Zscaler Private Access Terraform Provider (Unofficial) - APIv2 Update

Introduction

Zscaler has recently introduced many updates to the ZPA API, to include new management resources and enhancements. In the continuing effort to keep this unofficial provider up to date, I have developed these new resources into the provider and the latest release is now available in the GitHub Repository

:warning: Important: It is important to emphasize that this Terraform provider is not in any way supported or maintained by Zscaler engineering or support teams; hence, it is provided “AS IS” as a community effort.

New Management Resources

  • New Resource: resource_zpa_app_connector_group :new:
# ZPA  App Connector Group
resource "zpa_app_connector_group" "example" {
  name                          = "App Connector Group"
  description                   = "App Connector Group in San Jose"
  enabled                       = true
  country_code                  = "CA"
  latitude                      = "37.3382082"
  longitude                     = "-121.8863286"
  location                      = "San Jose, CA, USA"
  upgrade_day                   = "SUNDAY"
  upgrade_time_in_secs          = "66600"
  override_version_profile      = true
  version_profile_id            = 0
  dns_query_type                = "IPV4"
}
  • New Resource: resource_zpa_service_edge_group :new:
# ZPA Service Edge Group resource - Trusted Network
resource "zpa_service_edge_group" "service_edge_group_sjc" {
  name                 = "Service Edge Group San Jose"
  description          = "Service Edge Group in San Jose"
  upgrade_day          = "SUNDAY"
  upgrade_time_in_secs = "66600"
  latitude             = "37.3382082"
  longitude            = "-121.8863286"
  location             = "San Jose, CA, USA"
  version_profile_id   = "0"
  trusted_networks {
    id = [data.zpa_trusted_network.example.id]
  }
}
  • New Resource: resource_zpa_provisioning_key :new:
# Create Provisioning Key for Service Edge Group
resource "zpa_provisioning_key" "usa_provisioning_key" {
  name                  = "AWS Provisioning Key"
  association_type      = "SERVICE_EDGE_GRP"
  max_usage             = "10"
  enrollment_cert_id    = data.zpa_enrollment_cert.service_edge.id
  zcomponent_id         = zpa_service_edge_group.service_edge_group_nyc.id
}

// Retrieve the Service Edge Enrollment Certificate
data "zpa_enrollment_cert" "service_edge" {
    name = "Service Edge"
}
  • New Resource: resource_zpa_lss_config_controller :new:
// Create Log Receiver Configuration
resource "zpa_lss_config_controller" "example" {
  config {
    name        = "Example"
    description = "Example"
    enabled     = true
    format      = data.zpa_lss_config_log_type_formats.zpn_ast_auth_log.json
    lss_host    = "192.168.1.1"
    lss_port    = "11001"
    source_log_type = "zpn_ast_auth_log"
    use_tls         = true
    filter = [
                "ZPN_STATUS_AUTH_FAILED",
                "ZPN_STATUS_DISCONNECTED",
                "ZPN_STATUS_AUTHENTICATED"
            ]
  }
  connector_groups {
    id = [ data.zpa_app_connector_group.example.id ]
  }
}

// Retrieve the App Connector Group ID
data "zpa_app_connector_group" "example" {
  name = "Example"
}

// Retrieve LSS Config Format
data "zpa_lss_config_log_type_formats" "zpn_ast_auth_log" {
    log_type="zpn_ast_auth_log"
}

New Management Data Sources

  • New Data Source: data_source_zpa_enrollement_cert :new:
  • New Data Source: data_source_zpa_customer_version_profile :new:
  • New Data Source: data_source_zpa_lss_config_controller :new:
  • New Data Source: data_source_zpa_lss_config_log_types_formats :new:
  • New Data Source: data_source_zpa_lss_config_status_codes :new:
  • New Data Source: data_source_zpa_lss_config_client_types :new:
  • New Data Source: data_source_zpa_policy_type :new:

For the complete list of resource examples and enhacements, visit the provider CHANGELOG in the GitHub repository.

2 Likes