Incorrect results from zia/services/adminuserrolemgmt/admins.GetAllAdminUsers()

[jfaronson]

Confirmation

• My issue isn't already found on the issue tracker.
• I have replicated my issue using the latest version of the library and it is still present.

zscaler-sdk-go version

v3.1.2

Go environment

GO111MODULE=''
GOARCH='amd64'
GOBIN=''
GOCACHE='/home/jaronson/.cache/go-build'
GOENV='/home/jaronson/.config/go/env'
GOEXE=''
GOEXPERIMENT=''
GOFLAGS=''
GOHOSTARCH='amd64'
GOHOSTOS='linux'
GOINSECURE=''
GOMODCACHE='/home/jaronson/go/pkg/mod'
GONOPROXY=''
GONOSUMDB=''
GOOS='linux'
GOPATH='/home/jaronson/go'
GOPRIVATE=''
GOPROXY='https://proxy.golang.org,direct'
GOROOT='/usr/local/go'
GOSUMDB='sum.golang.org'
GOTMPDIR=''
GOTOOLCHAIN='auto'
GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64'
GOVCS=''
GOVERSION='go1.22.3'
GCCGO='gccgo'
GOAMD64='v1'
AR='ar'
CC='gcc'
CXX='g++'
CGO_ENABLED='1'
GOMOD='/mnt/c/Users/JohnAronson/Documents/git/ZProductPrivateApiClient/go.mod'
GOWORK=''
CGO_CFLAGS='-O2 -g'
CGO_CPPFLAGS=''
CGO_CXXFLAGS='-O2 -g'
CGO_FFLAGS='-O2 -g'
CGO_LDFLAGS='-O2 -g'
PKG_CONFIG='pkg-config'
GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build1080628955=/tmp/go-build -gno-record-gcc-switches'
jaronson@GM004TQ9:/mnt/c/Use

Expected output

I have a tenant and when I make this call in Postman I get 4 results which matches what I get in the UI when I look at ZIA admin users.

GET https://api.zsapi.net/private/zia/zsapi/v1/adminUsers?page=1&pageSize=100&includeAuditorUsers=false&includeAdminUsers=true
200
2.25 s
GET /private/zia/zsapi/v1/adminUsers?page=1&pageSize=100&includeAuditorUsers=false&includeAdminUsers=true HTTP/1.1
Authorization: Bearer
User-Agent: PostmanRuntime/7.43.0
Accept: /
Cache-Control: no-cache
Postman-Token: ebf99786-7c66-44cd-8699-bdce4fe6561a
Host: api.zsapi.net
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

HTTP/1.1 200 OK
strict-transport-security: max-age=31622400;includeSubDomains;preload
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-store, no-cache
x-zscaler-mode: read-write
content-disposition: attachment; filename="api.json"
vary: accept-encoding
content-encoding: gzip
content-type: application/json
date: Thu, 06 Feb 2025 17:24:34 GMT
server: Zscaler
x-envoy-upstream-service-time: 1988
x-transaction-id: 0864ef9f-ae36-45b3-aa3b-92bdb8f69f89
x-oneapi-version: 106.0.8
set-cookie: JSESSIONID=1B539CF24D013C8FC28FE14B3B47397D; Expires=Fri, 07 Feb 2025 05:24:34 GMT; Path=/; Secure; HttpOnly; SameSite=None
x-ratelimit-limit: 1000, 1000;w=1
x-ratelimit-remaining: 999
x-ratelimit-reset: 1
transfer-encoding: chunked

[ {
"id" : 142334558,
"loginName" : "admin@zs2102safemarch.zslogin.net",
"userName" : "Default Admin",
"email" : "pellis@zscaler.com",
"role" : {
"id" : 83795,
"name" : "Super Admin",
"isNameL10nTag" : true,
"extensions" : {
"adminRank" : "0",
"roleType" : "EXEC_INSIGHT_AND_ORG_ADMIN"
}
},
"adminScopescopeGroupMemberEntities" : [ ],
"adminScopeType" : "ORGANIZATION",
"adminScopeScopeEntities" : [ ],
"disabled" : false,
"pwdLastModifiedTime" : 0,
"name" : "Default Admin"
}, {
"id" : 154903176,
"loginName" : "jaronson@zs2102.safemarch.com",
"userName" : "John",
"email" : "jaronson@zscaler.com",
"role" : {
"id" : 83795,
"name" : "Super Admin",
"isNameL10nTag" : true,
"extensions" : {
"adminRank" : "0",
"roleType" : "EXEC_INSIGHT_AND_ORG_ADMIN"
}
},
"adminScopescopeGroupMemberEntities" : [ ],
"adminScopeType" : "ORGANIZATION",
"adminScopeScopeEntities" : [ ],
"disabled" : false,
"pwdLastModifiedTime" : 0,
"name" : "John"
}, {
"id" : 155723216,
"loginName" : "student2@zs2102.safemarch.com",
"userName" : "Student Admin 2",
"email" : "student2@zs2102.safemarch.com",
"role" : {
"id" : 83795,
"name" : "Super Admin",
"isNameL10nTag" : true,
"extensions" : {
"adminRank" : "0",
"roleType" : "EXEC_INSIGHT_AND_ORG_ADMIN"
}
},
"adminScopescopeGroupMemberEntities" : [ ],
"adminScopeType" : "ORGANIZATION",
"adminScopeScopeEntities" : [ ],
"disabled" : false,
"pwdLastModifiedTime" : 0,
"name" : "Student Admin 2"
}, {
"id" : 149813876,
"loginName" : "student@zs2102.safemarch.com",
"userName" : "Student Admin",
"email" : "student@zs2102.safemarch.com",
"role" : {
"id" : 83795,
"name" : "Super Admin",
"isNameL10nTag" : true,
"extensions" : {
"adminRank" : "0",
"roleType" : "EXEC_INSIGHT_AND_ORG_ADMIN"
}
},
"adminScopescopeGroupMemberEntities" : [ ],
"adminScopeType" : "ORGANIZATION",
"adminScopeScopeEntities" : [ ],
"disabled" : false,
"pwdLastModifiedTime" : 0,
"name" : "Student Admin"
} ]

result count: 4

Actual output

When I make the call using the go SDK I get 0 results. Here's the log with debug on:

Starting: C:\Users\JohnAronson\go\bin\dlv.exe dap --listen=127.0.0.1:62924 from C:\Users\JohnAronson\Documents\git\ZProductPrivateApiClient\go-api-v3
DAP server listening at: 127.0.0.1:62924
Type 'dlv help' for list of commands.
oneapi-logger: 2025/02/06 10:29:14 logger.go:36: [DEBUG] Request "POST https://zs2102safemarch.zslogin.net/oauth2/v1/token" details:
---[ ZSCALER SDK REQUEST | ID:b85aefcf-c383-4732-9060-ddd1c136dd30 ]-------------------------------
POST /oauth2/v1/token HTTP/1.1
Host: zs2102safemarch.zslogin.net
User-Agent: zscaler-sdk-go/3.0.0 golang/go1.23.4 windows/amd64
Content-Length: 152
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

---

oneapi-logger: 2025/02/06 10:29:15 logger.go:36: [DEBUG] Request "GET https://api.zsapi.net/zia/api/v1/adminUsers?includeAuditorUsers=true&includeAdminUsers=true&pageSize=1000&page=1" details:
---[ ZSCALER SDK REQUEST | ID:681122d0-c708-4138-999d-34a9940808e4 ]-------------------------------
GET /zia/api/v1/adminUsers?includeAuditorUsers=true&includeAdminUsers=true&pageSize=1000&page=1 HTTP/1.1
Host: api.zsapi.net
User-Agent: zscaler-sdk-go/3.0.0 golang/go1.23.4 windows/amd64
Authorization: Bearer
Content-Type: application/json
Accept-Encoding: gzip

---

oneapi-logger: 2025/02/06 10:29:15 logger.go:36: [DEBUG] GET https://api.zsapi.net/zia/api/v1/adminUsers?includeAuditorUsers=true&includeAdminUsers=true&pageSize=1000&page=1
oneapi-logger: 2025/02/06 10:29:23 logger.go:36: [DEBUG] Response "GET https://api.zsapi.net/zia/api/v1/adminUsers?includeAuditorUsers=true&includeAdminUsers=true&pageSize=1000&page=1" details:
---[ ZSCALER SDK RESPONSE | ID:681122d0-c708-4138-999d-34a9940808e4 | Duration:8.5597844s ]--------------------------------
HTTP/2.0 200 OK
Content-Length: 2
Cache-Control: no-store, no-cache
Content-Disposition: attachment; filename="api.json"
Content-Type: application/json
Date: Thu, 06 Feb 2025 17:29:23 GMT
Server: Zscaler
Strict-Transport-Security: max-age=31622400;includeSubDomains;preload
X-Content-Type-Options: nosniff
X-Envoy-Upstream-Service-Time: 8414
X-Frame-Options: SAMEORIGIN
X-Oneapi-Version: 106.0.8
X-Ratelimit-Limit: 5000, 5000;w=60
X-Ratelimit-Remaining: 4999
X-Ratelimit-Reset: 45
X-Transaction-Id: 03f6eb71-e653-44af-944a-191e606f2a86
X-Xss-Protection: 1; mode=block
X-Zscaler-Mode: read-write

[]

adminUser length: 0
Process 22160 has exited with status 0
Detaching

Code demonstrating the issue

package main

import (
"context"
"errors"
"flag"
"fmt"
"log"
"os"

"github.com/zscaler/zscaler-sdk-go/v3/zscaler"
"github.com/zscaler/zscaler-sdk-go/v3/zscaler/zcc"
"github.com/zscaler/zscaler-sdk-go/v3/zscaler/zia"
"github.com/zscaler/zscaler-sdk-go/v3/zscaler/zia/services/adminuserrolemgmt/admins"
"github.com/zscaler/zscaler-sdk-go/v3/zscaler/zpa"

)

func main() {
operation := flag.String("operation", "healthCheck", "What operation should the program execeute?")

service, _, err := GetService()
if err != nil {
	log.Printf("[ERROR] get client error: %v\n", err)
	return
}
flag.Parse()

switch *operation {
default:
	adminUserTest(service)
}

}

func adminUserTest(service *zscaler.Service) {
result, err := admins.GetAllAdminUsers(context.Background(), service)
if err != nil {
log.Printf("[ERROR] GetAllAdminUsers failed: %v\n", err)
os.Exit(1)
}
fmt.Printf("adminUser length: %d\n", len(result))
}

func GetService() (*zscaler.Service, *zscaler.Configuration, error) {
config, err := zscaler.NewConfiguration()

if config.UseLegacyClient {

	zccCfg, err := zcc.NewConfiguration(
		zcc.WithDebug(true),
	)
	if err != nil {
		return nil, nil, errors.New("Error getting Legacy ZCC Config, message: " + err.Error())
	}

	zccClient, err := zcc.NewClient(zccCfg)
	if err != nil {
		log.Fatalf("Error creating ZCC client: %v", err)
		return nil, nil, err
	}

	zpaCfg, err := zpa.NewConfiguration(
		zpa.WithDebug(true),
	)
	if err != nil {
		return nil, nil, errors.New("Error getting Legacy ZPA Config, message: " + err.Error())
	}

	zpaClient, err := zpa.NewClient(zpaCfg)
	if err != nil {
		log.Fatalf("Error creating ZPA client: %v", err)
		return nil, nil, err
	}

	ziaCfg, err := zia.NewConfiguration(
		//You can't pull the cloud from the env, because the code checks if the cloud was passed in before trying to read from the env
		zia.WithZiaCloud(os.Getenv("ZSCALER_LEGACYCLIENT_ZIACLIENT_CONFIG_ZIA_CLIENT_ZIA_CLOUD")),
		zia.WithDebug(true),
	)
	if err != nil {
		return nil, nil, err
	}

	ziaClient, err := zia.NewClient(ziaCfg)

	//update the config with legacy clients
	config, err = zscaler.NewConfiguration(
		zscaler.WithLegacyClient(true),
		zscaler.WithZccLegacyClient(zccClient),
		zscaler.WithZiaLegacyClient(ziaClient),
		zscaler.WithZpaLegacyClient(zpaClient),
		zscaler.WithDebug(config.Debug),
	)
	if err != nil {
		log.Fatalf("Error creating Zscaler configuration: %v", err)
		return nil, nil, err
	}
}

service, err := zscaler.NewOneAPIClient(config)
return service, config, err

}

Steps to reproduce

Set up env vars with API creds
Run program

References

No response

[willguibr]

@jfaronson Please DO NOT past the debug logs containing Bearer tokens in the Issue.
Please raise a support ticket with Zscaler Global support and they will address it accordingly and escalate it if needed.

Zscaler DevRel.