ZPA Terraform Provider - v2.2.0 (June, 30 2022)

:tada: :partying_face: ZPA Terraform Provider - v2.2.0 (June, 30 2022) :tada: :partying_face:

Notes

  • Supported Terraform version: v1.x

New Features
The provider now supports the following ZPA Privileged Remote Access (PRA) features:

  • zpa_application_segment_pra - The resource supports enabling Privileged Remote Access Application Segment SECURE_REMOTE_ACCESS option for RDP and SSH via the app_types parameter. PR#133

The provider now supports the following ZPA Inspection features:

  • zpa_inspection_custom_controls PR#134
  • zpa_inpection_predefined_controls PR#134
  • zpa_inspection_all_predefined_controls PR#134
  • zpa_inspection_profile PR#134
  • zpa_policy_access_inspection_rule PR#134
  • zpa_application_segment_inspection - The resource supports enabling INSPECT for HTTP and HTTPS via the app_types parameter. PR#135
  1. Implemented a new Application Segment resource parameter select_connector_close_to_app. The parameter can only be set for TCP based applications. PR#137

Enhancements

  • Added support to scim_attribute_header to support policy access SCIM criteria based on SCIM attribute values. Issue #146 / PR#147
  • ZPA Beta Cloud: The provider now supports authentication via environment variables or static credentials to ZPA Beta Cloud. For authentication instructions please refer to the documentation page here - PR#136
  • ZPA Gov Cloud: The provider now supports authentication via environment variables or static credentials to ZPA Gov Cloud. For authentication instructions please refer to the documentation page here - PR#145

Bug Fixes

  • Fix: Fixed update function on zpa_app_server_controller resource to ensure desired state is enforced in the upstream resource. Issue #128
  • Fix: Fixed enabled parameter on zpa_app_connector_group resource by removing default action from resource schema. Issue #128
  • Fix: Fixed Golangci linter and upgraded to golangci-lint-action@v3

Documentation

  1. Added release notes guide to documentation PR#140
  2. Fixed documentation misspellings

Given that the providers are official now and listed on the Terraform Registry (https://registry.terraform.io/providers/zscaler/zpa/latest/ and https://registry.terraform.io/providers/zscaler/zia/latest/), I think the documentation on Github should be updated to reflect the much easier way of beginning to use them. I wasted several hours yesterday and today with trying to clone and build the providers on my company-owned Windows machine only to find that I didn’t need to do any of that.

This is hyper-simplified, but to just get the registries downloaded and working on Windows:

  1. Download the Terraform binary from terraform.io
  2. Copy terraform.exe to a working directory such as C:\bin\terraform
  3. Using a text editor such as Visual Studio Code, create a file in the working directory called zscaler.tf, placing the following contents into the file:
terraform {
  required_providers {
    zpa = {
      source = "zscaler/zpa"
      version = "2.2.1"
    }
    zia = {
      source = "zscaler/zia"
      version = "2.1.1"
    }
  }
}

provider "zpa" {
  # Configuration options
}

provider "zia" {
  # Configuration options
}

NOTE: The versions in the above example are current as of 12JUL2022. Check https://registry.terraform.io/providers/zscaler/zpa/latest/ and https://registry.terraform.io/providers/zscaler/zia/latest/ for current versions prior to using in production.

  1. Open PowerShell
  2. Navigate to the working directory created previously
  3. Execute .\terraform init to download and install the Zscaler providers from registry.terraform.io

Thanks for the feedback @dan.carlson
For further clarity, regular users who just want to use Terraform to provision resources, must rely only on the documentation presented in the Terraform registry. The documentation in GitHub is mostly focused on people (developers) who want to contribute with the source code/improvements/new resources etc.
In other words, if you’re just looking to use Terraform as a user, then the process you followed is correct and is documented in the provider registry.

Ah, thanks for clarifying!