[BUG]: Unable to delete udp/tcp ports in app segment

[martinkiska]

Describe the bug

SDK is natively unable to zeroize/delete tcp/udp port config, if empty list is send to update function.

To Reproduce
Steps to reproduce the behavior:
send tcp_ports/udp_ports = [] as kwarg to update_segment and try to delete UDP/TCP port config in cloud.

Expected behavior

if empty list is sent I would expect, that SDK would delete port config from specific app segment

Screenshots

app definition in cloud:
[{'name': 'TEST_testing3', 'domain_names': ['example.tld'], 'tcp_port_ranges': ['80', '80', '443', '443'], 'tcp_port_range': [{'from': '80', 'to': '80'}, {'from': '443', 'to': '443'},'udp_port_ranges': ['80', '80', '443', '443'], 'udp_port_range': [{'from': '80', 'to': '80'}, {'from': '443', 'to': '443'}}]
image situation that someone configured app in GUI, but you want to keep SSoT in git YAML format and update this app and remove udp port config as there is none specified in SSoT YAML format.

testing app format being passed to update_segment():
[{'name': 'TEST_testing3', 'domain_names': ['example.tld'], 'tcp_ports':[(80,80),(443,443)],'udp_ports':[]}]

As here you will omit that empty value, it will not be processed

pyZscaler/pyzscaler/zpa/app_segments.py

Lines 230 to 231 in 4502dc8

	if kwargs.get("udp_ports"):
	payload["udpPortRange"] = [{"from": ports[0], "to": ports[1]} for ports in kwargs.pop("udp_ports")]

kwargs will be later on updated from payload gathered in

pyZscaler/pyzscaler/zpa/app_segments.py

Line 225 in 4502dc8

payload = convert_keys(self.get_segment(segment_id))

Kwargs passed to function:

pyZscaler/pyzscaler/zpa/app_segments.py

Lines 237 to 238 in 4502dc8

	for key, value in kwargs.items():
	payload[snake_to_camel(key)] = value

That means that you will update kwargs from payload, what will keep it UDP ports configured.

My current workaround is to send {'udp_port_range':[],'udp_port_ranges':[]} directly to update_segment function. Due to existence of those keys script will later on override them in the payload. I already opened an ticket in past and both va

pyZscaler/pyzscaler/zpa/app_segments.py

Line 160 in 4502dc8

def update_segment(self, segment_id: str, **kwargs) -> Box:

Just an hint, it is not enough just to send empty value for udp_port_range, it needs both values to equals to []

Current issue is that with native options of SDK there is no option to keep udp/tcp ports synced from git (yaml) to gui (ensure that there is empty value in cloud)

[mitchos]

Hi @martinkiska sorry for the long time on this one, I am clearing the backlog up now and will take a look at this.

[egoruzmukhametov]

Hello. Any updates here? I have the same issue.

[martinkiska]

Hi @egoruzmukhametov,

I can just share with you my very easy workaround in update_app function.

                # relates to https://github.com/mitchos/pyZscaler/issues/189
                # currently there is not an option to remove ports from cloud.
                for app in app_segments_to_be_updated:
                    for key in ["tcp_port_", "udp_port_"]:
                        if not app.get(key + "range", []):
                            app[key + "range"] = []
                            app[key + "ranges"] = []

This easy code if it doesn't find tcp/udp port configured in my own YAML structure it just adds empty tcp/udp info via kwargs and it correctly zeroize it in cloud.

[egoruzmukhametov]

Hi @martinkiska Thank you for your answer, but still I would like to have a working module, not a workaround.
I can also share my workaround method. In the case when I need to delete all tcp or udp ports from an application segment, I apply the bypass rule to this application segment, after which I apply the correct configuration.