Issue when adjust app segment udp ports and clostest app connector

Question

Issue when adjust app segment udp ports and clostest app connector

Closed this issue a year ago · 4 comments

Hello All,

i think there is a bug / order verification issues when add udp ports in the same apply when change select_connector_close_to_app

zpa = {
  source  = "zscaler/zpa"
  version = "2.7.2"
}

data.zpa_server_group.global_all_appconnector_groups: Reading...
data.zpa_server_group.global_all_appconnector_groups: Read complete after 1s [id=72058393975587078]
module.zpa_segment_group.zpa_segment_group.sg: Refreshing state... [id=72058393975587081]
module.zpa_application_segment["rwe_application_discovery"].zpa_application_segment.as: Refreshing state... [id=72058393975587082]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated
with the following symbols:
~ update in-place

Terraform will perform the following actions:

module.zpa_application_segment["rwe_application_discovery"].zpa_application_segment.as will be updated in-place
~ resource "zpa_application_segment" "as" {
id = "72058393975587082"
name = "tf_it_network_team_rwe_application_discovery"
```
_~ select_connector_close_to_app = false -> true
~ udp_port_ranges = [
- "2",
- "52",
- "54",
- "65535",
]_
(20 unchanged attributes hidden)

(1 unchanged block hidden)
}

Plan: 0 to add, 1 to change, 0 to destroy.

module.zpa_application_segment["rwe_application_discovery"].zpa_application_segment.as: Modifying... [id=72058393975587082]
╷
│ Error: FAILED: PUT, https://config.zpabeta.net/mgmtconfig/v1/admin/customers/....../application/......., 400, 400 Bad Request, {
│ "id" : "invalid.protocol.configuration.closertoapp",
│ "reason" : "Invalid Protocol configuration. Selecting App Connector Closer to App can be only enabled for TCP applications."
│ }
│
│ with module.zpa_application_segment["rwe_application_discovery"].zpa_application_segment.as,
│ on ..\modules\zpa_appsegment\main.tf line 5, in resource "zpa_application_segment" "as":
│ 5: resource "zpa_application_segment" "as" {

Answer 1 · 2023-05-05T15:28:57.000Z

Hi @D4rkiiee
The error message does not imply a bug. ZPA itself enforces that the attribute can only use TCP ports.
https://help.zscaler.com/zpa/configuring-application-segments

If the issue persists, please provide debug logs by setting the following environment variable flags

export TF_LOG="DEBUG"
export TF_LOG_PATH="terraform.log"
export TF_LOG_PROVIDER=INFO
export ZSCALER_SDK_LOG=true
export ZSCALER_SDK_VERBOSE=true

Answer 2 · 2023-05-05T16:10:26.000Z

Hi william,

how can i send the debug on a secure way? I cannot share such an amount of information public accessible here
Is it possible to open and assign you a Zscaler ticket so i can share it there?

Greetings
Philip

Answer 3 · 2023-05-05T16:20:00.000Z

Please contact me via email and we'll arrange a way: wguilherme@you_know_the_rest.com
Thanks

Answer 4 · 2023-05-22T15:54:17.000Z

Issue has been addressed on the latest release. Closing the issue