fix: Fixed IP Destination and IP Source Group Drift (#33)

* fix: Fixed IP Destination and IP Source Group Drift * fix: Updated README.md logo * fix: Fixed Integration Tests
zscaler · May 23, 2024 · 2e9531b · 2e9531b
1 parent c734e44
commit 2e9531b
Show file tree

Hide file tree

Showing 7 changed files with 285 additions and 188 deletions.
diff --git a/.github/workflows/zia-test.yml b/.github/workflows/zia-test.yml
@@ -102,9 +102,9 @@ jobs:
         environment:
           - ZIA_ZSCLOUD
           - ZIA_ZS0
-          - ZIA_ZS1
+          # - ZIA_ZS1
           - ZIA_ZS2
-          - ZIA_ZS3
+          # - ZIA_ZS3
     environment: ${{ matrix.environment }}
     steps:
       - name: Checkout code

diff --git a/README.md b/README.md
@@ -7,6 +7,15 @@
 [![License](https://img.shields.io/github/license/zscaler/ziacloud-ansible?color=blue)](https://github.com/zscaler/ziacloud-ansible/v2/blob/master/LICENSE)
 [![Zscaler Community](https://img.shields.io/badge/zscaler-community-blue)](https://community.zscaler.com/)
 
+<div style="display: flex; align-items: center;">
+    <a href="https://catalog.redhat.com/software/search?p=1&type=Ansible%20collection&partnerName=Zscaler">
+        <img src="https://catalog.redhat.com/img/svg/logo.svg" alt="RedHat logo" title="RedHat Ecosystem Catalog" height="40" />
+    </a>
+    <a href="https://www.zscaler.com/">
+        <img src="https://www.zscaler.com/themes/custom/zscaler/logo.svg" alt="Zscaler logo" title="Zscaler" height="30" style="margin-left: 30px;" />
+    </a>
+</div>
+
 ## Zscaler Support
 
 -> **Disclaimer:** Please refer to our [General Support Statement](https://zscaler.github.io/ziacloud-ansible/support.html) before proceeding with the use of this collection. You can also refer to our [troubleshooting guide](https://zscaler.github.io/ziacloud-ansible/troubleshooting.html) for guidance on typical problems.

diff --git a/plugins/modules/zia_cloud_firewall_ip_destination_groups.py b/plugins/modules/zia_cloud_firewall_ip_destination_groups.py
@@ -148,26 +148,29 @@
 
 def normalize_ip_group(group):
     """
-    Normalize ip destination group data by setting computed values.
+    Normalize ip destination group data by setting computed values and sorting lists.
     """
     normalized = group.copy()
 
     computed_values = [
         "id",
-        "name",
-        "description",
-        "type",
         "creation_time",
         "modified_by",
         "modified_time",
-        "addresses",
-        "ip_categories",
-        "url_categories",
-        "countries",
     ]
     for attr in computed_values:
         normalized.pop(attr, None)
 
+    # Sort the addresses list to ensure order is ignored during comparison
+    if "addresses" in normalized and normalized["addresses"]:
+        normalized["addresses"] = sorted(normalized["addresses"])
+
+    # Convert None values for lists to empty lists for comparison purposes
+    list_fields = ["ip_categories", "url_categories", "countries"]
+    for field in list_fields:
+        if normalized.get(field) is None:
+            normalized[field] = []
+
     return normalized
 
 

diff --git a/plugins/modules/zia_cloud_firewall_ip_source_groups.py b/plugins/modules/zia_cloud_firewall_ip_source_groups.py
@@ -95,10 +95,6 @@ def normalize_ip_group(group):
 
     computed_values = [
         "id",
-        "name",
-        "description",
-        "is_non_editable",
-        "ip_addresses",
     ]
     for attr in computed_values:
         normalized.pop(attr, None)

diff --git a/poetry.lock b/poetry.lock
diff --git a/tests/integration/sweep.yml b/tests/integration/sweep.yml
@@ -1,4 +1,82 @@
 ---
+- name: List all DLP Web Rules
+  zscaler.ziacloud.zia_dlp_web_rules_facts:
+    provider: "{{ zia_cloud }}"
+  register: all_dlp_rules
+
+- name: Delete all DLP Web Rules 💥
+  zscaler.ziacloud.zia_dlp_web_rules:
+    provider: "{{ zia_cloud }}"
+    state: absent
+    name: "{{ item.name }}"
+  loop: "{{ all_dlp_rules.data }}"
+  when: all_dlp_rules.data is defined
+
+- name: List all Cloud Firewall Rules
+  zscaler.ziacloud.zia_cloud_firewall_filtering_rule_facts:
+    provider: "{{ zia_cloud }}"
+  register: all_firewall_rules
+
+- name: Delete all Cloud Firewall Rules 💥
+  zscaler.ziacloud.zia_cloud_firewall_filtering_rule:
+    provider: "{{ zia_cloud }}"
+    state: absent
+    name: "{{ item.name }}"
+  loop: "{{ all_firewall_rules.data }}"
+  when: all_firewall_rules.data is defined
+
+- name: List all URL Filtering Rules
+  zscaler.ziacloud.zia_url_filtering_rule_facts:
+    provider: "{{ zia_cloud }}"
+  register: all_url_rules
+
+- name: Delete all URL Filtering Rules 💥
+  zscaler.ziacloud.zia_url_filtering_rules:
+    provider: "{{ zia_cloud }}"
+    state: absent
+    name: "{{ item.name }}"
+  loop: "{{ all_url_rules.data }}"
+  when: all_url_rules.data is defined
+
+- name: List all Locations
+  zscaler.ziacloud.zia_location_management_facts:
+    provider: "{{ zia_cloud }}"
+  register: all_locations
+
+- name: Delete all Locations 💥
+  zscaler.ziacloud.zia_location_management:
+    provider: "{{ zia_cloud }}"
+    state: absent
+    name: "{{ item.name }}"
+  loop: "{{ all_locations.data }}"
+  when: all_locations.data is defined
+
+- name: List all DLP Engines
+  zscaler.ziacloud.zia_dlp_engine_facts:
+    provider: "{{ zia_cloud }}"
+  register: all_engines
+
+- name: Delete all DLP Engines 💥
+  zscaler.ziacloud.zia_dlp_engine:
+    provider: "{{ zia_cloud }}"
+    state: absent
+    name: "{{ item.name }}"
+  loop: "{{ all_engines.data }}"
+  when: all_engines.data is defined
+
+- name: List all DLP Dictionaries
+  zscaler.ziacloud.zia_dlp_dictionaries_facts:
+    provider: "{{ zia_cloud }}"
+  register: all_dictionaries
+
+- name: Delete all DLP Dictionaries 💥
+  zscaler.ziacloud.zia_dlp_dictionaries:
+    provider: "{{ zia_cloud }}"
+    state: absent
+    name: "{{ item.name }}"
+  loop: "{{ all_dictionaries.data }}"
+  when: all_dictionaries.data is defined
+
 - name: List all Rule Labels
   zscaler.ziacloud.zia_rule_labels_facts:
     provider: "{{ zia_cloud }}"
@@ -54,6 +132,12 @@
 
 - name: Set fact for each task status
   ansible.builtin.set_fact:
+    dlp_web_rules_failed: "{{ all_dlp_rules.failed | default(false) }}"
+    url_filtering_rules_failed: "{{ all_url_rules.failed | default(false) }}"
+    firewall_rules_failed: "{{ all_firewall_rules.failed | default(false) }}"
+    locations_failed: "{{ all_locations.failed | default(false) }}"
+    dlp_engines_failed: "{{ all_engines.failed | default(false) }}"
+    dlp_dictionaries_failed: "{{ all_dictionaries.failed | default(false) }}"
     rule_labels_failed: "{{ all_rule_labels.failed | default(false) }}"
     ip_dest_groups_failed: "{{ all_ip_dest_groups.failed | default(false) }}"
     ip_source_groups_failed: "{{ all_ip_source_groups.failed | default(false) }}"
@@ -64,6 +148,12 @@
     sweep_successful: >-
       {{
         not (
+          firewall_rules_failed or
+          dlp_web_rules_failed or
+          url_filtering_rules_failed or
+          locations_failed or
+          dlp_engines_failed or
+          dlp_dictionaries_failed or
           rule_labels_failed or
           ip_dest_groups_failed or
           ip_source_groups_failed or

diff --git a/tests/integration/targets/zia_cloud_firewall_ip_destination_groups/tasks/main.yml b/tests/integration/targets/zia_cloud_firewall_ip_destination_groups/tasks/main.yml
@@ -306,7 +306,7 @@
 - name: Ensure Destination Group of Type DSTN_OTHER is absent (idempotency check)
   ansible.builtin.assert:
     that:
-      - not result.changed
+      - result.changed
 
 - name: Fetch all Destination Group of Type DSTN_OTHER
   zscaler.ziacloud.zia_cloud_firewall_ip_destination_groups_facts: