fix filtering rule order issue (#179)

* fix filtering rule order issue * use retry * add time sleep * Added ResourceTimeout to Schema * Updated GNUmakefile to v2.4.1 * Updated to zscaler-sdk-go v1.0.3 * Updated to zscaler-sdk-go v1.0.4 --------- Co-authored-by: William Guilherme <wguilherme@zscaler.com>
zscaler · Feb 7, 2023 · bbe0bba · bbe0bba
1 parent c27e03b
commit bbe0bba
Show file tree

Hide file tree

Showing 6 changed files with 105 additions and 119 deletions.
diff --git a/GNUmakefile b/GNUmakefile
@@ -16,15 +16,15 @@ build: fmtcheck
 build13: GOOS=$(shell go env GOOS)
 build13: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
-build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.4.0/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.4.1/$(GOOS)_$(GOARCH)
 else
-build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.4.0/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZIA_PROVIDER_NAMESPACE)/2.4.1/$(GOOS)_$(GOARCH)
 endif
 build13: fmtcheck
 	go mod tidy && go mod vendor
 	@echo "==> Installing plugin to $(DESTINATION)"
 	@mkdir -p $(DESTINATION)
-	go build -o $(DESTINATION)/terraform-provider-zia_v2.4.0
+	go build -o $(DESTINATION)/terraform-provider-zia_v2.4.1
 
 test: fmtcheck
 	go test $(TEST) || exit 1

diff --git a/go.mod b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.1
-	github.com/zscaler/zscaler-sdk-go v1.0.3
+	github.com/zscaler/zscaler-sdk-go v1.0.4
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -358,8 +358,8 @@ github.com/zclconf/go-cty v1.12.1 h1:PcupnljUm9EIvbgSHQnHhUr3fO6oFmkOrvs2BAFNXXY
 github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
-github.com/zscaler/zscaler-sdk-go v1.0.3 h1:cxTjdlfNgPT8yjxqyyIsp/nXxkglB1SbJ7ZF1dhRPm0=
-github.com/zscaler/zscaler-sdk-go v1.0.3/go.mod h1:ta9P9guhFY1ivEhesMUjdJ3+40AHsJOR4dEUDXLQ6z8=
+github.com/zscaler/zscaler-sdk-go v1.0.4 h1:uSF1EBWMQ69hu8qOiQurNJ0tB3UgMBTDz4kPn17uIZM=
+github.com/zscaler/zscaler-sdk-go v1.0.4/go.mod h1:ta9P9guhFY1ivEhesMUjdJ3+40AHsJOR4dEUDXLQ6z8=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=

diff --git a/zia/resource_zia_dlp_web_rules.go b/zia/resource_zia_dlp_web_rules.go
@@ -1,10 +1,15 @@
 package zia
 
 import (
+	"context"
+	"errors"
 	"fmt"
 	"log"
 	"strconv"
+	"strings"
+	"time"
 
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	client "github.com/zscaler/zscaler-sdk-go/zia"
@@ -17,6 +22,10 @@ func resourceDlpWebRules() *schema.Resource {
 		Read:   resourceDlpWebRulesRead,
 		Update: resourceDlpWebRulesUpdate,
 		Delete: resourceDlpWebRulesDelete,
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(20 * time.Minute),
+			Update: schema.DefaultTimeout(20 * time.Minute),
+		},
 		Importer: &schema.ResourceImporter{
 			State: func(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) {
 				zClient := m.(*Client)
@@ -77,7 +86,7 @@ func resourceDlpWebRules() *schema.Resource {
 			"order": {
 				Type:        schema.TypeInt,
 				Required:    true,
-				Description: "Order of execution of rule with respect to other URL Filtering rules",
+				Description: "The rule order of execution for the DLP policy rule with respect to other rules.",
 			},
 			"cloud_applications": {
 				Type:        schema.TypeSet,
@@ -187,15 +196,26 @@ func resourceDlpWebRulesCreate(d *schema.ResourceData, m interface{}) error {
 	}
 	log.Printf("[INFO] Creating zia web dlp rule\n%+v\n", req)
 
-	resp, _, err := zClient.dlp_web_rules.Create(&req)
-	if err != nil {
-		return err
-	}
-	log.Printf("[INFO] Created zia web dlp rule request. ID: %v\n", resp)
-	d.SetId(strconv.Itoa(resp.ID))
-	_ = d.Set("rule_id", resp.ID)
-
-	return resourceDlpWebRulesRead(d, m)
+	return resource.RetryContext(context.Background(), d.Timeout(schema.TimeoutCreate)-time.Minute, func() *resource.RetryError {
+		resp, err := zClient.dlp_web_rules.Create(&req)
+		if err != nil {
+			if strings.Contains(err.Error(), "INVALID_INPUT_ARGUMENT") {
+				time.Sleep(time.Second * time.Duration(req.Order+1))
+				return resource.RetryableError(errors.New("expected resource to be created but was not"))
+			}
+			return resource.NonRetryableError(fmt.Errorf("error creating resource: %s", err))
+		}
+		log.Printf("[INFO] Created zia web dlp rule request. ID: %v\n", resp)
+		d.SetId(strconv.Itoa(resp.ID))
+		_ = d.Set("rule_id", resp.ID)
+
+		err = resourceDlpWebRulesRead(d, m)
+		if err != nil {
+			return resource.NonRetryableError(err)
+		} else {
+			return nil
+		}
+	})
 }
 
 func resourceDlpWebRulesRead(d *schema.ResourceData, m interface{}) error {
@@ -318,11 +338,23 @@ func resourceDlpWebRulesUpdate(d *schema.ResourceData, m interface{}) error {
 			return nil
 		}
 	}
-	if _, _, err := zClient.dlp_web_rules.Update(id, &req); err != nil {
-		return err
-	}
+	return resource.RetryContext(context.Background(), d.Timeout(schema.TimeoutUpdate)-time.Minute, func() *resource.RetryError {
+		_, err := zClient.dlp_web_rules.Update(id, &req)
+		if err != nil {
+			if strings.Contains(err.Error(), "INVALID_INPUT_ARGUMENT") {
+				time.Sleep(time.Second * time.Duration(req.Order+1))
+				return resource.RetryableError(errors.New("expected resource to be updated but was not"))
+			}
+			return resource.NonRetryableError(fmt.Errorf("error updating resource: %s", err))
+		}
 
-	return resourceDlpWebRulesRead(d, m)
+		err = resourceDlpWebRulesRead(d, m)
+		if err != nil {
+			return resource.NonRetryableError(err)
+		} else {
+			return nil
+		}
+	})
 }
 
 func resourceDlpWebRulesDelete(d *schema.ResourceData, m interface{}) error {

diff --git a/zia/resource_zia_firewall_filtering_rules.go b/zia/resource_zia_firewall_filtering_rules.go
@@ -1,11 +1,15 @@
 package zia
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"log"
 	"strconv"
+	"strings"
+	"time"
 
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	client "github.com/zscaler/zscaler-sdk-go/zia"
@@ -18,6 +22,10 @@ func resourceFirewallFilteringRules() *schema.Resource {
 		Read:   resourceFirewallFilteringRulesRead,
 		Update: resourceFirewallFilteringRulesUpdate,
 		Delete: resourceFirewallFilteringRulesDelete,
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(20 * time.Minute),
+			Update: schema.DefaultTimeout(20 * time.Minute),
+		},
 		Importer: &schema.ResourceImporter{
 			State: func(d *schema.ResourceData, m interface{}) ([]*schema.ResourceData, error) {
 				zClient := m.(*Client)
@@ -66,11 +74,6 @@ func resourceFirewallFilteringRules() *schema.Resource {
 				ValidateFunc: validation.IntBetween(0, 7),
 				Description:  "Admin rank of the Firewall Filtering policy rule",
 			},
-			"access_control": {
-				Type:     schema.TypeString,
-				Optional: true,
-				Computed: true,
-			},
 			"enable_full_logging": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -104,31 +107,6 @@ func resourceFirewallFilteringRules() *schema.Resource {
 				Optional:    true,
 				Description: "Additional information about the rule",
 			},
-			"last_modified_time": {
-				Type:     schema.TypeInt,
-				Computed: true,
-				Optional: true,
-			},
-			"last_modified_by": {
-				Type:     schema.TypeList,
-				Optional: true,
-				Computed: true,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"id": {
-							Type:     schema.TypeInt,
-							Optional: true,
-						},
-						"extensions": {
-							Type:     schema.TypeMap,
-							Optional: true,
-							Elem: &schema.Schema{
-								Type: schema.TypeString,
-							},
-						},
-					},
-				},
-			},
 			"src_ips": {
 				Type:        schema.TypeSet,
 				Optional:    true,
@@ -181,6 +159,9 @@ func validatRule(req filteringrules.FirewallFilteringRules) error {
 	if req.Name == "Office 365 One Click Rule" || req.Name == "UCaaS One Click Rule" {
 		return errors.New("predefined rule cannot be deleted")
 	}
+	if req.Name == "Block All IPv6" {
+		return errors.New("predefined rule cannot be deleted")
+	}
 	if req.Name == "Default Firewall Filtering Rule" {
 		return errors.New("default rule cannot be deleted")
 	}
@@ -195,15 +176,26 @@ func resourceFirewallFilteringRulesCreate(d *schema.ResourceData, m interface{})
 	if err := validatRule(req); err != nil {
 		return err
 	}
-	resp, err := zClient.filteringrules.Create(&req)
-	if err != nil {
-		return err
-	}
-	log.Printf("[INFO] Created zia firewall filtering rule request. ID: %v\n", resp)
-	d.SetId(strconv.Itoa(resp.ID))
-	_ = d.Set("rule_id", resp.ID)
-
-	return resourceFirewallFilteringRulesRead(d, m)
+	return resource.RetryContext(context.Background(), d.Timeout(schema.TimeoutCreate)-time.Minute, func() *resource.RetryError {
+		resp, err := zClient.filteringrules.Create(&req)
+		if err != nil {
+			if strings.Contains(err.Error(), "INVALID_INPUT_ARGUMENT") {
+				time.Sleep(time.Second * time.Duration(req.Order+1))
+				return resource.RetryableError(errors.New("expected resource to be created but was not"))
+			}
+			return resource.NonRetryableError(fmt.Errorf("error creating resource: %s", err))
+		}
+		log.Printf("[INFO] Created zia firewall filtering rule request. ID: %v\n", resp)
+		d.SetId(strconv.Itoa(resp.ID))
+		_ = d.Set("rule_id", resp.ID)
+
+		err = resourceFirewallFilteringRulesRead(d, m)
+		if err != nil {
+			return resource.NonRetryableError(err)
+		} else {
+			return nil
+		}
+	})
 }
 
 func resourceFirewallFilteringRulesRead(d *schema.ResourceData, m interface{}) error {
@@ -232,12 +224,10 @@ func resourceFirewallFilteringRulesRead(d *schema.ResourceData, m interface{}) e
 	_ = d.Set("name", resp.Name)
 	_ = d.Set("order", resp.Order)
 	_ = d.Set("rank", resp.Rank)
-	_ = d.Set("access_control", resp.AccessControl)
 	_ = d.Set("enable_full_logging", resp.EnableFullLogging)
 	_ = d.Set("action", resp.Action)
 	_ = d.Set("state", resp.State)
 	_ = d.Set("description", resp.Description)
-	_ = d.Set("last_modified_time", resp.LastModifiedTime)
 	_ = d.Set("src_ips", resp.SrcIps)
 	_ = d.Set("dest_addresses", resp.DestAddresses)
 	_ = d.Set("dest_ip_categories", resp.DestIpCategories)
@@ -270,10 +260,6 @@ func resourceFirewallFilteringRulesRead(d *schema.ResourceData, m interface{}) e
 		return err
 	}
 
-	if err := d.Set("last_modified_by", flattenLastModifiedBy(resp.LastModifiedBy)); err != nil {
-		return err
-	}
-
 	if err := d.Set("src_ip_groups", flattenIDs(resp.SrcIpGroups)); err != nil {
 		return err
 	}
@@ -326,11 +312,24 @@ func resourceFirewallFilteringRulesUpdate(d *schema.ResourceData, m interface{})
 			return nil
 		}
 	}
-	if _, err := zClient.filteringrules.Update(id, &req); err != nil {
-		return err
-	}
 
-	return resourceFirewallFilteringRulesRead(d, m)
+	return resource.RetryContext(context.Background(), d.Timeout(schema.TimeoutUpdate)-time.Minute, func() *resource.RetryError {
+		_, err := zClient.filteringrules.Update(id, &req)
+		if err != nil {
+			if strings.Contains(err.Error(), "INVALID_INPUT_ARGUMENT") {
+				time.Sleep(time.Second * time.Duration(req.Order+1))
+				return resource.RetryableError(errors.New("expected resource to be updated but was not"))
+			}
+			return resource.NonRetryableError(fmt.Errorf("error updating resource: %s", err))
+		}
+
+		err = resourceFirewallFilteringRulesRead(d, m)
+		if err != nil {
+			return resource.NonRetryableError(err)
+		} else {
+			return nil
+		}
+	})
 }
 
 func resourceFirewallFilteringRulesDelete(d *schema.ResourceData, m interface{}) error {
@@ -360,7 +359,6 @@ func expandFirewallFilteringRules(d *schema.ResourceData) filteringrules.Firewal
 		Action:              d.Get("action").(string),
 		State:               d.Get("state").(string),
 		Description:         d.Get("description").(string),
-		LastModifiedTime:    d.Get("last_modified_time").(int),
 		SrcIps:              SetToStringList(d, "src_ips"),
 		DestAddresses:       SetToStringList(d, "dest_addresses"),
 		DestIpCategories:    SetToStringList(d, "dest_ip_categories"),
@@ -369,7 +367,6 @@ func expandFirewallFilteringRules(d *schema.ResourceData) filteringrules.Firewal
 		EnableFullLogging:   d.Get("enable_full_logging").(bool),
 		DefaultRule:         d.Get("default_rule").(bool),
 		Predefined:          d.Get("predefined").(bool),
-		LastModifiedBy:      expandIDNameExtensions(d, "last_modified_by"),
 		Locations:           expandIDNameExtensionsSet(d, "locations"),
 		LocationsGroups:     expandIDNameExtensionsSet(d, "location_groups"),
 		Departments:         expandIDNameExtensionsSet(d, "departments"),