From 1b0da7c3a6ea269b2b91bddfa0327664eed08ef3 Mon Sep 17 00:00:00 2001 From: William Guilherme Date: Tue, 23 Jun 2026 20:02:11 -0700 Subject: [PATCH 1/2] fix: Fixed OneAPI (Zidentity US) support for the government (FedRAMP) clouds --- CHANGELOG.md | 12 +++++++++++- docsrc/zs/guides/release_notes.rst | 15 ++++++++++++++- zscaler/constants.py | 2 +- 3 files changed, 26 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fdb67bf7..c7b87771 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ # Zscaler Python SDK Changelog -## 1.9.32 (June 3, 2026) +## 1.9.33 (June 23, 2026) + +### Notes + +- Python Versions: **v3.9, v3.10, v3.11, v3.12** + +### Bug Fixes + +* [PR #535](https://github.com/zscaler/zscaler-sdk-python/issues/535) Fixed OneAPI (Zidentity US) support for the government (FedRAMP) clouds. + +## 1.9.32 (June 23, 2026) ### Notes diff --git a/docsrc/zs/guides/release_notes.rst b/docsrc/zs/guides/release_notes.rst index dc981e87..a544eb4e 100644 --- a/docsrc/zs/guides/release_notes.rst +++ b/docsrc/zs/guides/release_notes.rst @@ -6,7 +6,20 @@ Release Notes Zscaler Python SDK Changelog ---------------------------- -1.9.32 (June 3, 2026) +1.9.33 (June 23, 2026) +--------------------------- + +Notes +------- + +- Python Versions: **v3.9, v3.10, v3.11, v3.12** + +Bug Fixes +--------- + +* (`#535 `_) - Fixed OneAPI (Zidentity US) support for the government (FedRAMP) clouds. + +1.9.32 (June 23, 2026) --------------------------- Notes diff --git a/zscaler/constants.py b/zscaler/constants.py index b0e04319..d02e7ff6 100644 --- a/zscaler/constants.py +++ b/zscaler/constants.py @@ -20,7 +20,7 @@ # client selects them via the lowercased ``cloud`` parameter (``gov``/``govus``). ONEAPI_GOV_AUTH_DOMAINS = { "gov": "zidentitygov.net", - "govus": "zidentitygovus.net", + "govus": "zidentitygov.us", } ONEAPI_GOV_API_BASE_URLS = { From e05369d08f2d3af047cc567094eec6eb97b732e7 Mon Sep 17 00:00:00 2001 From: William Guilherme Date: Tue, 23 Jun 2026 20:11:28 -0700 Subject: [PATCH 2/2] fix: Fixed unit test for zidentity fedramp --- CHANGELOG.md | 4 ++-- README.md | 2 +- docsrc/index.rst | 2 +- docsrc/zs/guides/release_notes.rst | 4 ++-- tests/unit/test_oauth_proxy.py | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c7b87771..cbda2824 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,7 +18,7 @@ ### Enhancements -* [PR #534](https://github.com/zscaler/zscaler-sdk-python/issues/534) - Added OneAPI (Zidentity) support for the government (FedRAMP) clouds. Setting `cloud=gov` or `cloud=govus` on `ZscalerClient` now routes OAuth to the correct Zidentity identity provider (`https://{vanityDomain}.zidentitygov.net` / `https://{vanityDomain}.zidentitygovus.net`) and API calls to the correct gateway (`https://api.zscalergov.net` / `https://api.zscalergov.us`). Previously these clouds produced non-resolvable hostnames and failed on every call. [Issue #526](https://github.com/zscaler/zscaler-sdk-python/issues/526) +* [PR #534](https://github.com/zscaler/zscaler-sdk-python/issues/534) - Added OneAPI (Zidentity) support for the government (FedRAMP) clouds. Setting `cloud=gov` or `cloud=govus` on `ZscalerClient` now routes OAuth to the correct Zidentity identity provider (`https://{vanityDomain}.zidentitygov.net` / `https://{vanityDomain}.zidentitygov.us`) and API calls to the correct gateway (`https://api.zscalergov.net` / `https://api.zscalergov.us`). Previously these clouds produced non-resolvable hostnames and failed on every call. [Issue #526](https://github.com/zscaler/zscaler-sdk-python/issues/526) ### Bug Fixes @@ -45,7 +45,7 @@ * [PR #525](https://github.com/zscaler/zscaler-sdk-python/pull/525) - Fixed resource registration `app_connectors` within the Legacy ZPA Client. -* [Issue #526](https://github.com/zscaler/zscaler-sdk-python/issues/526) - Added OneAPI (Zidentity) support for the government (FedRAMP) clouds. Setting `cloud=gov` or `cloud=govus` on `ZscalerClient` now routes OAuth to the correct Zidentity identity provider (`https://{vanityDomain}.zidentitygov.net` / `https://{vanityDomain}.zidentitygovus.net`) and API calls to the correct gateway (`https://api.zscalergov.net` / `https://api.zscalergov.us`). Previously these clouds produced non-resolvable hostnames and failed on every call. +* [Issue #526](https://github.com/zscaler/zscaler-sdk-python/issues/526) - Added OneAPI (Zidentity) support for the government (FedRAMP) clouds. Setting `cloud=gov` or `cloud=govus` on `ZscalerClient` now routes OAuth to the correct Zidentity identity provider (`https://{vanityDomain}.zidentitygov.net` / `https://{vanityDomain}.zidentitygov.us`) and API calls to the correct gateway (`https://api.zscalergov.net` / `https://api.zscalergov.us`). Previously these clouds produced non-resolvable hostnames and failed on every call. ## 1.9.30 (May 21, 2026) diff --git a/README.md b/README.md index 5aef2d80..b8337e60 100644 --- a/README.md +++ b/README.md @@ -326,7 +326,7 @@ OneAPI supports the Zscaler government (FedRAMP) clouds. These are FedRAMP-isola | `cloud` value | OAuth token endpoint | API base URL | |---------------|----------------------|--------------| | `gov` | `https://.zidentitygov.net/oauth2/v1/token` | `https://api.zscalergov.net` | -| `govus` | `https://.zidentitygovus.net/oauth2/v1/token` | `https://api.zscalergov.us` | +| `govus` | `https://.zidentitygov.us/oauth2/v1/token` | `https://api.zscalergov.us` | For example, authenticating to the GOV environment: diff --git a/docsrc/index.rst b/docsrc/index.rst index 4e761b4b..b4afc24e 100644 --- a/docsrc/index.rst +++ b/docsrc/index.rst @@ -379,7 +379,7 @@ government values: +===================+===============================================================+==============================+ | ``gov`` | ``https://.zidentitygov.net/oauth2/v1/token`` | ``https://api.zscalergov.net`` | +-------------------+---------------------------------------------------------------+------------------------------+ -| ``govus`` | ``https://.zidentitygovus.net/oauth2/v1/token``| ``https://api.zscalergov.us`` | +| ``govus`` | ``https://.zidentitygov.us/oauth2/v1/token``| ``https://api.zscalergov.us`` | +-------------------+---------------------------------------------------------------+------------------------------+ For example, authenticating to the GOV environment: diff --git a/docsrc/zs/guides/release_notes.rst b/docsrc/zs/guides/release_notes.rst index a544eb4e..4894ea8c 100644 --- a/docsrc/zs/guides/release_notes.rst +++ b/docsrc/zs/guides/release_notes.rst @@ -30,7 +30,7 @@ Notes Enhancements ------------- -* (`Issue #526 `_) - Added OneAPI (Zidentity) support for the government (FedRAMP) clouds. Setting ``cloud=gov`` or ``cloud=govus`` on ``ZscalerClient`` now routes OAuth to the correct Zidentity identity provider (``https://{vanityDomain}.zidentitygov.net`` / ``https://{vanityDomain}.zidentitygovus.net``) and API calls to the correct gateway (``https://api.zscalergov.net`` / ``https://api.zscalergov.us``). Previously these clouds produced non-resolvable hostnames and failed on every call. +* (`Issue #526 `_) - Added OneAPI (Zidentity) support for the government (FedRAMP) clouds. Setting ``cloud=gov`` or ``cloud=govus`` on ``ZscalerClient`` now routes OAuth to the correct Zidentity identity provider (``https://{vanityDomain}.zidentitygov.net`` / ``https://{vanityDomain}.zidentitygov.us``) and API calls to the correct gateway (``https://api.zscalergov.net`` / ``https://api.zscalergov.us``). Previously these clouds produced non-resolvable hostnames and failed on every call. Bug Fixes --------- @@ -63,7 +63,7 @@ Bug Fixes: `* (`#525 `_)` - Fixed resource registration `app_connectors` within the Legacy ZPA Client. -* (`Issue #526 `_) - Added OneAPI (Zidentity) support for the government (FedRAMP) clouds. Setting ``cloud=gov`` or ``cloud=govus`` on ``ZscalerClient`` now routes OAuth to the correct Zidentity identity provider (``https://{vanityDomain}.zidentitygov.net`` / ``https://{vanityDomain}.zidentitygovus.net``) and API calls to the correct gateway (``https://api.zscalergov.net`` / ``https://api.zscalergov.us``). Previously these clouds produced non-resolvable hostnames and failed on every call. +* (`Issue #526 `_) - Added OneAPI (Zidentity) support for the government (FedRAMP) clouds. Setting ``cloud=gov`` or ``cloud=govus`` on ``ZscalerClient`` now routes OAuth to the correct Zidentity identity provider (``https://{vanityDomain}.zidentitygov.net`` / ``https://{vanityDomain}.zidentitygov.us``) and API calls to the correct gateway (``https://api.zscalergov.net`` / ``https://api.zscalergov.us``). Previously these clouds produced non-resolvable hostnames and failed on every call. 1.9.30 (May 21, 2026) --------------------------- diff --git a/tests/unit/test_oauth_proxy.py b/tests/unit/test_oauth_proxy.py index 918c2db3..21119e66 100644 --- a/tests/unit/test_oauth_proxy.py +++ b/tests/unit/test_oauth_proxy.py @@ -423,7 +423,7 @@ def test_oauth_get_auth_url_clouds(): # Government (FedRAMP) clouds use the dedicated Zidentity identity providers assert oauth._get_auth_url("zsgovlab-net", "gov") == "https://zsgovlab-net.zidentitygov.net/oauth2/v1/token" - assert oauth._get_auth_url("zsgovlab-us", "govus") == "https://zsgovlab-us.zidentitygovus.net/oauth2/v1/token" + assert oauth._get_auth_url("zsgovlab-us", "govus") == "https://zsgovlab-us.zidentitygov.us/oauth2/v1/token" # Other non-production commercial clouds keep the legacy zslogin{cloud} pattern assert oauth._get_auth_url("testcompany", "beta") == "https://testcompany.zsloginbeta.net/oauth2/v1/token" @@ -433,7 +433,7 @@ def test_oauth_get_auth_url_clouds(): "cloud,expected_url", [ ("gov", "https://zsgovlab.zidentitygov.net/oauth2/v1/token"), - ("govus", "https://zsgovlab.zidentitygovus.net/oauth2/v1/token"), + ("govus", "https://zsgovlab.zidentitygov.us/oauth2/v1/token"), ], ) def test_oauth_client_secret_uses_gov_auth_url(cloud, expected_url):