Fix: Fixed Application Segment Port Configuration Resource (#496)

* Fix: Fixed Application Segment Port Configuration Resource
* fix: Fixed application segment browser access microtenant
* fix: Added New Access Policy Object Type Risk Factor

.github/workflows/zpa-test.yml

@@ -229,7 +229,7 @@ jobs:
           ZPA_ACC_TEST_FORCE_SWEEPERS: ${{ secrets.ZPA_ACC_TEST_FORCE_SWEEPERS }}
 
   zpa-prod-tenants:
-    needs: [zpa-beta-tenants]
+    # needs: [zpa-beta-tenants]
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false

CHANGELOG.md

@@ -1,5 +1,28 @@
 # Changelog
 
+## 3.33.7 (October, 3 2024)
+
+### Notes
+
+- Release date: **(October, 3 2024)**
+- Supported Terraform version: **v1.x**
+
+### Enhancements
+- [PR #496](https://github.com/zscaler/terraform-provider-zpa/pull/496) - Added new `object_type` `RISK_FACTOR_TYPE` to the following ZPA access policy resources: `zpa_policy_access_rule`, and `zpa_policy_access_rule_v2`
+
+### Bug Fixes
+- [PR #496](https://github.com/zscaler/terraform-provider-zpa/pull/496) - Fixed issue with attribute `tcp_port_range`/`udp_port_range` and `tcp_port_ranges`/`udp_port_ranges` within `zpa_application_segment`. The fix ensure that both port configuration formats are suported separately without mid-conversion in between. The fix also ensure the port configuration order is ignored during apply and update process. [Issue #490](https://github.com/zscaler/terraform-provider-zpa/issues/490).
+
+
+### Internal Changes
+- [PR #496](https://github.com/zscaler/terraform-provider-zpa/pull/496) Consolidated multiple functions supported common/cross-shared resources. The following new common functions were introduced for simplicity:
+  - `expandCommonServerGroups`
+  - `expandCommonAppConnectorGroups`
+  - `expandCommonServiceEdgeGroups`
+  - `flattenCommonAppConnectorGroups`
+  - `flattenCommonAppServerGroups`
+  - `flattenCommonServiceEdgeGroups`
+
 ## 3.33.6 (October, 1 2024)
 
 ### Notes

GNUmakefile

@@ -55,14 +55,14 @@ test\:integration\:zpa:
 build13: GOOS=$(shell go env GOOS)
 build13: GOARCH=$(shell go env GOARCH)
 ifeq ($(OS),Windows_NT)  # is Windows_NT on XP, 2000, 7, Vista, 10...
-build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.6/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.7/$(GOOS)_$(GOARCH)
 else
-build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.6/$(GOOS)_$(GOARCH)
+build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.7/$(GOOS)_$(GOARCH)
 endif
 build13: fmtcheck
 	@echo "==> Installing plugin to $(DESTINATION)"
 	@mkdir -p $(DESTINATION)
-	go build -o $(DESTINATION)/terraform-provider-zpa_v3.33.6
+	go build -o $(DESTINATION)/terraform-provider-zpa_v3.33.7
 
 vet:
 	@echo "==> Checking source code against go vet and staticcheck"

docs/guides/release-notes.md

@@ -12,10 +12,33 @@ Track all ZPA Terraform provider's releases. New resources, features, and bug fi
 
 ---
 
-``Last updated: v3.33.6``
+``Last updated: v3.33.7``
 
 ---
 
+## 3.33.7 (October, 3 2024)
+
+### Notes
+
+- Release date: **(October, 3 2024)**
+- Supported Terraform version: **v1.x**
+
+### Enhancements
+- [PR #496](https://github.com/zscaler/terraform-provider-zpa/pull/496) - Added new `object_type` `RISK_FACTOR_TYPE` to the following ZPA access policy resources: `zpa_policy_access_rule`, and `zpa_policy_access_rule_v2`
+
+### Bug Fixes
+- [PR #496](https://github.com/zscaler/terraform-provider-zpa/pull/496) - Fixed issue with attribute `tcp_port_range`/`udp_port_range` and `tcp_port_ranges`/`udp_port_ranges` within `zpa_application_segment`. The fix ensure that both port configuration formats are suported separately without mid-conversion in between. The fix also ensure the port configuration order is ignored during apply and update process. [Issue #490](https://github.com/zscaler/terraform-provider-zpa/issues/490).
+
+
+### Internal Changes
+- [PR #496](https://github.com/zscaler/terraform-provider-zpa/pull/496) Consolidated multiple functions supported common/cross-shared resources. The following new common functions were introduced for simplicity:
+  - `expandCommonServerGroups`
+  - `expandCommonAppConnectorGroups`
+  - `expandCommonServiceEdgeGroups`
+  - `flattenCommonAppConnectorGroups`
+  - `flattenCommonAppServerGroups`
+  - `flattenCommonServiceEdgeGroups`
+
 ## 3.33.6 (October, 1 2024)
 
 ### Notes

docs/resources/zpa_application_segment_browser_access.md

@@ -108,6 +108,9 @@ The following arguments are supported:
   - `certificate_id` - (String) - ID of the BA certificate. Refer to the data source documentation for [`zpa_ba_certificate`](https://github.com/zscaler/terraform-provider-zpa/blob/master/docs/data-sources/zpa_ba_certificate.md)
   - `domain` - (String) - Domain name or IP address of the BA app.
   - `allow_options` - (Boolean) - If you want ZPA to forward unauthenticated HTTP preflight OPTIONS requests from the browser to the app.. Supported values: `true` and `false`
+  - `microtenant_id` (Boolean) The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenant_id as `0` when making requests to retrieve data from the Default Microtenant. Pass microtenant_id as null to retrieve data from all customers associated with the tenant.
+
+⚠️ **WARNING:**: The attribute ``microtenant_id`` is optional and requires the microtenant license and feature flag enabled for the respective tenant. The provider also supports the microtenant ID configuration via the environment variable `ZPA_MICROTENANT_ID` which is the recommended method.
 
 ### Optional
 
@@ -130,7 +133,7 @@ In addition to all arguments above, the following attributes are exported:
 
 - `use_in_dr_mode` - (Boolean) Whether or not the application resource is designated for disaster recovery. Supported values: `true`, `false`
 - `is_incomplete_dr_config` - (Boolean) Indicates whether or not the disaster recovery configuration is incomplete. Supported values: `true`, `false`
-- `microtenant_id` (Boolean) The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as `0` when making requests to retrieve data from the Default Microtenant. Pass microtenantId as null to retrieve data from all customers associated with the tenant.
+- `microtenant_id` (Boolean) The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenant_id as `0` when making requests to retrieve data from the Default Microtenant. Pass microtenant_id as null to retrieve data from all customers associated with the tenant.
 
 ⚠️ **WARNING:**: The attribute ``microtenant_id`` is optional and requires the microtenant license and feature flag enabled for the respective tenant. The provider also supports the microtenant ID configuration via the environment variable `ZPA_MICROTENANT_ID` which is the recommended method.
 

docs/resources/zpa_policy_access_rule.md

@@ -138,3 +138,4 @@ terraform import zpa_policy_access_rule.example <policy_access_rule_id>
 | [POSTURE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_posture_profile) | ``posture_udid``  | ``"true"`` / ``"false"`` |
 | [TRUSTED_NETWORK](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_trusted_network) | ``network_id``  | ``"true"`` |
 | [COUNTRY_CODE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_access_policy_platforms) | [2 Letter ISO3166 Alpha2](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes)  | ``"true"`` / ``"false"`` |
+| [RISK_FACTOR_TYPE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/resources/zpa_policy_access_rule) | ``ZIA``  | ``"UNKNOWN", "LOW", "MEDIUM", "HIGH", "CRITICAL"`` |

docs/resources/zpa_policy_access_rule_application_segment.md

@@ -146,3 +146,4 @@ terraform import zpa_policy_access_rule.example <policy_access_rule_id>
 | [POSTURE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_posture_profile) | ``posture_udid``  | ``"true"`` / ``"false"`` |
 | [TRUSTED_NETWORK](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_trusted_network) | ``network_id``  | ``"true"`` |
 | [COUNTRY_CODE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_access_policy_platforms) | [2 Letter ISO3166 Alpha2](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes)  | ``"true"`` / ``"false"`` |
+| [RISK_FACTOR_TYPE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/resources/zpa_policy_access_rule) | ``ZIA``  | ``"UNKNOWN", "LOW", "MEDIUM", "HIGH", "CRITICAL"`` |

docs/resources/zpa_policy_access_rule_browser_access.md

@@ -161,3 +161,4 @@ terraform import zpa_policy_access_rule.example <policy_access_rule_id>
 | [POSTURE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_posture_profile) | ``posture_udid``  | ``"true"`` / ``"false"`` |
 | [TRUSTED_NETWORK](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_trusted_network) | ``network_id``  | ``"true"`` |
 | [COUNTRY_CODE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_access_policy_platforms) | [2 Letter ISO3166 Alpha2](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes)  | ``"true"`` / ``"false"`` |
+| [RISK_FACTOR_TYPE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/resources/zpa_policy_access_rule) | ``ZIA``  | ``"UNKNOWN", "LOW", "MEDIUM", "HIGH", "CRITICAL"`` |

docs/resources/zpa_policy_access_rule_posture_profile.md

@@ -115,3 +115,4 @@ terraform import zpa_policy_access_rule.example <policy_access_rule_id>
 | [POSTURE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_posture_profile) | ``posture_udid``  | ``"true"`` / ``"false"`` |
 | [TRUSTED_NETWORK](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_trusted_network) | ``network_id``  | ``"true"`` |
 | [COUNTRY_CODE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_access_policy_platforms) | [2 Letter ISO3166 Alpha2](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes)  | ``"true"`` / ``"false"`` |
+| [RISK_FACTOR_TYPE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/resources/zpa_policy_access_rule) | ``ZIA``  | ``"UNKNOWN", "LOW", "MEDIUM", "HIGH", "CRITICAL"`` |

docs/resources/zpa_policy_access_rule_risk_factor.md

@@ -0,0 +1,135 @@
+---
+page_title: "zpa_policy_access_rule Resource - terraform-provider-zpa"
+subcategory: "Policy Set Controller"
+description: |-
+  Official documentation https://help.zscaler.com/zpa/about-access-policy
+  API documentation https://help.zscaler.com/zpa/configuring-access-policies-using-api
+  Creates and manages ZPA Policy Access Rule with Risk Factor conditions.
+---
+
+# zpa_policy_access_rule (Resource)
+
+* [Official documentation](https://help.zscaler.com/zpa/about-access-policy)
+* [API documentation](https://help.zscaler.com/zpa/configuring-access-policies-using-api)
+
+The **zpa_policy_access_rule** resource creates and manages a policy access rule with Risk Factor conditions in the Zscaler Private Access cloud.
+
+  ⚠️ **WARNING:**: The attribute ``rule_order`` is now deprecated in favor of the new resource  [``policy_access_rule_reorder``](zpa_policy_access_rule_reorder.md)
+
+## Example Usage
+
+```terraform
+
+resource "zpa_policy_access_rule" "access_policy_allow_machinetunnel" {
+  action      = "ALLOW"
+  name        = "Example_Risk_Score_Test"
+  description = "Example_Risk_Score_Test"
+  operator    = "AND"
+  
+  conditions {
+    operator = "OR"
+    operands {
+      lhs         = "ZIA"
+      object_type = "RISK_FACTOR_TYPE"
+      rhs         = "UNKNOWN"
+    }
+    operands {
+      lhs         = "ZIA"
+      object_type = "RISK_FACTOR_TYPE"
+      rhs         = "LOW"
+    }
+    operands {
+      lhs         = "ZIA"
+      object_type = "RISK_FACTOR_TYPE"
+      rhs         = "MEDIUM"
+    }
+    operands {
+      lhs         = "ZIA"
+      object_type = "RISK_FACTOR_TYPE"
+      rhs         = "HIGH"
+    }
+    operands {
+      lhs         = "ZIA"
+      object_type = "RISK_FACTOR_TYPE"
+      rhs         = "CRITICAL"
+    }
+  }
+}
+```
+
+## Schema
+
+### Required
+
+- `name` (String) This is the name of the policy rule.
+
+### Optional
+
+* `policy_set_id` - (String) Use [zpa_policy_type](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_policy_type) data source to retrieve the necessary policy Set ID ``policy_set_id``
+    ~> **NOTE** As of v3.2.0 the ``policy_set_id`` attribute is now optional, and will be automatically determined based on the policy type being configured. The attribute is being kept for backwards compatibility, but can be safely removed from existing configurations.`zpa_policy_type` [PR #432](https://github.com/zscaler/terraform-provider-zpa/pull/432) 
+- `action` (String) This is for providing the rule action. Supported values: ``ALLOW``, ``DENY``
+- `custom_msg` (String) This is for providing a customer message for the user.
+- `description` (String) This is the description of the access policy rule.
+- `operator` (String) Supported values: ``AND``, ``OR``
+- `policy_type` (String) Supported values: ``ACCESS_POLICY`` or ``GLOBAL_POLICY``
+- `rule_order` (String, Deprecated)
+
+  ⚠️ **WARNING:**: The attribute ``rule_order`` is now deprecated in favor of the new resource  [``policy_access_rule_reorder``](zpa_policy_access_rule_reorder.md)
+
+- `microtenant_id` (String) The ID of the microtenant the resource is to be associated with.
+
+⚠️ **WARNING:**: The attribute ``microtenant_id`` is optional and requires the microtenant license and feature flag enabled for the respective tenant. The provider also supports the microtenant ID configuration via the environment variable `ZPA_MICROTENANT_ID` which is the recommended method.
+
+- `conditions` (Block Set)
+  - `operator` (String) Supported values: ``AND``, and ``OR``
+  - `microtenant_id` (String) The ID of the microtenant the resource is to be associated with.
+
+  ⚠️ **WARNING:**: The attribute ``microtenant_id`` is optional and requires the microtenant license and feature flag enabled for the respective tenant. The provider also supports the microtenant ID configuration via the environment variable `ZPA_MICROTENANT_ID` which is the recommended method.
+
+  - `operands` (Block Set) - Operands block must be repeated if multiple per `object_type` conditions are to be added to the rule.
+    - `object_type` (String) This is for specifying the policy critiera. For posture profile the supported value is:  `POSTURE`
+    - `name` (String)
+    - `lhs` (String) - Posture Profile (posture_udid) required when ``object_type = "POSTURE"``. Use [zpa_posture_profile](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_posture_profile) data source to retrieve the ``posture_udid``
+    - `rhs` (String) Required when ``object_type = "POSTURE"``. Supported values are:
+      - ``true`` = ``VERIFIED``
+      - ``false`` = ``VERIFICATION FAILED``
+
+  ⚠️ **WARNING:**: The attribute ``microtenant_id`` is not supported within the `operands` block when the `object_type` is set to `POSTURE`. ZPA automatically assumes the posture profile ID that belongs to the parent tenant.
+
+- `app_connector_groups` (Block Set)
+  * `id` (String) The ID of an app connector group resource
+
+- `app_server_groups` (Block Set)
+  * `id` (String) The ID of a server group resource
+
+## Import
+
+Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language.
+[Visit](https://github.com/zscaler/zscaler-terraformer)
+
+Policy Access Rule for Browser Access can be imported by using`<POLICY ACCESS RULE ID>` as the import ID.
+
+For example:
+
+```shell
+terraform import zpa_policy_access_rule.example <policy_access_rule_id>
+```
+
+## LHS and RHS Values
+
+| Object Type | LHS| RHS
+|----------|-----------|----------
+| [APP](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/resources/zpa_application_segment) | ``"id"`` | ``application_segment_id`` |
+| [APP_GROUP](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/resources/zpa_segment_group) | ``"id"`` | ``segment_group_id``|
+| [CLIENT_TYPE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_access_policy_client_types) | ``"id"`` | ``zpn_client_type_zappl``, ``zpn_client_type_exporter``, ``zpn_client_type_browser_isolation``, ``zpn_client_type_ip_anchoring``, ``zpn_client_type_edge_connector``, ``zpn_client_type_branch_connector``,  ``zpn_client_type_zapp_partner``, ``zpn_client_type_zapp``  |
+| [EDGE_CONNECTOR_GROUP](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_cloud_connector_group) | ``"id"`` | ``<edge_connector_id>`` |
+| [IDP](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_idp_controller) | ``"id"`` | ``identity_provider_id`` |
+| [SAML](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_saml_attribute) | ``saml_attribute_id``  | ``attribute_value_to_match`` |
+| [SCIM](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_scim_attribute_header) | ``scim_attribute_id``  | ``attribute_value_to_match``  |
+| [SCIM_GROUP](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_scim_groups) | ``scim_group_attribute_id``  | ``attribute_value_to_match``  |
+| [PLATFORM](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/resources/zpa_policy_access_rule) | ``mac``, ``ios``, ``windows``, ``android``, ``linux`` | ``"true"`` / ``"false"`` |
+| [MACHINE_GRP](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_machine_group) | ``"id"`` | ``machine_group_id`` |
+| [POSTURE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_posture_profile) | ``posture_udid``  | ``"true"`` / ``"false"`` |
+| [TRUSTED_NETWORK](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_trusted_network) | ``network_id``  | ``"true"`` |
+| [COUNTRY_CODE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_access_policy_platforms) | [2 Letter ISO3166 Alpha2](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes)  | ``"true"`` / ``"false"`` |
+| [RISK_FACTOR_TYPE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/resources/zpa_policy_access_rule) | ``ZIA``  | ``"UNKNOWN", "LOW", "MEDIUM", "HIGH", "CRITICAL"`` |

docs/resources/zpa_policy_access_rule_saml.md

@@ -118,3 +118,4 @@ terraform import zpa_policy_access_rule.example <policy_access_rule_id>
 | [POSTURE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_posture_profile) | ``posture_udid``  | ``"true"`` / ``"false"`` |
 | [TRUSTED_NETWORK](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_trusted_network) | ``network_id``  | ``"true"`` |
 | [COUNTRY_CODE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_access_policy_platforms) | [2 Letter ISO3166 Alpha2](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes)  | ``"true"`` / ``"false"`` |
+| [RISK_FACTOR_TYPE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/resources/zpa_policy_access_rule) | ``ZIA``  | ``"UNKNOWN", "LOW", "MEDIUM", "HIGH", "CRITICAL"`` |

docs/resources/zpa_policy_access_rule_scim_attribute.md

@@ -127,3 +127,4 @@ terraform import zpa_policy_access_rule.example <policy_access_rule_id>
 | [POSTURE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_posture_profile) | ``posture_udid``  | ``"true"`` / ``"false"`` |
 | [TRUSTED_NETWORK](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_trusted_network) | ``network_id``  | ``"true"`` |
 | [COUNTRY_CODE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/data-sources/zpa_access_policy_platforms) | [2 Letter ISO3166 Alpha2](https://en.wikipedia.org/wiki/List_of_ISO_3166_country_codes)  | ``"true"`` / ``"false"`` |
+| [RISK_FACTOR_TYPE](https://registry.terraform.io/providers/zscaler/zpa/latest/docs/resources/zpa_policy_access_rule) | ``ZIA``  | ``"UNKNOWN", "LOW", "MEDIUM", "HIGH", "CRITICAL"`` |