve a specific microtenant ID, which can be passed to other supported resources via the `microtenant_id` attribute. 16 | 17 | ⚠️ **WARNING:**: This feature is in limited availability and requires additional license. To learn more, contact Zscaler Support or your local account team. 18 | 19 | **NOTE:** To ensure consistent search results across data sources, please avoid using multiple spaces or special characters in your search queries. 20 | 21 | ## Example Usage 22 | 23 | ```terraform 24 | # ZPA Microtenant Controller Data Source 25 | data "zpa_microtenant_controller" "this" { 26 | name = "Microtenant_A" 27 | } 28 | ``` 29 | 30 | ## Schema 31 | 32 | ### Required 33 | 34 | * `name` - (Required) Name of the microtenant controller. 35 | 36 | ### Read-Only 37 | 38 | In addition to all arguments above, the following attributes are exported: 39 | 40 | * `criteria_attribute` - (string) Type of authentication criteria for the microtenant 41 | * `criteria_attribute_values` - (string) The domain associated with the respective microtenant controller resource 42 | * `description` (string) Description of the microtenant controller. 43 | * `enabled` (bool) Whether this microtenant resource is enabled or not. 44 | * `privileged_approvals_enabled` - (Optional) Indicates if Privileged Approvals is enabled (true) for the Microtenant. 45 | -------------------------------------------------------------------------------- /docs/data-sources/zpa_scim_groups.md: -------------------------------------------------------------------------------- 1 | --- 2 | page_title: "zpa_scim_groups Data Source - terraform-provider-zpa" 3 | subcategory: "SCIM Groups" 4 | layout: "zscaler" 5 | page_title: "ZPA: scim_groups" 6 | description: |- 7 | Official documentation https://help.zscaler.com/zpa/about-scim-groups 8 | API documentation https://help.zscaler.com/zpa/obtaining-scim-group-details-using-api 9 | Get information about SCIM Group from an Identity Provider (IdP) in the Zscaler Private Access cloud. 10 | --- 11 | 12 | # zpa_scim_groups (Data Source) 13 | 14 | * [Official documentation](https://help.zscaler.com/zpa/about-scim-groups) 15 | * [API documentation](https://help.zscaler.com/zpa/obtaining-scim-group-details-using-api) 16 | 17 | Use the **zpa_scim_groups** data source to get information about a SCIM Group from an Identity Provider (IdP). This data source can then be referenced in an Access Policy, Timeout policy, Forwarding Policy, Inspection Policy or Isolation Policy. 18 | 19 | **NOTE:** To ensure consistent search results across data sources, please avoid using multiple spaces or special characters in your search queries. 20 | 21 | ## Example Usage 22 | 23 | ```terraform 24 | # ZPA SCIM Groups Data Source 25 | data "zpa_scim_groups" "engineering" { 26 | name = "Engineering" 27 | idp_name = "idp_name" 28 | } 29 | ``` 30 | 31 | ## Schema 32 | 33 | ### Required 34 | 35 | The following arguments are supported: 36 | 37 | * `name` - (Required) Name. The name of the scim group to be exported. 38 | * `idp_name` - (Required) Name. The name of the IdP where the scim group must be exported from. 39 | 40 | ### Read-Only 41 | 42 | In addition to all arguments above, the following attributes are exported: 43 | 44 | * `creation_time` - (string) 45 | * `idp_id` - (string) The ID of the IdP corresponding to the SAML attribute. 46 | * `idp_group_id`(string) 47 | * `modified_time` (string) 48 | -------------------------------------------------------------------------------- /docs/guides/support.md: -------------------------------------------------------------------------------- 1 | --- 2 | page_title: "Support Guide" 3 | --- 4 | 5 | # General Support Statement 6 | 7 | The ZIA Terraform provider is supported and maintained by the Zscaler Technology Alliances team, and we welcome questions on how to use the provider. 8 | Please, refer to our [troubleshooting guide](troubleshooting.md) for guidance on typical problems. 9 | 10 | ## Support Ticket Severity 11 | 12 | Support tickets related to the Terraform providers can be opened with [Zscaler Support](https://help.zscaler.com/login-tickets), however since the provider is just a client of the underlying product API, we will **NOT** be able to treat provider related support requests as a Severity-1 (Immediate time frame). 13 | 14 | When reporting bugs, please provide the Terraform script that demonstrates the bug and the command output. Stack traces will also be helpful. 15 | 16 | Notice that we will **NOT**, however, fix bugs upon customer demand, as we have to prioritize all pending bugs and features, as part of the product's backlog and release cycles. 17 | 18 | Urgent, production related Terraform issues can be resolved via direct interaction with the underlying API or UI. We will ask customers to resort to these methods to resolve downtime or urgent issues. If you have an urgent escalation, please contact your local Zscaler account team (RSM/SE/CSM/TAM) for assistance. 19 | 20 | ## Contact 21 | 22 | For questions or requests that cannot be submitted via GitHub Issues, please contact zscaler-partner-labs@z-bd.com with zia-terraform-provider" in the subject line. 23 | We also provide a [private Slack channel](https://docs.google.com/forms/d/e/1FAIpQLSfkd3EMkLQdIWMNQ7QCr8TrH_xVSwSYcQshfBPDEZFOaF28qA/viewform?usp=sf_link) where you can submit your questions to the provider maintainers. Notice that this form will be reviewed and approved by Zscaler Technology Alliances team. 24 | -------------------------------------------------------------------------------- /docs/resources/zpa_cloud_browser_isolation_certificate.md: -------------------------------------------------------------------------------- 1 | --- 2 | page_title: "zpa_cloud_browser_isolation_certificate Resource - terraform-provider-zpa" 3 | subcategory: "Cloud Browser Isolation" 4 | description: |- 5 | Official documentation https://help.zscaler.com/isolation/about-custom-root-certificates-cloud-browser-isolation 6 | Creates and manages Cloud Browser Isolation Certificate. 7 | --- 8 | 9 | # zpa_cloud_browser_isolation_certificate (Resource) 10 | 11 | * [Official documentation](https://help.zscaler.com/isolation/about-custom-root-certificates-cloud-browser-isolation) 12 | 13 | The **zpa_cloud_browser_isolation_certificate** resource creates a Cloud Browser Isolation certificate. This resource can then be used when creating a CBI External Profile `zpa_cloud_browser_isolation_external_profile`.` 14 | 15 | ## Example Usage 16 | 17 | ```terraform 18 | # Retrieve CBI Banner ID 19 | resource "zpa_cloud_browser_isolation_certificate" "this" { 20 | name = "CBI_Certificate" 21 | pem = file("cert.pem") 22 | } 23 | 24 | resource "zpa_cloud_browser_isolation_certificate" "this" { 25 | name = "CBI_Certificate" 26 | pem = < rule } 16 | name = each.value.name 17 | description = each.value.description 18 | action = "ALLOW" 19 | operator = "AND" 20 | policy_set_id = data.zpa_policy_type.access_policy.id 21 | } 22 | 23 | resource "zpa_policy_access_rule_reorder" "this" { 24 | policy_type = "ACCESS_POLICY" 25 | 26 | dynamic "rules" { 27 | for_each = [for rule in local.access_rules : { id = zpa_policy_access_rule.example[rule.name].id, order = rule.order }] 28 | content { 29 | id = rules.value.id 30 | order = rules.value.order 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /examples/zpa_policy_access_rule_reorder/basic.tf: -------------------------------------------------------------------------------- 1 | data "zpa_policy_type" "this" { 2 | policy_type = "ACCESS_POLICY" 3 | } 4 | 5 | resource "zpa_policy_access_rule" "this" { 6 | name = "Example" 7 | description = "Example" 8 | action = "ALLOW" 9 | operator = "AND" 10 | policy_set_id = data.zpa_policy_type.this.id 11 | } 12 | 13 | resource "zpa_policy_access_rule_reorder" "this" { 14 | policy_type = "ACCESS_POLICY" 15 | rules = { 16 | id = zpa_policy_access_rule.this.id 17 | } 18 | } -------------------------------------------------------------------------------- /examples/zpa_policy_access_rule_scim_attribute/main.tf: -------------------------------------------------------------------------------- 1 | data "zpa_policy_type" "access_policy" { 2 | policy_type = "ACCESS_POLICY" 3 | } 4 | 5 | data "zpa_scim_attribute_header" "givenName" { 6 | name = "name.givenName" 7 | idp_name = "IdP_Name" 8 | } 9 | 10 | data "zpa_scim_attribute_header" "familyName" { 11 | name = "name.familyName" 12 | idp_name = "IdP_Name" 13 | } 14 | 15 | data "zpa_posture_profile" "crwd_zpa_pre_zta" { 16 | name = "CrowdStrike_ZPA_Pre-ZTA" 17 | } 18 | 19 | // CrowdStrike_ZTA_Score_Policy 20 | resource "zpa_policy_access_rule" "crwd_zpa_pre_zta" { 21 | name = "CrowdStrike_ZPA_Pre-ZTA" 22 | description = "CrowdStrike_ZPA_Pre-ZTA" 23 | action = "DENY" 24 | operator = "AND" 25 | policy_set_id = data.zpa_policy_type.access_policy.id 26 | conditions { 27 | operator = "OR" 28 | operands { 29 | object_type = "POSTURE" 30 | lhs = data.zpa_posture_profile.crwd_zpa_pre_zta.posture_udid 31 | rhs = false 32 | } 33 | } 34 | conditions { 35 | operator = "OR" 36 | operands { 37 | object_type = "SCIM" 38 | idp_id = data.zpa_scim_attribute_header.givenName.idp_id 39 | lhs = data.zpa_scim_attribute_header.givenName.id 40 | rhs = "John" 41 | } 42 | operands { 43 | object_type = "SCIM" 44 | idp_id = data.zpa_scim_attribute_header.familyName.idp_id 45 | lhs = data.zpa_scim_attribute_header.familyName.id 46 | rhs = "Smith" 47 | } 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /examples/zpa_policy_access_rule_trusted_network/README.md: -------------------------------------------------------------------------------- 1 | # Create Policy Set Rule for Trusted Network 2 | 3 | This example will show you how to create a policy set rule to validate if the user is within a trusted network. 4 | This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/policy-set-controller). 5 | 6 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 7 | 8 | ## Run the example 9 | 10 | From inside of this directory: 11 | 12 | ```bash 13 | terraform init 14 | terraform plan -out theplan 15 | terraform apply theplan 16 | ``` 17 | 18 | ## Destroy 💥 19 | 20 | ```bash 21 | terraform destroy 22 | ``` 23 | -------------------------------------------------------------------------------- /examples/zpa_policy_access_rule_trusted_network/zpa_policy_access_rule_trusted_network.tf: -------------------------------------------------------------------------------- 1 | 2 | // Retrieve Policy Types 3 | data "zpa_policy_type" "access_policy" { 4 | policy_type = "ACCESS_POLICY" 5 | } 6 | 7 | // Retrieve Trusted Network NetworkID Information 8 | data "zpa_trusted_network" "corp_trusted_network" { 9 | name = "Corp-Trusted-Networks" 10 | } 11 | 12 | 13 | // Trusted Network Policy Rule 14 | resource "zpa_policy_access_rule" "corp_trusted_network" { 15 | name = "Corp Trusted Network" 16 | description = "Corp Trusted Network" 17 | action = "ALLOW" 18 | operator = "AND" 19 | policy_set_id = data.zpa_policy_type.access_policy.id 20 | conditions { 21 | operator = "OR" 22 | operands { 23 | object_type = "TRUSTED_NETWORK" 24 | lhs = data.zpa_trusted_network.corp_trusted_network.network_id 25 | rhs = true 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /examples/zpa_policy_access_rule_v2/README.md: -------------------------------------------------------------------------------- 1 | # Create a standard Access Policy Set Rule V2 2 | 3 | This example will show you how to create a standard access policy rule. 4 | This example codifies [this API](https://help.zscaler.com/zpa/configuring-access-policies-using-api#postV2). 5 | 6 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 7 | 8 | ## Run the example 9 | 10 | From inside of this directory: 11 | 12 | ```bash 13 | terraform init 14 | terraform plan -out theplan 15 | terraform apply theplan 16 | ``` 17 | 18 | ## Destroy 💥 19 | 20 | ```bash 21 | terraform destroy 22 | ``` 23 | -------------------------------------------------------------------------------- /examples/zpa_policy_access_timeout_rule/main.tf: -------------------------------------------------------------------------------- 1 | // Retrieve Timeout Policy Type ID 2 | data "zpa_policy_type" "timeout_policy" { 3 | policy_type = "TIMEOUT_POLICY" 4 | } 5 | 6 | // Retrieve IDP ID Information 7 | data "zpa_idp_controller" "idp_name" { 8 | name = "IdP-Name" 9 | } 10 | 11 | // Retrieve SCIM Group Information 12 | data "zpa_scim_groups" "engineering" { 13 | name = "Engineering" 14 | idp_name = "IdP-Name" 15 | } 16 | 17 | // Create Policy Timeout Rule 18 | resource "zpa_policy_timeout_rule" "crm_application_rule" { 19 | name = "CRM Application" 20 | description = "CRM Application" 21 | action = "RE_AUTH" 22 | reauth_idle_timeout = "600" 23 | reauth_timeout = "172800" 24 | operator = "AND" 25 | policy_set_id = data.zpa_global_policy_timeout.policyset.id 26 | 27 | conditions { 28 | operator = "OR" 29 | operands { 30 | object_type = "APP_GROUP" 31 | lhs = "id" 32 | rhs = [ data.zpa_segment_group.crm_application.id ] 33 | } 34 | } 35 | conditions { 36 | operator = "OR" 37 | operands { 38 | object_type = "SCIM_GROUP" 39 | lhs = data.zpa_idp_controller.idp_name.id 40 | rhs = [ data.zpa_scim_groups.engineering.id ] 41 | } 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /examples/zpa_policy_type/README.md: -------------------------------------------------------------------------------- 1 | # Policy Type Example 2 | 3 | This example will show you how to retrieve a Policy Type ID in order to create the corresponding rule types. 4 | This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/policy-set-controller/getPolicyRulesByPage). 5 | 6 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 7 | 8 | ## Run the example 9 | 10 | From inside of this directory: 11 | 12 | ```bash 13 | terraform init 14 | terraform plan -out theplan 15 | terraform apply theplan 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/zpa_policy_type/datasource.tf: -------------------------------------------------------------------------------- 1 | // Get information for "GLOBAL_POLICY" ID 2 | data "zpa_policy_type" "access_policy" { 3 | policy_type = "ACCESS_POLICY" 4 | } 5 | 6 | // Get information for "TIMEOUT_POLICY" ID 7 | data "zpa_policy_type" "timeout_policy" { 8 | policy_type = "TIMEOUT_POLICY" 9 | } 10 | 11 | // Get information for "REAUTH_POLICY" ID 12 | data "zpa_policy_type" "reauth_policy" { 13 | policy_type = "REAUTH_POLICY" 14 | } 15 | 16 | // Get information for "CLIENT_FORWARDING_POLICY" ID 17 | data "zpa_policy_type" "client_forwarding_policy" { 18 | policy_type = "CLIENT_FORWARDING_POLICY" 19 | } 20 | 21 | // Get information for "INSPECTION_POLICY" ID 22 | data "zpa_policy_type" "inspection_policy" { 23 | policy_type = "INSPECTION_POLICY" 24 | } 25 | 26 | // Get information for "INSPECTION_POLICY" ID 27 | data "zpa_policy_type" "inspection_policy" { 28 | policy_type = "ISOLATION_POLICY" 29 | } -------------------------------------------------------------------------------- /examples/zpa_posture_profile/README.md: -------------------------------------------------------------------------------- 1 | # Retrieve Posture Profile 2 | 3 | This example will show you how to retrieve a Posture Profile Udid to attach to a ZPA Access Policy Rule. 4 | This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/posture-profile-controller/getPostureProfile). 5 | 6 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 7 | 8 | ## Run the example 9 | 10 | From inside of this directory: 11 | 12 | ```bash 13 | terraform init 14 | terraform plan -out theplan 15 | terraform apply theplan 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/zpa_posture_profile/main.tf: -------------------------------------------------------------------------------- 1 | data "zpa_posture_profile" "crwd_zta_score_40" { 2 | name = "CrowdStrike_ZPA_ZTA_40" 3 | } 4 | 5 | output "all_posture_profile" { 6 | value = data.zpa_posture_profile.crwd_zta_score_40 7 | } -------------------------------------------------------------------------------- /examples/zpa_pra_console_controller/basic.tf: -------------------------------------------------------------------------------- 1 | # Creates Privileged Remote Access Application Segment" 2 | resource "zpa_application_segment_pra" "this" { 3 | name = "Example" 4 | description = "Example" 5 | enabled = true 6 | health_reporting = "ON_ACCESS" 7 | bypass_type = "NEVER" 8 | is_cname_enabled = true 9 | tcp_port_ranges = ["3389", "3389"] 10 | domain_names = [ "rdp_pra.example.com"] 11 | segment_group_id = zpa_segment_group.this.id 12 | common_apps_dto { 13 | apps_config { 14 | name = "rdp_pra" 15 | domain = "rdp_pra.example.com" 16 | application_protocol = "RDP" 17 | connection_security = "ANY" 18 | application_port = "3389" 19 | enabled = true 20 | app_types = ["SECURE_REMOTE_ACCESS"] 21 | } 22 | } 23 | } 24 | 25 | data "zpa_application_segment_by_type" "this" { 26 | application_type = "SECURE_REMOTE_ACCESS" 27 | name = "rdp_pra" 28 | depends_on = [zpa_application_segment_pra.this] 29 | } 30 | 31 | # Creates Segment Group for Application Segment" 32 | resource "zpa_segment_group" "this" { 33 | name = "Example" 34 | description = "Example" 35 | enabled = true 36 | } 37 | 38 | # Retrieves the Browser Access Certificate 39 | data "zpa_ba_certificate" "this" { 40 | name = "pra01.example.com" 41 | } 42 | 43 | # Creates PRA Portal" 44 | resource "zpa_pra_portal_controller" "this1" { 45 | name = "pra01.example.com" 46 | description = "pra01.example.com" 47 | enabled = true 48 | domain = "pra01.example.com" 49 | certificate_id = data.zpa_ba_certificate.this.id 50 | user_notification = "Created with Terraform" 51 | user_notification_enabled = true 52 | } 53 | 54 | 55 | resource "zpa_pra_console_controller" "ssh_pra" { 56 | name = "ssh_console" 57 | description = "Created with Terraform" 58 | enabled = true 59 | pra_application { 60 | id = data.zpa_application_segment_by_type.this.id 61 | } 62 | pra_portals { 63 | id = [zpa_pra_portal_controller.this.id] 64 | } 65 | } -------------------------------------------------------------------------------- /examples/zpa_pra_credential_controller/basic.tf: -------------------------------------------------------------------------------- 1 | ######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS ######### 2 | 3 | # Creates Credential of Type "USERNAME_PASSWORD" 4 | resource "zpa_pra_credential_controller" "this" { 5 | name = "John Doe" 6 | description = "Created with Terraform" 7 | credential_type = "USERNAME_PASSWORD" 8 | user_domain = "acme.com" 9 | username = "jdoe" 10 | password = "" 11 | } 12 | 13 | # Creates Credential of Type "PASSWORD" 14 | resource "zpa_pra_credential_controller" "this" { 15 | name = "John Doe" 16 | description = "Created with Terraform" 17 | credential_type = "PASSWORD" 18 | password = "" 19 | } 20 | 21 | # Creates Credential of Type "SSH_KEY" 22 | resource "zpa_pra_credential_controller" "this" { 23 | name = "John Doe" 24 | description = "Created with Terraform" 25 | credential_type = "SSH_KEY" 26 | user_domain = "acme.com" 27 | username = "jdoe" 28 | private_key = <<-EOT 29 | -----BEGIN PRIVATE KEY----- 30 | MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDEjc8pPoobS0l6 31 | -----END PRIVATE KEY----- 32 | EOT 33 | } -------------------------------------------------------------------------------- /examples/zpa_pra_credential_pool/basic.tf: -------------------------------------------------------------------------------- 1 | resource "zpa_pra_credential_pool" "this" { 2 | name = "PRACredentialPool01" 3 | credential_type = "USERNAME_PASSWORD" 4 | credentials { 5 | id = [zpa_pra_credential_controller.this.id] 6 | } 7 | } 8 | 9 | resource "zpa_pra_credential_controller" "this" { 10 | name = "John Doe" 11 | description = "Created with Terraform" 12 | credential_type = "PASSWORD" 13 | user_domain = "acme.com" 14 | password = "" 15 | } 16 | -------------------------------------------------------------------------------- /examples/zpa_pra_credential_pool/datasource.tf: -------------------------------------------------------------------------------- 1 | data "zpa_pra_credential_pool" "this" { 2 | name = "PRACredentialPool01" 3 | } 4 | -------------------------------------------------------------------------------- /examples/zpa_pra_portal_controller/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Create Privileged Remote Access Portal 3 | 4 | This example will show you how to create a privileged remote access portal. 5 | This example codifies [this API](https://help.zscaler.com/zpa/configuring-privileged-portals-using-api). 6 | 7 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 8 | 9 | ## Run the example 10 | 11 | From inside of this directory: 12 | 13 | ```bash 14 | terraform init 15 | terraform plan -out theplan 16 | terraform apply theplan 17 | ``` 18 | 19 | ## Destroy 💥 20 | 21 | ```bash 22 | terraform destroy 23 | ``` 24 | -------------------------------------------------------------------------------- /examples/zpa_pra_portal_controller/basic.tf: -------------------------------------------------------------------------------- 1 | data "zpa_ba_certificate" "this" { 2 | name = "portal.acme.com" 3 | } 4 | 5 | resource "zpa_pra_portal_controller" "this" { 6 | name = "portal.acme.com" 7 | description = "portal.acme.com" 8 | enabled = true 9 | domain = "portal.acme.com" 10 | certificate_id = data.zpa_ba_certificate.this.id 11 | user_notification = "Created with Terraform" 12 | user_notification_enabled = true 13 | } -------------------------------------------------------------------------------- /examples/zpa_provisioning_key/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Create Provisioning Key for App Connector Group or Service Edge Group 3 | 4 | This example will show you how to create a provisioning key for an app connector group or service edge group. 5 | This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/provisioningKey-controller). 6 | 7 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 8 | 9 | ## Run the example 10 | 11 | From inside of this directory: 12 | 13 | ```bash 14 | terraform init 15 | terraform plan -out theplan 16 | terraform apply theplan 17 | ``` 18 | 19 | ## Destroy 💥 20 | 21 | ```bash 22 | terraform destroy 23 | ``` 24 | -------------------------------------------------------------------------------- /examples/zpa_provisioning_key/datasource_provisioning_key_app_connector_group.tf: -------------------------------------------------------------------------------- 1 | // Retrieve Provisioning Key for App Connector Group 2 | data "zpa_provisioning_key" "example" { 3 | name = "App_Connector_Provisioning_Key" 4 | association_type = "CONNECTOR_GRP" 5 | } 6 | 7 | output "zpa_provisioning_key_example" { 8 | value = data.zpa_provisioning_key.example 9 | } 10 | 11 | // NOTE: ASSOCIATION_TYPE is madantory due to API requirement. -------------------------------------------------------------------------------- /examples/zpa_provisioning_key/datasource_provisioning_key_service_edge_group.tf: -------------------------------------------------------------------------------- 1 | // Retrieve Provisioning Key for Service Edge Group 2 | data "zpa_provisioning_key" "example" { 3 | name = "Service_Edge_Provisioning_Key" 4 | association_type = "SERVICE_EDGE_GRP" 5 | } 6 | 7 | output "zpa_provisioning_key_example" { 8 | value = data.zpa_provisioning_key.example 9 | } 10 | 11 | // NOTE: ASSOCIATION_TYPE is madantory due to API requirement. -------------------------------------------------------------------------------- /examples/zpa_provisioning_key/provisioning_key_app_connector_group.tf: -------------------------------------------------------------------------------- 1 | // Create Provisioning Key for App Connector Group 2 | resource "zpa_provisioning_key" "nyc_provisioning_key" { 3 | name = "New York Provisioning Key" 4 | association_type = "CONNECTOR_GRP" 5 | max_usage = "10" 6 | enrollment_cert_id = data.zpa_enrollment_cert.connector.id 7 | zcomponent_id = zpa_app_connector_group.nyc_connector_group.id 8 | } 9 | 10 | resource "zpa_app_connector_group" "nyc_connector_group" { 11 | name = "App Connector Group New York" 12 | description = "App Connector Group New York" 13 | enabled = true 14 | city_country = "New York, NY" 15 | country_code = "USA" 16 | latitude = "49.1041779" 17 | longitude = "-122.6603519" 18 | location = "New York, NY, USA" 19 | upgrade_day = "SUNDAY" 20 | upgrade_time_in_secs = "66600" 21 | override_version_profile = true 22 | version_profile_id = 0 23 | dns_query_type = "IPV4" 24 | } 25 | 26 | data "zpa_enrollment_cert" "connector" { 27 | name = "Connector" 28 | } -------------------------------------------------------------------------------- /examples/zpa_provisioning_key/provisioning_key_service_edge_group.tf: -------------------------------------------------------------------------------- 1 | resource "zpa_provisioning_key" "nyc_provisioning_key" { 2 | name = "New York Provisioning Key" 3 | association_type = "SERVICE_EDGE_GRP" 4 | max_usage = "10" 5 | enrollment_cert_id = data.zpa_enrollment_cert.service_edge.id 6 | zcomponent_id = zpa_service_edge_group.nyc_service_edge_group.id 7 | } 8 | 9 | resource "zpa_service_edge_group" "nyc_service_edge_group" { 10 | name = "Service Edge Group New York" 11 | description = "Service Edge Group in New York" 12 | upgrade_day = "SUNDAY" 13 | upgrade_time_in_secs = "66600" 14 | latitude = "40.7128" 15 | longitude = "-73.935242" 16 | location = "New York, NY, USA" 17 | version_profile_id = "0" 18 | } 19 | 20 | data "zpa_enrollment_cert" "service_edge" { 21 | name = "Service Edge" 22 | } -------------------------------------------------------------------------------- /examples/zpa_saml_attribute/README.md: -------------------------------------------------------------------------------- 1 | # Retrieve SAML Attribute 2 | 3 | This example will show you how to retrieve a SAML Attribute ID to attach to a ZPA Access Policy Rule. 4 | This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/saml-attr-controller/getAllAttributes). 5 | 6 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 7 | 8 | ## Run the example 9 | 10 | From inside of this directory: 11 | 12 | ```bash 13 | terraform init 14 | terraform plan -out theplan 15 | terraform apply theplan 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/zpa_saml_attribute/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | zpa = { 4 | version = "3.2.0" 5 | source = "zscaler.com/zpa/zpa" 6 | } 7 | } 8 | } 9 | 10 | provider "zpa" {} 11 | 12 | # data "zpa_saml_attribute" "email_user_sso" { 13 | # name = "Email_BD_Okta_Users" 14 | # idp_name = "BD_Okta_Users" 15 | # } 16 | 17 | # output "get_zpa_saml_attribute" { 18 | # value = data.zpa_saml_attribute.email_user_sso 19 | # } 20 | 21 | data "zpa_scim_groups" "a000" { 22 | name = "A000" 23 | idp_name = "BD_Okta_Users" 24 | } 25 | 26 | output "zpa_scim_groups" { 27 | value = data.zpa_scim_groups.a000 28 | } -------------------------------------------------------------------------------- /examples/zpa_scim_attribute_header/README.md: -------------------------------------------------------------------------------- 1 | # Retrieve SCIM Attribute Header 2 | 3 | This example will show you how to retrieve a SCIM Attribute Header ID to attach to a ZPA Access Policy Rule. 4 | This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/scim-attribute-header-controller/getAllSCIMAttributes). 5 | 6 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 7 | 8 | ## Run the example 9 | 10 | From inside of this directory: 11 | 12 | ```bash 13 | terraform init 14 | terraform plan -out theplan 15 | terraform apply theplan 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/zpa_scim_attribute_header/main.tf: -------------------------------------------------------------------------------- 1 | data "zpa_scim_attribute_header" "email_value" { 2 | name = "emails.value" 3 | idp_name = "IdP_Name" 4 | } 5 | 6 | data "zpa_scim_attribute_header" "givenName" { 7 | name = "name.givenName" 8 | idp_name = "IdP_Name" 9 | } 10 | 11 | data "zpa_scim_attribute_header" "familyName" { 12 | name = "name.familyName" 13 | idp_name = "IdP_Name" 14 | } -------------------------------------------------------------------------------- /examples/zpa_scim_groups/README.md: -------------------------------------------------------------------------------- 1 | # Retrieve SCIM Groups 2 | 3 | This example will show you how to retrieve a SCIM Groups ID to attach to a ZPA Access Policy Rule. 4 | This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/scim-group-controller/getSCIMGroup). 5 | 6 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 7 | 8 | ## Run the example 9 | 10 | From inside of this directory: 11 | 12 | ```bash 13 | terraform init 14 | terraform plan -out theplan 15 | terraform apply theplan 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/zpa_scim_groups/main.tf: -------------------------------------------------------------------------------- 1 | data "zpa_scim_groups" "engineering" { 2 | name = "Engineering" 3 | idp_name = "idp_name" 4 | } 5 | 6 | output "get_zpa_scim_groups" { 7 | value = data.zpa_scim_groups.engineering 8 | } -------------------------------------------------------------------------------- /examples/zpa_segment_group/README.md: -------------------------------------------------------------------------------- 1 | # Segment Group Example 2 | 3 | This example will show you how to create a Segment Group in the ZPA portal. 4 | This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/segment-group-controller). 5 | 6 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 7 | 8 | ## Run the example 9 | 10 | From inside of this directory: 11 | 12 | ```bash 13 | terraform init 14 | terraform plan -out theplan 15 | terraform apply theplan 16 | ``` 17 | 18 | ## Destroy 💥 19 | 20 | ```bash 21 | terraform destroy 22 | ``` 23 | 24 | ## Deprecated Attributes 25 | 26 | - ``policy_migrated``: "The `policy_migrated` field is now deprecated for the resource `zpa_segment_group`, please remove this attribute to prevent configuration drifts" 27 | 28 | - ``tcp_keep_alive_enabled``: "The `tcp_keep_alive_enabled` field is now deprecated for the resource `zpa_segment_group`, please replace all uses of this within the `zpa_application_segment`resources with the attribute `tcp_keep_alive`" 29 | -------------------------------------------------------------------------------- /examples/zpa_segment_group/main.tf: -------------------------------------------------------------------------------- 1 | resource "zpa_segment_group" "example" { 2 | name = "Example" 3 | description = "Example" 4 | enabled = true 5 | } 6 | -------------------------------------------------------------------------------- /examples/zpa_server_group/README.md: -------------------------------------------------------------------------------- 1 | # Server Group Example 2 | 3 | This example will show you how to create a Server Group in the ZPA portal. 4 | This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/server-group-controller). 5 | 6 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 7 | 8 | ## Run the example 9 | 10 | From inside of this directory: 11 | 12 | ```bash 13 | terraform init 14 | terraform plan -out theplan 15 | terraform apply theplan 16 | ``` 17 | 18 | ## Destroy 💥 19 | 20 | ```bash 21 | terraform destroy 22 | ``` 23 | -------------------------------------------------------------------------------- /examples/zpa_server_group/main.tf: -------------------------------------------------------------------------------- 1 | // Create Server Group - Dynamic Discovery "True" 2 | resource "zpa_server_group" "example" { 3 | name = "Example" 4 | description = "Example" 5 | enabled = true 6 | dynamic_discovery = true 7 | app_connector_groups { 8 | id = [data.zpa_app_connector_group.example.id] 9 | } 10 | } 11 | 12 | data "zpa_app_connector_group" "example" { 13 | name = "Example" 14 | } 15 | 16 | // Create Server Group - Dynamic Discovery "False" 17 | resource "zpa_server_group" "example" { 18 | name = "Example" 19 | description = "Example" 20 | enabled = false 21 | dynamic_discovery = false 22 | app_connector_groups { 23 | id = [data.zpa_app_connector_group.example.id] 24 | } 25 | servers { 26 | id = [zpa_application_server.example.id] 27 | } 28 | } 29 | 30 | data "zpa_app_connector_group" "example" { 31 | name = "Example" 32 | } 33 | 34 | resource "zpa_application_server" "example" { 35 | name = "Server1" 36 | description = "Server1" 37 | address = "192.168.1.1" 38 | enabled = true 39 | } -------------------------------------------------------------------------------- /examples/zpa_service_edge_assistant_schedule/basic.tf: -------------------------------------------------------------------------------- 1 | resource "zpa_service_edge_assistant_schedule" "this" { 2 | frequency = "days" 3 | frequency_interval = "7" 4 | enabled = true 5 | delete_disabled = true 6 | } -------------------------------------------------------------------------------- /examples/zpa_service_edge_assistant_schedule/datasource.tf: -------------------------------------------------------------------------------- 1 | // Retrieve All Assistant Schedules 2 | data "zpa_service_edge_assistant_schedule" "this" {} 3 | 4 | // Retrieve A Specific Assistant Schedule by ID 5 | data "zpa_service_edge_assistant_schedule" "this" { 6 | id = "1" 7 | } 8 | 9 | // Retrieve A Specific Assistant Schedule by the Customer ID 10 | data "zpa_service_edge_assistant_schedule" "this" { 11 | customer_id = "1234567891012" 12 | } 13 | 14 | -------------------------------------------------------------------------------- /examples/zpa_service_edge_controller/datasource.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | 3 | } 4 | data "zpa_service_edge_controller" "example" { 5 | name = "On-Prem-PSE" 6 | } 7 | 8 | output "zpa_service_edge_controller" { 9 | value = data.zpa_service_edge_controller.example.id 10 | } -------------------------------------------------------------------------------- /examples/zpa_service_edge_group/README.md: -------------------------------------------------------------------------------- 1 | # Service Edge Group Example 2 | 3 | This example will show you how to use Terraform to implement the ZPA Service Edge Group resource. 4 | This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/service-edge-group-controller). 5 | 6 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 7 | 8 | ## Run the example 9 | 10 | From inside of this directory: 11 | 12 | ```bash 13 | terraform init 14 | terraform plan -out theplan 15 | terraform apply theplan 16 | ``` 17 | 18 | ## Destroy 💥 19 | 20 | ```bash 21 | terraform destroy 22 | ``` 23 | -------------------------------------------------------------------------------- /examples/zpa_service_edge_group/main.tf: -------------------------------------------------------------------------------- 1 | resource "zpa_service_edge_group" "service_edge_group_sjc" { 2 | name = "Service Edge Group San Jose" 3 | description = "Service Edge Group in San Jose" 4 | upgrade_day = "SUNDAY" 5 | upgrade_time_in_secs = "66600" 6 | latitude = "37.3382082" 7 | longitude = "-121.8863286" 8 | location = "San Jose, CA, USA" 9 | version_profile_name = "New Release" 10 | trusted_networks { 11 | id = [data.zpa_trusted_network.example.id] 12 | } 13 | } 14 | 15 | resource "zpa_service_edge_group" "service_edge_group_nyc" { 16 | name = "Service Edge Group New York" 17 | description = "Service Edge Group in New York" 18 | upgrade_day = "SUNDAY" 19 | upgrade_time_in_secs = "66600" 20 | latitude = "40.7128" 21 | longitude = "-73.935242" 22 | location = "New York, NY, USA" 23 | version_profile_name = "Previous Default" 24 | trusted_networks { 25 | id = [data.zpa_trusted_network.example.id] 26 | } 27 | } 28 | 29 | data "zpa_trusted_network" "example" { 30 | name = "Corp-Trusted-Networks" 31 | } -------------------------------------------------------------------------------- /examples/zpa_trusted_network/README.md: -------------------------------------------------------------------------------- 1 | # Retrieve Trusted Networks 2 | 3 | This example will show you how to retrieve a Trusted Network ID to attach to a ZPA Access Policy Rule. 4 | This example codifies [this API](https://help.zscaler.com/zpa/api-reference#/trusted-network-controller/getAllTrustedNetworks). 5 | 6 | To run, configure your ZPA provider as described [Here](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/index.md) 7 | 8 | ## Run the example 9 | 10 | From inside of this directory: 11 | 12 | ```bash 13 | terraform init 14 | terraform plan -out theplan 15 | terraform apply theplan 16 | ``` 17 | -------------------------------------------------------------------------------- /examples/zpa_trusted_network/datasource.tf: -------------------------------------------------------------------------------- 1 | data "zpa_trusted_network" "example" { 2 | name = "Corp-Trusted-Networks" 3 | } 4 | 5 | output "get_trusted_network" { 6 | value = data.zpa_trusted_network.example 7 | } -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "log" 6 | "os" 7 | 8 | "github.com/hashicorp/terraform-plugin-sdk/v2/plugin" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common" 11 | ) 12 | 13 | func main() { 14 | log.SetFlags(0) 15 | if len(os.Args) > 1 && os.Args[1] == "version" { 16 | fmt.Println(common.Version()) 17 | return 18 | } 19 | var debug bool 20 | if len(os.Args) > 1 && os.Args[1] == "debug" { 21 | debug = true 22 | } 23 | log.Printf(`ZPA Terraform Provider 24 | 25 | Version %s 26 | 27 | https://registry.terraform.io/providers/zscaler/zpa/latest/docs 28 | 29 | `, common.Version()) 30 | plugin.Serve(&plugin.ServeOpts{ 31 | ProviderFunc: zpa.ZPAProvider, 32 | ProviderAddr: "registry.terraform.io/zscaler/zpa", 33 | Debug: debug, 34 | }) 35 | } 36 | -------------------------------------------------------------------------------- /scripts/changelog-links.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script rewrites [GH-nnnn]-style references in the CHANGELOG.md file to 4 | # be Markdown links to the given github issues. 5 | # 6 | # This is run during releases so that the issue references in all of the 7 | # released items are presented as clickable links, but we can just use the 8 | # easy [GH-nnnn] shorthand for quickly adding items to the "Unrelease" section 9 | # while merging things between releases. 10 | 11 | set -e 12 | 13 | if [[ ! -f CHANGELOG.md ]]; then 14 | echo "ERROR: CHANGELOG.md not found in pwd." 15 | echo "Please run this from the root of the terraform provider repository" 16 | exit 1 17 | fi 18 | 19 | if [[ `uname` == "Darwin" ]]; then 20 | echo "Using BSD sed" 21 | SED="sed -i.bak -E -e" 22 | else 23 | echo "Using GNU sed" 24 | SED="sed -i.bak -r -e" 25 | fi 26 | 27 | PROVIDER_URL="https:\/\/github.com\/zscaler\/terraform-provider-zpa\/issues" 28 | 29 | $SED "s/GH-([0-9]+)/\[#\1\]\($PROVIDER_URL\/\1\)/g" -e 's/\[\[#(.+)([0-9])\)]$/(\[#\1\2))/g' CHANGELOG.md 30 | 31 | rm CHANGELOG.md.bak -------------------------------------------------------------------------------- /scripts/errcheck.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Check gofmt 4 | echo "==> Checking for unchecked errors..." 5 | 6 | if ! which errcheck > /dev/null; then 7 | echo "==> Installing errcheck..." 8 | go get -u github.com/kisielk/errcheck 9 | fi 10 | 11 | err_files=$(errcheck -ignoretests \ 12 | -ignore 'github.com/hashicorp/terraform/helper/schema:Set' \ 13 | -ignore 'bytes:.*' \ 14 | -ignore 'io:Close|Write' \ 15 | $(go list ./...| grep -v /vendor/)) 16 | 17 | if [[ -n ${err_files} ]]; then 18 | echo 'Unchecked errors found in the following places:' 19 | echo "${err_files}" 20 | echo "Please handle returned errors. You can check directly with \`make errcheck\`" 21 | exit 1 22 | fi 23 | 24 | exit 0 25 | -------------------------------------------------------------------------------- /scripts/gen_version.py: -------------------------------------------------------------------------------- 1 | """Generates Changelog.MD from git history""" 2 | import subprocess 3 | 4 | 5 | def main(): 6 | """Main function""" 7 | ver_start = "1.0." 8 | out = subprocess.check_output("git log", shell=True) 9 | lines = out.split("\n") 10 | groups = [] 11 | group = [] 12 | for line in lines: 13 | if line.startswith("commit "): 14 | groups.append(group) 15 | group = [line] 16 | else: 17 | group.append(line.replace("*", " ")) 18 | groups = groups[1:] 19 | for group in groups: 20 | if group[1].startswith("Merge: "): 21 | del group[1] 22 | version_last = len(groups) - 1 23 | for index in range(0, version_last + 1): 24 | group = groups[index] 25 | version = ver_start + str(version_last) 26 | date = group[2][8:] 27 | group_new = [] 28 | for line in group: 29 | if line: 30 | group_new.append("* " + line) 31 | 32 | version_last -= 1 33 | del group_new[2] 34 | del group_new[0] 35 | del group_new[0] 36 | 37 | group_new = ["", "## " + version + " (" + date + ")", "", "CHANGES", ""] + group_new 38 | groups[index] = group_new 39 | final = "" 40 | for group in groups: 41 | final += "\n".join(group) 42 | # print(json.dumps(groups, indent=2)) 43 | with open("CHANGELOG.md", "w") as fileh: 44 | fileh.write(final) 45 | 46 | 47 | if __name__ == "__main__": 48 | main() -------------------------------------------------------------------------------- /scripts/gofmtcheck.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Check gofmt 4 | echo "==> Checking that code complies with gofmt requirements..." 5 | gofmt_files=$(gofmt -l `find . -name '*.go' | grep -v vendor`) 6 | if [[ -n ${gofmt_files} ]]; then 7 | echo 'gofmt needs running on the following files:' 8 | echo "${gofmt_files}" 9 | echo "You can use the command: \`make fmt\` to reformat code." 10 | exit 1 11 | fi 12 | 13 | exit 0 -------------------------------------------------------------------------------- /scripts/gogetcookie.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | touch ~/.gitcookies 4 | chmod 0600 ~/.gitcookies 5 | 6 | git config --global http.cookiefile ~/.gitcookies 7 | 8 | tr , \\t <<\__END__ >>~/.gitcookies 9 | .googlesource.com,TRUE,/,TRUE,2147483647,o,git-paul.hashicorp.com=1/z7s05EYPudQ9qoe6dMVfmAVwgZopEkZBb1a2mA5QtHE 10 | __END__ -------------------------------------------------------------------------------- /scripts/release-notes.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script maintains the text of a specific release from the CHANGELOG to be 4 | # used as release notes. 5 | 6 | set -e 7 | 8 | if [[ ! -f CHANGELOG.md ]]; then 9 | echo "ERROR: CHANGELOG.md not found in pwd." 10 | echo "Please run this from the root of the terraform provider repository" 11 | exit 1 12 | fi 13 | 14 | version=$1 15 | 16 | if [[ -z "$version" ]]; then 17 | echo "ERROR: version argument was not set." 18 | echo "Please run this with a version argument" 19 | exit 1 20 | fi 21 | 22 | awk -v ver="$version" '/## / { if (p) { exit }; if ($2 == ver) { p=1; next} } p' CHANGELOG.md 23 | -------------------------------------------------------------------------------- /scripts/release.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | set -e 3 | 4 | TAR_FILE="/tmp/goreleaser.tar.gz" 5 | RELEASES_URL="https://github.com/goreleaser/goreleaser/releases" 6 | test -z "$TMPDIR" && TMPDIR="$(mktemp -d)" 7 | TAG=$1 8 | 9 | last_version() { 10 | curl -sL -o /dev/null -w %{url_effective} "$RELEASES_URL/latest" | 11 | rev | 12 | cut -f1 -d'/'| 13 | rev 14 | } 15 | 16 | download() { 17 | test -z "$VERSION" && VERSION="$(last_version)" 18 | test -z "$VERSION" && { 19 | echo "Unable to get goreleaser version." >&2 20 | exit 1 21 | } 22 | rm -f "$TAR_FILE" 23 | curl -s -L -o "$TAR_FILE" \ 24 | "$RELEASES_URL/download/$VERSION/goreleaser_$(uname -s)_$(uname -m).tar.gz" 25 | } 26 | 27 | extract() { 28 | tar -xf "$TAR_FILE" -C "$TMPDIR" 29 | } 30 | 31 | release_notes() { 32 | rm -f "${TMPDIR}/release-notes.md" 33 | bash scripts/release-notes.sh "$TAG" > "$TMPDIR/release-notes.md" 34 | } 35 | 36 | release() { 37 | "${TMPDIR}/goreleaser" --skip-validate --release-notes="${TMPDIR}/release-notes.md" 38 | } 39 | 40 | download 41 | extract 42 | release_notes 43 | release 44 | -------------------------------------------------------------------------------- /scripts/reset_vendor.py: -------------------------------------------------------------------------------- 1 | """Script to update vendor dependencies""" 2 | import os 3 | 4 | 5 | def main(): 6 | """Main function""" 7 | gopath = os.environ["GOPATH"] 8 | terraform_path = os.path.join(*[gopath, "src", "github.com", "zscaler", 9 | "terraform-provider-zpa"]) 10 | os.chdir(terraform_path) 11 | os.system("git reset HEAD") 12 | os.system("git stash") 13 | os.system("rm -rf vendor") 14 | os.system("git checkout vendor") 15 | 16 | 17 | if __name__ == "__main__": 18 | main() -------------------------------------------------------------------------------- /scripts/upgrade-namespace.py: -------------------------------------------------------------------------------- 1 | import glob, re, sys 2 | 3 | old_provider = "willguibr/zpa/zpa" 4 | new_provider = "zscaler/zpa" 5 | 6 | files_to_fix = [] 7 | regex = re.compile(r"source\s+=\s+\"{}\"".format(old_provider)) 8 | 9 | for terraform_configuration_file in glob.glob('**/**.tf', recursive=True): 10 | contents = open(terraform_configuration_file, 'r').read() 11 | if not regex.findall(contents): 12 | continue 13 | print(f'[+] File {terraform_configuration_file} matches.') 14 | files_to_fix.append((terraform_configuration_file, contents)) 15 | 16 | if not len(files_to_fix): 17 | print("NOTHING: Didn't find any mentions of the zpa provider.") 18 | sys.exit(1) 19 | 20 | if 'yes' == input(f'Type yes to confirm fix of {len(files_to_fix)} files: ').lower(): 21 | for terraform_configuration_file, contents in files_to_fix: 22 | with open(terraform_configuration_file, 'w') as f: 23 | new_contents = regex.sub(f'source = "{new_provider}"', contents) 24 | f.write(new_contents) 25 | print(f'SUCCESS: Fixed {len(files_to_fix)} files!') 26 | else: print("ABORT: Didn't receive 'yes'.") -------------------------------------------------------------------------------- /terraform-registry-manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "version": 1, 3 | "metadata": { 4 | "protocol_versions": ["5.0"] 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /tools.go: -------------------------------------------------------------------------------- 1 | //go:build tools 2 | // +build tools 3 | 4 | package tools 5 | 6 | import ( 7 | _ "github.com/bflad/tfproviderlint/cmd/tfproviderlint" 8 | _ "github.com/client9/misspell/cmd/misspell" 9 | 10 | // document generation 11 | _ "github.com/hashicorp/terraform-plugin-docs/cmd/tfplugindocs" 12 | ) 13 | -------------------------------------------------------------------------------- /zpa/common/testing/method/method.go: -------------------------------------------------------------------------------- 1 | package method 2 | 3 | import ( 4 | "fmt" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" 7 | ) 8 | 9 | func GenerateRandomSourcesTypeAndName(sourceType string) (string, string, string) { 10 | name := acctest.RandStringFromCharSet(10, acctest.CharSetAlpha) 11 | resource := fmt.Sprintf("%s.%s", sourceType, name) 12 | dataSource := fmt.Sprintf("data.%s.%s", sourceType, name) 13 | return resource, dataSource, name 14 | } 15 | -------------------------------------------------------------------------------- /zpa/common/version.go: -------------------------------------------------------------------------------- 1 | package common 2 | 3 | var version = "4.1.2" 4 | 5 | // Version returns version of provider 6 | func Version() string { 7 | return version 8 | } 9 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_access_policy_client_types_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | ) 8 | 9 | func TestAccDataSourceAccessPolicyClientTypes_Basic(t *testing.T) { 10 | resource.ParallelTest(t, resource.TestCase{ 11 | PreCheck: func() { testAccPreCheck(t) }, 12 | ProviderFactories: testAccProviderFactories, 13 | Steps: []resource.TestStep{ 14 | { 15 | Config: (testAccCheckDataSourceAccessPolicyClientTypes_basic), 16 | Check: resource.ComposeTestCheckFunc( 17 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_client_types.this", "zpn_client_type_exporter"), 18 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_client_types.this", "zpn_client_type_exporter_noauth"), 19 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_client_types.this", "zpn_client_type_browser_isolation"), 20 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_client_types.this", "zpn_client_type_machine_tunnel"), 21 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_client_types.this", "zpn_client_type_ip_anchoring"), 22 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_client_types.this", "zpn_client_type_edge_connector"), 23 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_client_types.this", "zpn_client_type_zapp"), 24 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_client_types.this", "zpn_client_type_slogger"), 25 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_client_types.this", "zpn_client_type_branch_connector"), 26 | ), 27 | }, 28 | }, 29 | }) 30 | } 31 | 32 | var testAccCheckDataSourceAccessPolicyClientTypes_basic = ` 33 | data "zpa_access_policy_client_types" "this" {}` 34 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_access_policy_platform_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | ) 8 | 9 | func TestAccDataSourceAccessPolicyPlatforms_Basic(t *testing.T) { 10 | resource.ParallelTest(t, resource.TestCase{ 11 | PreCheck: func() { testAccPreCheck(t) }, 12 | ProviderFactories: testAccProviderFactories, 13 | Steps: []resource.TestStep{ 14 | { 15 | Config: testAccCheckDataSourceAccessPolicyPlatforms_basic, 16 | Check: resource.ComposeTestCheckFunc( 17 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_platforms.this", "linux"), 18 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_platforms.this", "android"), 19 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_platforms.this", "windows"), 20 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_platforms.this", "ios"), 21 | resource.TestCheckResourceAttrSet("data.zpa_access_policy_platforms.this", "mac"), 22 | ), 23 | }, 24 | }, 25 | }) 26 | } 27 | 28 | var testAccCheckDataSourceAccessPolicyPlatforms_basic = ` 29 | data "zpa_access_policy_platforms" "this" {} 30 | ` 31 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_app_connector_assistant_schedule_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | /* 4 | import ( 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | func TestAccDataSourceAppConnectorAssistantSchedule_Basic(t *testing.T) { 11 | resource.Test(t, resource.TestCase{ 12 | PreCheck: func() { testAccPreCheck(t) }, 13 | Providers: testAccProviders, 14 | Steps: []resource.TestStep{ 15 | { 16 | Config: testAccCheckDataSourceAppConnectorAssistantScheduleConfig_basic, 17 | Check: resource.ComposeTestCheckFunc( 18 | testAccDataSourceAppConnectorAssistantScheduleCheck("data.zpa_app_connector_assistant_schedule.this"), 19 | testAccDataSourceAppConnectorAssistantScheduleCheck("data.zpa_app_connector_assistant_schedule.by_id"), 20 | testAccDataSourceAppConnectorAssistantScheduleCheck("data.zpa_app_connector_assistant_schedule.customer_id"), 21 | ), 22 | }, 23 | }, 24 | }) 25 | } 26 | 27 | func testAccDataSourceAppConnectorAssistantScheduleCheck(id string) resource.TestCheckFunc { 28 | return resource.ComposeTestCheckFunc( 29 | resource.TestCheckResourceAttrSet(id, "id"), 30 | ) 31 | } 32 | 33 | var testAccCheckDataSourceAppConnectorAssistantScheduleConfig_basic = ` 34 | data "zpa_app_connector_assistant_schedule" "this" { 35 | } 36 | 37 | data "zpa_app_connector_assistant_schedule" "by_id" { 38 | id = data.zpa_app_connector_assistant_schedule.this.id 39 | } 40 | 41 | data "zpa_app_connector_assistant_schedule" "customer_id" { 42 | customer_id = data.zpa_app_connector_assistant_schedule.this.customer_id 43 | } 44 | ` 45 | */ 46 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_app_connector_controller_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | /* 4 | import ( 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | func TestAccDataSourceAppConnectorController_Basic(t *testing.T) { 11 | resource.Test(t, resource.TestCase{ 12 | PreCheck: func() { testAccPreCheck(t) }, 13 | Providers: testAccProviders, 14 | Steps: []resource.TestStep{ 15 | { 16 | Config: testAccCheckDataSourceAppConnectorControllerConfig_basic, 17 | Check: resource.ComposeTestCheckFunc( 18 | testAccDataSourceAppConnectorControllerCheck("data.zpa_app_connector_controller.app_connector"), 19 | ), 20 | }, 21 | }, 22 | }) 23 | } 24 | 25 | func testAccDataSourceAppConnectorControllerCheck(name string) resource.TestCheckFunc { 26 | return resource.ComposeTestCheckFunc( 27 | resource.TestCheckResourceAttrSet(name, "id"), 28 | resource.TestCheckResourceAttrSet(name, "name"), 29 | ) 30 | } 31 | 32 | var testAccCheckDataSourceAppConnectorControllerConfig_basic = ` 33 | data "zpa_app_connector_controller" "app_connector" { 34 | name = "SGIO-APP-CONNECTOR-GRP-1649283086343" 35 | }` 36 | */ 37 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_app_connector_group_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "strconv" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/variable" 11 | ) 12 | 13 | func TestAccDataSourceAppConnectorGroup_Basic(t *testing.T) { 14 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAAppConnectorGroup) 15 | 16 | resource.Test(t, resource.TestCase{ 17 | PreCheck: func() { testAccPreCheck(t) }, 18 | Providers: testAccProviders, 19 | CheckDestroy: testAccCheckAppConnectorGroupDestroy, 20 | Steps: []resource.TestStep{ 21 | { 22 | Config: testAccCheckAppConnectorGroupConfigure(resourceTypeAndName, generatedName, variable.AppConnectorDescription, variable.AppConnectorEnabled), 23 | Check: resource.ComposeTestCheckFunc( 24 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 25 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 26 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "description", resourceTypeAndName, "description"), 27 | resource.TestCheckResourceAttr(resourceTypeAndName, "enabled", strconv.FormatBool(variable.AppConnectorEnabled)), 28 | // resource.TestCheckResourceAttr(resourceTypeAndName, "override_version_profile", strconv.FormatBool(variable.AppConnectorOverrideProfile)), 29 | ), 30 | }, 31 | }, 32 | }) 33 | } 34 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_app_server_controller_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "strconv" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/variable" 11 | ) 12 | 13 | func TestAccDataSourceApplicationServer_Basic(t *testing.T) { 14 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAApplicationServer) 15 | 16 | resource.Test(t, resource.TestCase{ 17 | PreCheck: func() { testAccPreCheck(t) }, 18 | Providers: testAccProviders, 19 | CheckDestroy: testAccCheckApplicationServerDestroy, 20 | Steps: []resource.TestStep{ 21 | { 22 | Config: testAccCheckApplicationServerConfigure(resourceTypeAndName, generatedName, variable.AppServerDescription, variable.AppServerAddress, variable.AppServerEnabled), 23 | Check: resource.ComposeTestCheckFunc( 24 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 25 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 26 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "description", resourceTypeAndName, "description"), 27 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "address", resourceTypeAndName, "address"), 28 | resource.TestCheckResourceAttr(resourceTypeAndName, "enabled", strconv.FormatBool(variable.AppServerEnabled)), 29 | ), 30 | }, 31 | }, 32 | }) 33 | } 34 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_ba_certificate_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 9 | ) 10 | 11 | func TestAccDataSourceBaCertificate_Basic(t *testing.T) { 12 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPABACertificate) 13 | 14 | cert, privateKey, err := generateSelfSignedCert(generatedName) 15 | if err != nil { 16 | t.Fatalf("Error generating self-signed certificate: %v", err) 17 | } 18 | 19 | certPEM := pemEncode(cert, "CERTIFICATE") 20 | privateKeyPEM := pemEncode(privateKey, "RSA PRIVATE KEY") 21 | 22 | resource.Test(t, resource.TestCase{ 23 | PreCheck: func() { testAccPreCheck(t) }, 24 | Providers: testAccProviders, 25 | CheckDestroy: testAccBaCertificateDestroy, 26 | Steps: []resource.TestStep{ 27 | { 28 | Config: testAccBaCertificateConfigure(generatedName, certPEM, privateKeyPEM), 29 | Check: resource.ComposeTestCheckFunc( 30 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 31 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 32 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "description", resourceTypeAndName, "description"), 33 | ), 34 | }, 35 | }, 36 | }) 37 | } 38 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_cloud_browser_isolation_banner_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "strconv" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/variable" 11 | ) 12 | 13 | func TestAccDataSourceCBIBanners_Basic(t *testing.T) { 14 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPACBIBannerController) 15 | 16 | resource.Test(t, resource.TestCase{ 17 | PreCheck: func() { testAccPreCheck(t) }, 18 | Providers: testAccProviders, 19 | CheckDestroy: testAccCheckSegmentGroupDestroy, 20 | Steps: []resource.TestStep{ 21 | { 22 | Config: testAccCheckCBIBannerConfigure(resourceTypeAndName, generatedName, variable.PrimaryColor, variable.TextColor, variable.NotificationTitle, variable.NotificationText, variable.Banner, variable.Persist, variable.Logo), 23 | Check: resource.ComposeTestCheckFunc( 24 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 25 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 26 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "primary_color", resourceTypeAndName, "primary_color"), 27 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "text_color", resourceTypeAndName, "text_color"), 28 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "notification_title", resourceTypeAndName, "notification_title"), 29 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "notification_text", resourceTypeAndName, "notification_text"), 30 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "logo", resourceTypeAndName, "logo"), 31 | resource.TestCheckResourceAttr(resourceTypeAndName, "banner", strconv.FormatBool(variable.Banner)), 32 | resource.TestCheckResourceAttr(resourceTypeAndName, "persist", strconv.FormatBool(variable.Persist)), 33 | ), 34 | }, 35 | }, 36 | }) 37 | } 38 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_cloud_browser_isolation_certificate_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 9 | ) 10 | 11 | func TestAccDataSourceBaCertificates_Basic(t *testing.T) { 12 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPACBICertificate) 13 | 14 | certPEM, err := generateCBIRootCACert() 15 | if err != nil { 16 | t.Fatalf("Error generating root CA certificate: %v", err) 17 | } 18 | resource.Test(t, resource.TestCase{ 19 | PreCheck: func() { testAccPreCheck(t) }, 20 | Providers: testAccProviders, 21 | CheckDestroy: testAccCheckCBICertificateDestroy, 22 | Steps: []resource.TestStep{ 23 | { 24 | Config: testAccCheckCBICertificateConfigure(resourceTypeAndName, generatedName, string(certPEM)), 25 | Check: resource.ComposeTestCheckFunc( 26 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 27 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 28 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "pem", resourceTypeAndName, "pem"), 29 | ), 30 | }, 31 | }, 32 | }) 33 | } 34 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_cloud_browser_isolation_external_profile_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | /* 4 | // TODO: Testing disabled as QA environments have limited region access 5 | import ( 6 | "testing" 7 | 8 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 11 | ) 12 | 13 | func TestAccDataSourceCBIExternalProfile_Basic(t *testing.T) { 14 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPACBIExternalIsolationProfile) 15 | 16 | resource.Test(t, resource.TestCase{ 17 | PreCheck: func() { testAccPreCheck(t) }, 18 | Providers: testAccProviders, 19 | CheckDestroy: testAccCheckCBIExternalProfileDestroy, 20 | Steps: []resource.TestStep{ 21 | { 22 | Config: testAccCheckCBIExternalProfileConfigure(resourceTypeAndName, generatedName), 23 | Check: resource.ComposeTestCheckFunc( 24 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 25 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 26 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "description", resourceTypeAndName, "description"), 27 | resource.TestCheckResourceAttr(dataSourceTypeAndName, "user_experience.#", "1"), 28 | resource.TestCheckResourceAttr(dataSourceTypeAndName, "security_controls.#", "1"), 29 | ), 30 | }, 31 | }, 32 | }) 33 | } 34 | */ 35 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_cloud_browser_isolation_region.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | "log" 7 | 8 | "github.com/hashicorp/terraform-plugin-sdk/v2/diag" 9 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" 10 | "github.com/zscaler/zscaler-sdk-go/v3/zscaler/zpa/services/cloudbrowserisolation/cbiregions" 11 | ) 12 | 13 | func dataSourceCBIRegions() *schema.Resource { 14 | return &schema.Resource{ 15 | ReadContext: dataSourceCBIRegionsRead, 16 | Schema: map[string]*schema.Schema{ 17 | "id": { 18 | Type: schema.TypeString, 19 | Computed: true, 20 | Optional: true, 21 | }, 22 | "name": { 23 | Type: schema.TypeString, 24 | Computed: true, 25 | Optional: true, 26 | }, 27 | }, 28 | } 29 | } 30 | 31 | func dataSourceCBIRegionsRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { 32 | zClient := meta.(*Client) 33 | service := zClient.Service 34 | 35 | var resp *cbiregions.CBIRegions 36 | name, ok := d.Get("name").(string) 37 | if ok && name != "" { 38 | log.Printf("[INFO] Getting data for cbi regions name %s\n", name) 39 | res, _, err := cbiregions.GetByName(ctx, service, name) 40 | if err != nil { 41 | return diag.FromErr(err) 42 | } 43 | resp = res 44 | } 45 | 46 | if resp != nil { 47 | d.SetId(resp.ID) 48 | _ = d.Set("name", resp.Name) 49 | 50 | } else { 51 | return diag.FromErr(fmt.Errorf("couldn't find any cbi regions with name '%s'", name)) 52 | } 53 | 54 | return nil 55 | } 56 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_cloud_browser_isolation_region_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "fmt" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | var regionNames = []string{ 11 | "Frankfurt", 12 | } 13 | 14 | func TestAccDataSourceCBIRegions_Basic(t *testing.T) { 15 | resource.Test(t, resource.TestCase{ 16 | PreCheck: func() { testAccPreCheck(t) }, 17 | Providers: testAccProviders, 18 | Steps: []resource.TestStep{ 19 | { 20 | Config: testAccCheckDataSourceCBIRegions_basic(), 21 | Check: resource.ComposeTestCheckFunc( 22 | generateCBIRegionsChecks()..., 23 | ), 24 | }, 25 | }, 26 | }) 27 | } 28 | 29 | func generateCBIRegionsChecks() []resource.TestCheckFunc { 30 | var checks []resource.TestCheckFunc 31 | for _, name := range regionNames { 32 | resourceName := createValidResourceName(name) 33 | checkName := fmt.Sprintf("data.zpa_cloud_browser_isolation_region.%s", resourceName) 34 | checks = append(checks, resource.ComposeTestCheckFunc( 35 | resource.TestCheckResourceAttrSet(checkName, "name"), 36 | )) 37 | } 38 | return checks 39 | } 40 | 41 | func testAccCheckDataSourceCBIRegions_basic() string { 42 | var configs string 43 | for _, name := range regionNames { 44 | resourceName := createValidResourceName(name) 45 | configs += fmt.Sprintf(` 46 | data "zpa_cloud_browser_isolation_region" "%s" { 47 | name = "%s" 48 | } 49 | `, resourceName, name) 50 | } 51 | return configs 52 | } 53 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_cloud_browser_isolation_zpaprofiles_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "fmt" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | var zpaCbiProfileNames = []string{ 11 | "BD_SA_Profile1", "BD_SA_Profile2", 12 | } 13 | 14 | func TestAccDataSourceCBIZPAProfiles_Basic(t *testing.T) { 15 | resource.Test(t, resource.TestCase{ 16 | PreCheck: func() { testAccPreCheck(t) }, 17 | Providers: testAccProviders, 18 | Steps: []resource.TestStep{ 19 | { 20 | Config: testAccCheckDataSourceCBIZPAProfiles_basic(), 21 | Check: resource.ComposeTestCheckFunc( 22 | generateCBIZPAProfilesChecks()..., 23 | ), 24 | }, 25 | }, 26 | }) 27 | } 28 | 29 | func generateCBIZPAProfilesChecks() []resource.TestCheckFunc { 30 | var checks []resource.TestCheckFunc 31 | for _, name := range zpaCbiProfileNames { 32 | resourceName := createValidResourceName(name) 33 | checkName := fmt.Sprintf("data.zpa_cloud_browser_isolation_zpa_profile.%s", resourceName) 34 | checks = append(checks, resource.ComposeTestCheckFunc( 35 | resource.TestCheckResourceAttrSet(checkName, "name"), 36 | )) 37 | } 38 | return checks 39 | } 40 | 41 | func testAccCheckDataSourceCBIZPAProfiles_basic() string { 42 | var configs string 43 | for _, name := range zpaCbiProfileNames { 44 | resourceName := createValidResourceName(name) 45 | configs += fmt.Sprintf(` 46 | data "zpa_cloud_browser_isolation_zpa_profile" "%s" { 47 | name = "%s" 48 | } 49 | `, resourceName, name) 50 | } 51 | return configs 52 | } 53 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_cloud_connector_group_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | /* 4 | import ( 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | func TestAccDataSourceCloudConnectorGroup_Basic(t *testing.T) { 11 | resource.Test(t, resource.TestCase{ 12 | PreCheck: func() { testAccPreCheck(t) }, 13 | Providers: testAccProviders, 14 | Steps: []resource.TestStep{ 15 | { 16 | Config: testAccCheckDataSourceCloudConnectorGroupConfig_basic, 17 | Check: resource.ComposeTestCheckFunc( 18 | testAccDataSourceCloudConnectorGroupCheck("data.zpa_cloud_connector_group.zs-cc-vpc"), 19 | ), 20 | }, 21 | }, 22 | }) 23 | } 24 | 25 | func testAccDataSourceCloudConnectorGroupCheck(name string) resource.TestCheckFunc { 26 | return resource.ComposeTestCheckFunc( 27 | resource.TestCheckResourceAttrSet(name, "id"), 28 | resource.TestCheckResourceAttrSet(name, "name"), 29 | ) 30 | } 31 | 32 | var testAccCheckDataSourceCloudConnectorGroupConfig_basic = ` 33 | data "zpa_cloud_connector_group" "zs-cc-vpc" { 34 | name = "zs-cc-vpc-096108eb5d9e68d71-ca-central-1a" 35 | }` 36 | */ 37 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_customer_version_profile_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | ) 8 | 9 | func TestAccDataSourceCustomerVersionProfile_Basic(t *testing.T) { 10 | resource.Test(t, resource.TestCase{ 11 | PreCheck: func() { testAccPreCheck(t) }, 12 | Providers: testAccProviders, 13 | Steps: []resource.TestStep{ 14 | { 15 | Config: testAccCheckDataSourceCustomerVersionProfileConfig_basic, 16 | Check: resource.ComposeTestCheckFunc( 17 | testAccDataSourceCustomerVersionProfileCheck("data.zpa_customer_version_profile.default"), 18 | ), 19 | }, 20 | }, 21 | }) 22 | } 23 | 24 | func testAccDataSourceCustomerVersionProfileCheck(name string) resource.TestCheckFunc { 25 | return resource.ComposeTestCheckFunc( 26 | resource.TestCheckResourceAttrSet(name, "id"), 27 | resource.TestCheckResourceAttrSet(name, "name"), 28 | ) 29 | } 30 | 31 | var testAccCheckDataSourceCustomerVersionProfileConfig_basic = ` 32 | data "zpa_customer_version_profile" "default" { 33 | name = "Default" 34 | } 35 | ` 36 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_enrollement_cert_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "fmt" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | var enrollementCertNames = []string{ 11 | "Root", "Client", "Connector", "Service Edge", 12 | } 13 | 14 | func TestAccDataSourceEnrollmentCert_Basic(t *testing.T) { 15 | resource.Test(t, resource.TestCase{ 16 | PreCheck: func() { testAccPreCheck(t) }, 17 | Providers: testAccProviders, 18 | Steps: []resource.TestStep{ 19 | { 20 | Config: testAccCheckDataSourceEnrollmentCert_basic(), 21 | Check: resource.ComposeTestCheckFunc( 22 | generateEnrollmentCertChecks()..., 23 | ), 24 | }, 25 | }, 26 | }) 27 | } 28 | 29 | func generateEnrollmentCertChecks() []resource.TestCheckFunc { 30 | var checks []resource.TestCheckFunc 31 | for _, name := range enrollementCertNames { 32 | resourceName := createValidResourceName(name) 33 | checkName := fmt.Sprintf("data.zpa_enrollment_cert.%s", resourceName) 34 | checks = append(checks, resource.ComposeTestCheckFunc( 35 | resource.TestCheckResourceAttrSet(checkName, "id"), 36 | resource.TestCheckResourceAttrSet(checkName, "name"), 37 | )) 38 | } 39 | return checks 40 | } 41 | 42 | func testAccCheckDataSourceEnrollmentCert_basic() string { 43 | var configs string 44 | for _, name := range enrollementCertNames { 45 | resourceName := createValidResourceName(name) 46 | configs += fmt.Sprintf(` 47 | data "zpa_enrollment_cert" "%s" { 48 | name = "%s" 49 | } 50 | `, resourceName, name) 51 | } 52 | return configs 53 | } 54 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_idp_controller_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "fmt" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | var idpNames = []string{ 11 | "BD_Okta_Admin", "BD_Okta_Users", 12 | } 13 | 14 | func TestAccDataSourceIdpController_Basic(t *testing.T) { 15 | resource.Test(t, resource.TestCase{ 16 | PreCheck: func() { testAccPreCheck(t) }, 17 | Providers: testAccProviders, 18 | Steps: []resource.TestStep{ 19 | { 20 | Config: testAccCheckDataSourceIdpController_Basic(), 21 | Check: resource.ComposeTestCheckFunc( 22 | generateIdpControllerChecks()..., 23 | ), 24 | }, 25 | }, 26 | }) 27 | } 28 | 29 | func generateIdpControllerChecks() []resource.TestCheckFunc { 30 | var checks []resource.TestCheckFunc 31 | for _, name := range idpNames { 32 | resourceName := createValidResourceName(name) 33 | checkName := fmt.Sprintf("data.zpa_idp_controller.%s", resourceName) 34 | checks = append(checks, resource.ComposeTestCheckFunc( 35 | resource.TestCheckResourceAttrSet(checkName, "id"), 36 | resource.TestCheckResourceAttrSet(checkName, "name"), 37 | )) 38 | } 39 | return checks 40 | } 41 | 42 | func testAccCheckDataSourceIdpController_Basic() string { 43 | var configs string 44 | for _, name := range idpNames { 45 | resourceName := createValidResourceName(name) 46 | configs += fmt.Sprintf(` 47 | data "zpa_idp_controller" "%s" { 48 | name = "%s" 49 | } 50 | `, resourceName, name) 51 | } 52 | return configs 53 | } 54 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_inspection_all_predefined_controls_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | ) 8 | 9 | func TestAccDataSourceInspectionAllPredefinedControls_Basic(t *testing.T) { 10 | resource.Test(t, resource.TestCase{ 11 | PreCheck: func() { testAccPreCheck(t) }, 12 | Providers: testAccProviders, 13 | Steps: []resource.TestStep{ 14 | { 15 | Config: testAccCheckDataSourceInspectionAllPredefinedControlsConfig_basic, 16 | Check: resource.ComposeTestCheckFunc( 17 | testAccDataSourceInspectionAllPredefinedControlsCheck("data.zpa_inspection_all_predefined_controls.preprocessors"), 18 | testAccDataSourceInspectionAllPredefinedControlsCheck("data.zpa_inspection_all_predefined_controls.protocol_issues"), 19 | testAccDataSourceInspectionAllPredefinedControlsCheck("data.zpa_inspection_all_predefined_controls.php_injection"), 20 | ), 21 | }, 22 | }, 23 | }) 24 | } 25 | 26 | func testAccDataSourceInspectionAllPredefinedControlsCheck(name string) resource.TestCheckFunc { 27 | return resource.ComposeTestCheckFunc( 28 | resource.TestCheckResourceAttrSet(name, "version"), 29 | resource.TestCheckResourceAttrSet(name, "group_name"), 30 | ) 31 | } 32 | 33 | var testAccCheckDataSourceInspectionAllPredefinedControlsConfig_basic = ` 34 | data "zpa_inspection_all_predefined_controls" "preprocessors" { 35 | version = "OWASP_CRS/3.3.0" 36 | group_name = "Preprocessors" 37 | } 38 | 39 | data "zpa_inspection_all_predefined_controls" "protocol_issues" { 40 | version = "OWASP_CRS/3.3.0" 41 | group_name = "Protocol Issues" 42 | } 43 | 44 | data "zpa_inspection_all_predefined_controls" "php_injection" { 45 | version = "OWASP_CRS/3.3.0" 46 | group_name = "PHP Injection" 47 | } 48 | ` 49 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_inspection_custom_controls_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/variable" 10 | ) 11 | 12 | func TestAccDataSourceInspectionCustomControls_Basic(t *testing.T) { 13 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAInspectionCustomControl) 14 | 15 | resource.Test(t, resource.TestCase{ 16 | PreCheck: func() { testAccPreCheck(t) }, 17 | Providers: testAccProviders, 18 | CheckDestroy: testAccCheckInspectionCustomControlsDestroy, 19 | Steps: []resource.TestStep{ 20 | { 21 | Config: testAccCheckInspectionCustomControlsConfigure(resourceTypeAndName, generatedName, variable.CustomControlDescriptionUpdate, variable.CustomControlSeverityUpdate, variable.CustomControlControlType), 22 | Check: resource.ComposeTestCheckFunc( 23 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 24 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 25 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "default_action", resourceTypeAndName, "default_action"), 26 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "protocol_type", resourceTypeAndName, "protocol_type"), 27 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "severity", resourceTypeAndName, "severity"), 28 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "type", resourceTypeAndName, "type"), 29 | resource.TestCheckResourceAttr(dataSourceTypeAndName, "rules.#", "2"), 30 | ), 31 | }, 32 | }, 33 | }) 34 | } 35 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_inspection_predefined_controls_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | ) 8 | 9 | func TestAccDataSourceInspectionPredefinedControls_Basic(t *testing.T) { 10 | resource.Test(t, resource.TestCase{ 11 | PreCheck: func() { testAccPreCheck(t) }, 12 | Providers: testAccProviders, 13 | Steps: []resource.TestStep{ 14 | { 15 | Config: testAccCheckDataSourceInspectionPredefinedControlsConfig_basic, 16 | Check: resource.ComposeTestCheckFunc( 17 | testAccDataSourceInspectionPredefinedControlsCheck("data.zpa_inspection_predefined_controls.control01"), 18 | testAccDataSourceInspectionPredefinedControlsCheck("data.zpa_inspection_predefined_controls.control02"), 19 | testAccDataSourceInspectionPredefinedControlsCheck("data.zpa_inspection_predefined_controls.control03"), 20 | testAccDataSourceInspectionPredefinedControlsCheck("data.zpa_inspection_predefined_controls.control04"), 21 | ), 22 | }, 23 | }, 24 | }) 25 | } 26 | 27 | func testAccDataSourceInspectionPredefinedControlsCheck(name string) resource.TestCheckFunc { 28 | return resource.ComposeTestCheckFunc( 29 | resource.TestCheckResourceAttrSet(name, "name"), 30 | resource.TestCheckResourceAttrSet(name, "version"), 31 | ) 32 | } 33 | 34 | var testAccCheckDataSourceInspectionPredefinedControlsConfig_basic = ` 35 | data "zpa_inspection_predefined_controls" "control01" { 36 | name = "Failed to parse request body" 37 | version = "OWASP_CRS/3.3.0" 38 | } 39 | 40 | data "zpa_inspection_predefined_controls" "control02" { 41 | name = "Multipart request body failed strict validation" 42 | version = "OWASP_CRS/3.3.0" 43 | } 44 | 45 | data "zpa_inspection_predefined_controls" "control03" { 46 | name = "Multipart parser detected a possible unmatched boundary" 47 | version = "OWASP_CRS/3.3.0" 48 | } 49 | 50 | data "zpa_inspection_predefined_controls" "control04" { 51 | name = "GET or HEAD Request with Body Content" 52 | version = "OWASP_CRS/3.3.0" 53 | } 54 | ` 55 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_inspection_profile_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | /* 4 | func TestAccDataSourceInspectionProfile_Basic(t *testing.T) { 5 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAInspectionProfile) 6 | 7 | resource.Test(t, resource.TestCase{ 8 | PreCheck: func() { testAccPreCheck(t) }, 9 | Providers: testAccProviders, 10 | CheckDestroy: testAccCheckInspectionProfileDestroy, 11 | Steps: []resource.TestStep{ 12 | { 13 | Config: testAccCheckInspectionProfileConfigure(resourceTypeAndName, generatedName, variable.InspectionProfileDescription, variable.InspectionProfileParanoia), 14 | Check: resource.ComposeTestCheckFunc( 15 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 16 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 17 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "description", resourceTypeAndName, "description"), 18 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "paranoia_level", resourceTypeAndName, "paranoia_level"), 19 | resource.TestCheckResourceAttr(dataSourceTypeAndName, "predefined_controls.#", "7"), 20 | ), 21 | ExpectNonEmptyPlan: true, 22 | }, 23 | }, 24 | }) 25 | } 26 | */ 27 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_isolation_profiles_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | ) 8 | 9 | func TestAccDataSourceIsolationRule_Basic(t *testing.T) { 10 | resource.Test(t, resource.TestCase{ 11 | PreCheck: func() { testAccPreCheck(t) }, 12 | Providers: testAccProviders, 13 | Steps: []resource.TestStep{ 14 | { 15 | Config: testAccCheckDataSourceIsolationRuleConfig_basic, 16 | Check: resource.ComposeTestCheckFunc( 17 | testAccDataSourceIsolationRuleCheck("data.zpa_isolation_profile.bd_sa_profile1"), 18 | testAccDataSourceIsolationRuleCheck("data.zpa_isolation_profile.bd_sa_profile2"), 19 | ), 20 | }, 21 | }, 22 | }) 23 | } 24 | 25 | func testAccDataSourceIsolationRuleCheck(name string) resource.TestCheckFunc { 26 | return resource.ComposeTestCheckFunc( 27 | resource.TestCheckResourceAttrSet(name, "id"), 28 | resource.TestCheckResourceAttrSet(name, "name"), 29 | ) 30 | } 31 | 32 | var testAccCheckDataSourceIsolationRuleConfig_basic = ` 33 | data "zpa_isolation_profile" "bd_sa_profile1" { 34 | name = "BD_SA_Profile1" 35 | } 36 | 37 | data "zpa_isolation_profile" "bd_sa_profile2" { 38 | name = "BD_SA_Profile2" 39 | } 40 | ` 41 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_lss_config_client_types.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "context" 5 | "log" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/diag" 8 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" 9 | "github.com/zscaler/zscaler-sdk-go/v3/zscaler/zpa/services/lssconfigcontroller" 10 | ) 11 | 12 | func dataSourceLSSClientTypes() *schema.Resource { 13 | return &schema.Resource{ 14 | ReadContext: dataSourceLSSClientTypesRead, 15 | Schema: map[string]*schema.Schema{ 16 | "zpn_client_type_exporter": { 17 | Type: schema.TypeString, 18 | Computed: true, 19 | }, 20 | "zpn_client_type_machine_tunnel": { 21 | Type: schema.TypeString, 22 | Computed: true, 23 | }, 24 | "zpn_client_type_ip_anchoring": { 25 | Type: schema.TypeString, 26 | Computed: true, 27 | }, 28 | "zpn_client_type_edge_connector": { 29 | Type: schema.TypeString, 30 | Computed: true, 31 | }, 32 | "zpn_client_type_zapp": { 33 | Type: schema.TypeString, 34 | Computed: true, 35 | }, 36 | "zpn_client_type_slogger": { 37 | Type: schema.TypeString, 38 | Computed: true, 39 | }, 40 | }, 41 | } 42 | } 43 | 44 | func dataSourceLSSClientTypesRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { 45 | zClient := meta.(*Client) 46 | service := zClient.Service 47 | resp, _, err := lssconfigcontroller.GetClientTypes(ctx, service) 48 | if err != nil { 49 | return diag.FromErr(err) 50 | } 51 | 52 | log.Printf("[INFO] Getting Policy Set Global Rules:\n%+v\n", resp) 53 | d.SetId("lss_client_types") 54 | _ = d.Set("zpn_client_type_exporter", resp.ZPNClientTypeExporter) 55 | _ = d.Set("zpn_client_type_machine_tunnel", resp.ZPNClientTypeMachineTunnel) 56 | _ = d.Set("zpn_client_type_ip_anchoring", resp.ZPNClientTypeIPAnchoring) 57 | _ = d.Set("zpn_client_type_edge_connector", resp.ZPNClientTypeEdgeConnector) 58 | _ = d.Set("zpn_client_type_zapp", resp.ZPNClientTypeZAPP) 59 | _ = d.Set("zpn_client_type_slogger", resp.ZPNClientTypeSlogger) 60 | 61 | return nil 62 | } 63 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_lss_config_client_types_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | ) 8 | 9 | func TestAccDataSourceLSSClientTypes_Basic(t *testing.T) { 10 | resource.ParallelTest(t, resource.TestCase{ 11 | PreCheck: func() { testAccPreCheck(t) }, 12 | ProviderFactories: testAccProviderFactories, 13 | Steps: []resource.TestStep{ 14 | { 15 | Config: (testAccCheckDataSourceLSSClientTypesConfig_basic), 16 | Check: resource.ComposeTestCheckFunc( 17 | resource.TestCheckNoResourceAttr( 18 | "data.zpa_lss_config_client_types.all_client_types", ""), 19 | ), 20 | }, 21 | }, 22 | }) 23 | } 24 | 25 | var testAccCheckDataSourceLSSClientTypesConfig_basic = ` 26 | data "zpa_lss_config_client_types" "all_client_types" { 27 | }` 28 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_lss_config_log_types_formats_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "fmt" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | var lssConfigLogTypeFormatsNames = []string{ 11 | "zpn_ast_comprehensive_stats", "zpn_auth_log", "zpn_pbroker_comprehensive_stats", "zpn_ast_auth_log", "zpn_audit_log", 12 | "zpn_trans_log", "zpn_http_trans_log", "zpn_waf_http_exchanges_log", 13 | } 14 | 15 | func TestAccDataSourceLSSLogTypeFormats_Basic(t *testing.T) { 16 | resource.Test(t, resource.TestCase{ 17 | PreCheck: func() { testAccPreCheck(t) }, 18 | Providers: testAccProviders, 19 | Steps: []resource.TestStep{ 20 | { 21 | Config: testAccCheckDataSourceLSSLogTypeFormats_basic(), 22 | Check: resource.ComposeTestCheckFunc( 23 | generateLSSConfigLogTypeFormatChecks()..., 24 | ), 25 | }, 26 | }, 27 | }) 28 | } 29 | 30 | func generateLSSConfigLogTypeFormatChecks() []resource.TestCheckFunc { 31 | var checks []resource.TestCheckFunc 32 | for _, log_type := range lssConfigLogTypeFormatsNames { 33 | resourceName := createValidResourceName(log_type) 34 | checkName := fmt.Sprintf("data.zpa_lss_config_log_type_formats.%s", resourceName) 35 | checks = append(checks, resource.ComposeTestCheckFunc( 36 | resource.TestCheckResourceAttrSet(checkName, "log_type"), 37 | )) 38 | } 39 | return checks 40 | } 41 | 42 | func testAccCheckDataSourceLSSLogTypeFormats_basic() string { 43 | var configs string 44 | for _, log_type := range lssConfigLogTypeFormatsNames { 45 | resourceName := createValidResourceName(log_type) 46 | configs += fmt.Sprintf(` 47 | data "zpa_lss_config_log_type_formats" "%s" { 48 | log_type = "%s" 49 | } 50 | `, resourceName, log_type) 51 | } 52 | return configs 53 | } 54 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_lss_config_status_codes_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | ) 8 | 9 | func TestAccDataSourceLSSStatusCodes_Basic(t *testing.T) { 10 | resource.ParallelTest(t, resource.TestCase{ 11 | PreCheck: func() { testAccPreCheck(t) }, 12 | ProviderFactories: testAccProviderFactories, 13 | Steps: []resource.TestStep{ 14 | { 15 | Config: (testAccCheckDataSourceLSSStatusCodesConfig_basic), 16 | Check: resource.ComposeTestCheckFunc( 17 | resource.TestCheckNoResourceAttr( 18 | "data.zpa_lss_config_status_codes.status_codes", ""), 19 | ), 20 | }, 21 | }, 22 | }) 23 | } 24 | 25 | var testAccCheckDataSourceLSSStatusCodesConfig_basic = ` 26 | data "zpa_lss_config_status_codes" "status_codes" { 27 | }` 28 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_machine_group_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "fmt" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | // var machineGroupNames = []string{ 11 | // "BD-MGR01", "BD-MGR02", "BD MGR 03", "BD MGR 04", "BD MGR 05", 12 | // "BD MGR06", "BD MGR 07", "BD M GR 08", "BD M GR 09", 13 | // } 14 | 15 | var machineGroupNames = []string{ 16 | "BD-MGR01", "BD-MGR02", "BD MGR 03", 17 | } 18 | 19 | func TestAccDataSourceMachineGroup_Basic(t *testing.T) { 20 | resource.Test(t, resource.TestCase{ 21 | PreCheck: func() { testAccPreCheck(t) }, 22 | Providers: testAccProviders, 23 | Steps: []resource.TestStep{ 24 | { 25 | Config: testAccCheckDataSourceMachineGroup_basic(), 26 | Check: resource.ComposeTestCheckFunc( 27 | generateMachineGroupChecks()..., 28 | ), 29 | }, 30 | }, 31 | }) 32 | } 33 | 34 | func generateMachineGroupChecks() []resource.TestCheckFunc { 35 | var checks []resource.TestCheckFunc 36 | for _, name := range machineGroupNames { 37 | resourceName := createValidResourceName(name) 38 | checkName := fmt.Sprintf("data.zpa_machine_group.%s", resourceName) 39 | checks = append(checks, resource.ComposeTestCheckFunc( 40 | resource.TestCheckResourceAttrSet(checkName, "id"), 41 | resource.TestCheckResourceAttrSet(checkName, "name"), 42 | )) 43 | } 44 | return checks 45 | } 46 | 47 | func testAccCheckDataSourceMachineGroup_basic() string { 48 | var configs string 49 | for _, name := range machineGroupNames { 50 | resourceName := createValidResourceName(name) 51 | configs += fmt.Sprintf(` 52 | data "zpa_machine_group" "%s" { 53 | name = "%s" 54 | } 55 | `, resourceName, name) 56 | } 57 | return configs 58 | } 59 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_microtenant_controller_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | /* 4 | import ( 5 | "strconv" 6 | "testing" 7 | 8 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 11 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/variable" 12 | ) 13 | 14 | func TestAccDataSourceMicrotenant_Basic(t *testing.T) { 15 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAMicrotenant) 16 | 17 | resource.Test(t, resource.TestCase{ 18 | PreCheck: func() { testAccPreCheck(t) }, 19 | Providers: testAccProviders, 20 | CheckDestroy: testAccCheckMicroTenantDestroy, 21 | Steps: []resource.TestStep{ 22 | { 23 | Config: testAccCheckMicrotenantConfigure(resourceTypeAndName, generatedName, variable.MicrotenantDescription, variable.MicrotenantCriteriaAttribute, variable.MicrotenantEnabled), 24 | Check: resource.ComposeTestCheckFunc( 25 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 26 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 27 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "description", resourceTypeAndName, "description"), 28 | resource.TestCheckResourceAttr(resourceTypeAndName, "enabled", strconv.FormatBool(variable.MicrotenantEnabled)), 29 | resource.TestCheckResourceAttr(resourceTypeAndName, "criteria_attribute", variable.MicrotenantCriteriaAttribute), 30 | ), 31 | }, 32 | }, 33 | }) 34 | } 35 | */ 36 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_policy_type_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "fmt" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | var policyTypeNames = []string{ 11 | "ACCESS_POLICY", "GLOBAL_POLICY", "TIMEOUT_POLICY", "REAUTH_POLICY", "CLIENT_FORWARDING_POLICY", "INSPECTION_POLICY", "BYPASS_POLICY", "SIEM_POLICY", 12 | } 13 | 14 | func TestAccDataSourcePolicyType_Basic(t *testing.T) { 15 | resource.Test(t, resource.TestCase{ 16 | PreCheck: func() { testAccPreCheck(t) }, 17 | Providers: testAccProviders, 18 | Steps: []resource.TestStep{ 19 | { 20 | Config: testAccCheckDataSourcePolicyType_basic(), 21 | Check: resource.ComposeTestCheckFunc( 22 | generatePolicyTypeChecks()..., 23 | ), 24 | }, 25 | }, 26 | }) 27 | } 28 | 29 | func generatePolicyTypeChecks() []resource.TestCheckFunc { 30 | var checks []resource.TestCheckFunc 31 | for _, name := range policyTypeNames { 32 | resourceName := createValidResourceName(name) 33 | checkName := fmt.Sprintf("data.zpa_policy_type.%s", resourceName) 34 | checks = append(checks, resource.ComposeTestCheckFunc( 35 | resource.TestCheckResourceAttrSet(checkName, "id"), 36 | resource.TestCheckResourceAttrSet(checkName, "policy_type"), 37 | )) 38 | } 39 | return checks 40 | } 41 | 42 | func testAccCheckDataSourcePolicyType_basic() string { 43 | var configs string 44 | for _, name := range policyTypeNames { 45 | resourceName := createValidResourceName(name) 46 | configs += fmt.Sprintf(` 47 | data "zpa_policy_type" "%s" { 48 | policy_type = "%s" 49 | } 50 | `, resourceName, name) 51 | } 52 | return configs 53 | } 54 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_posture_profile_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "fmt" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | var profileNames = []string{ 11 | "CrowdStrike_ZPA_Pre-ZTA", "CrowdStrike_ZPA_ZTA_40", "CrowdStrike_ZPA_ZTA_80", 12 | } 13 | 14 | func TestAccDataSourcePostureProfile_Basic(t *testing.T) { 15 | resource.Test(t, resource.TestCase{ 16 | PreCheck: func() { testAccPreCheck(t) }, 17 | Providers: testAccProviders, 18 | Steps: []resource.TestStep{ 19 | { 20 | Config: testAccCheckDataSourcePostureProfile_basic(), 21 | Check: resource.ComposeTestCheckFunc( 22 | generatePostureProfileChecks()..., 23 | ), 24 | }, 25 | }, 26 | }) 27 | } 28 | 29 | func generatePostureProfileChecks() []resource.TestCheckFunc { 30 | var checks []resource.TestCheckFunc 31 | for _, name := range profileNames { 32 | resourceName := createValidResourceName(name) 33 | checkName := fmt.Sprintf("data.zpa_posture_profile.%s", resourceName) 34 | checks = append(checks, resource.ComposeTestCheckFunc( 35 | resource.TestCheckResourceAttrSet(checkName, "id"), 36 | resource.TestCheckResourceAttrSet(checkName, "name"), 37 | )) 38 | } 39 | return checks 40 | } 41 | 42 | func testAccCheckDataSourcePostureProfile_basic() string { 43 | var configs string 44 | for _, name := range profileNames { 45 | resourceName := createValidResourceName(name) 46 | configs += fmt.Sprintf(` 47 | data "zpa_posture_profile" "%s" { 48 | name = "%s" 49 | } 50 | `, resourceName, name) 51 | } 52 | return configs 53 | } 54 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_pra_approval_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 9 | ) 10 | 11 | func TestAccDataSourcePRAPrivilegedApproval_Basic(t *testing.T) { 12 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAPRAApprovalController) 13 | 14 | resource.Test(t, resource.TestCase{ 15 | PreCheck: func() { testAccPreCheck(t) }, 16 | Providers: testAccProviders, 17 | CheckDestroy: testAccCheckPRAPrivilegedApprovalDestroy, 18 | Steps: []resource.TestStep{ 19 | { 20 | Config: testAccCheckPRAPrivilegedApprovalConfigure(resourceTypeAndName, generatedName), 21 | Check: resource.ComposeTestCheckFunc( 22 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 23 | resource.TestCheckResourceAttr(resourceTypeAndName, "email_ids.#", "1"), 24 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "domain", resourceTypeAndName, "domain"), 25 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "status", resourceTypeAndName, "status"), 26 | resource.TestCheckResourceAttr(dataSourceTypeAndName, "applications.#", "1"), 27 | resource.TestCheckResourceAttr(dataSourceTypeAndName, "working_hours.#", "1"), 28 | ), 29 | }, 30 | }, 31 | }) 32 | } 33 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_pra_console_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "strconv" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/variable" 11 | ) 12 | 13 | func TestAccDataSourcePRAConsoleController_Basic(t *testing.T) { 14 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAPRAConsoleController) 15 | domainName := "pra_" + generatedName 16 | 17 | praPortalTypeAndName, _, praPortalGeneratedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAPRAPortalController) 18 | praPortalHCL := testAccCheckPRAPortalControllerConfigure(praPortalTypeAndName, praPortalGeneratedName, variable.PraPortalDescription, variable.PraPortalEnabled, variable.PraUserNotificationEnabled, domainName, variable.PraUserNotification) 19 | 20 | resource.Test(t, resource.TestCase{ 21 | PreCheck: func() { testAccPreCheck(t) }, 22 | Providers: testAccProviders, 23 | CheckDestroy: testAccCheckPRAConsoleControllerDestroy, 24 | Steps: []resource.TestStep{ 25 | { 26 | Config: testAccCheckPRAConsoleControllerConfigure(resourceTypeAndName, generatedName, generatedName, variable.PraConsoleDescription, variable.PraConsoleEnabled, praPortalHCL, praPortalTypeAndName), 27 | Check: resource.ComposeTestCheckFunc( 28 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 29 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 30 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "description", resourceTypeAndName, "description"), 31 | resource.TestCheckResourceAttr(resourceTypeAndName, "enabled", strconv.FormatBool(variable.PraConsoleEnabled)), 32 | resource.TestCheckResourceAttr(dataSourceTypeAndName, "pra_application.#", "1"), 33 | resource.TestCheckResourceAttr(dataSourceTypeAndName, "pra_portals.#", "1"), 34 | ), 35 | }, 36 | }, 37 | }) 38 | } 39 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_pra_credential_controller_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/variable" 11 | ) 12 | 13 | func TestAccDataSourcePRACredentialController_Basic(t *testing.T) { 14 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAPRACredentialController) 15 | rPassword := acctest.RandString(10) 16 | 17 | resource.Test(t, resource.TestCase{ 18 | PreCheck: func() { testAccPreCheck(t) }, 19 | Providers: testAccProviders, 20 | CheckDestroy: testAccCheckPRACredentialControllerDestroy, 21 | Steps: []resource.TestStep{ 22 | { 23 | Config: testAccCheckPRACredentialControllerConfigure(resourceTypeAndName, generatedName, variable.CredentialDescription, rPassword), 24 | Check: resource.ComposeTestCheckFunc( 25 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 26 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 27 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "description", resourceTypeAndName, "description"), 28 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "credential_type", resourceTypeAndName, "credential_type"), 29 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "user_domain", resourceTypeAndName, "user_domain"), 30 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "username", resourceTypeAndName, "username"), 31 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "password", resourceTypeAndName, rPassword), 32 | ), 33 | }, 34 | }, 35 | }) 36 | } 37 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_pra_credential_pool_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/variable" 11 | ) 12 | 13 | func TestAccDataSourcePRACredentialPool_Basic(t *testing.T) { 14 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAPRACredentialPool) 15 | 16 | rPassword := acctest.RandString(10) 17 | 18 | credentialControllerTypeAndName, _, credentialControllerGeneratedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAPRACredentialController) 19 | credentialControllerHCL := testAccCheckPRACredentialControllerConfigure(credentialControllerTypeAndName, credentialControllerGeneratedName, variable.CredentialDescription, rPassword) 20 | 21 | resource.Test(t, resource.TestCase{ 22 | PreCheck: func() { testAccPreCheck(t) }, 23 | Providers: testAccProviders, 24 | CheckDestroy: testAccCheckPRACredentialPoolDestroy, 25 | Steps: []resource.TestStep{ 26 | { 27 | Config: testAccCheckPRACredentialPoolConfigure(resourceTypeAndName, generatedName, generatedName, credentialControllerHCL, credentialControllerTypeAndName), 28 | Check: resource.ComposeTestCheckFunc( 29 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 30 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 31 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "credential_type", resourceTypeAndName, "credential_type"), 32 | resource.TestCheckResourceAttr(dataSourceTypeAndName, "credentials.#", "1"), 33 | ), 34 | }, 35 | }, 36 | }) 37 | } 38 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_pra_portal_controller_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "strconv" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/variable" 11 | ) 12 | 13 | func TestAccDataSourcePRAPortalController_Basic(t *testing.T) { 14 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAPRAPortalController) 15 | domainName := "pra_" + generatedName 16 | 17 | resource.Test(t, resource.TestCase{ 18 | PreCheck: func() { testAccPreCheck(t) }, 19 | Providers: testAccProviders, 20 | CheckDestroy: testAccCheckPRAPortalControllerDestroy, 21 | Steps: []resource.TestStep{ 22 | { 23 | Config: testAccCheckPRAPortalControllerConfigure(resourceTypeAndName, generatedName, variable.PraPortalDescription, variable.PraPortalEnabled, variable.PraUserNotificationEnabled, domainName, variable.PraUserNotification), 24 | Check: resource.ComposeTestCheckFunc( 25 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 26 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 27 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "description", resourceTypeAndName, "description"), 28 | resource.TestCheckResourceAttr(resourceTypeAndName, "enabled", strconv.FormatBool(variable.PraPortalEnabled)), 29 | resource.TestCheckResourceAttr(resourceTypeAndName, "user_notification_enabled", strconv.FormatBool(variable.PraUserNotificationEnabled)), 30 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "certificate_id", resourceTypeAndName, "certificate_id"), 31 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "domain", resourceTypeAndName, "domain"), 32 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "user_notification", resourceTypeAndName, "user_notification"), 33 | ), 34 | }, 35 | }, 36 | }) 37 | } 38 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_saml_attribute_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | ) 8 | 9 | func TestAccDataSourceSamlAttribute_Basic(t *testing.T) { 10 | resource.Test(t, resource.TestCase{ 11 | PreCheck: func() { testAccPreCheck(t) }, 12 | Providers: testAccProviders, 13 | Steps: []resource.TestStep{ 14 | { 15 | Config: testAccCheckDataSourceSamlAttributeConfig_basic, 16 | Check: resource.ComposeTestCheckFunc( 17 | testAccDataSourceSamlAttributeCheck("data.zpa_saml_attribute.email_user_sso"), 18 | testAccDataSourceSamlAttributeCheck("data.zpa_saml_attribute.department"), 19 | testAccDataSourceSamlAttributeCheck("data.zpa_saml_attribute.first_name"), 20 | testAccDataSourceSamlAttributeCheck("data.zpa_saml_attribute.last_name"), 21 | testAccDataSourceSamlAttributeCheck("data.zpa_saml_attribute.group"), 22 | ), 23 | }, 24 | }, 25 | }) 26 | } 27 | 28 | func testAccDataSourceSamlAttributeCheck(name string) resource.TestCheckFunc { 29 | return resource.ComposeTestCheckFunc( 30 | resource.TestCheckResourceAttrSet(name, "id"), 31 | resource.TestCheckResourceAttrSet(name, "name"), 32 | ) 33 | } 34 | 35 | var testAccCheckDataSourceSamlAttributeConfig_basic = ` 36 | data "zpa_saml_attribute" "email_user_sso" { 37 | name = "Email_BD_Okta_Users" 38 | idp_name = "BD_Okta_Users" 39 | } 40 | data "zpa_saml_attribute" "department" { 41 | name = "DepartmentName_BD_Okta_Users" 42 | idp_name = "BD_Okta_Users" 43 | } 44 | data "zpa_saml_attribute" "first_name" { 45 | name = "FirstName_BD_Okta_Users" 46 | idp_name = "BD_Okta_Users" 47 | } 48 | data "zpa_saml_attribute" "last_name" { 49 | name = "LastName_BD_Okta_Users" 50 | idp_name = "BD_Okta_Users" 51 | } 52 | data "zpa_saml_attribute" "group" { 53 | name = "GroupName_BD_Okta_Users" 54 | idp_name = "BD_Okta_Users" 55 | } 56 | ` 57 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_scim_attribute_header_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | ) 8 | 9 | func TestAccDataSourceScimAttributeHeader_Basic(t *testing.T) { 10 | resource.Test(t, resource.TestCase{ 11 | PreCheck: func() { testAccPreCheck(t) }, 12 | Providers: testAccProviders, 13 | Steps: []resource.TestStep{ 14 | { 15 | Config: testAccCheckDataSourceScimAttributeHeaderConfig_basic, 16 | Check: resource.ComposeTestCheckFunc( 17 | testAccDataSourceScimAttributeHeaderCheck("data.zpa_scim_attribute_header.email_value"), 18 | testAccDataSourceScimAttributeHeaderCheck("data.zpa_scim_attribute_header.cost_center"), 19 | testAccDataSourceScimAttributeHeaderCheck("data.zpa_scim_attribute_header.department"), 20 | testAccDataSourceScimAttributeHeaderCheck("data.zpa_scim_attribute_header.name_family_name"), 21 | ), 22 | }, 23 | }, 24 | }) 25 | } 26 | 27 | func testAccDataSourceScimAttributeHeaderCheck(name string) resource.TestCheckFunc { 28 | return resource.ComposeTestCheckFunc( 29 | resource.TestCheckResourceAttrSet(name, "id"), 30 | resource.TestCheckResourceAttrSet(name, "name"), 31 | resource.TestCheckResourceAttrSet(name, "idp_name"), 32 | ) 33 | } 34 | 35 | var testAccCheckDataSourceScimAttributeHeaderConfig_basic = ` 36 | data "zpa_scim_attribute_header" "email_value" { 37 | name = "emails.value" 38 | idp_name = "BD_Okta_Users" 39 | } 40 | 41 | data "zpa_scim_attribute_header" "cost_center" { 42 | name = "costCenter" 43 | idp_name = "BD_Okta_Users" 44 | } 45 | 46 | data "zpa_scim_attribute_header" "department" { 47 | name = "department" 48 | idp_name = "BD_Okta_Users" 49 | } 50 | 51 | data "zpa_scim_attribute_header" "name_family_name" { 52 | name = "name.familyName" 53 | idp_name = "BD_Okta_Users" 54 | } 55 | ` 56 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_scim_group_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 7 | ) 8 | 9 | func TestAccDataSourceScimGroup_Basic(t *testing.T) { 10 | resource.Test(t, resource.TestCase{ 11 | PreCheck: func() { testAccPreCheck(t) }, 12 | Providers: testAccProviders, 13 | Steps: []resource.TestStep{ 14 | { 15 | Config: testAccCheckDataSourceScimGroupConfig_basic, 16 | Check: resource.ComposeTestCheckFunc( 17 | testAccDataSourceScimGroupCheck("data.zpa_scim_groups.engineering"), 18 | testAccDataSourceScimGroupCheck("data.zpa_scim_groups.contractors"), 19 | testAccDataSourceScimGroupCheck("data.zpa_scim_groups.finance"), 20 | testAccDataSourceScimGroupCheck("data.zpa_scim_groups.executives"), 21 | ), 22 | }, 23 | }, 24 | }) 25 | } 26 | 27 | func testAccDataSourceScimGroupCheck(name string) resource.TestCheckFunc { 28 | return resource.ComposeTestCheckFunc( 29 | resource.TestCheckResourceAttrSet(name, "id"), 30 | resource.TestCheckResourceAttrSet(name, "name"), 31 | ) 32 | } 33 | 34 | var testAccCheckDataSourceScimGroupConfig_basic = ` 35 | data "zpa_scim_groups" "engineering" { 36 | name = "Engineering" 37 | idp_name = "BD_Okta_Users" 38 | } 39 | 40 | data "zpa_scim_groups" "contractors" { 41 | name = "Contractors" 42 | idp_name = "BD_Okta_Users" 43 | } 44 | 45 | data "zpa_scim_groups" "finance" { 46 | name = "Finance" 47 | idp_name = "BD_Okta_Users" 48 | } 49 | 50 | data "zpa_scim_groups" "executives" { 51 | name = "Executives" 52 | idp_name = "BD_Okta_Users" 53 | } 54 | ` 55 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_segment_group_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "strconv" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/variable" 11 | ) 12 | 13 | func TestAccDataSourceSegmentGroup_Basic(t *testing.T) { 14 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPASegmentGroup) 15 | 16 | resource.Test(t, resource.TestCase{ 17 | PreCheck: func() { testAccPreCheck(t) }, 18 | Providers: testAccProviders, 19 | CheckDestroy: testAccCheckSegmentGroupDestroy, 20 | Steps: []resource.TestStep{ 21 | { 22 | Config: testAccCheckSegmentGroupConfigure(resourceTypeAndName, generatedName, variable.SegmentGroupDescription, variable.SegmentGroupEnabled), 23 | Check: resource.ComposeTestCheckFunc( 24 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 25 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 26 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "description", resourceTypeAndName, "description"), 27 | resource.TestCheckResourceAttr(resourceTypeAndName, "enabled", strconv.FormatBool(variable.SegmentGroupEnabled)), 28 | ), 29 | }, 30 | }, 31 | }) 32 | } 33 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_server_group_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "strconv" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/resourcetype" 9 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/method" 10 | "github.com/zscaler/terraform-provider-zpa/v4/zpa/common/testing/variable" 11 | ) 12 | 13 | func TestAccDataSourceServerGroup_Basic(t *testing.T) { 14 | resourceTypeAndName, dataSourceTypeAndName, generatedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAServerGroup) 15 | 16 | appConnectorGroupTypeAndName, _, appConnectorGroupGeneratedName := method.GenerateRandomSourcesTypeAndName(resourcetype.ZPAAppConnectorGroup) 17 | appConnectorGroupHCL := testAccCheckAppConnectorGroupConfigure(appConnectorGroupTypeAndName, appConnectorGroupGeneratedName, variable.AppConnectorDescription, variable.AppConnectorEnabled) 18 | 19 | resource.Test(t, resource.TestCase{ 20 | PreCheck: func() { testAccPreCheck(t) }, 21 | Providers: testAccProviders, 22 | CheckDestroy: testAccCheckServerGroupDestroy, 23 | Steps: []resource.TestStep{ 24 | { 25 | Config: testAccCheckServerGroupConfigure(resourceTypeAndName, generatedName, generatedName, generatedName, appConnectorGroupHCL, appConnectorGroupTypeAndName, variable.ServerGroupEnabled, variable.ServerGroupDynamicDiscovery), 26 | Check: resource.ComposeTestCheckFunc( 27 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "id", resourceTypeAndName, "id"), 28 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "name", resourceTypeAndName, "name"), 29 | resource.TestCheckResourceAttrPair(dataSourceTypeAndName, "description", resourceTypeAndName, "description"), 30 | resource.TestCheckResourceAttr(resourceTypeAndName, "enabled", strconv.FormatBool(variable.ServerGroupEnabled)), 31 | resource.TestCheckResourceAttr(resourceTypeAndName, "dynamic_discovery", strconv.FormatBool(variable.ServerGroupDynamicDiscovery)), 32 | resource.TestCheckResourceAttr(dataSourceTypeAndName, "app_connector_groups.#", "1"), 33 | ), 34 | }, 35 | }, 36 | }) 37 | } 38 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_service_edge_assistant_schedule_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | /* 4 | import ( 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | func TestAccDataSourceServiceEdgeAssistantSchedule_Basic(t *testing.T) { 11 | resource.Test(t, resource.TestCase{ 12 | PreCheck: func() { testAccPreCheck(t) }, 13 | Providers: testAccProviders, 14 | Steps: []resource.TestStep{ 15 | { 16 | Config: testAccCheckDataSourceServiceEdgeAssistantScheduleConfig_basic, 17 | Check: resource.ComposeTestCheckFunc( 18 | testAccDataSourceServiceEdgeAssistantScheduleCheck("data.zpa_service_edge_assistant_schedule.this"), 19 | testAccDataSourceServiceEdgeAssistantScheduleCheck("data.zpa_service_edge_assistant_schedule.by_id"), 20 | testAccDataSourceServiceEdgeAssistantScheduleCheck("data.zpa_service_edge_assistant_schedule.customer_id"), 21 | ), 22 | }, 23 | }, 24 | }) 25 | } 26 | 27 | func testAccDataSourceServiceEdgeAssistantScheduleCheck(id string) resource.TestCheckFunc { 28 | return resource.ComposeTestCheckFunc( 29 | resource.TestCheckResourceAttrSet(id, "id"), 30 | ) 31 | } 32 | 33 | var testAccCheckDataSourceServiceEdgeAssistantScheduleConfig_basic = ` 34 | data "zpa_service_edge_assistant_schedule" "this" { 35 | } 36 | 37 | data "zpa_service_edge_assistant_schedule" "by_id" { 38 | id = data.zpa_service_edge_assistant_schedule.this.id 39 | } 40 | 41 | data "zpa_service_edge_assistant_schedule" "customer_id" { 42 | customer_id = data.zpa_service_edge_assistant_schedule.this.customer_id 43 | } 44 | ` 45 | */ 46 | -------------------------------------------------------------------------------- /zpa/data_source_zpa_trusted_network_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "fmt" 5 | "testing" 6 | 7 | "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" 8 | ) 9 | 10 | // var networkNames = []string{ 11 | // "BD Trusted Network 01", 12 | // "BD TrustedNetwork 01", 13 | // "BD-TrustedNetwork03", 14 | // "BDTrustedNetwork", 15 | // } 16 | 17 | var networkNames = []string{ 18 | "BD-TrustedNetwork03", 19 | "BDTrustedNetwork", 20 | } 21 | 22 | func TestAccDataSourceTrustedNetwork_Basic(t *testing.T) { 23 | resource.Test(t, resource.TestCase{ 24 | PreCheck: func() { testAccPreCheck(t) }, 25 | Providers: testAccProviders, 26 | Steps: []resource.TestStep{ 27 | { 28 | Config: testAccCheckDataSourceTrustedNetwork_basic(), 29 | Check: resource.ComposeTestCheckFunc( 30 | generateTrustedNetworkChecks()..., 31 | ), 32 | }, 33 | }, 34 | }) 35 | } 36 | 37 | func generateTrustedNetworkChecks() []resource.TestCheckFunc { 38 | var checks []resource.TestCheckFunc 39 | for _, name := range networkNames { 40 | resourceName := createValidResourceName(name) 41 | checkName := fmt.Sprintf("data.zpa_trusted_network.%s", resourceName) 42 | checks = append(checks, resource.ComposeTestCheckFunc( 43 | resource.TestCheckResourceAttrSet(checkName, "id"), 44 | resource.TestCheckResourceAttrSet(checkName, "name"), 45 | )) 46 | } 47 | return checks 48 | } 49 | 50 | func testAccCheckDataSourceTrustedNetwork_basic() string { 51 | var configs string 52 | for _, name := range networkNames { 53 | resourceName := createValidResourceName(name) 54 | configs += fmt.Sprintf(` 55 | data "zpa_trusted_network" "%s" { 56 | name = "%s" 57 | } 58 | `, resourceName, name) 59 | } 60 | return configs 61 | } 62 | -------------------------------------------------------------------------------- /zpa/utils_for_test.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | import ( 4 | "fmt" 5 | "strings" 6 | ) 7 | 8 | func condenseError(errorList []error) error { 9 | if len(errorList) < 1 { 10 | return nil 11 | } 12 | msgList := make([]string, len(errorList)) 13 | for i, err := range errorList { 14 | if err != nil { 15 | msgList[i] = err.Error() 16 | } 17 | } 18 | return fmt.Errorf("series of errors occurred: %s", strings.Join(msgList, ", ")) 19 | } 20 | -------------------------------------------------------------------------------- /zpa/version.go: -------------------------------------------------------------------------------- 1 | package zpa 2 | 3 | // ProviderVersion is set at build-time in the release process 4 | var ProviderVersion = "3.32.0" 5 | --------------------------------------------------------------------------------