diff --git a/CHANGELOG.md b/CHANGELOG.md index cefe9f0a..fa90c807 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # Changelog +## 3.33.8 (October, 29 2024) + +### Notes + +- Release date: **(October, 29 2024)** +- Supported Terraform version: **v1.x** + +### Bug Fixes +- [PR #499](https://github.com/zscaler/terraform-provider-zpa/pull/499) - Fixed `zpa_application_segment_pra` import function and normalization of computed attributes. + +### Enhancements +- [PR #499](https://github.com/zscaler/terraform-provider-zpa/pull/499) - Added new `zpa_application_segment` attribute `inspect_traffic_with_zia` + ## 3.33.7 (October, 3 2024) ### Notes @@ -10,8 +23,11 @@ ### Enhancements - [PR #496](https://github.com/zscaler/terraform-provider-zpa/pull/496) - Added new `object_type` `RISK_FACTOR_TYPE` to the following ZPA access policy resources: `zpa_policy_access_rule`, and `zpa_policy_access_rule_v2` +**NOTE** `RISK_FACTOR_TYPE` is the Risk Score criteria equivalent in the ZPA UI and supports the following values: +`UNKNOWN`, `LOW`, `MEDIUM`, `HIGH`, `CRITICAL` + ### Bug Fixes -- [PR #496](https://github.com/zscaler/terraform-provider-zpa/pull/496) - Fixed issue with attribute `tcp_port_range`/`udp_port_range` and `tcp_port_ranges`/`udp_port_ranges` within `zpa_application_segment`. The fix ensure that both port configuration formats are suported separately without mid-conversion in between. The fix also ensure the port configuration order is ignored during apply and update process. [Issue #490](https://github.com/zscaler/terraform-provider-zpa/issues/490). +- [PR #496](https://github.com/zscaler/terraform-provider-zpa/pull/496) - Fixed issue with attribute `tcp_port_range`/`udp_port_range` and `tcp_port_ranges`/`udp_port_ranges` within `zpa_application_segment`. The fix ensure that both port configuration formats are supported interchangeably. The fix also ensure the port configuration order is maintained during configuration. This fix does not impact exist configuration. [Issue #490](https://github.com/zscaler/terraform-provider-zpa/issues/490). ### Internal Changes diff --git a/GNUmakefile b/GNUmakefile index 21a30ef6..1020a61e 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -55,14 +55,14 @@ test\:integration\:zpa: build13: GOOS=$(shell go env GOOS) build13: GOARCH=$(shell go env GOARCH) ifeq ($(OS),Windows_NT) # is Windows_NT on XP, 2000, 7, Vista, 10... -build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.7/$(GOOS)_$(GOARCH) +build13: DESTINATION=$(APPDATA)/terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.8/$(GOOS)_$(GOARCH) else -build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.7/$(GOOS)_$(GOARCH) +build13: DESTINATION=$(HOME)/.terraform.d/plugins/$(ZPA_PROVIDER_NAMESPACE)/3.33.8/$(GOOS)_$(GOARCH) endif build13: fmtcheck @echo "==> Installing plugin to $(DESTINATION)" @mkdir -p $(DESTINATION) - go build -o $(DESTINATION)/terraform-provider-zpa_v3.33.7 + go build -o $(DESTINATION)/terraform-provider-zpa_v3.33.8 vet: @echo "==> Checking source code against go vet and staticcheck" diff --git a/docs/data-sources/zpa_app_connector_group.md b/docs/data-sources/zpa_app_connector_group.md index d4b73aa6..7b59b1e1 100644 --- a/docs/data-sources/zpa_app_connector_group.md +++ b/docs/data-sources/zpa_app_connector_group.md @@ -71,18 +71,15 @@ The following attributes are exported: - ``Previous Default`` = ``1`` - ``New Release`` = ``2`` - `version_profile_visibility_scope` - (String) - Exported values are: +- `dns_query_type` - (String) Whether IPv4, IPv6, or both, are enabled for DNS resolution of all applications in the App Connector Group. Exported values are: - ``"IPV4_IPV6"`` - ``"IPV4"`` - ``"IPV6`` -- `country_code` - (String) -- `dns_query_type` - (String) - - ``0`` = ``Default`` - - ``1`` = ``Previous Default`` - - ``2`` = ``New Release`` +- `country_code` - (String) The country code of the App Connector. - `geo_location_id` - (String) -- `use_in_dr_mode` - (Optional) Supported values: `true`, `false` -- `pra_enabled` - (Optional) Supported values: `true`, `false` -- `waf_disabled` - (Optional) Supported values: `true`, `false` +- `use_in_dr_mode` - (boolean) Supported values: `true`, `false` +- `pra_enabled` - (boolean) Supported values: `true`, `false` +- `waf_disabled` - (boolean) Supported values: `true`, `false` - `microtenant_id` (string) The ID of the microtenant the resource is to be associated with. - `microtenant_name` (string) The name of the microtenant the resource is to be associated with. +- `lss_app_connector_group` (boolean) Whether or not the App Connector Group is configured for the Log Streaming Service (LSS). diff --git a/docs/guides/release-notes.md b/docs/guides/release-notes.md index 36b9aaf3..9fca0c13 100644 --- a/docs/guides/release-notes.md +++ b/docs/guides/release-notes.md @@ -12,10 +12,23 @@ Track all ZPA Terraform provider's releases. New resources, features, and bug fi --- -``Last updated: v3.33.7`` +``Last updated: v3.33.8`` --- +## 3.33.8 (October, 29 2024) + +### Notes + +- Release date: **(October, 29 2024)** +- Supported Terraform version: **v1.x** + +### Bug Fixes +- [PR #499](https://github.com/zscaler/terraform-provider-zpa/pull/499) - Fixed `zpa_application_segment_pra` import function and normalization of computed attributes. + +### Enhancements +- [PR #499](https://github.com/zscaler/terraform-provider-zpa/pull/499) - Added new `zpa_application_segment` attribute `inspect_traffic_with_zia` + ## 3.33.7 (October, 3 2024) ### Notes diff --git a/docs/resources/zpa_app_connector_group.md b/docs/resources/zpa_app_connector_group.md index 4e41945e..c4b6f0c9 100644 --- a/docs/resources/zpa_app_connector_group.md +++ b/docs/resources/zpa_app_connector_group.md @@ -66,7 +66,7 @@ The following arguments are supported: - ``0`` = ``Default`` - ``1`` = ``Previous Default`` - ``2`` = ``New Release`` -- `dns_query_type` - (String) Whether IPv4, IPv6, or both, are enabled for DNS resolution of all applications in the App Connector Group. Supported values are: ``IPV4``, ``IPV6``, or``IPV4_IPV6`` +- `dns_query_type` - (String) Whether IPv4, IPv6, or both, are enabled for DNS resolution of all applications in the App Connector Group. Supported values are: ``IPV4``, ``IPV6``, or ``IPV4_IPV6`` - `tcp_quick_ack_app` - (Boolean) Whether TCP Quick Acknowledgement is enabled or disabled for the application. The tcpQuickAckApp, tcpQuickAckAssistant, and tcpQuickAckReadAssistant fields must all share the same value. Supported values: `true`, `false` - `tcp_quick_ack_assistant` - (Boolean) Whether TCP Quick Acknowledgement is enabled or disabled for the application. The tcpQuickAckApp, tcpQuickAckAssistant, and tcpQuickAckReadAssistant fields must all share the same value. Supported values: `true`, `false` - `tcp_quick_ack_read_assistant` - (Boolean) Whether TCP Quick Acknowledgement is enabled or disabled for the application. The tcpQuickAckApp, tcpQuickAckAssistant, and tcpQuickAckReadAssistant fields must all share the same value. Supported values: `true`, `false` @@ -74,6 +74,7 @@ The following arguments are supported: - `pra_enabled` - (Boolean) Whether or not Privileged Remote Access is enabled on the App Connector Group. Supported values: `true`, `false` - `waf_disabled` - (Boolean) Whether or not AppProtection is disabled for the App Connector Group. Supported values: `true`, `false` - `microtenant_id` (String) The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as `0` when making requests to retrieve data from the Default Microtenant. Pass microtenantId as null to retrieve data from all customers associated with the tenant. +- `lss_app_connector_group` (boolean) Whether or not the App Connector Group is configured for the Log Streaming Service (LSS). ## Import diff --git a/go.mod b/go.mod index eaeb515f..cb8c67ec 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/hashicorp/terraform-plugin-docs v0.19.4 github.com/hashicorp/terraform-plugin-sdk v1.17.2 github.com/hashicorp/terraform-plugin-sdk/v2 v2.34.0 - github.com/zscaler/zscaler-sdk-go/v2 v2.72.4 + github.com/zscaler/zscaler-sdk-go/v2 v2.72.5 ) require ( @@ -81,7 +81,7 @@ require ( golang.org/x/net v0.25.0 // indirect golang.org/x/sync v0.8.0 // indirect golang.org/x/sys v0.20.0 // indirect - golang.org/x/text v0.18.0 // indirect + golang.org/x/text v0.19.0 // indirect golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240227224415-6ceb2ff114de // indirect diff --git a/go.sum b/go.sum index 83770597..00a9c730 100644 --- a/go.sum +++ b/go.sum @@ -441,8 +441,8 @@ github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgr github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= github.com/zclconf/go-cty-yaml v1.0.2/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0= -github.com/zscaler/zscaler-sdk-go/v2 v2.72.4 h1:GMCmD87QiazaWxoJANTvfeGdmuCxbyaN2OQxBz09Me0= -github.com/zscaler/zscaler-sdk-go/v2 v2.72.4/go.mod h1:DW8JW8Cv2uxsfdlPN/Szk+CX9/nPyjhk/aERtTbJVYo= +github.com/zscaler/zscaler-sdk-go/v2 v2.72.5 h1:IL9eFbcvDEoS6x17ipy/kThgubdiknIeXtA37hn7SQY= +github.com/zscaler/zscaler-sdk-go/v2 v2.72.5/go.mod h1:ugDudbyESUrANGw74moJypgVnWuOyLm8NyIJgfUzNNo= go.abhg.dev/goldmark/frontmatter v0.2.0 h1:P8kPG0YkL12+aYk2yU3xHv4tcXzeVnN+gU0tJ5JnxRw= go.abhg.dev/goldmark/frontmatter v0.2.0/go.mod h1:XqrEkZuM57djk7zrlRUB02x8I5J0px76YjkOzhB4YlU= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -613,8 +613,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/zpa/data_source_zpa_app_connector_group.go b/zpa/data_source_zpa_app_connector_group.go index 29b95eac..a44cce5e 100644 --- a/zpa/data_source_zpa_app_connector_group.go +++ b/zpa/data_source_zpa_app_connector_group.go @@ -270,8 +270,9 @@ func dataSourceAppConnectorGroup() *schema.Resource { }, }, "lss_app_connector_group": { - Type: schema.TypeBool, - Computed: true, + Type: schema.TypeBool, + Computed: true, + Description: "Whether or not the App Connector Group is configured for the Log Streaming Service (LSS)", }, "tcp_quick_ack_app": { Description: "Whether TCP Quick Acknowledgement is enabled or disabled for the application. The tcpQuickAckApp, tcpQuickAckAssistant, and tcpQuickAckReadAssistant fields must all share the same value.", diff --git a/zpa/resource_zpa_app_connector_group.go b/zpa/resource_zpa_app_connector_group.go index c9127070..daf6bd0b 100644 --- a/zpa/resource_zpa_app_connector_group.go +++ b/zpa/resource_zpa_app_connector_group.go @@ -110,9 +110,10 @@ func resourceAppConnectorGroup() *schema.Resource { Description: "Longitude of the App Connector Group. Integer or decimal. With values in the range of -180 to 180", }, "lss_app_connector_group": { - Type: schema.TypeBool, - Optional: true, - Computed: true, + Type: schema.TypeBool, + Optional: true, + Computed: true, + Description: "Whether or not the App Connector Group is configured for the Log Streaming Service (LSS)", }, "tcp_quick_ack_app": { Description: "Whether TCP Quick Acknowledgement is enabled or disabled for the application. The tcpQuickAckApp, tcpQuickAckAssistant, and tcpQuickAckReadAssistant fields must all share the same value.", diff --git a/zpa/resource_zpa_application_segment.go b/zpa/resource_zpa_application_segment.go index e0932030..5b75a1b5 100644 --- a/zpa/resource_zpa_application_segment.go +++ b/zpa/resource_zpa_application_segment.go @@ -129,6 +129,11 @@ func resourceApplicationSegment() *schema.Resource { Optional: true, Description: "Whether this application is enabled or not.", }, + "inspect_traffic_with_zia": { + Type: schema.TypeBool, + Optional: true, + Description: "Indicates if Inspect Traffic with ZIA is enabled for the application.", + }, "health_check_type": { Type: schema.TypeString, Optional: true, @@ -309,6 +314,7 @@ func resourceApplicationSegmentRead(d *schema.ResourceData, meta interface{}) er _ = d.Set("is_incomplete_dr_config", resp.IsIncompleteDRConfig) _ = d.Set("is_cname_enabled", resp.IsCnameEnabled) _ = d.Set("tcp_keep_alive", resp.TCPKeepAlive) + _ = d.Set("inspect_traffic_with_zia", resp.InspectTrafficWithZia) _ = d.Set("name", resp.Name) _ = d.Set("passive_health_enabled", resp.PassiveHealthEnabled) _ = d.Set("ip_anchored", resp.IpAnchored) @@ -446,6 +452,7 @@ func expandApplicationSegmentRequest(d *schema.ResourceData, client *Client, id TCPKeepAlive: d.Get("tcp_keep_alive").(string), MicroTenantID: d.Get("microtenant_id").(string), PassiveHealthEnabled: d.Get("passive_health_enabled").(bool), + InspectTrafficWithZia: d.Get("inspect_traffic_with_zia").(bool), DoubleEncrypt: d.Get("double_encrypt").(bool), Enabled: d.Get("enabled").(bool), IpAnchored: d.Get("ip_anchored").(bool), diff --git a/zpa/resource_zpa_application_segment_pra.go b/zpa/resource_zpa_application_segment_pra.go index 4dc04b3b..d426d450 100644 --- a/zpa/resource_zpa_application_segment_pra.go +++ b/zpa/resource_zpa_application_segment_pra.go @@ -20,11 +20,36 @@ import ( func resourceApplicationSegmentPRA() *schema.Resource { return &schema.Resource{ - Create: resourceApplicationSegmentPRACreate, - Read: resourceApplicationSegmentPRARead, - Update: resourceApplicationSegmentPRAUpdate, - Delete: resourceApplicationSegmentPRADelete, - Importer: &schema.ResourceImporter{}, + Create: resourceApplicationSegmentPRACreate, + Read: resourceApplicationSegmentPRARead, + Update: resourceApplicationSegmentPRAUpdate, + Delete: resourceApplicationSegmentPRADelete, + Importer: &schema.ResourceImporter{ + State: func(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + client := meta.(*Client) + service := client.ApplicationSegment + + microTenantID := GetString(d.Get("microtenant_id")) + if microTenantID != "" { + service = service.WithMicroTenant(microTenantID) + } + + id := d.Id() + _, parseIDErr := strconv.ParseInt(id, 10, 64) + if parseIDErr == nil { + _ = d.Set("id", id) + } else { + resp, _, err := applicationsegmentpra.GetByName(service, id) + if err == nil { + d.SetId(resp.ID) + _ = d.Set("id", resp.ID) + } else { + return []*schema.ResourceData{d}, err + } + } + return []*schema.ResourceData{d}, nil + }, + }, Schema: map[string]*schema.Schema{ "id": { @@ -179,54 +204,54 @@ func resourceApplicationSegmentPRA() *schema.Resource { "0", "1", }, false), }, - "pra_apps": { - Type: schema.TypeSet, - Computed: true, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "id": { - Type: schema.TypeString, - Computed: true, - }, - "name": { - Type: schema.TypeString, - Computed: true, - }, - "enabled": { - Type: schema.TypeBool, - Computed: true, - }, - "application_port": { - Type: schema.TypeString, - Computed: true, - }, - "application_protocol": { - Type: schema.TypeString, - Computed: true, - }, - "connection_security": { - Type: schema.TypeString, - Computed: true, - }, - "domain": { - Type: schema.TypeString, - Computed: true, - }, - "app_id": { - Type: schema.TypeString, - Computed: true, - }, - "hidden": { - Type: schema.TypeBool, - Computed: true, - }, - "microtenant_id": { - Type: schema.TypeString, - Computed: true, - }, - }, - }, - }, + // "pra_apps": { + // Type: schema.TypeSet, + // Computed: true, + // Elem: &schema.Resource{ + // Schema: map[string]*schema.Schema{ + // "id": { + // Type: schema.TypeString, + // Computed: true, + // }, + // "name": { + // Type: schema.TypeString, + // Computed: true, + // }, + // "enabled": { + // Type: schema.TypeBool, + // Computed: true, + // }, + // "application_port": { + // Type: schema.TypeString, + // Computed: true, + // }, + // "application_protocol": { + // Type: schema.TypeString, + // Computed: true, + // }, + // "connection_security": { + // Type: schema.TypeString, + // Computed: true, + // }, + // "domain": { + // Type: schema.TypeString, + // Computed: true, + // }, + // "app_id": { + // Type: schema.TypeString, + // Computed: true, + // }, + // "hidden": { + // Type: schema.TypeBool, + // Computed: true, + // }, + // "microtenant_id": { + // Type: schema.TypeString, + // Computed: true, + // }, + // }, + // }, + // }, "common_apps_dto": { Type: schema.TypeSet, Optional: true, @@ -288,6 +313,7 @@ func resourceApplicationSegmentPRA() *schema.Resource { }, }, }, + "server_groups": { Type: schema.TypeSet, Optional: true, @@ -396,8 +422,19 @@ func resourceApplicationSegmentPRARead(d *schema.ResourceData, meta interface{}) _ = d.Set("health_reporting", resp.HealthReporting) _ = d.Set("server_groups", flattenCommonAppServerGroups(resp.ServerGroups)) - if err := d.Set("pra_apps", flattenPRAApps(resp.PRAApps)); err != nil { - return fmt.Errorf("failed to read common application in application segment %s", err) + // Set pra_apps but suppress diffs during plan/apply + // if err := d.Set("pra_apps", flattenPRAApps(resp.PRAApps)); err != nil { + // return fmt.Errorf("failed to read pra_apps in application segment %s", err) + // } + + // Map pra_apps to common_apps_dto.apps_config for state management + if err := mapPRAAppsToCommonApps(d, resp.PRAApps); err != nil { + return err + } + + // Map pra_apps back to common_apps_dto.apps_config + if err := mapPRAAppsToCommonApps(d, resp.PRAApps); err != nil { + return err } _ = d.Set("tcp_port_ranges", convertPortsToListString(resp.TCPAppPortRange)) @@ -414,6 +451,43 @@ func resourceApplicationSegmentPRARead(d *schema.ResourceData, meta interface{}) return nil } +func mapPRAAppsToCommonApps(d *schema.ResourceData, praApps []applicationsegmentpra.PRAApps) error { + // If the API returned any PRA Apps, map them to common_apps_dto.apps_config + if len(praApps) == 0 { + return nil + } + + // Create a single common_apps_dto with multiple apps_config blocks + commonAppsConfig := make([]interface{}, len(praApps)) + for i, app := range praApps { + commonAppMap := map[string]interface{}{ + "name": app.Name, + "domain": app.Domain, + "application_protocol": app.ApplicationProtocol, + "application_port": app.ApplicationPort, + "enabled": app.Enabled, + "app_types": []interface{}{"SECURE_REMOTE_ACCESS"}, // Adjust app types as needed + "id": nil, // Set to null as required + "microtenant_id": nil, // Set to null as required + "connection_security": app.ConnectionSecurity, + } + commonAppsConfig[i] = commonAppMap + } + + // Wrap commonAppsConfig in the common_apps_dto block + commonAppsDto := []interface{}{ + map[string]interface{}{ + "apps_config": commonAppsConfig, + }, + } + + // Set common_apps_dto in the resource data + if err := d.Set("common_apps_dto", commonAppsDto); err != nil { + return fmt.Errorf("failed to set common_apps_dto: %s", err) + } + return nil +} + func resourceApplicationSegmentPRAUpdate(d *schema.ResourceData, meta interface{}) error { zClient := meta.(*Client) service := zClient.ApplicationSegmentPRA @@ -599,6 +673,7 @@ func expandAppsConfig(appsConfigInterface interface{}) []applicationsegmentpra.A return commonAppConfigDto } +/* func flattenPRAApps(apps []applicationsegmentpra.PRAApps) []interface{} { if len(apps) == 0 { return []interface{}{} @@ -622,6 +697,7 @@ func flattenPRAApps(apps []applicationsegmentpra.PRAApps) []interface{} { } return appsConfig } +*/ func checkForPRAPortsOverlap(client *Client, app applicationsegmentpra.AppSegmentPRA) error { //lintignore:R018 @@ -682,6 +758,12 @@ func PRAPortOverlap(s1, s2 []string) (bool, []string, []string) { } func customizeDiffApplicationSegmentPRA(ctx context.Context, d *schema.ResourceDiff, meta interface{}) error { + + // Clear any diffs related to pra_apps to prevent it from being included in the plan or state + if d.HasChange("pra_apps") { + d.Clear("pra_apps") + } + commonAppsDto := d.Get("common_apps_dto").(*schema.Set).List() for _, dto := range commonAppsDto {