Update

.github/workflows/ci.yml

@@ -0,0 +1,61 @@
+---
+name: Validation Test
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v1
+      - name: Prepare tfvars
+        id: tfvars
+        run: cp test/terraform.tfvars.example test/terraform.tfvars
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check
+      - name: Terraform Init
+        id: init
+        run: terraform init
+      - name: Terraform Validate
+        id: validate
+        run: terraform validate -no-color
+      - name: Terraform Plan
+        id: plan
+        if: github.event_name == 'pull_request'
+        run: terraform plan -no-color --var-file="test/terraform.tfvars"
+        continue-on-error: true
+      - name: Update Pull Request
+        uses: actions/github-script@0.9.0
+        if: github.event_name == 'pull_request'
+        env:
+          PLAN: "terraform\n${{ steps.plan.outputs.stdout }}"
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const output = `#### Terraform Format and Style 🖌\`${{ steps.fmt.outcome }}\`
+            #### Terraform Initialization ⚙️\`${{ steps.init.outcome }}\`
+            #### Terraform Plan 📖\`${{ steps.plan.outcome }}\`
+            #### Terraform Validation 🤖\`${{ steps.validate.outcome }}\`
+
+            <details><summary>Show Plan</summary>
+
+            \`\`\`\n
+            ${process.env.PLAN}
+            \`\`\`
+
+            </details>
+
+            *Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`*`;
+
+            github.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: output
+            })

docker-compose.yml

@@ -0,0 +1,56 @@
+version: '3.8'
+
+services:
+
+  consul-server:
+    image: hashicorp/consul:1.13.1
+    container_name: consul-server
+    restart: always
+    volumes:
+      - ./test/server.json:/consul/config/server.json:ro
+    networks:
+      - consul
+    ports:
+      - "8500:8500"
+      - "8600:8600/tcp"
+      - "8600:8600/udp"
+    command: "agent -bootstrap-expect=1"
+
+  consul-client-a:
+    image: hashicorp/consul:1.13.1
+    container_name: consul-client-a
+    restart: always
+    networks:
+      - consul
+    command: "agent -node=client-a -join=consul-server -encrypt aPuGh+5UDskRAbkLaXRzFoSOcSM+5vAK+NEYOWHJH7w="
+
+  consul-client-b:
+    image: hashicorp/consul:1.13.1
+    container_name: consul-client-b
+    restart: always
+    networks:
+      - consul
+    ports:
+      - "8501:8500"
+    command: "agent -node=client-b -client=0.0.0.0 -join=consul-server -encrypt aPuGh+5UDskRAbkLaXRzFoSOcSM+5vAK+NEYOWHJH7w="
+    depends_on:
+      - consul-server
+
+  cts:
+    image: hashicorp/consul-terraform-sync:latest
+    container_name: cts
+    volumes:
+      - ./test/cts-config.hcl:/consul-terraform-sync/config/cts-config.hcl:rw
+      - ./main.tf:/zpa-consul/main.tf:ro
+      - ./variables.tf:/zpa-consul/variables.tf:ro
+      - ./test/terraform.tfvars:/consul-terraform-sync/config/terraform.tfvars:ro
+    networks:
+      - consul
+    ports:
+      - "8558:8558"
+    depends_on:
+      - consul-server
+
+networks:
+  consul:
+    driver: bridge

test/api-service.json

@@ -0,0 +1,7 @@
+{
+  "ID": "api_1",
+  "Name": "api",
+  "Tags": ["bar"],
+  "Port": 8889,
+  "Check": null
+}

test/cts-config.hcl

@@ -0,0 +1,53 @@
+## Global Config
+log_level = "DEBUG"
+port      = 8558
+
+syslog {
+  enabled = false
+}
+
+buffer_period {
+  enabled = true
+  min = "5s"
+  max = "20s"
+}
+
+# Vault Config Options (Optional)
+vault {}
+
+
+# Consul Block
+consul {
+  address = "localhost:8500"
+}
+
+# Driver "terraform" block
+driver "terraform" {
+  log         = true
+  persist_log = false
+  required_providers {
+    zpa = {
+      source = "zscaler/zpa"
+      version = "2.3.0"
+    }
+  }
+}
+
+terraform_provider "zpa" {
+  zpa_client_id = "{{ with secret \"zscaler/zpacloud\" }}{{ .Data.data.client_id }}{{ end }}"
+  zpa_client_secret = "{{ with secret \"zscaler/zpacloud\" }}{{ .Data.data.client_secret }}{{ end }}"
+  zpa_customer_id = "{{ with secret \"zscaler/zpacloud\" }}{{ .Data.data.customer_id }}{{ end }}"
+}
+
+# Task Block
+task {
+  name        = "zpa-app-segment-task"
+  description = "Create/delete/update Application Segments"
+  module      = "../"
+  providers = ["zpa"]
+
+  condition "services" {
+    names = ["web", "api"]
+  }
+  variable_files = ["./consul-terraform-sync/config/terraform.tfvars"]
+}

test/server.json

@@ -0,0 +1,16 @@
+{
+  "node_name": "consul-server",
+  "server": true,
+  "ui_config": {
+    "enabled": true
+  },
+  "data_dir": "/consul/data",
+  "addresses": {
+    "http": "0.0.0.0"
+  },
+  "retry_join": [],
+  "encrypt": "aPuGh+5UDskRAbkLaXRzFoSOcSM+5vAK+NEYOWHJH7w=",
+  "verify_incoming": false,
+  "verify_outgoing": false,
+  "verify_server_hostname": false
+}

test/servicesctl.sh

@@ -0,0 +1,10 @@
+service=${1:-web}
+action=${2:-register}
+
+if [ "$action" = "register" ]; then
+  echo "Registering service ${service}_1"
+  curl -X PUT -H "Content-Type: application/json" --data @test/${service}-service.json http://127.0.0.1:8501/v1/agent/service/register?replace-existing-checks=true
+else
+  echo "Unregistering service ${service}_1"
+  curl -X PUT -H "Content-Type: application/json" http://127.0.0.1:8501/v1/agent/service/deregister/${service}_1
+fi

test/sync-tasks/zpa-app-segment-task/main.tf

@@ -0,0 +1,36 @@
+# This file is generated by Consul Terraform Sync.
+#
+# The HCL blocks, arguments, variables, and values are derived from the
+# operator configuration for Sync. Any manual changes to this file
+# may not be preserved and could be overwritten by a subsequent update.
+#
+# Task: zpa-app-segment-task
+# Description: Create/delete/update Application Segments
+
+terraform {
+  required_version = ">= 0.13.0, < 1.2.0"
+  required_providers {
+    zpa = {
+      source  = "zscaler/zpa"
+      version = "2.3.0"
+    }
+  }
+  backend "consul" {
+    address = "localhost:8500"
+    gzip    = true
+    path    = "consul-terraform-sync/terraform"
+  }
+}
+
+provider "zpa" {
+  zpa_client_id     = var.zpa.zpa_client_id
+  zpa_client_secret = var.zpa.zpa_client_secret
+  zpa_customer_id   = var.zpa.zpa_customer_id
+}
+
+# Create/delete/update Application Segments
+module "zpa-app-segment-task" {
+  source   = "/Users/wguilherme/go/src/github.com/zscaler/terraform-zpa-application-segment-nia"
+  services = var.services
+
+}

test/sync-tasks/zpa-app-segment-task/providers.auto.tfvars

@@ -0,0 +1,14 @@
+# This file is generated by Consul Terraform Sync.
+#
+# The HCL blocks, arguments, variables, and values are derived from the
+# operator configuration for Sync. Any manual changes to this file
+# may not be preserved and could be overwritten by a subsequent update.
+#
+# Task: zpa-app-segment-task
+# Description: Create/delete/update Application Segments
+
+zpa = {
+  zpa_client_id     = "MjE2MTk2MjU3MzMxMjgyMDcwLTg0MTgyN2I5LTEwMDQtNDE0Mi1iYjQwLTVlOGE0NWEyMjc2MQ=="
+  zpa_client_secret = "HBRM'}IQgum#Yd~VxDz*d]@X6]Zab)<N"
+  zpa_customer_id   = "216196257331281920"
+}

test/sync-tasks/zpa-app-segment-task/terraform.tfvars.tmpl

@@ -0,0 +1,25 @@
+# This file is generated by Consul Terraform Sync.
+#
+# The HCL blocks, arguments, variables, and values are derived from the
+# operator configuration for Sync. Any manual changes to this file
+# may not be preserved and could be overwritten by a subsequent update.
+#
+# Task: zpa-app-segment-task
+# Description: Create/delete/update Application Segments
+
+services = {
+{{- with $srv := service "api" }}
+  {{- range $s := $srv}}
+  "{{ joinStrings "." .ID .Node .Namespace .NodeDatacenter }}" = {
+{{ HCLService $s | indent 4 }}
+  },
+  {{- end}}
+{{- end}}
+{{- with $srv := service "web" }}
+  {{- range $s := $srv}}
+  "{{ joinStrings "." .ID .Node .Namespace .NodeDatacenter }}" = {
+{{ HCLService $s | indent 4 }}
+  },
+  {{- end}}
+{{- end}}
+}

test/sync-tasks/zpa-app-segment-task/variables.auto.tfvars

@@ -0,0 +1,71 @@
+# This file is generated by Consul Terraform Sync.
+#
+# The HCL blocks, arguments, variables, and values are derived from the
+# operator configuration for Sync. Any manual changes to this file
+# may not be preserved and could be overwritten by a subsequent update.
+#
+# Task: zpa-app-segment-task
+# Description: Create/delete/update Application Segments
+
+services = {
+  api = {
+    address         = "172.17.0.1"
+    id              = "api"
+    kind            = ""
+    meta            = {}
+    name            = "api"
+    node            = "foobar"
+    node_address    = "192.168.10.10"
+    node_datacenter = "dc1"
+    node_id         = "node_a"
+    node_meta       = {}
+    node_tagged_addresses = {
+      lan = "192.168.10.10"
+      wan = "10.0.10.10"
+    }
+    port   = 80
+    status = "passing"
+    tags   = []
+  }
+  web_1 = {
+    address         = "172.17.0.3"
+    id              = "web_1"
+    kind            = ""
+    meta            = {}
+    name            = "web"
+    node            = "foobar"
+    node_address    = "192.168.10.10"
+    node_datacenter = "dc1"
+    node_id         = "node_a"
+    node_meta = {
+      somekey = "somevalue"
+    }
+    node_tagged_addresses = {
+      lan = "192.168.10.10"
+      wan = "10.0.10.10"
+    }
+    port   = 5000
+    status = "passing"
+    tags   = ["tacos"]
+  }
+  web_2 = {
+    address         = "172.17.0.3"
+    id              = "web_2"
+    kind            = ""
+    meta            = {}
+    name            = "web"
+    node            = "foobarbaz"
+    node_address    = "192.168.10.11"
+    node_datacenter = "dc1"
+    node_id         = "node_b"
+    node_meta       = {}
+    node_tagged_addresses = {
+      lan = "192.168.10.11"
+      wan = "10.0.10.10"
+    }
+    port   = 5000
+    status = "passing"
+    tags   = ["burrito"]
+  }
+}
+