feat: Updated all modules to new Zscaler RHEL9 Images (#18)

* feat: Updated modules to use new RHEL9 * doc: Updated README with new instructions * doc: Updated README and support statement * fix: Removed local_file depends_on for compatibility issues * fix: Changed path to output files * doc: Updated README format
zscaler · Jul 25, 2024 · af49827 · af49827
1 parent ae4bde2
commit af49827
Show file tree

Hide file tree

Showing 57 changed files with 517 additions and 497 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,89 +1,95 @@
-
----
-name: CI/CD
-on:
-  push:
-    branches:
-      - master
-      - develop
-  pull_request:
-  schedule:
-    - cron: '0 0 1 * *'
+name: Terraform checks
+on: [push, pull_request]
 
 jobs:
-  pre-commit:
-    name: Verify the pre-commit framework was used properly by developers
+  terraform-linter:
     runs-on: ubuntu-latest
 
-    steps:
-      - name: Check out source
-        uses: actions/checkout@v2
+    steps:      
+      - name: Checkout
+        uses: actions/checkout@v3
 
-      - name: Set up Python
-        uses: actions/setup-python@v2
-        with:
-          # Semantic version range syntax (like 3.x) or the exact Python version
-          python-version: '3.11.0'
+      - name: Setup Terraform
+        uses: hashicorp/setup-terraform@v3
 
-      - name: Run pre-commit framework as the developer should run it
-        run: sudo ./scripts/install.sh && sudo ./scripts/run.sh
+      - name: Terraform Format
+        id: fmt
+        run: terraform fmt -check -recursive
 
-      - name: The `git diff` showing whether the pre-commit mandated extra changes to the repository files
-        if: failure()
-        run: git diff
+      - name: Terraform Init
+        id: init-bastion
+        run: |
+          cd modules/terraform-zsac-bastion-aws
+          terraform init   
 
-  validate:
-    name: Validate
-    runs-on: ubuntu-latest
+      - name: Terraform Validate
+        id: validate-bastion
+        run: |
+          cd modules/terraform-zsac-bastion-aws
+          terraform validate -no-color
 
-    steps:
-      - name: Check out source
-        uses: actions/checkout@v2
+      - name: Terraform Init
+        id: init-zsac-acvm
+        run: |
+          cd modules/terraform-zsac-acvm-aws
+          terraform init   
 
-      - name: Set up Terraform
-        uses: hashicorp/setup-terraform@v1
-        with:
-          terraform_version: 0.15.3
+      - name: Terraform Validate
+        id: validate-zsac-acvm
+        run: |
+          cd modules/terraform-zsac-acvm-aws
+          terraform validate -no-color
 
-      - name: terraform validate
-        env:
-          AWS_DEFAULT_REGION: us-west-2
+      - name: Terraform Init
+        id: init-zsac-asg-aws
         run: |
-          cd "$GITHUB_WORKSPACE"
-          for dir in $(find modules examples -type d -not \( -name ".?*" \) -maxdepth 1 -mindepth 1);
-          do
-            if [[ "$dir" == "modules/transit_gateway_peering" ]];
-            then
-              echo "Skipping directory: $dir"
-              echo "Terraform does not support validating a module which uses an aliased provider (module-specific; validating an entire configuration works fine)."
-              continue
-            fi
+          cd modules/terraform-zsac-asg-aws
+          terraform init   
 
-            echo "Processing directory: $dir"
-            cd "$GITHUB_WORKSPACE/$dir"
-            terraform init -backend=false
-            terraform validate
-          done
+      - name: Terraform Validate
+        id: validate-zsac-asg-aws
+        run: |
+          cd modules/terraform-zsac-asg-aws
+          terraform validate -no-color
 
-  zscaler-iac-scan:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Code Checkout
-        uses: actions/checkout@v2
+      - name: Terraform Init
+        id: init-zsac-iam-aws
+        run: |
+          cd modules/terraform-zsac-iam-aws
+          terraform init   
+
+      - name: Terraform Validate
+        id: validate-zsac-iam-aws
+        run: |
+          cd modules/terraform-zsac-iam-aws
+          terraform validate -no-color
 
-      - name : Zscaler IAC Scan
-        uses : ZscalerCWP/Zscaler-IaC-Action@v1.4.0
-        id: zscaler-iac-scan
-        with:
-          client_id : ${{ secrets.ZSCANNER_CLIENT_ID }}
-          client_secret : ${{ secrets.ZSCANNER_CLIENT_SECRET }}
-          region : 'US'
-          iac_dir : '../../'
-          iac_file : '../../'
-          output_format : 'human+github-sarif'
-          fail_build : 'false'
-      - name: Upload SARIF file
-        if: ${{ success() || failure() && (steps.zscaler-iac-scan.outputs.sarif_file_path != '') }}
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: ${{ steps.zscaler-iac-scan.outputs.sarif_file_path }}
+      - name: Terraform Init
+        id: init-zsac-network-aws
+        run: |
+          cd modules/terraform-zsac-network-aws
+          terraform init   
+
+          - name: Terraform Validate
+          id: validate-zpa-app-connector-group
+          run: |
+            cd modules/terraform-zpa-app-connector-group
+            terraform validate -no-color
+  
+      - name: Terraform Init
+        id: init-zpa-app-connector-group
+        run: |
+          cd modules/terraform-zpa-app-connector-group
+          terraform init   
+          - name: Terraform Validate
+          id: validate-zpa-provisioning-key
+          run: |
+            cd modules/terraform-zpa-provisioning-key
+            terraform validate -no-color
+  
+      - name: Terraform Init
+        id: init-zpa-provisioning-key
+        run: |
+          cd modules/terraform-zpa-provisioning-key
+          terraform init   
+    
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.77.1
+    rev: v1.92.0
     hooks:
       - id: terraform_fmt
       - id: terraform_validate
@@ -23,21 +23,17 @@ repos:
           - '--args=--only=terraform_standard_module_structure'
           - '--args=--only=terraform_workspace_remote'
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
+    rev: v4.6.0
     hooks:
       - id: check-merge-conflict
       - id: end-of-file-fixer
 
   - repo: https://github.com/jorisroovers/gitlint
-    rev:  v0.18.0
+    rev:  v0.19.1
     hooks:
       - id: gitlint
 
-  - repo: https://github.com/ZscalerCWP/iac-pre-commit-hooks
-    rev: v0.0.1
-    hooks:
-      - id: zscaler-iac-scanner
   - repo: https://github.com/Yelp/detect-secrets
-    rev:  v1.4.0
+    rev:  v1.5.0
     hooks:
     -   id: detect-secrets
diff --git a/README.md b/README.md
@@ -1,20 +1,33 @@
+![GitHub release (latest by date)](https://img.shields.io/github/v/release/zscaler/terraform-aws-zpa-app-connector-modules?style=flat-square)
+![GitHub](https://img.shields.io/github/license/zscaler/terraform-aws-zpa-app-connector-modules?style=flat-square)
+![GitHub pull requests](https://img.shields.io/github/issues-pr/zscaler/terraform-aws-zpa-app-connector-modules?style=flat-square)
+![Terraform registry downloads total](https://img.shields.io/badge/dynamic/json?color=green&label=downloads%20total&query=data.attributes.total&url=https%3A%2F%2Fregistry.terraform.io%2Fv2%2Fmodules%2Fzscaler%2Fzpa-app-connector-modules%2Faws%2Fdownloads%2Fsummary&style=flat-square)
+![Terraform registry download month](https://img.shields.io/badge/dynamic/json?color=green&label=downloads%20this%20month&query=data.attributes.month&url=https%3A%2F%2Fregistry.terraform.io%2Fv2%2Fmodules%2Fzscaler%2Fzpa-app-connector-modules%2Faws%2Fdownloads%2Fsummary&style=flat-square)
+[![Zscaler Community](https://img.shields.io/badge/zscaler-community-blue)](https://community.zscaler.com/)
+
 # Zscaler App Connector AWS Terraform Modules
 
+## Support Disclaimer
+
+-> **Disclaimer:** Please refer to our [General Support Statement](docs/guides/support.md) before proceeding with the use of this provider.
+
 ## Description
 This repository contains various modules and deployment configurations that can be used to deploy Zscaler App Connector appliances to securely connect to workloads within Amazon Web Services (AWS) via the Zscaler Zero Trust Exchange. The examples directory contains complete automation scripts for both greenfield/POV and brownfield/production use.
 
 These deployment templates are intended to be fully functional and self service for both greenfield/pov as well as production use. All modules may also be utilized as design recommendation based on Zscaler's Official [Zero Trust Access to Private Apps in AWS with ZPA](https://www.zscaler.com/resources/reference-architecture/zero-trust-with-zpa.pdf).
 
+~> **IMPORTANT** As of version 1.4.0 of this module, all App Connectors are deployed using the new [Red Hat Enterprise Linux 9](https://help.zscaler.com/zpa/app-connector-red-hat-enterprise-linux-9-migration)
+
 ## Prerequisites
 
 Our Deployment scripts are leveraging Terraform v1.1.9 that includes full binary and provider support for MacOS M1 chips, but any Terraform version 0.13.7 should be generally supported.
 
-- provider registry.terraform.io/hashicorp/aws v4.58.x
-- provider registry.terraform.io/hashicorp/random v3.3.x
-- provider registry.terraform.io/hashicorp/local v2.2.x
-- provider registry.terraform.io/hashicorp/null v3.1.x
-- provider registry.terraform.io/providers/hashicorp/tls v3.4.x
-- provider registry.terraform.io/providers/zscaler/zpa v2.6.x
+- provider registry.terraform.io/hashicorp/aws v5.58.x
+- provider registry.terraform.io/hashicorp/random v3.6.x
+- provider registry.terraform.io/hashicorp/local v2.5.x
+- provider registry.terraform.io/hashicorp/null v3.2.x
+- provider registry.terraform.io/providers/hashicorp/tls v4.0.x
+- provider registry.terraform.io/providers/zscaler/zpa v3.31.x
 
 ### AWS requirements
 1. A valid AWS account
@@ -25,12 +38,14 @@ Our Deployment scripts are leveraging Terraform v1.1.9 that includes full binary
 6. Subscribe and accept terms of using Zscaler App Connector image at [this link](https://aws.amazon.com/marketplace/pp/prodview-epy3md7fcvk4g)
 
 ### Zscaler requirements
-7. A valid Zscaler Private Access subscription and portal access
-8. Zscaler ZPA API Keys. Details on how to find and generate ZPA API keys can be located here: https://help.zscaler.com/zpa/about-api-keys#:~:text=An%20API%20key%20is%20required,from%20the%20API%20Keys%20page
+This module leverages the Zscaler Private Access [ZPA Terraform Provider](https://registry.terraform.io/providers/zscaler/zpa/latest/docs) for the automated onboarding process. Before proceeding make sure you have the following pre-requistes ready.
+
+1. A valid Zscaler Private Access subscription and portal access
+2. Zscaler ZPA API Keys. Details on how to find and generate ZPA API keys can be located [here](https://help.zscaler.com/zpa/about-api-keys#:~:text=An%20API%20key%20is%20required,from%20the%20API%20Keys%20page)
 - Client ID
 - Client Secret
 - Customer ID
-9. (Optional) An existing App Connector Group and Provisioning Key. Otherwise, you can follow the prompts in the examples terraform.tfvars to create a new Connector Group and Provisioning Key
+3. (Optional) An existing App Connector Group and Provisioning Key. Otherwise, you can follow the prompts in the examples terraform.tfvars to create a new Connector Group and Provisioning Key
 
 See: [Zscaler App Connector AWS Deployment Guide](https://help.zscaler.com/zpa/connector-deployment-guide-amazon-web-services) for additional prerequisite provisioning steps.
 

diff --git a/docs/guides/support.md b/docs/guides/support.md
@@ -0,0 +1,21 @@
+---
+page_title: "Support Guide"
+---
+
+# General Support Statement
+
+This Terraform AWS ZPA App Connector Module is supported and maintained by the Zscaler Technology Alliances team in partnership with our global support team.
+
+## Support Ticket Severity
+
+Support tickets related to the Terraform Modules can be opened with [Zscaler Support](https://help.zscaler.com/#-tickets), however since the provider is just a client of the underlying product API, we will **NOT** be able to treat terraform module related support requests as a Severity-1 (Immediate time frame).
+
+When reporting bugs, please provide the Terraform script that demonstrates the bug and the command output. Stack traces will also be helpful.
+
+Notice that we will **NOT**, however, fix bugs upon customer demand, as we have to prioritize all pending bugs and features, as part of the product's backlog and release cycles.
+
+If you have an urgent escalation, please contact your local Zscaler account team (RSM/SE/CSM/TAM) for assistance.
+
+## Contact
+
+For questions or requests that cannot be submitted via GitHub Issues, please contact [Zscaler Support](https://help.zscaler.com/submit-ticket-links)