Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Changes to zpa_application_segment_browser_access.clientless_apps.certificate_id forces replacement #498

Closed
dli-spoton opened this issue Oct 23, 2024 · 2 comments · Fixed by #500
Closed

Changes to zpa_application_segment_browser_access.clientless_apps.certificate_id forces replacement #498

dli-spoton opened this issue Oct 23, 2024 · 2 comments · Fixed by #500
Assignees
@willguibr
Labels
area/backend area/backend ⚙️ In development ⚙️ Under active development needs-prioritization Needs to be prioritized for work relative other items on the DevEx backlog priority/high priority/high status/blocked status/blocked type/bug Something isn't working
Milestone
Release v3.33.9

Comments

@dli-spoton
Copy link

dli-spoton commented Oct 23, 2024
edited
Loading

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform v1.5.7
on darwin_arm64
+ provider registry.terraform.io/zscaler/zpa v3.33.7

Affected Resource(s)

  • zpa_application_segment_browser_access

Terraform Configuration Files

locals {
  cert_name          = "cert_name"
  server_group_name  = "server_group_name"
  segment_group_name = "segment_group_name"
}

data "zpa_ba_certificate" "example" {
  name = local.cert_name
}
data "zpa_server_group" "example" {
  name = local.server_group_name
}
data "zpa_segment_group" "example" {
  name = local.segment_group_name
}

resource "zpa_application_segment_browser_access" "example" {
  name             = "example"
  tcp_port_ranges  = ["443", "443"]
  domain_names     = ["example.test"]
  segment_group_id = data.zpa_segment_group.example.id

  clientless_apps {
    name                 = "example.test"
    application_protocol = "HTTPS"
    application_port     = "443"
    certificate_id       = data.zpa_ba_certificate.example.id
    domain               = "example.test"
  }
  server_groups {
    id = [data.zpa_server_group.example.id]
  }
}

Debug Output

Panic Output

Expected Behavior

Update the browser access segment to use a new certificate.

Actual Behavior

Forces a replacement for the browser access segment, which regenerates the CNAME, taking app offline.

Steps to Reproduce

  1. terraform apply
  2. Change local.cert_name to a different cert
  3. terraform apply

Important Factoids

Changing the assigned certificate for a browser access segment in the web console does not force a replacement.

References
@willguibr
Copy link
Member

@dli-spoton There's a currently an API issue which force us to rebuild the application segment whenever an attribute within the clientless_apps block is changed.
The issue is currently under investigation and once addressed at the API level, we will re-evaluate the removal of the force replacement behavior from the provider source code.

Zscaler DevRel

@willguibr willguibr added the area/backend area/backend label Oct 30, 2024
@willguibr willguibr self-assigned this Oct 30, 2024
@willguibr willguibr added type/bug Something isn't working priority/high priority/high status/blocked status/blocked ⚙️ In development ⚙️ Under active development needs-prioritization Needs to be prioritized for work relative other items on the DevEx backlog labels Oct 30, 2024
@willguibr
Copy link
Member

@dli-spoton The issue related to Browser Access Application segment forced replacement (Updates), has been addressed in the latest version v3.33.9 of the ZPA Terraform provider.

If you have any issues please contact Zscaler support for further assistance.

Zscaler DevRel

@willguibr willguibr added this to the Release v3.33.9 milestone Oct 31, 2024
@willguibr willguibr linked a pull request Oct 31, 2024 that will close this issue
fix: Fixed ZPA Specialized Application Segments Update Functions #500
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@willguibr willguibr

Labels
area/backend area/backend ⚙️ In development ⚙️ Under active development needs-prioritization Needs to be prioritized for work relative other items on the DevEx backlog priority/high priority/high status/blocked status/blocked type/bug Something isn't working
Projects
Zscaler Automation Dashboard 🛣
Status: 🚀 Shipped
Milestone
Release v3.33.9
Development

Successfully merging a pull request may close this issue.

fix: Fixed ZPA Specialized Application Segments Update Functions zscaler/terraform-provider-zpa
2 participants
@willguibr @dli-spoton