feat: Updated all modules to new Zscaler RHEL9 Images (#19)

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.79.1
+    rev: v1.92.1
     hooks:
       - id: terraform_fmt
       - id: terraform_validate

README.md

@@ -2,7 +2,7 @@
     <img src="https://raw.githubusercontent.com/hashicorp/terraform-website/master/public/img/logo-text.svg" alt="Terraform logo" title="Terraform" height="40" width="200" />
 </a>
 <a href="https://www.zscaler.com/">
-    <img src="https://www.zscaler.com/themes/custom/zscaler/logo.svg" alt="Zscaler logo" title="Zscaler" height="40" width="200" />
+    <img src="https://raw.githubusercontent.com/zscaler/zscaler-terraformer/master/images/zscaler_terraformer-logo.svg" alt="Zscaler logo" title="Zscaler" height="40" width="200" />
 </a>
 
 Zscaler Private Service Edge Azure Terraform Modules

examples/README.md

@@ -1,6 +1,6 @@
-# Zscaler App Connector Cluster Infrastructure Setup
+# Zscaler Private Service Edge Cluster Infrastructure Setup
 
-**Terraform configurations and modules for deploying Zscaler App Connector Cluster in Azure.**
+**Terraform configurations and modules for deploying Zscaler Private Service Edge Cluster in Azure.**
 
 ## Prerequisites (You will be prompted for Azure application credentials and region during deployment)
 
@@ -11,17 +11,17 @@
    1. Application (client) ID
    2. Directory (tenant) ID
    3. Client Secret Value
-3. Azure Region (e.g. westus2) where App Connector resources are to be deployed
+3. Azure Region (e.g. westus2) where Private Service Edge resources are to be deployed
 
 ### Zscaler requirements
 4. A valid Zscaler Private Access subscription and portal access
 5. Zscaler ZPA API Keys. Details on how to find and generate ZPA API keys can be located here: https://help.zscaler.com/zpa/about-api-keys#:~:text=An%20API%20key%20is%20required,from%20the%20API%20Keys%20page
 - Client ID
 - Client Secret
 - Customer ID
-6. (Optional) An existing App Connector Group and Provisioning Key. Otherwise, you can follow the prompts in the examples terraform.tfvars to create a new Connector Group and Provisioning Key
+6. (Optional) An existing Private Service Edge Group and Provisioning Key. Otherwise, you can follow the prompts in the examples terraform.tfvars to create a new Service Edge Group and Provisioning Key
 
-See: [Zscaler App Connector Azure Deployment Guide](https://help.zscaler.com/zpa/connector-deployment-guide-microsoft-azure) for additional prerequisite provisioning steps.
+See: [Zscaler Private Service Edge Azure Deployment Guide](https://help.zscaler.com/zpa/private-service-edge-deployment-guide-microsoft-azure) for additional prerequisite provisioning steps.
 
 
 ## Deploying the cluster
@@ -35,7 +35,7 @@ See: [Zscaler App Connector Azure Deployment Guide](https://help.zscaler.com/zpa
 ```
 bash
 cd examples
-Optional: Edit the terraform.tfvars file under your desired deployment type (ie: base_ac) to setup your App Connector Group (Details are documented inside the file)
+Optional: Edit the terraform.tfvars file under your desired deployment type (ie: base_pse) to setup your Private Service Edge Group (Details are documented inside the file)
 - ./zspse up
 - enter "greenfield"
 - enter <desired deployment type>
@@ -48,10 +48,10 @@ Optional: Edit the terraform.tfvars file under your desired deployment type (ie:
 **Greenfield Deployment Types:**
 
 ```
-Deployment Type: (base | base_ac ):
-**base** - Creates: 1 Resource Group containing; 1 VNet w/ 1 subnet (public/bastion); 1 Centos Bastion Host w/ 1 PIP + 1 Network Interface + NSG; generates local key pair .pem file for ssh access. This does NOT deploy any actual App Connectors.
+Deployment Type: (base | base_pse ):
+**base** - Creates: 1 Resource Group containing; 1 VNet w/ 1 subnet (public/bastion); 1 Centos Bastion Host w/ 1 PIP + 1 Network Interface + NSG; generates local key pair .pem file for ssh access. This does NOT deploy any actual Private Service Edges.
 
-**base_ac** - Base deployment + Creates 1 App Connector private subnet; 2 App Connector VMs in an availability set (or zones if supported and specified) each with a single network interface and NIC NSG
+**base_pse** - Base deployment + Creates 1 Private Service Edge private subnet; 1 or more Private Service Edge VMs in an availability set (or zones if supported and specified) each with a single network interface and NIC NSG
 ```
 
 
@@ -62,7 +62,7 @@ Deployment Type: (base | base_ac ):
 ```
 bash
 cd examples
-Optional: Edit the terraform.tfvars file under your desired deployment type (ie: ac) to setup your App Connector (Details are documented inside the file)
+Optional: Edit the terraform.tfvars file under your desired deployment type (ie: pse) to setup your Private Service Edge (Details are documented inside the file)
 - ./zspse up
 - enter "brownfield"
 - enter <desired deployment type>
@@ -75,11 +75,11 @@ Optional: Edit the terraform.tfvars file under your desired deployment type (ie:
 **Brownfield Deployment Types**
 
 ```
-Deployment Type: (ac):
-**ac** - Creates 1 Resource Group containing: 1 VNet w/ 1 AC subnet; 2 App Connectors in availability set (or zones if supported and enabled) with a single network interface and NIC NSG; 1 PIP + 1 NAT Gateway (or one per zone); generates local key pair .pem file for ssh access. Number of App Connectors deployed and ability to use existing resources (resource group(s), VNet/Subnets, PIP, NAT GW) customizable withing terraform.tfvars custom variables.
+Deployment Type: (pse):
+**pse** - Creates 1 Resource Group containing: 1 VNet w/ 1 PSE subnet; 2 Private Service Edges in availability set (or zones if supported and enabled) with a single network interface and NIC NSG; 1 PIP + 1 NAT Gateway (or one per zone); generates local key pair .pem file for ssh access. Number of Private Service Edges deployed and ability to use existing resources (resource group(s), VNet/Subnets, PIP, NAT GW) customizable withing terraform.tfvars custom variables.
 
-Deployment type ac provides numerous customization options within terraform.tfvars to enable/disable bring-your-own resources for
-App Connector deployment in existing environments. Custom paramaters include: BYO existing Resource Group, PIPs, NAT Gateways and associations,
+Deployment type pse provides numerous customization options within terraform.tfvars to enable/disable bring-your-own resources for
+Private Service Edge deployment in existing environments. Custom paramaters include: BYO existing Resource Group, PIPs, NAT Gateways and associations,
 VNet, and subnets.
 ```
 
@@ -93,6 +93,6 @@ cd examples
 ## Notes
 ```
 1. For auto approval set environment variable **AUTO_APPROVE** or add `export AUTO_APPROVE=1`
-2. For deployment type set environment variable **dtype** to the required deployment type or add e.g. `export dtype=base_ac`
+2. For deployment type set environment variable **dtype** to the required deployment type or add e.g. `export dtype=base_pse`
 3. To provide new credentials or region, delete the autogenerated .zspserc file in your current working directory and re-run zspse.
 ```

examples/base/README.md

@@ -40,19 +40,19 @@ From base directory execute:
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 0.13.7, < 2.0.0 |
-| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.31.0 |
-| <a name="requirement_local"></a> [local](#requirement\_local) | ~> 2.2.0 |
-| <a name="requirement_null"></a> [null](#requirement\_null) | ~> 3.1.0 |
-| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.3.0 |
-| <a name="requirement_tls"></a> [tls](#requirement\_tls) | ~> 3.4.0 |
+| <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | ~> 3.113.0 |
+| <a name="requirement_local"></a> [local](#requirement\_local) | ~> 2.5.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null) | ~> 3.2.0 |
+| <a name="requirement_random"></a> [random](#requirement\_random) | ~> 3.6.0 |
+| <a name="requirement_tls"></a> [tls](#requirement\_tls) | ~> 4.0.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
-| <a name="provider_local"></a> [local](#provider\_local) | ~> 2.2.0 |
-| <a name="provider_random"></a> [random](#provider\_random) | ~> 3.3.0 |
-| <a name="provider_tls"></a> [tls](#provider\_tls) | ~> 3.4.0 |
+| <a name="provider_local"></a> [local](#provider\_local) | ~> 2.5.0 |
+| <a name="provider_random"></a> [random](#provider\_random) | ~> 3.6.0 |
+| <a name="provider_tls"></a> [tls](#provider\_tls) | ~> 4.0.0 |
 
 ## Modules
 
@@ -74,10 +74,10 @@ From base directory execute:
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_arm_location"></a> [arm\_location](#input\_arm\_location) | The Azure Region where resources are to be deployed | `string` | `"westus2"` | no |
+| <a name="input_arm_location"></a> [arm\_location](#input\_arm\_location) | The Azure Region where resources are to be deployed | `string` | `"canadacentral"` | no |
 | <a name="input_bastion_nsg_source_prefix"></a> [bastion\_nsg\_source\_prefix](#input\_bastion\_nsg\_source\_prefix) | User input for locking down SSH access to bastion to a specific IP or CIDR range. Defaults to any IP | `string` | `"*"` | no |
 | <a name="input_environment"></a> [environment](#input\_environment) | Customer defined environment tag. ie: Dev, QA, Prod, etc. | `string` | `"Development"` | no |
-| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | The name prefix for all your resources | `string` | `"zsdemo"` | no |
+| <a name="input_name_prefix"></a> [name\_prefix](#input\_name\_prefix) | The name prefix for all your resources | `string` | `"zspse"` | no |
 | <a name="input_network_address_space"></a> [network\_address\_space](#input\_network\_address\_space) | VNet IP CIDR Range. All subnet resources that might get created (public, private service edge) are derived from this /16 CIDR. If you require creating a VNet smaller than /16, you may need to explicitly define all other subnets via public\_subnets and pse\_subnets variables | `string` | `"10.1.0.0/16"` | no |
 | <a name="input_owner_tag"></a> [owner\_tag](#input\_owner\_tag) | Customer defined owner tag value. ie: Org, Dept, username, etc. | `string` | `"zspse-admin"` | no |
 | <a name="input_public_subnets"></a> [public\_subnets](#input\_public\_subnets) | Public/Bastion Subnets to create in VNet. This is only required if you want to override the default subnets that this code creates via network\_address\_space variable. | `list(string)` | `null` | no |

examples/base/backend.tf

@@ -1,5 +1,5 @@
 terraform {
   backend "local" {
-    path = "../terraform.tfstate"
+    path = "./terraform.tfstate"
   }
-}
+}

examples/base/main.tf

@@ -36,7 +36,7 @@ resource "tls_private_key" "key" {
 # write private key to local pem file
 resource "local_file" "private_key" {
   content         = tls_private_key.key.private_key_pem
-  filename        = "../${var.name_prefix}-key-${random_string.suffix.result}.pem"
+  filename        = "./${var.name_prefix}-key-${random_string.suffix.result}.pem"
   file_permission = "0600"
 }
 

examples/base/outputs.tf

@@ -23,5 +23,5 @@ output "testbedconfig" {
 
 resource "local_file" "testbed" {
   content  = local.testbedconfig
-  filename = "../testbed.txt"
+  filename = "./testbed.txt"
 }

examples/base/variables.tf

@@ -1,13 +1,17 @@
 variable "arm_location" {
   type        = string
   description = "The Azure Region where resources are to be deployed"
-  default     = "westus2"
+  default     = "canadacentral"
 }
 
 variable "name_prefix" {
   type        = string
   description = "The name prefix for all your resources"
-  default     = "zsdemo"
+  default     = "zspse"
+  validation {
+    condition     = length(var.name_prefix) <= 12
+    error_message = "Variable name_prefix must be 12 or less characters."
+  }
 }
 
 variable "network_address_space" {

examples/base/versions.tf

@@ -2,23 +2,23 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 3.31.0"
+      version = "~> 3.113.0"
     }
     random = {
       source  = "hashicorp/random"
-      version = "~> 3.3.0"
+      version = "~> 3.6.0"
     }
     local = {
       source  = "hashicorp/local"
-      version = "~> 2.2.0"
+      version = "~> 2.5.0"
     }
     null = {
       source  = "hashicorp/null"
-      version = "~> 3.1.0"
+      version = "~> 3.2.0"
     }
     tls = {
       source  = "hashicorp/tls"
-      version = "~> 3.4.0"
+      version = "~> 4.0.0"
     }
   }
   required_version = ">= 0.13.7, < 2.0.0"