zscaler.ziacloud.zia_cloud_app_control_rule_actions_info module – Get available Cloud App Control rule actions by rule type

Note

This module is part of the zscaler.ziacloud collection (version 2.2.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_cloud_app_control_rule_actions_info.

New in zscaler.ziacloud 1.0.0

Synopsis

  • Retrieves granular actions supported for a specific Cloud App Control rule type and cloud applications.

  • Equivalent to the Terraform zia_cloud_app_control_rule_actions datasource.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

action_prefixes

list / elements=string

Optional list of action prefixes to filter results.

Valid values include ALLOW, DENY, BLOCK, CAUTION, ISOLATE, ESC.

An underscore is automatically appended if not present.

Only actions starting with these prefixes are included in filtered_actions.

api_key

string

A string that contains the obfuscated API key.

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "beta"

  • "production"

  • "zscaler"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerone"

  • "zscalerten"

  • "zscalerthree"

  • "zscalertwo"

  • "zscloud"

  • "zspreview"

cloud_apps

list / elements=string / required

List of cloud application names to retrieve available actions for.

password

string

A string that contains the password for the API admin.

private_key

string

The private key for JWT-based OAuth2 authentication.

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "beta"

  • "production"

  • "zscaler"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerone"

  • "zscalerten"

  • "zscalerthree"

  • "zscalertwo"

  • "zscloud"

  • "zspreview"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

query

string

An optional JMESPath expression applied locally to the flat list of action strings returned by the API.

Use this for advanced client-side filtering/projection when action_prefixes is not enough.

The expression operates on a list of strings, so reference the current element with @ (e.g. [?starts_with(@, 'ALLOW'])).

Applied before the derived action lists are computed. See https://jmespath.org/ for the syntax.

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

type

string / required

The rule type for the Cloud App Control policy (e.g., web, WEBMAIL, STREAMING_MEDIA).

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Notes

Note

  • Check mode is not supported.

  • query (JMESPath) is applied locally to the retrieved list of actions before the derived available_actions, available_actions_without_isolate, isolate_actions and filtered_actions outputs are computed.

Examples

- name: Get all available actions for WEBMAIL and AOL_MAIL
  zscaler.ziacloud.zia_cloud_app_control_rule_actions_info:
    provider: '{{ provider }}'
    type: "WEBMAIL"
    cloud_apps:
      - "AOL_MAIL"
  register: result

- name: Get available actions filtered by prefix
  zscaler.ziacloud.zia_cloud_app_control_rule_actions_info:
    provider: '{{ provider }}'
    type: "STREAMING_MEDIA"
    cloud_apps:
      - "DROPBOX"
    action_prefixes:
      - "ALLOW"
      - "BLOCK"
  register: result

- name: Get only ALLOW actions using a JMESPath query
  zscaler.ziacloud.zia_cloud_app_control_rule_actions_info:
    provider: '{{ provider }}'
    type: "STREAMING_MEDIA"
    cloud_apps:
      - "DROPBOX"
    query: "[?starts_with(@, 'ALLOW')]"
  register: result

- name: Exclude ISOLATE actions using a JMESPath query
  zscaler.ziacloud.zia_cloud_app_control_rule_actions_info:
    provider: '{{ provider }}'
    type: "WEBMAIL"
    cloud_apps:
      - "AOL_MAIL"
    query: "[?!starts_with(@, 'ISOLATE')]"
  register: result

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

available_actions

list / elements=string

List of all available actions for the specified cloud applications and rule type (includes ISOLATE actions).

When query is set, this list reflects the result of the JMESPath expression.

Returned: always

available_actions_without_isolate

list / elements=string

List of available actions excluding ISOLATE actions. Use for standard rules.

ISOLATE actions cannot be mixed with other actions.

Returned: always

filtered_actions

list / elements=string

List of actions filtered by action_prefixes. Only populated when action_prefixes is specified.

Returned: always

isolate_actions

list / elements=string

List of only ISOLATE actions. Use for Cloud Browser Isolation rules.

ISOLATE actions require cbi_profile configuration and cannot be mixed with other actions.

Returned: always

Authors

  • William Guilherme (@willguibr)