Fixed zia_url_filtering_rules schema validation (#356)

* Fix: Fixed zia_url_filtering_rules schema validation * doc: Fixed broken links in the README page * fix: Upgraded to Zscaler SDK Go v2.61.6 * fix: Added new Location Management Attributes
zscaler · Jul 3, 2024 · 001d677 · 001d677
1 parent 9bd591b
commit 001d677
Show file tree

Hide file tree

Showing 13 changed files with 326 additions and 60 deletions.
diff --git a/.github/workflows/zia-test.yml b/.github/workflows/zia-test.yml
@@ -225,7 +225,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        goVersion: ["1.22"]
+        goVersion: ["1.21"]
         environment:
           - ZIA_ZS2
     environment: ${{ matrix.environment }}
@@ -243,12 +243,6 @@ jobs:
           echo "GOPATH=$(go env GOPATH)" >> $GITHUB_ENV
           echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
 
-      - name: Force set Go version in go.mod
-        run: |
-          echo "module github.com/zscaler/terraform-provider-zia/v2" > go.mod
-          echo "go 1.21" >> go.mod
-          go mod edit -fmt
-
       - name: Setup Go Tools
         run: make tools
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,28 @@
 # Changelog
 
+## 2.91.2 (July, 2 2024)
+
+### Notes
+
+- Release date: **(July, 2  2024)**
+- Supported Terraform version: **v1.x**
+
+### Bug Fix
+
+- [PR #356](https://github.com/zscaler/terraform-provider-zia/356) - Fixed ``zia_url_filtering_rules`` schema validation to ensure proper validation during plan and apply stages.
+
+## 2.91.1 (June, 29 2024)
+
+### Notes
+
+- Release date: **(June, 29  2024)**
+- Supported Terraform version: **v1.x**
+
+### Bug Fix
+
+- [PR #354](https://github.com/zscaler/terraform-provider-zia/354) - Fixed go.mod and go.sum
+- [PR #354](https://github.com/zscaler/terraform-provider-zia/354) - Fixed computed attributes in the schema
+
 ## 2.91.0 (June, 19 2024)
 
 ### Notes

diff --git a/GNUmakefile b/GNUmakefile
@@ -196,14 +196,14 @@ test\:integration\:zscalertwo:
 build13: GOOS=$(shell go env GOOS)
 build13: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
-build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.91.0/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.91.2/$(GOOS)_$(GOARCH)
 else
-build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.91.0/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.91.2/$(GOOS)_$(GOARCH)
 endif
 build13: fmtcheck
 	@echo "==> Installing plugin to $(DESTINATION)"
 	@mkdir -p $(DESTINATION)
-	go build -o $(DESTINATION)/terraform-provider-zia_v2.91.0
+	go build -o $(DESTINATION)/terraform-provider-zia_v2.91.2
 
 coverage: test
 	@echo "✓ Opening coverage for unit tests ..."

diff --git a/README.md b/README.md
@@ -23,7 +23,7 @@ Terraform Provider for ☁️Zscaler Internet Access (ZIA)☁️
 
 ## Support Disclaimer
 
--> **Disclaimer:** Please refer to our [General Support Statement](guides/support.md) before proceeding with the use of this provider. You can also refer to our [troubleshooting guide](guides/troubleshooting.md) for guidance on typical problems.
+-> **Disclaimer:** Please refer to our [General Support Statement](docs/guides/support.md) before proceeding with the use of this provider. You can also refer to our [troubleshooting guide](docs/guides/troubleshooting.md) for guidance on typical problems.
 
 Requirements
 ------------

diff --git a/docs/guides/release-notes.md b/docs/guides/release-notes.md
@@ -12,10 +12,33 @@ description: |-
 Track all ZIA Terraform provider's releases. New resources, features, and bug fixes will be tracked here.
 
 ---
-``Last updated: v2.91.0``
+``Last updated: v2.91.2``
 
 ---
 
+## 2.91.2 (July, 2 2024)
+
+### Notes
+
+- Release date: **(July, 2  2024)**
+- Supported Terraform version: **v1.x**
+
+### Bug Fix
+
+- [PR #356](https://github.com/zscaler/terraform-provider-zia/356) - Fixed ``zia_url_filtering_rules`` schema validation to ensure proper validation during plan and apply stages.
+
+## 2.91.1 (June, 29 2024)
+
+### Notes
+
+- Release date: **(June, 29  2024)**
+- Supported Terraform version: **v1.x**
+
+### Bug Fix
+
+- [PR #354](https://github.com/zscaler/terraform-provider-zia/354) - Fixed go.mod and go.sum
+- [PR #354](https://github.com/zscaler/terraform-provider-zia/354) - Fixed computed attributes in the schema
+
 ## 2.91.0 (June, 19 2024)
 
 ### Notes

diff --git a/docs/resources/zia_location_management.md b/docs/resources/zia_location_management.md
@@ -15,10 +15,9 @@ The **zia_location_management** resource allows the creation and management of Z
 * VPN credentials resource
 * URL filtering and firewall filtering rules
 
-## Example Usage
+## Example Usage - Location Management with UFQDN VPN Credential
 
 ```hcl
-# ZIA Location Management with UFQDN VPN Credential
 resource "zia_location_management" "usa_sjc37"{
     name                        = "USA_SJC_37"
     description                 = "Created with Terraform"
@@ -46,6 +45,8 @@ resource "zia_traffic_forwarding_vpn_credentials" "usa_sjc37"{
 }
 ```
 
+## Example Usage - Location Management with IP VPN Credential
+
 ```hcl
 # ZIA Location Management with IP VPN Credential
 resource "zia_location_management" "usa_sjc37"{
@@ -85,28 +86,113 @@ resource "zia_traffic_forwarding_static_ip" "usa_sjc37"{
 }
 ```
 
+## Example Usage - Location Management with Manual and Dynamic Location Groups
+
+```hcl
+# Retrieve ZIA Manual Location Groups
+data "zia_location_groups" "this"{
+    name = "SDWAN_CAN"
+}
+
+# ZIA Location Management with UFQDN VPN Credential
+resource "zia_location_management" "usa_sjc37"{
+    name                        = "USA_SJC_37"
+    description                 = "Created with Terraform"
+    country                     = "UNITED_STATES"
+    tz                          = "UNITED_STATES_AMERICA_LOS_ANGELES"
+    state                       = "California"
+    auth_required               = true
+    idle_time_in_minutes        = 720
+    display_time_unit           = "HOUR"
+    surrogate_ip                = true
+    xff_forward_enabled         = true
+    ofw_enabled                 = true
+    ips_control                 = true
+    profile                     = "CORPORATE"
+    vpn_credentials {
+       id = zia_traffic_forwarding_vpn_credentials.usa_sjc37.id
+       type = zia_traffic_forwarding_vpn_credentials.usa_sjc37.type
+    }
+    static_location_groups {
+      id = [data.zia_location_groups.this.id]
+    }
+    depends_on = [zia_traffic_forwarding_vpn_credentials.usa_sjc37 ]
+}
+
+resource "zia_traffic_forwarding_vpn_credentials" "usa_sjc37"{
+    type            = "UFQDN"
+    fqdn            = "usa_sjc37@acme.com"
+    comments        = "USA - San Jose IPSec Tunnel"
+    pre_shared_key  = "***************"
+}
+```
+
+## Example Usage - Location Management with Excluded Manual and Dynamic Location Groups
+
+```hcl
+# Retrieve ZIA Manual Location Groups
+data "zia_location_groups" "this"{
+    name = "SDWAN_CAN"
+}
+
+# ZIA Location Management with UFQDN VPN Credential
+resource "zia_location_management" "usa_sjc37"{
+    name                        = "USA_SJC_37"
+    description                 = "Created with Terraform"
+    country                     = "UNITED_STATES"
+    tz                          = "UNITED_STATES_AMERICA_LOS_ANGELES"
+    state                       = "California"
+    auth_required               = true
+    idle_time_in_minutes        = 720
+    display_time_unit           = "HOUR"
+    surrogate_ip                = true
+    xff_forward_enabled         = true
+    ofw_enabled                 = true
+    ips_control                 = true
+    exclude_from_dynamic_groups = true
+    exclude_from_manual_groups  = true
+    profile                     = "CORPORATE"
+    vpn_credentials {
+       id = zia_traffic_forwarding_vpn_credentials.usa_sjc37.id
+       type = zia_traffic_forwarding_vpn_credentials.usa_sjc37.type
+    }
+    depends_on = [zia_traffic_forwarding_vpn_credentials.usa_sjc37 ]
+}
+
+resource "zia_traffic_forwarding_vpn_credentials" "usa_sjc37"{
+    type            = "UFQDN"
+    fqdn            = "usa_sjc37@acme.com"
+    comments        = "USA - San Jose IPSec Tunnel"
+    pre_shared_key  = "***************"
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported:
 
 ### Required
 
 * `name` - (Required) - Location Name.
-* `ip_addresses` - (Required) For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., `238.10.33.9`). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g., `10.10.33.0/24`), or range (e.g., `10.10.33.1-10.10.33.10`)). The value is required if `vpn_credentials` are not defined.
+* `ip_addresses` - (Required) For locations: IP addresses of the egress points that are provisioned in the Zscaler Cloud. Each entry is a single IP address (e.g., `238.10.33.9`). For sub-locations: Egress, internal, or GRE tunnel IP addresses. Each entry is either a single IP address, CIDR (e.g., `10.10.33.0/24`), or range (e.g., `10.10.33.1-10.10.33.10`). The value is required if `vpn_credentials` are not defined.
 * `vpn_credentials`
   * `id` - (Optional) VPN credential resource id. The value is required if `ip_addresses` are not defined.
 
 ### Optional
 
 * `description` - (String) Additional notes or information regarding the location or sub-location. The description cannot exceed 1024 characters.
 * `country` - (Optional) Country
+* `state` - (Optional) Country
 * `tz` - (Optional) Timezone of the location. If not specified, it defaults to GMT.
 * `profile` - (Optional) Profile tag that specifies the location traffic type. If not specified, this tag defaults to `Unassigned`. The supported options are: `NONE`, `CORPORATE`, `SERVER`, `GUESTWIFI`, `IOT`, `WORKLOAD`.
 
 * `aup_block_internet_until_accepted` - (Optional) For First Time AUP Behavior, Block Internet Access. When set, all internet access (including non-HTTP traffic) is disabled until the user accepts the AUP.
 * `aup_enabled` - (Optional) Enable AUP. When set to true, AUP is enabled for the location.
 * `aup_force_ssl_inspection` - (Optional) For First Time AUP Behavior, Force SSL Inspection. When set, Zscaler will force SSL Inspection in order to enforce AUP for HTTPS traffic.
 * `aup_timeout_in_days` - (Optional) Custom AUP Frequency. Refresh time (in days) to re-validate the AUP.
+* `cookies_and_proxy` - (Optional) Enable Cookies and proxy feature
+* `digest_auth_enabled` - (Optional) Enable Digest Auth feature
+* `kerberos_auth_enabled` - (Optional) Enable Kerberos Auth feature
 * `auth_required` - (Optional) Enforce Authentication. Required when ports are enabled, IP Surrogate is enabled, or Kerberos Authentication is enabled.
 * `caution_enabled` - (Optional) Enable Caution. When set to true, a caution notifcation is enabled for the location.
 * `display_time_unit` - (Optional) Display Time Unit. The time unit to display for IP Surrogate idle time to disassociation.
@@ -125,6 +211,10 @@ The following arguments are supported:
 * `xff_forward_enabled` - (Optional) Enable XFF Forwarding. When set to true, traffic is passed to Zscaler Cloud via the X-Forwarded-For (XFF) header.
 * `zapp_ssl_scan_enabled` - (Optional) This parameter was deprecated and no longer has an effect on SSL policy. It remains supported in the API payload in order to maintain backwards compatibility with existing scripts, but it will be removed in future.
 
+* `iot_discovery_enabled` - (Optional) Enable IOT Discovery at the location
+
+* `iot_enforce_policy_set` - (Optional) Enable IOT Policy at the location
+
 * `other_sublocation` - (Optional) If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv4 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other and it can be renamed, if required.
 
 * `other6_sublocation` - (Optional) If set to true, indicates that this is a default sub-location created by the Zscaler service to accommodate IPv6 addresses that are not part of any user-defined sub-locations. The default sub-location is created with the name Other6 and it can be renamed, if required. This field is applicable only if ipv6Enabled is set is true.
@@ -133,10 +223,17 @@ The following arguments are supported:
 
 * `ipv6_dns_64prefix` - (Optional) Name-ID pair of the NAT64 prefix configured as the DNS64 prefix for the location. If specified, the DNS64 prefix is used for the IP addresses that reside in this location. If not specified, a prefix is selected from the set of supported prefixes. This field is applicable only if ipv6Enabled is set is true.
 
-* `managed_by` - (Optional)
-  * `id` - (Optional) Identifier that uniquely identifies an entity
-  * `name` - (Optional) The configured name of the entity
-  * `extensions` - (Optional)
+* `dynamic_location_groups` - (List of Object) Dynamic location groups the location belongs to
+  * `id` - (Optional) The Identifier that uniquely identifies an entity
+
+* `static_location_groups` - (List of Object) Manual location groups the location belongs to
+  * `id` - (Optional) The Identifier that uniquely identifies an entity
+
+* `exclude_from_dynamic_groups` - (Optional) Enable to prevent the location from being assigned to any dynamic groups and to remove it from any dynamic groups it's already assigned to
+
+* `exclude_from_manual_groups` - (Optional) Enable to prevent the location from being added to manual groups and to remove it from any manual groups it's already assigned to
+
+  **NOTE** The attributes, ``dynamic_location_groups``, and ``static_location_groups`` CANNOT be configured if the attributes `exclude_from_dynamic_groups` and/or `exclude_from_manual_groups` are set to `true`
 
 ## Import
 

diff --git a/docs/resources/zia_url_filtering_rules.md b/docs/resources/zia_url_filtering_rules.md
@@ -140,7 +140,11 @@ The following arguments are supported:
 * `description` - (Optional) Additional information about the rule
 * `validity_start_time` - (Optional) If enforce_time_validity is set to true, the URL Filtering rule will be valid starting on this date and time. The date and time must be provided in `RFC1123` format i.e `Sun, 16 Jun 2024 15:04:05 UTC`
 * `validity_end_time` - (Optional) If `enforce_time_validity` is set to true, the URL Filtering rule will cease to be valid on this end date and time. The date and time must be provided in `RFC1123` format i.e `Sun, 16 Jun 2024 15:04:05 UTC`
+
+  **NOTE** Notice that according to RFC1123 the day must be provided as a double digit value for `validity_start_time` and `validity_end_time` i.e `01`, `02` etc.
+
 * `validity_time_zone_id` - (Optional) If `enforce_time_validity` is set to true, the URL Filtering rule date and time will be valid based on this time zone ID. The attribute is validated against the official [IANA List](https://nodatime.org/TimeZones)
+
 * `last_modified_time` - (Optional) When the rule was last modified
 * `enforce_time_validity` - (Optional) Enforce a set a validity time period for the URL Filtering rule.
 * `action` - (Optional) Action taken when traffic matches rule criteria. Supported values: `BLOCK`, `CAUTION`, `ALLOW`, `ICAP_RESPONSE`

diff --git a/go.mod b/go.mod
@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/go-hclog v1.6.3
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0
-	github.com/zscaler/zscaler-sdk-go/v2 v2.61.4
+	github.com/zscaler/zscaler-sdk-go/v2 v2.61.7
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -388,8 +388,8 @@ github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgr
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
-github.com/zscaler/zscaler-sdk-go/v2 v2.61.4 h1:sXzIUt0QZrvBDDEOfroMsHn2jMe9WlB+qH1YXA/47Ho=
-github.com/zscaler/zscaler-sdk-go/v2 v2.61.4/go.mod h1:9x0nZWvx01g0VN0G+PqijowyN9fI4H+O8ekflXS+h/c=
+github.com/zscaler/zscaler-sdk-go/v2 v2.61.7 h1:RphyPIwAmpikxPHDZAr4AxKTeRIpuv17ESXsgPvGKdU=
+github.com/zscaler/zscaler-sdk-go/v2 v2.61.7/go.mod h1:9x0nZWvx01g0VN0G+PqijowyN9fI4H+O8ekflXS+h/c=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=

diff --git a/zia/common/version.go b/zia/common/version.go
@@ -1,6 +1,6 @@
 package common
 
-var version = "2.91.0"
+var version = "2.91.2"
 
 // Version returns version of provider
 func Version() string {