fix: Fixed browser access and ba certificate resource (#442)

zscaler · Apr 8, 2024 · fb09a22 · fb09a22
1 parent b8eff1c
commit fb09a22
Show file tree

Hide file tree

Showing 8 changed files with 64 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,18 @@
 # Changelog
 
+## 3.1.1 (April, 8 2024)
+
+### Notes
+
+- Release date: **(April, 8  2024)**
+- Supported Terraform version: **v1.x**
+
+### Bug Fixes
+
+- [PR #442](https://github.com/zscaler/terraform-provider-zpa/pull/442) - Fixed `zpa_ba_certificate` resource and aligned with `zpa_application_segment_browser_access` `certificate_id` attribute. 
+
+  !> **WARNING:** Notice that updating the ``cert_blob`` attribute in the `zpa_ba_certificate` will trigger a full replacement of both the certificate and the `zpa_application_segment_browser_access`  along with any access policy the application segment may be associated with.
+
 ## 3.2.0 (April, 3 2024)
 
 ### Notes

diff --git a/GNUmakefile b/GNUmakefile
@@ -48,14 +48,14 @@ testacc:
 build13: GOOS=$(shell go env GOOS)
 build13: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
-build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.2.0/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.2.1/$(GOOS)_$(GOARCH)
 else
-build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.2.0/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.2.1/$(GOOS)_$(GOARCH)
 endif
 build13: fmtcheck
 	@echo "==> Installing plugin to $(DESTINATION)"
 	@mkdir -p $(DESTINATION)
-	go build -o $(DESTINATION)/terraform-provider-zpa_v3.2.0
+	go build -o $(DESTINATION)/terraform-provider-zpa_v3.2.1
 
 coverage: test
 	@echo "✓ Opening coverage for unit tests ..."

diff --git a/docs/guides/release-notes.md b/docs/guides/release-notes.md
@@ -12,10 +12,23 @@ Track all ZPA Terraform provider's releases. New resources, features, and bug fi
 
 ---
 
-``Last updated: v3.2.0``
+``Last updated: v3.2.1``
 
 ---
 
+## 3.1.1 (April, 8 2024)
+
+### Notes
+
+- Release date: **(April, 8  2024)**
+- Supported Terraform version: **v1.x**
+
+### Bug Fixes
+
+- [PR #442](https://github.com/zscaler/terraform-provider-zpa/pull/442) - Fixed `zpa_ba_certificate` resource and aligned with `zpa_application_segment_browser_access` `certificate_id` attribute. 
+
+  !> **WARNING:** Notice that updating the ``cert_blob`` attribute in the `zpa_ba_certificate` will trigger a full replacement of both the certificate and the `zpa_application_segment_browser_access`  along with any access policy the application segment may be associated with.
+
 ## 3.2.0 (April, 3 2024)
 
 ### Notes

diff --git a/go.mod b/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/hashicorp/terraform-plugin-docs v0.18.0
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.33.0
-	github.com/zscaler/zscaler-sdk-go/v2 v2.4.33
+	github.com/zscaler/zscaler-sdk-go/v2 v2.4.34
 )
 
 require (

diff --git a/go.sum b/go.sum
@@ -220,8 +220,8 @@ github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBM
 github.com/hashicorp/go-getter v1.5.3/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI=
 github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI=
 github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
-github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-hclog v1.6.2 h1:NOtoftovWkDheyUM/8JW3QMiXyxJK3uHRK7wV04nD2I=
+github.com/hashicorp/go-hclog v1.6.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo=
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
@@ -440,8 +440,8 @@ github.com/zclconf/go-cty v1.14.2 h1:kTG7lqmBou0Zkx35r6HJHUQTvaRPr5bIAf3AoHS0izI
 github.com/zclconf/go-cty v1.14.2/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8=
 github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0=
-github.com/zscaler/zscaler-sdk-go/v2 v2.4.33 h1:78Te1ne+luWggBDWp9Y9UEDmUmHck8CRSfmLPbQtM+M=
-github.com/zscaler/zscaler-sdk-go/v2 v2.4.33/go.mod h1:tkYuT8WhbBCr/0itvRY123NiYp82V/BLN9it0BY48Gw=
+github.com/zscaler/zscaler-sdk-go/v2 v2.4.34 h1:uJVl1R2nIkK2nk0QLgFX74xMvRASpNBV/ors6KHLHhI=
+github.com/zscaler/zscaler-sdk-go/v2 v2.4.34/go.mod h1:tkYuT8WhbBCr/0itvRY123NiYp82V/BLN9it0BY48Gw=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=

diff --git a/zpa/data_source_zpa_ba_certificate.go b/zpa/data_source_zpa_ba_certificate.go
@@ -119,6 +119,8 @@ func dataSourceBaCertificateRead(d *schema.ResourceData, m interface{}) error {
 		_ = d.Set("description", resp.Description)
 		_ = d.Set("cname", resp.CName)
 		_ = d.Set("cert_chain", resp.CertChain)
+		_ = d.Set("certificate", resp.Certificate)
+		_ = d.Set("public_key", resp.PublicKey)
 		_ = d.Set("issued_by", resp.IssuedBy)
 		_ = d.Set("issued_to", resp.IssuedTo)
 		_ = d.Set("modifiedby", resp.ModifiedBy)

diff --git a/zpa/resource_zpa_application_segment_browser_access.go b/zpa/resource_zpa_application_segment_browser_access.go
@@ -220,7 +220,8 @@ func resourceApplicationSegmentBrowserAccess() *schema.Resource {
 						},
 						"certificate_id": {
 							Type:        schema.TypeString,
-							Required:    true,
+							ForceNew:    true,
+							Optional:    true,
 							Description: "ID of the BA certificate.",
 						},
 						"cname": {

diff --git a/zpa/resource_zpa_ba_certificate.go b/zpa/resource_zpa_ba_certificate.go
@@ -4,13 +4,14 @@ import (
 	"log"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	client "github.com/zscaler/zscaler-sdk-go/v2/zpa"
 	"github.com/zscaler/zscaler-sdk-go/v2/zpa/services/bacertificate"
 )
 
 func resourceBaCertificate() *schema.Resource {
 	return &schema.Resource{
 		Create:        resourceBaCertificateCreate,
-		ReadContext:   resourceFuncNoOp,
+		Read:          resourceBaCertificateRead,
 		UpdateContext: resourceFuncNoOp,
 		Delete:        resourceBaCertificateDelete,
 		Importer:      nil,
@@ -68,6 +69,29 @@ func resourceBaCertificateCreate(d *schema.ResourceData, m interface{}) error {
 	return nil
 }
 
+func resourceBaCertificateRead(d *schema.ResourceData, m interface{}) error {
+	zClient := m.(*Client)
+
+	resp, _, err := zClient.bacertificate.Get(d.Id())
+	if err != nil {
+		if errResp, ok := err.(*client.ErrorResponse); ok && errResp.IsObjectNotFound() {
+			log.Printf("[WARN] Removing ba certificate %s from state because it no longer exists in ZPA", d.Id())
+			d.SetId("")
+			return nil
+		}
+
+		return err
+	}
+
+	log.Printf("[INFO] Getting ba certificate:\n%+v\n", resp)
+	d.SetId(resp.ID)
+	_ = d.Set("name", resp.Name)
+	_ = d.Set("description", resp.Description)
+	_ = d.Set("certificate", resp.Certificate)
+	_ = d.Set("microtenant_id", resp.MicrotenantID)
+	return nil
+}
+
 func resourceBaCertificateDelete(d *schema.ResourceData, m interface{}) error {
 	service := m.(*Client).bacertificate.WithMicroTenant(GetString(d.Get("microtenant_id")))