diff --git a/CHANGELOG.md b/CHANGELOG.md index 98162e0..c6ed610 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## 1.0.2 (February, 15 2024) + +### Notes + +- Release date: **(February, 15 2024)** +- Supported Terraform version: **v1.x.x** + +### Bug Fixes + +- [PR #171](https://github.com/zscaler/zscaler-terraformer/pull/171) Fixed ZIA ``zia_forwarding_control_rule`` missformatted ID for `zpa_gateway` nested block `id` attribute. +- [PR #171](https://github.com/zscaler/zscaler-terraformer/pull/171) Implemented exclusion of pre-built unmanaged resources for ZIA. + ## 1.0.1 (February, 14 2024) ### Notes diff --git a/docs/guides/release-notes.md b/docs/guides/release-notes.md index d1fa866..185a6b5 100644 --- a/docs/guides/release-notes.md +++ b/docs/guides/release-notes.md @@ -12,10 +12,22 @@ Track all Zscaler Terraformer Tool releases. New resources, features, and bug fi --- -``Last updated: v1.0.1`` +``Last updated: v1.0.2`` --- +## 1.0.2 (February, 15 2024) + +### Notes + +- Release date: **(February, 15 2024)** +- Supported Terraform version: **v1.x.x** + +### Bug Fixes + +- [PR #171](https://github.com/zscaler/zscaler-terraformer/pull/171) Fixed ZIA ``zia_forwarding_control_rule`` missformatted ID for `zpa_gateway` nested block `id` attribute. +- [PR #171](https://github.com/zscaler/zscaler-terraformer/pull/171) Implemented exclusion of pre-built unmanaged resources for ZIA. + ## 1.0.1 (February, 14 2024) ### Notes diff --git a/internal/app/zscaler-terraformer/cmd/generate.go b/internal/app/zscaler-terraformer/cmd/generate.go index bf5e18d..f9651ee 100644 --- a/internal/app/zscaler-terraformer/cmd/generate.go +++ b/internal/app/zscaler-terraformer/cmd/generate.go @@ -22,8 +22,12 @@ import ( "github.com/zscaler/zscaler-sdk-go/v2/zia/services/dlp/dlp_engines" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/dlp/dlpdictionaries" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/firewallpolicies/filteringrules" + "github.com/zscaler/zscaler-sdk-go/v2/zia/services/firewallpolicies/ipdestinationgroups" + "github.com/zscaler/zscaler-sdk-go/v2/zia/services/firewallpolicies/ipsourcegroups" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/firewallpolicies/networkapplicationgroups" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/firewallpolicies/networkservices" + "github.com/zscaler/zscaler-sdk-go/v2/zia/services/forwarding_control_policy/forwarding_rules" + "github.com/zscaler/zscaler-sdk-go/v2/zia/services/forwarding_control_policy/zpa_gateways" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/security_policy_settings" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/urlcategories" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/user_authentication_settings" @@ -83,6 +87,8 @@ var allGeneratableResources = []string{ "zia_rule_labels", "zia_auth_settings_urls", "zia_security_settings", + "zia_forwarding_control_zpa_gateway", + "zia_forwarding_control_rule", } func init() { @@ -590,20 +596,34 @@ func generate(cmd *cobra.Command, writer io.Writer, resourceType string) { m, _ := json.Marshal(rulesFiltered) _ = json.Unmarshal(m, &jsonStructData) case "zia_firewall_filtering_destination_groups": - jsonPayload, err := api.zia.ipdestinationgroups.GetAll() + groups, err := api.zia.ipdestinationgroups.GetAll() if err != nil { log.Fatal(err) } - resourceCount = len(jsonPayload) - m, _ := json.Marshal(jsonPayload) + groupsFiltered := []ipdestinationgroups.IPDestinationGroups{} + for _, group := range groups { + if isInList(group.Name, []string{"All IPv4"}) { + continue + } + groupsFiltered = append(groupsFiltered, group) + } + resourceCount = len(groupsFiltered) + m, _ := json.Marshal(groupsFiltered) _ = json.Unmarshal(m, &jsonStructData) case "zia_firewall_filtering_ip_source_groups": - jsonPayload, err := api.zia.ipsourcegroups.GetAll() + groups, err := api.zia.ipsourcegroups.GetAll() if err != nil { log.Fatal(err) } - resourceCount = len(jsonPayload) - m, _ := json.Marshal(jsonPayload) + groupsFiltered := []ipsourcegroups.IPSourceGroups{} + for _, group := range groups { + if isInList(group.Name, []string{"All IPv4"}) { + continue + } + groupsFiltered = append(groupsFiltered, group) + } + resourceCount = len(groupsFiltered) + m, _ := json.Marshal(groupsFiltered) _ = json.Unmarshal(m, &jsonStructData) case "zia_firewall_filtering_network_service": services, err := api.zia.networkservices.GetAllNetworkServices() @@ -759,20 +779,34 @@ func generate(cmd *cobra.Command, writer io.Writer, resourceType string) { m, _ := json.Marshal(jsonPayload) _ = json.Unmarshal(m, &jsonStructData) case "zia_forwarding_control_rule": - jsonPayload, err := api.zia.forwarding_rules.GetAll() + rules, err := api.zia.forwarding_rules.GetAll() if err != nil { log.Fatal(err) } - resourceCount = len(jsonPayload) - m, _ := json.Marshal(jsonPayload) + rulesFiltered := []forwarding_rules.ForwardingRules{} + for _, rule := range rules { + if isInList(rule.Name, []string{"Client Connector Traffic Direct", "ZPA Pool For Stray Traffic", "ZIA Inspected ZPA Apps", "Fallback mode of ZPA Forwarding"}) { + continue + } + rulesFiltered = append(rulesFiltered, rule) + } + resourceCount = len(rulesFiltered) + m, _ := json.Marshal(rulesFiltered) _ = json.Unmarshal(m, &jsonStructData) case "zia_forwarding_control_zpa_gateway": - jsonPayload, err := api.zia.zpa_gateways.GetAll() + gws, err := api.zia.zpa_gateways.GetAll() if err != nil { log.Fatal(err) } - resourceCount = len(jsonPayload) - m, _ := json.Marshal(jsonPayload) + gwsFiltered := []zpa_gateways.ZPAGateways{} + for _, gw := range gws { + if isInList(gw.Name, []string{"Auto ZPA Gateway"}) { + continue + } + gwsFiltered = append(gwsFiltered, gw) + } + resourceCount = len(gwsFiltered) + m, _ := json.Marshal(gwsFiltered) _ = json.Unmarshal(m, &jsonStructData) default: fmt.Fprintf(cmd.OutOrStdout(), "%q is not yet supported for automatic generation", resourceType) diff --git a/internal/app/zscaler-terraformer/cmd/import.go b/internal/app/zscaler-terraformer/cmd/import.go index 642158f..5c62360 100644 --- a/internal/app/zscaler-terraformer/cmd/import.go +++ b/internal/app/zscaler-terraformer/cmd/import.go @@ -14,8 +14,12 @@ import ( "github.com/zscaler/zscaler-sdk-go/v2/zia/services/dlp/dlp_engines" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/dlp/dlpdictionaries" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/firewallpolicies/filteringrules" + "github.com/zscaler/zscaler-sdk-go/v2/zia/services/firewallpolicies/ipdestinationgroups" + "github.com/zscaler/zscaler-sdk-go/v2/zia/services/firewallpolicies/ipsourcegroups" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/firewallpolicies/networkapplicationgroups" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/firewallpolicies/networkservices" + "github.com/zscaler/zscaler-sdk-go/v2/zia/services/forwarding_control_policy/forwarding_rules" + "github.com/zscaler/zscaler-sdk-go/v2/zia/services/forwarding_control_policy/zpa_gateways" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/security_policy_settings" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/urlcategories" "github.com/zscaler/zscaler-sdk-go/v2/zia/services/user_authentication_settings" @@ -472,7 +476,7 @@ func importResource(cmd *cobra.Command, writer io.Writer, resourceType string) { } rulesFiltered := []filteringrules.FirewallFilteringRules{} for _, rule := range rules { - if isInList(rule.Name, []string{"Office 365 One Click Rule", "UCaaS One Click Rule", "Default Firewall Filtering Rule"}) { + if isInList(rule.Name, []string{"Office 365 One Click Rule", "UCaaS One Click Rule", "Default Firewall Filtering Rule", "Block All IPv6", "Block malicious IPs and domains"}) { continue } rulesFiltered = append(rulesFiltered, rule) @@ -481,20 +485,34 @@ func importResource(cmd *cobra.Command, writer io.Writer, resourceType string) { resourceCount = len(rulesFiltered) _ = json.Unmarshal(m, &jsonStructData) case "zia_firewall_filtering_destination_groups": - jsonPayload, err := api.zia.ipdestinationgroups.GetAll() + groups, err := api.zia.ipdestinationgroups.GetAll() if err != nil { log.Fatal(err) } - m, _ := json.Marshal(jsonPayload) - resourceCount = len(jsonPayload) + groupsFiltered := []ipdestinationgroups.IPDestinationGroups{} + for _, group := range groups { + if isInList(group.Name, []string{"All IPv4"}) { + continue + } + groupsFiltered = append(groupsFiltered, group) + } + m, _ := json.Marshal(groupsFiltered) + resourceCount = len(groupsFiltered) _ = json.Unmarshal(m, &jsonStructData) case "zia_firewall_filtering_ip_source_groups": - jsonPayload, err := api.zia.ipsourcegroups.GetAll() + groups, err := api.zia.ipsourcegroups.GetAll() if err != nil { log.Fatal(err) } - m, _ := json.Marshal(jsonPayload) - resourceCount = len(jsonPayload) + groupsFiltered := []ipsourcegroups.IPSourceGroups{} + for _, group := range groups { + if isInList(group.Name, []string{"All IPv4"}) { + continue + } + groupsFiltered = append(groupsFiltered, group) + } + m, _ := json.Marshal(groupsFiltered) + resourceCount = len(groupsFiltered) _ = json.Unmarshal(m, &jsonStructData) case "zia_firewall_filtering_network_service": services, err := api.zia.networkservices.GetAllNetworkServices() @@ -582,7 +600,6 @@ func importResource(cmd *cobra.Command, writer io.Writer, resourceType string) { jsonStructData = append(jsonStructData, subJsonStructData...) resourceCount += subResourceCount - case "zia_url_categories": list, err := api.zia.urlcategories.GetAll() if err != nil { @@ -651,20 +668,34 @@ func importResource(cmd *cobra.Command, writer io.Writer, resourceType string) { resourceCount = len(jsonPayload) _ = json.Unmarshal(m, &jsonStructData) case "zia_forwarding_control_rule": - jsonPayload, err := api.zia.forwarding_rules.GetAll() + rules, err := api.zia.forwarding_rules.GetAll() if err != nil { log.Fatal(err) } - m, _ := json.Marshal(jsonPayload) - resourceCount = len(jsonPayload) + rulesFiltered := []forwarding_rules.ForwardingRules{} + for _, rule := range rules { + if isInList(rule.Name, []string{"Client Connector Traffic Direct", "ZPA Pool For Stray Traffic", "ZIA Inspected ZPA Apps", "Fallback mode of ZPA Forwarding"}) { + continue + } + rulesFiltered = append(rulesFiltered, rule) + } + m, _ := json.Marshal(rulesFiltered) + resourceCount = len(rulesFiltered) _ = json.Unmarshal(m, &jsonStructData) case "zia_forwarding_control_zpa_gateway": - jsonPayload, err := api.zia.zpa_gateways.GetAll() + gws, err := api.zia.zpa_gateways.GetAll() if err != nil { log.Fatal(err) } - m, _ := json.Marshal(jsonPayload) - resourceCount = len(jsonPayload) + gwsFiltered := []zpa_gateways.ZPAGateways{} + for _, gw := range gws { + if isInList(gw.Name, []string{"Auto ZPA Gateway"}) { + continue + } + gwsFiltered = append(gwsFiltered, gw) + } + m, _ := json.Marshal(gwsFiltered) + resourceCount = len(gwsFiltered) _ = json.Unmarshal(m, &jsonStructData) default: log.Printf("%q is not yet supported for state import", resourceType) diff --git a/internal/app/zscaler-terraformer/cmd/util.go b/internal/app/zscaler-terraformer/cmd/util.go index a71dccd..a5f8872 100644 --- a/internal/app/zscaler-terraformer/cmd/util.go +++ b/internal/app/zscaler-terraformer/cmd/util.go @@ -415,6 +415,7 @@ func nestBlocks(resourceType string, schemaBlock *tfjson.SchemaBlock, structData }) { output += listIdsIntBlock(block, structData[mapTfFieldNameToApi(resourceType, block)]) continue + } else if isInList(resourceType, []string{"zpa_application_segment", "zpa_application_segment_inspection", "zpa_application_segment_pra", @@ -615,6 +616,14 @@ func writeNestedBlock(resourceType string, attributes []string, schemaBlock *tfj // writeAttrLine outputs a line of HCL configuration with a configurable depth // for known types. func writeAttrLine(key string, value interface{}, usedInBlock bool) string { + if key == "id" { + // Attempt to convert the value to an integer if it's a float + if floatValue, ok := value.(float64); ok { + // Convert to int64 to handle large IDs, then format as a string + return fmt.Sprintf("%s = %d\n", key, int64(floatValue)) + } + } + switch values := value.(type) { case map[string]interface{}: sortedKeys := make([]string, 0, len(values))