From c4cb0ccfde5e309831fe1b567b3c2f650321a845 Mon Sep 17 00:00:00 2001 From: William Guilherme Date: Thu, 25 Apr 2024 12:29:41 -0700 Subject: [PATCH 1/3] fix: update attributes and add integration tests Changed rules.names attribute within app protection custom control resource to optional. Added zpa-test.yml for daily integration test execution. --- .github/workflows/release.yml | 2 +- .github/workflows/zpa-test.yml | 140 ++++++++++++++++++ .../zpa_app_protection_custom_control.py | 4 +- 3 files changed, 143 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/zpa-test.yml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e8afbfa1..c03cc86d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -40,7 +40,7 @@ jobs: python-version: ${{ matrix.python_ver }} - name: Install Poetry - uses: Gr1N/setup-poetry@v8 + uses: Gr1N/setup-poetry@v9 # Install the head of the given branch (devel, stable-2.10) - name: Install ansible-base (${{ matrix.ansible }}) diff --git a/.github/workflows/zpa-test.yml b/.github/workflows/zpa-test.yml new file mode 100644 index 00000000..f7b058d7 --- /dev/null +++ b/.github/workflows/zpa-test.yml @@ -0,0 +1,140 @@ +name: ZPA Test + +on: + pull_request: + types: [opened, synchronize] + merge_group: + types: [checks_requested] + push: + branches: + - master + schedule: + - cron: '0 14 * * 1-5' # UTC + workflow_dispatch: + +jobs: + zpa-qa1-tenants: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + python-version: ["3.10"] + environment: + - ZPA_QA_TENANT01 + - ZPA_QA_TENANT02 + environment: ${{ matrix.environment }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Set up Poetry + uses: Gr1N/setup-poetry@v9 + + - name: Install collection from Galaxy + run: ansible-galaxy collection install zscaler.zpacloud + + - name: Install dependencies + run: poetry install + + - name: Run tests with retry + uses: nick-fields/retry@v3 + with: + max_attempts: 3 + timeout_minutes: 30 + command: poetry run make test:integration:zpa + env: + ZPA_CLIENT_ID: ${{ secrets.ZPA_CLIENT_ID }} + ZPA_CLIENT_SECRET: ${{ secrets.ZPA_CLIENT_SECRET }} + ZPA_CUSTOMER_ID: ${{ secrets.ZPA_CUSTOMER_ID }} + ZPA_CLOUD: ${{ secrets.ZPA_CLOUD }} + OKTA_CLIENT_ORGURL: ${{ secrets.OKTA_CLIENT_ORGURL }} + OKTA_CLIENT_TOKEN: ${{ secrets.OKTA_CLIENT_TOKEN }} + + zpa-beta-tenants: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + python-version: ["3.10"] + environment: + - ZPA_BETA_TENANT01 + environment: ${{ matrix.environment }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Set up Poetry + uses: Gr1N/setup-poetry@v9 + + - name: Install collection from Galaxy + run: ansible-galaxy collection install zscaler.zpacloud + + - name: Install dependencies + run: poetry install + + - name: Run tests with retry + uses: nick-fields/retry@v3 + with: + max_attempts: 3 + timeout_minutes: 30 + command: poetry run make test:integration:zpa + env: + ZPA_CLIENT_ID: ${{ secrets.ZPA_CLIENT_ID }} + ZPA_CLIENT_SECRET: ${{ secrets.ZPA_CLIENT_SECRET }} + ZPA_CUSTOMER_ID: ${{ secrets.ZPA_CUSTOMER_ID }} + ZPA_CLOUD: ${{ secrets.ZPA_CLOUD }} + OKTA_CLIENT_ORGURL: ${{ secrets.OKTA_CLIENT_ORGURL }} + OKTA_CLIENT_TOKEN: ${{ secrets.OKTA_CLIENT_TOKEN }} + + + + zpa-prod-tenants: + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + python-version: ["3.10"] + environment: + - ZPA_BETA_TENANT01 + environment: ${{ matrix.environment }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v4 + with: + python-version: ${{ matrix.python-version }} + + - name: Set up Poetry + uses: Gr1N/setup-poetry@v9 + + - name: Install collection from Galaxy + run: ansible-galaxy collection install zscaler.zpacloud + + - name: Install dependencies + run: poetry install + + - name: Run tests with retry + uses: nick-fields/retry@v3 + with: + max_attempts: 3 + timeout_minutes: 30 + command: poetry run make test:integration:zpa + env: + ZPA_CLIENT_ID: ${{ secrets.ZPA_CLIENT_ID }} + ZPA_CLIENT_SECRET: ${{ secrets.ZPA_CLIENT_SECRET }} + ZPA_CUSTOMER_ID: ${{ secrets.ZPA_CUSTOMER_ID }} + ZPA_CLOUD: ${{ secrets.ZPA_CLOUD }} + OKTA_CLIENT_ORGURL: ${{ secrets.OKTA_CLIENT_ORGURL }} + OKTA_CLIENT_TOKEN: ${{ secrets.OKTA_CLIENT_TOKEN }} diff --git a/plugins/modules/zpa_app_protection_custom_control.py b/plugins/modules/zpa_app_protection_custom_control.py index b6fb3200..55432602 100644 --- a/plugins/modules/zpa_app_protection_custom_control.py +++ b/plugins/modules/zpa_app_protection_custom_control.py @@ -148,7 +148,7 @@ description: "The names of the AppProtection rule" type: list elements: str - required: true + required: false type: description: The type of the AppProtection rule. required: false @@ -490,7 +490,7 @@ def main(): rhs=dict(type="str", required=False), ), ), - names=dict(type="list", elements="str", required=True), + names=dict(type="list", elements="str", required=False), type=dict( type="str", required=False, From 70cfb476b86c6b034bda680c656f2e337ca3a1d7 Mon Sep 17 00:00:00 2001 From: William Guilherme Date: Thu, 25 Apr 2024 14:23:12 -0700 Subject: [PATCH 2/3] fix: update attributes and add integration tests Changed rules.names attribute within app protection custom control resource to optional. Added zpa-test.yml for daily integration test execution. --- .github/workflows/zpa-test.yml | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/.github/workflows/zpa-test.yml b/.github/workflows/zpa-test.yml index f7b058d7..f1d414c3 100644 --- a/.github/workflows/zpa-test.yml +++ b/.github/workflows/zpa-test.yml @@ -28,13 +28,16 @@ jobs: uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Set up Poetry uses: Gr1N/setup-poetry@v9 + - name: Install Ansible + run: pip install ansible + - name: Install collection from Galaxy run: ansible-galaxy collection install zscaler.zpacloud @@ -69,13 +72,16 @@ jobs: uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Set up Poetry uses: Gr1N/setup-poetry@v9 + - name: Install Ansible + run: pip install ansible + - name: Install collection from Galaxy run: ansible-galaxy collection install zscaler.zpacloud @@ -95,30 +101,33 @@ jobs: ZPA_CLOUD: ${{ secrets.ZPA_CLOUD }} OKTA_CLIENT_ORGURL: ${{ secrets.OKTA_CLIENT_ORGURL }} OKTA_CLIENT_TOKEN: ${{ secrets.OKTA_CLIENT_TOKEN }} - - + needs: + - zpa-qa1-tenants zpa-prod-tenants: runs-on: ubuntu-latest strategy: fail-fast: false matrix: - python-version: ["3.10"] + python-version: ["3.11"] environment: - - ZPA_BETA_TENANT01 + - ZPA_PROD_TENANT01 environment: ${{ matrix.environment }} steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Set up Poetry uses: Gr1N/setup-poetry@v9 + - name: Install Ansible + run: pip install ansible + - name: Install collection from Galaxy run: ansible-galaxy collection install zscaler.zpacloud @@ -138,3 +147,6 @@ jobs: ZPA_CLOUD: ${{ secrets.ZPA_CLOUD }} OKTA_CLIENT_ORGURL: ${{ secrets.OKTA_CLIENT_ORGURL }} OKTA_CLIENT_TOKEN: ${{ secrets.OKTA_CLIENT_TOKEN }} + needs: + - zpa-qa1-tenants + - zpa-beta-tenants \ No newline at end of file From 0dcca5052eb2f7a153dcb3559daf43cb23bf5b3d Mon Sep 17 00:00:00 2001 From: William Guilherme Date: Thu, 25 Apr 2024 14:31:44 -0700 Subject: [PATCH 3/3] fix: update attributes and add integration tests Changed rules.names attribute within app protection custom control resource to optional. Added zpa-test.yml for daily integration test execution. --- .github/workflows/zpa-test.yml | 6 +++--- .../zpa_policy_access_app_protection_rule/tasks/main.yml | 6 ------ .../zpa_policy_access_forwarding_rule/tasks/main.yml | 6 ------ .../zpa_policy_access_isolation_rule/tasks/main.yml | 4 ---- .../targets/zpa_policy_access_rule/tasks/main.yml | 8 -------- .../targets/zpa_policy_access_timeout_rule/tasks/main.yml | 4 ---- 6 files changed, 3 insertions(+), 31 deletions(-) diff --git a/.github/workflows/zpa-test.yml b/.github/workflows/zpa-test.yml index f1d414c3..1c9c4ca0 100644 --- a/.github/workflows/zpa-test.yml +++ b/.github/workflows/zpa-test.yml @@ -49,7 +49,7 @@ jobs: with: max_attempts: 3 timeout_minutes: 30 - command: poetry run make test:integration:zpa + command: poetry run ansible-playbook tests/integration/run_all_tests.yml env: ZPA_CLIENT_ID: ${{ secrets.ZPA_CLIENT_ID }} ZPA_CLIENT_SECRET: ${{ secrets.ZPA_CLIENT_SECRET }} @@ -93,7 +93,7 @@ jobs: with: max_attempts: 3 timeout_minutes: 30 - command: poetry run make test:integration:zpa + command: poetry run ansible-playbook tests/integration/run_all_tests.yml env: ZPA_CLIENT_ID: ${{ secrets.ZPA_CLIENT_ID }} ZPA_CLIENT_SECRET: ${{ secrets.ZPA_CLIENT_SECRET }} @@ -139,7 +139,7 @@ jobs: with: max_attempts: 3 timeout_minutes: 30 - command: poetry run make test:integration:zpa + command: poetry run ansible-playbook tests/integration/run_all_tests.yml env: ZPA_CLIENT_ID: ${{ secrets.ZPA_CLIENT_ID }} ZPA_CLIENT_SECRET: ${{ secrets.ZPA_CLIENT_SECRET }} diff --git a/tests/integration/targets/zpa_policy_access_app_protection_rule/tasks/main.yml b/tests/integration/targets/zpa_policy_access_app_protection_rule/tasks/main.yml index f3bfdc68..6317fed3 100644 --- a/tests/integration/targets/zpa_policy_access_app_protection_rule/tasks/main.yml +++ b/tests/integration/targets/zpa_policy_access_app_protection_rule/tasks/main.yml @@ -84,19 +84,16 @@ operator: "{{ operator }}" conditions: - operator: "AND" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "AND" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "AND" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" @@ -123,19 +120,16 @@ operator: "{{ operator }}" conditions: - operator: "AND" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "AND" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "AND" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" diff --git a/tests/integration/targets/zpa_policy_access_forwarding_rule/tasks/main.yml b/tests/integration/targets/zpa_policy_access_forwarding_rule/tasks/main.yml index d47b15bc..6015b78c 100644 --- a/tests/integration/targets/zpa_policy_access_forwarding_rule/tasks/main.yml +++ b/tests/integration/targets/zpa_policy_access_forwarding_rule/tasks/main.yml @@ -80,19 +80,16 @@ operator: "{{ operator }}" conditions: - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "{{ operator }}" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" @@ -118,19 +115,16 @@ operator: "{{ operator }}" conditions: - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "{{ operator }}" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" diff --git a/tests/integration/targets/zpa_policy_access_isolation_rule/tasks/main.yml b/tests/integration/targets/zpa_policy_access_isolation_rule/tasks/main.yml index 89ff1a94..d6c4f734 100644 --- a/tests/integration/targets/zpa_policy_access_isolation_rule/tasks/main.yml +++ b/tests/integration/targets/zpa_policy_access_isolation_rule/tasks/main.yml @@ -78,13 +78,11 @@ operator: "{{ operator }}" conditions: - operator: "OR" - negated: false operands: - object_type: "CLIENT_TYPE" lhs: "id" rhs: "zpn_client_type_exporter" - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios @@ -111,13 +109,11 @@ operator: "{{ operator }}" conditions: - operator: "OR" - negated: false operands: - object_type: "CLIENT_TYPE" lhs: "id" rhs: "zpn_client_type_exporter" - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios diff --git a/tests/integration/targets/zpa_policy_access_rule/tasks/main.yml b/tests/integration/targets/zpa_policy_access_rule/tasks/main.yml index 87318185..60c6f094 100644 --- a/tests/integration/targets/zpa_policy_access_rule/tasks/main.yml +++ b/tests/integration/targets/zpa_policy_access_rule/tasks/main.yml @@ -97,25 +97,21 @@ - "{{ server_group_id }}" conditions: - operator: "AND" - negated: false operands: - object_type: "COUNTRY_CODE" lhs: CA rhs: "true" - operator: "AND" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "AND" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "AND" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" @@ -146,25 +142,21 @@ - "{{ server_group_id }}" conditions: - operator: "{{ operator }}" - negated: false operands: - object_type: "COUNTRY_CODE" lhs: CA rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" rhs: "false" - operator: "{{ operator }}" - negated: false operands: - object_type: "TRUSTED_NETWORK" lhs: "{{ network_id }}" diff --git a/tests/integration/targets/zpa_policy_access_timeout_rule/tasks/main.yml b/tests/integration/targets/zpa_policy_access_timeout_rule/tasks/main.yml index eb793483..31a0522b 100644 --- a/tests/integration/targets/zpa_policy_access_timeout_rule/tasks/main.yml +++ b/tests/integration/targets/zpa_policy_access_timeout_rule/tasks/main.yml @@ -78,13 +78,11 @@ operator: "{{ operator }}" conditions: - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}" @@ -111,13 +109,11 @@ operator: "{{ operator }}" conditions: - operator: "{{ operator }}" - negated: false operands: - object_type: "PLATFORM" lhs: ios rhs: "true" - operator: "{{ operator }}" - negated: false operands: - object_type: "POSTURE" lhs: "{{ posture_udid }}"