fix: Added missing attribute source_countries to ZIA zia_firewall_fil…

…tering_rule (#375)

CHANGELOG.md

@@ -1,5 +1,16 @@
 # Changelog
 
+## 3.0.6 (October, 8 2024)
+
+### Notes
+
+- Release date: **(October, 8  2024)**
+- Supported Terraform version: **v1.x**
+
+### Bug Fixes
+
+- [PR #374](https://github.com/zscaler/terraform-provider-zia/pull/374) - Added missing attribute `sourceCountries` to ZIA `firewallfilteringrule`
+
 ## 3.0.5 (October, 4 2024)
 
 ### Notes

GNUmakefile

@@ -196,14 +196,14 @@ test\:integration\:zscalertwo:
 build13: GOOS=$(shell go env GOOS)
 build13: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
-build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/3.0.5/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/3.0.6/$(GOOS)_$(GOARCH)
 else
-build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/3.0.5/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/3.0.6/$(GOOS)_$(GOARCH)
 endif
 build13: fmtcheck
 	@echo "==> Installing plugin to $(DESTINATION)"
 	@mkdir -p $(DESTINATION)
-	go build -o $(DESTINATION)/terraform-provider-zia_v3.0.5
+	go build -o $(DESTINATION)/terraform-provider-zia_v3.0.6
 
 coverage: test
 	@echo "✓ Opening coverage for unit tests ..."

docs/guides/release-notes.md

@@ -12,10 +12,21 @@ description: |-
 Track all ZIA Terraform provider's releases. New resources, features, and bug fixes will be tracked here.
 
 ---
-``Last updated: v3.0.5``
+``Last updated: v3.0.6``
 
 ---
 
+## 3.0.6 (October, 8 2024)
+
+### Notes
+
+- Release date: **(October, 8  2024)**
+- Supported Terraform version: **v1.x**
+
+### Bug Fixes
+
+- [PR #374](https://github.com/zscaler/terraform-provider-zia/pull/374) - Added missing attribute `sourceCountries` to ZIA `firewallfilteringrule`
+
 ## 3.0.5 (October, 4 2024)
 
 ### Notes

docs/resources/zia_firewall_filtering_rule.md

@@ -97,8 +97,17 @@ The following arguments are supported:
 * `src_ips` - (Optional) You can enter individual IP addresses, subnets, or address ranges.
 
 * `dest_addresses`** - (Optional) -  IP addresses and fully qualified domain names (FQDNs), if the domain has multiple destination IP addresses or if its IP addresses may change. For IP addresses, you can enter individual IP addresses, subnets, or address ranges.
+
       **NOTE**: PLEASE BE AWARE. The API supports ONLY `IPv4` addresses. `IPV6` addresses are not supported.
-* `dest_countries`** - (Optional) Identify destinations based on the location of a server, select Any to apply the rule to all countries or select the countries to which you want to control traffic.
+
+* `dest_countries`** - (Optional) Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.
+
+      **NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``"US"``, ``"CA"``
+
+* `source_countries`** - (Optional) The list of source countries that must be included or excluded from the rule based on the excludeSrcCountries field value. If no value is set, this field is ignored during policy evaluation and the rule is applied to all source countries.
+
+      **NOTE**: Provide a 2 letter [ISO3166 Alpha2 Country code](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes). i.e ``"US"``, ``"CA"``
+
 * `dest_ip_categories`** - (Optional) identify destinations based on the URL category of the domain, select Any to apply the rule to all categories or select the specific categories you want to control.
       - `id` - (String) Identifier that uniquely identifies an entity
 * `dest_ip_groups`** - (Optional) Any number of destination IP address groups that you want to control with this rule.

go.mod

@@ -11,7 +11,7 @@ require (
 	github.com/hashicorp/go-hclog v1.6.3
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0
-	github.com/zscaler/zscaler-sdk-go/v2 v2.72.3
+	github.com/zscaler/zscaler-sdk-go/v2 v2.72.5
 )
 
 require (
@@ -60,7 +60,7 @@ require (
 	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.21.0 // indirect
-	golang.org/x/text v0.18.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
 	golang.org/x/tools v0.22.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect

go.sum

@@ -388,8 +388,8 @@ github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgr
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
-github.com/zscaler/zscaler-sdk-go/v2 v2.72.3 h1:tkevJxm0QjZMuw2OQJBG12P5/xjQIbhcgLPo+6JOrtA=
-github.com/zscaler/zscaler-sdk-go/v2 v2.72.3/go.mod h1:DW8JW8Cv2uxsfdlPN/Szk+CX9/nPyjhk/aERtTbJVYo=
+github.com/zscaler/zscaler-sdk-go/v2 v2.72.5 h1:IL9eFbcvDEoS6x17ipy/kThgubdiknIeXtA37hn7SQY=
+github.com/zscaler/zscaler-sdk-go/v2 v2.72.5/go.mod h1:ugDudbyESUrANGw74moJypgVnWuOyLm8NyIJgfUzNNo=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -551,8 +551,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224=
-golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
+golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=

zia/common.go

@@ -636,13 +636,13 @@ func getLocationManagementTimeZones() *schema.Schema {
 	}
 }
 
-func getDestinationCountries() *schema.Schema {
+func getISOCountryCodes() *schema.Schema {
 	return &schema.Schema{
 		Type:        schema.TypeSet,
 		Description: "Destination countries for which the rule is applicable. If not set, the rule is not restricted to specific destination countries.",
 		Elem: &schema.Schema{
 			Type:         schema.TypeString,
-			ValidateFunc: validateDestinationCountries,
+			ValidateFunc: validateISOCountryCodes,
 		},
 		Optional: true,
 		Computed: true,

zia/resource_zia_firewall_filtering_rules.go

@@ -160,7 +160,8 @@ func resourceFirewallFilteringRules() *schema.Resource {
 			"workload_groups":       setIdNameSchemaCustom(255, "The list of preconfigured workload groups to which the policy must be applied"),
 			"nw_services":           setIDsSchemaTypeCustom(intPtr(1024), "list of nw services"),
 			"zpa_app_segments":      setExtIDNameSchemaCustom(intPtr(255), "The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method."),
-			"dest_countries":        getDestinationCountries(),
+			"dest_countries":        getISOCountryCodes(),
+			"source_countries":      getISOCountryCodes(),
 			"nw_applications":       getCloudFirewallNwApplications(),
 			"device_trust_levels":   getDeviceTrustLevels(),
 		},
@@ -296,6 +297,11 @@ func resourceFirewallFilteringRulesRead(d *schema.ResourceData, m interface{}) e
 		processedDestCountries[i] = strings.TrimPrefix(country, "COUNTRY_")
 	}
 
+	processedSrcCountries := make([]string, len(resp.SourceCountries))
+	for i, country := range resp.SourceCountries {
+		processedSrcCountries[i] = strings.TrimPrefix(country, "COUNTRY_")
+	}
+
 	log.Printf("[INFO] Getting firewall filtering rule:\n%+v\n", resp)
 
 	d.SetId(fmt.Sprintf("%d", resp.ID))
@@ -312,6 +318,7 @@ func resourceFirewallFilteringRulesRead(d *schema.ResourceData, m interface{}) e
 	_ = d.Set("dest_addresses", resp.DestAddresses)
 	_ = d.Set("dest_ip_categories", resp.DestIpCategories)
 	_ = d.Set("dest_countries", processedDestCountries)
+	_ = d.Set("source_countries", processedSrcCountries)
 	_ = d.Set("nw_applications", resp.NwApplications)
 	_ = d.Set("default_rule", resp.DefaultRule)
 	_ = d.Set("predefined", resp.Predefined)
@@ -508,16 +515,19 @@ func resourceFirewallFilteringRulesDelete(d *schema.ResourceData, m interface{})
 func expandFirewallFilteringRules(d *schema.ResourceData) filteringrules.FirewallFilteringRules {
 	id, _ := getIntFromResourceData(d, "rule_id")
 
-	// Process the DestCountries to add the prefix where needed
-	rawDestCountries := SetToStringList(d, "dest_countries")
-	processedDestCountries := make([]string, len(rawDestCountries))
-	for i, country := range rawDestCountries {
-		if country != "ANY" && country != "NONE" && len(country) == 2 { // Assuming the 2 letter code is an ISO Alpha-2 Code
-			processedDestCountries[i] = "COUNTRY_" + country
-		} else {
-			processedDestCountries[i] = country
-		}
-	}
+	// // Process the DestCountries to add the prefix where needed
+	// rawDestCountries := SetToStringList(d, "dest_countries")
+	// processedDestCountries := make([]string, len(rawDestCountries))
+	// for i, country := range rawDestCountries {
+	// 	if country != "ANY" && country != "NONE" && len(country) == 2 { // Assuming the 2 letter code is an ISO Alpha-2 Code
+	// 		processedDestCountries[i] = "COUNTRY_" + country
+	// 	} else {
+	// 		processedDestCountries[i] = country
+	// 	}
+	// }
+	// Process DestCountries and SourceCountries using the helper function
+	processedDestCountries := processCountries(SetToStringList(d, "dest_countries"))
+	processedSourceCountries := processCountries(SetToStringList(d, "source_countries"))
 
 	result := filteringrules.FirewallFilteringRules{
 		ID:                  id,
@@ -532,6 +542,7 @@ func expandFirewallFilteringRules(d *schema.ResourceData) filteringrules.Firewal
 		DestIpCategories:    SetToStringList(d, "dest_ip_categories"),
 		DeviceTrustLevels:   SetToStringList(d, "device_trust_levels"),
 		DestCountries:       processedDestCountries,
+		SourceCountries:     processedSourceCountries,
 		NwApplications:      SetToStringList(d, "nw_applications"),
 		EnableFullLogging:   d.Get("enable_full_logging").(bool),
 		DefaultRule:         d.Get("default_rule").(bool),

zia/resource_zia_forwarding_control_rule.go

@@ -220,7 +220,7 @@ func resourceForwardingControlRule() *schema.Resource {
 			"zpa_app_segments":               setExtIDNameSchemaCustom(intPtr(255), "The list of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ZPA Gateway forwarding method."),
 			"zpa_application_segments":       setIDsSchemaTypeCustom(intPtr(255), "List of ZPA Application Segments for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector)."),
 			"zpa_application_segment_groups": setIDsSchemaTypeCustom(intPtr(255), "List of ZPA Application Segment Groups for which this rule is applicable. This field is applicable only for the ECZPA forwarding method (used for Zscaler Cloud Connector)."),
-			"dest_countries":                 getDestinationCountries(),
+			"dest_countries":                 getISOCountryCodes(),
 		},
 	}
 }

zia/resource_zia_fw_filtering_ip_destination_groups.go

@@ -87,7 +87,7 @@ func resourceFWIPDestinationGroups() *schema.Resource {
 				Description: "Destination IP addresses within the group",
 			},
 			"ip_categories": getURLCategories(),
-			"countries":     getDestinationCountries(),
+			"countries":     getISOCountryCodes(),
 		},
 	}
 }

zia/utils.go

@@ -302,3 +302,16 @@ func WithSemaphore(apiCall func() error) error {
 
 	return nil
 }
+
+// Helper function to process countries
+func processCountries(countries []string) []string {
+	processedCountries := make([]string, len(countries))
+	for i, country := range countries {
+		if country != "ANY" && country != "NONE" && len(country) == 2 { // Assuming the 2 letter code is an ISO Alpha-2 Code
+			processedCountries[i] = "COUNTRY_" + country
+		} else {
+			processedCountries[i] = country
+		}
+	}
+	return processedCountries
+}

zia/validator.go

@@ -462,7 +462,7 @@ func validateLocationManagementTimeZones() schema.SchemaValidateDiagFunc {
 
 // Validate Cloud Firewall Network Service Applications
 
-func validateDestinationCountries(value interface{}, key string) ([]string, []error) {
+func validateISOCountryCodes(value interface{}, key string) ([]string, []error) {
 	var warnings []string
 	var errors []error