diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e8afbfa1..c03cc86d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -40,7 +40,7 @@ jobs: python-version: ${{ matrix.python_ver }} - name: Install Poetry - uses: Gr1N/setup-poetry@v8 + uses: Gr1N/setup-poetry@v9 # Install the head of the given branch (devel, stable-2.10) - name: Install ansible-base (${{ matrix.ansible }}) diff --git a/.github/workflows/zpa-test.yml b/.github/workflows/zpa-test.yml new file mode 100644 index 00000000..1c9c4ca0 --- /dev/null +++ b/.github/workflows/zpa-test.yml @@ -0,0 +1,152 @@ +name: ZPA Test + +on: + pull_request: + types: [opened, synchronize] + merge_group: + types: [checks_requested] + push: + branches: + - master + schedule: + - cron: '0 14 * * 1-5' # UTC + workflow_dispatch: + +jobs: + zpa-qa1-tenants: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + python-version: ["3.10"] + environment: + - ZPA_QA_TENANT01 + - ZPA_QA_TENANT02 + environment: ${{ matrix.environment }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + + - name: Set up Poetry + uses: Gr1N/setup-poetry@v9 + + - name: Install Ansible + run: pip install ansible + + - name: Install collection from Galaxy + run: ansible-galaxy collection install zscaler.zpacloud + + - name: Install dependencies + run: poetry install + + - name: Run tests with retry + uses: nick-fields/retry@v3 + with: + max_attempts: 3 + timeout_minutes: 30 + command: poetry run ansible-playbook tests/integration/run_all_tests.yml + env: + ZPA_CLIENT_ID: ${{ secrets.ZPA_CLIENT_ID }} + ZPA_CLIENT_SECRET: ${{ secrets.ZPA_CLIENT_SECRET }} + ZPA_CUSTOMER_ID: ${{ secrets.ZPA_CUSTOMER_ID }} + ZPA_CLOUD: ${{ secrets.ZPA_CLOUD }} + OKTA_CLIENT_ORGURL: ${{ secrets.OKTA_CLIENT_ORGURL }} + OKTA_CLIENT_TOKEN: ${{ secrets.OKTA_CLIENT_TOKEN }} + + zpa-beta-tenants: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + python-version: ["3.10"] + environment: + - ZPA_BETA_TENANT01 + environment: ${{ matrix.environment }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + + - name: Set up Poetry + uses: Gr1N/setup-poetry@v9 + + - name: Install Ansible + run: pip install ansible + + - name: Install collection from Galaxy + run: ansible-galaxy collection install zscaler.zpacloud + + - name: Install dependencies + run: poetry install + + - name: Run tests with retry + uses: nick-fields/retry@v3 + with: + max_attempts: 3 + timeout_minutes: 30 + command: poetry run ansible-playbook tests/integration/run_all_tests.yml + env: + ZPA_CLIENT_ID: ${{ secrets.ZPA_CLIENT_ID }} + ZPA_CLIENT_SECRET: ${{ secrets.ZPA_CLIENT_SECRET }} + ZPA_CUSTOMER_ID: ${{ secrets.ZPA_CUSTOMER_ID }} + ZPA_CLOUD: ${{ secrets.ZPA_CLOUD }} + OKTA_CLIENT_ORGURL: ${{ secrets.OKTA_CLIENT_ORGURL }} + OKTA_CLIENT_TOKEN: ${{ secrets.OKTA_CLIENT_TOKEN }} + needs: + - zpa-qa1-tenants + + zpa-prod-tenants: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + python-version: ["3.11"] + environment: + - ZPA_PROD_TENANT01 + environment: ${{ matrix.environment }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: ${{ matrix.python-version }} + + - name: Set up Poetry + uses: Gr1N/setup-poetry@v9 + + - name: Install Ansible + run: pip install ansible + + - name: Install collection from Galaxy + run: ansible-galaxy collection install zscaler.zpacloud + + - name: Install dependencies + run: poetry install + + - name: Run tests with retry + uses: nick-fields/retry@v3 + with: + max_attempts: 3 + timeout_minutes: 30 + command: poetry run ansible-playbook tests/integration/run_all_tests.yml + env: + ZPA_CLIENT_ID: ${{ secrets.ZPA_CLIENT_ID }} + ZPA_CLIENT_SECRET: ${{ secrets.ZPA_CLIENT_SECRET }} + ZPA_CUSTOMER_ID: ${{ secrets.ZPA_CUSTOMER_ID }} + ZPA_CLOUD: ${{ secrets.ZPA_CLOUD }} + OKTA_CLIENT_ORGURL: ${{ secrets.OKTA_CLIENT_ORGURL }} + OKTA_CLIENT_TOKEN: ${{ secrets.OKTA_CLIENT_TOKEN }} + needs: + - zpa-qa1-tenants + - zpa-beta-tenants \ No newline at end of file diff --git a/plugins/modules/zpa_app_protection_custom_control.py b/plugins/modules/zpa_app_protection_custom_control.py index b6fb3200..55432602 100644 --- a/plugins/modules/zpa_app_protection_custom_control.py +++ b/plugins/modules/zpa_app_protection_custom_control.py @@ -148,7 +148,7 @@ description: "The names of the AppProtection rule" type: list elements: str - required: true + required: false type: description: The type of the AppProtection rule. required: false @@ -490,7 +490,7 @@ def main(): rhs=dict(type="str", required=False), ), ), - names=dict(type="list", elements="str", required=True), + names=dict(type="list", elements="str", required=False), type=dict( type="str", required=False, diff --git a/tests/integration/targets/zpa_policy_access_app_protection_rule/tasks/main.yml b/tests/integration/targets/zpa_policy_access_app_protection_rule/tasks/main.yml index f3bfdc68..6317fed3 100644 --- a/tests/integration/targets/zpa_policy_access_app_protection_rule/tasks/main.yml +++ b/tests/integration/targets/zpa_policy_access_app_protection_rule/tasks/main.yml @@ -84,19 +84,16 @@ operator: "{{ operator }}" conditions: - operator: "AND" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "AND" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "AND" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" @@ -123,19 +120,16 @@ operator: "{{ operator }}" conditions: - operator: "AND" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "AND" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "AND" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" diff --git a/tests/integration/targets/zpa_policy_access_forwarding_rule/tasks/main.yml b/tests/integration/targets/zpa_policy_access_forwarding_rule/tasks/main.yml index d47b15bc..6015b78c 100644 --- a/tests/integration/targets/zpa_policy_access_forwarding_rule/tasks/main.yml +++ b/tests/integration/targets/zpa_policy_access_forwarding_rule/tasks/main.yml @@ -80,19 +80,16 @@ operator: "{{ operator }}" conditions: - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "{{ operator }}" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" @@ -118,19 +115,16 @@ operator: "{{ operator }}" conditions: - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "{{ operator }}" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" diff --git a/tests/integration/targets/zpa_policy_access_isolation_rule/tasks/main.yml b/tests/integration/targets/zpa_policy_access_isolation_rule/tasks/main.yml index 89ff1a94..d6c4f734 100644 --- a/tests/integration/targets/zpa_policy_access_isolation_rule/tasks/main.yml +++ b/tests/integration/targets/zpa_policy_access_isolation_rule/tasks/main.yml @@ -78,13 +78,11 @@ operator: "{{ operator }}" conditions: - operator: "OR" - negated: false operands: - object_type: "CLIENT_TYPE" lhs: "id" rhs: "zpn_client_type_exporter" - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios @@ -111,13 +109,11 @@ operator: "{{ operator }}" conditions: - operator: "OR" - negated: false operands: - object_type: "CLIENT_TYPE" lhs: "id" rhs: "zpn_client_type_exporter" - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios diff --git a/tests/integration/targets/zpa_policy_access_rule/tasks/main.yml b/tests/integration/targets/zpa_policy_access_rule/tasks/main.yml index 87318185..60c6f094 100644 --- a/tests/integration/targets/zpa_policy_access_rule/tasks/main.yml +++ b/tests/integration/targets/zpa_policy_access_rule/tasks/main.yml @@ -97,25 +97,21 @@ - "{{ server_group_id }}" conditions: - operator: "AND" - negated: false operands: - object_type: "COUNTRY_CODE" lhs: CA rhs: "true" - operator: "AND" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "AND" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "AND" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" @@ -146,25 +142,21 @@ - "{{ server_group_id }}" conditions: - operator: "{{ operator }}" - negated: false operands: - object_type: "COUNTRY_CODE" lhs: CA rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "{{ operator }}" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" diff --git a/tests/integration/targets/zpa_policy_access_timeout_rule/tasks/main.yml b/tests/integration/targets/zpa_policy_access_timeout_rule/tasks/main.yml index eb793483..31a0522b 100644 --- a/tests/integration/targets/zpa_policy_access_timeout_rule/tasks/main.yml +++ b/tests/integration/targets/zpa_policy_access_timeout_rule/tasks/main.yml @@ -78,13 +78,11 @@ operator: "{{ operator }}" conditions: - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" @@ -111,13 +109,11 @@ operator: "{{ operator }}" conditions: - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}"