zscaler.ziacloud.zia_browser_control_policy module – Manages the Browser Control policy settings

Note

This module is part of the zscaler.ziacloud collection (version 2.2.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_browser_control_policy.

New in zscaler.ziacloud 1.0.0

Synopsis 

Updates the Browser Control policy settings for the organization.
Browser Control is a singleton resource; there is one policy per organization.
Create and update both use the update API. Delete is a no-op (policy cannot be removed).

Requirements 

The below requirements are needed on the host that executes this module.

Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/

Parameters 

Parameter	Comments
allow_all_browsers boolean	If true, allows all browsers and their versions access to the internet. Choices: `false` `true`
api_key string	A string that contains the obfuscated API key.
blocked_chrome_versions list / elements=string	Versions of Google Chrome browser that need to be blocked. If not set, all allowed.
blocked_firefox_versions list / elements=string	Versions of Mozilla Firefox browser that need to be blocked. If not set, all allowed.
blocked_internet_explorer_versions list / elements=string	Versions of Microsoft browser that need to be blocked. If not set, all allowed.
blocked_opera_versions list / elements=string	Versions of Opera browser that need to be blocked. If not set, all allowed.
blocked_safari_versions list / elements=string	Versions of Apple Safari browser that need to be blocked. If not set, all allowed.
bypass_all_browsers boolean	If true, all browsers are bypassed for warnings. Choices: `false` `true`
bypass_applications list / elements=string	List of applications that need to be bypassed for warnings. Has effect only if enable_warnings is true. If not set, all vulnerable applications are warned.
bypass_plugins list / elements=string	List of plugins that need to be bypassed for warnings. Has effect only if enable_warnings is true. If not set, all vulnerable plugins are warned.
client_id string	The client ID for OAuth2 authentication.
client_secret string	The client secret for OAuth2 authentication.
cloud string	The Zscaler cloud name provisioned for your organization. Choices: `"beta"` `"production"` `"zscaler"` `"zscalerbeta"` `"zscalergov"` `"zscalerone"` `"zscalerten"` `"zscalerthree"` `"zscalertwo"` `"zscloud"` `"zspreview"`
enable_smart_browser_isolation boolean	If true, Smart Browser Isolation is enabled. When set to true, `smart_isolation_profile` is required. Choices: `false` `true`
enable_warnings boolean	If true, warnings are enabled. Choices: `false` `true`
password string	A string that contains the password for the API admin.
plugin_check_frequency string	Specifies how frequently the service checks browsers and relevant applications to warn users regarding outdated or vulnerable browsers, plugins, and applications. If not set, the warnings are disabled. Choices: `"DAILY"` `"WEEKLY"` `"MONTHLY"` `"EVERY_2_HOURS"` `"EVERY_4_HOURS"` `"EVERY_6_HOURS"` `"EVERY_8_HOURS"` `"EVERY_12_HOURS"`
private_key string	The private key for JWT-based OAuth2 authentication.
provider dictionary	A dict containing authentication credentials.
api_key string	Obfuscated API key.
client_id string	OAuth2 client ID.
client_secret string	OAuth2 client secret.
cloud string	Zscaler cloud name. Choices: `"beta"` `"production"` `"zscaler"` `"zscalerbeta"` `"zscalergov"` `"zscalerone"` `"zscalerten"` `"zscalerthree"` `"zscalertwo"` `"zscloud"` `"zspreview"`
password string	Password for the API admin.
private_key string	Private key for OAuth2 JWT.
sandbox_cloud string	Sandbox Cloud environment.
sandbox_token string	Sandbox API Key.
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: `false` ← (default) `true`
username string	Email ID of the API admin.
vanity_domain string	Vanity domain for OAuth2.
sandbox_cloud string	The Sandbox cloud environment for API access.
sandbox_token string	A string that contains the Sandbox API Key.
smart_isolation_groups list / elements=integer	List of group IDs for which the Smart Isolation rule is applied.
smart_isolation_profile dictionary	The browser isolation profile. Provide as a dict with `id` key (UUID string). Required when `enable_smart_browser_isolation` is true. Example a dict with `id` key containing a UUID such as `161d0907-0a57-4aab-98c2-eccbd651c448`.
smart_isolation_profile_id integer	The isolation profile ID (integer).
smart_isolation_users list / elements=integer	List of user IDs for which the Smart Isolation rule is applied.
state string	Specifies the desired state of the resource. Choices: `"present"` ← (default) `"absent"`
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: `false` ← (default) `true`
username string	A string that contains the email ID of the API admin.
vanity_domain string	The vanity domain provisioned by Zscaler for OAuth2 flows.

Notes 

Note

Check mode is supported.
This is a singleton resource. state=absent performs a no-op (policy cannot be deleted).
When enable_smart_browser_isolation is true, smart_isolation_profile is required.

Examples 

- name: Update Browser Control policy with basic settings
  zscaler.ziacloud.zia_browser_control_policy:
    provider: '{{ provider }}'
    plugin_check_frequency: DAILY
    bypass_plugins:
      - ACROBAT
      - FLASH
    bypass_applications:
      - OUTLOOKEXP
    enable_warnings: true
    allow_all_browsers: false

- name: Update Browser Control policy with Smart Browser Isolation
  zscaler.ziacloud.zia_browser_control_policy:
    provider: '{{ provider }}'
    plugin_check_frequency: DAILY
    enable_warnings: true
    enable_smart_browser_isolation: true
    smart_isolation_profile:
      id: "161d0907-0a57-4aab-98c2-eccbd651c448"
    smart_isolation_users:
      - 5452145
    smart_isolation_groups:
      - 21568541

Return Values 

Common return values are documented here, the following are the fields unique to this module:

Key	Description
data dictionary	The Browser Control policy settings after the operation. Returned: on success
allow_all_browsers boolean	Whether all browsers are allowed. Returned: success
blocked_chrome_versions list / elements=string	Blocked Chrome versions. Returned: success
blocked_firefox_versions list / elements=string	Blocked Firefox versions. Returned: success
blocked_internet_explorer_versions list / elements=string	Blocked Microsoft browser versions. Returned: success
blocked_opera_versions list / elements=string	Blocked Opera versions. Returned: success
blocked_safari_versions list / elements=string	Blocked Safari versions. Returned: success
bypass_all_browsers boolean	Whether all browsers are bypassed. Returned: success
bypass_applications list / elements=string	List of applications bypassed for warnings. Returned: success
bypass_plugins list / elements=string	List of plugins bypassed for warnings. Returned: success
enable_smart_browser_isolation boolean	Whether Smart Browser Isolation is enabled. Returned: success
enable_warnings boolean	Whether warnings are enabled. Returned: success
plugin_check_frequency string	How frequently browsers/plugins are checked. Returned: success

Authors

William Guilherme (@willguibr)

zscaler.ziacloud.zia_browser_control_policy module – Manages the Browser Control policy settings

Synopsis

Requirements

Parameters

Notes

Examples

Return Values