zscaler.ziacloud.zia_cloud_app_control_rules module – Adds a new Cloud App Control rule.
Note
This module is part of the zscaler.ziacloud collection (version 2.0.3).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install zscaler.ziacloud.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: zscaler.ziacloud.zia_cloud_app_control_rules.
New in zscaler.ziacloud 1.0.0
Synopsis
Adds a new Cloud App Control rule.
Requirements
The below requirements are needed on the host that executes this module.
Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/
Parameters
Parameter |
Comments |
|---|---|
Actions allowed for the specified type. |
|
A string that contains the obfuscated API key. |
|
List of cloud applications for which rule will be applied |
|
Enforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy. The URL Filtering policy does not apply if the transaction is blocked by the Cloud App Control policy. Choices:
|
|
The cloud browser isolation profile to which the ISOLATE action is applied in the Cloud App Control Policy rules. This parameter is required for the ISOLATE action and is not applicable to other actions. |
|
The universally unique identifier (UUID) for the browser isolation profile. |
|
Name of the browser isolation profile. |
|
The browser isolation profile URL. |
|
The client ID for OAuth2 authentication. |
|
The client secret for OAuth2 authentication. |
|
The Zscaler cloud name provisioned for your organization. Choices:
|
|
Name-ID pair of Cloud application instances for which rule will be applied. |
|
Name-ID pair of cloud Application Risk Profile for which rule will be applied. |
|
Name-ID pairs of departments for which rule will be applied |
|
Additional information about the rule |
|
Name-ID pairs of device groups for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation. |
|
List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations. If no value is set, this field is ignored during the policy evaluation. Choices:
|
|
Name-ID pairs of devices for which rule must be applied. Specifies devices that are managed using Zscaler Client Connector. If no value is set, this field is ignored during the policy evaluation. |
|
Determines whether the Cloud App Control rule is enabled or disabled Choices:
|
|
Enforce a set a validity time period for the Cloud App Control rule. Choices:
|
|
Name-ID pairs of groups for which rule must be applied |
|
Unique identifier for the Cloud App Control policy rule |
|
The Cloud App Control rule label. Rule labels allow you to logically group your organization policy rules. Policy rules that are not associated with a rule label are grouped under the Untagged label. |
|
Name-ID pairs of the location groups to which the rule must be applied. |
|
Name-ID pairs of locations for which rule must be applied |
|
Name of the Cloud App Control policy rule |
|
Rule order number of the Cloud App Control policy rule |
|
A string that contains the password for the API admin. |
|
The private key for JWT-based OAuth2 authentication. |
|
A dict containing authentication credentials. |
|
Obfuscated API key. |
|
OAuth2 client ID. |
|
OAuth2 client secret. |
|
Zscaler cloud name. Choices:
|
|
Password for the API admin. |
|
Private key for OAuth2 JWT. |
|
Sandbox Cloud environment. |
|
Sandbox API Key. |
|
Whether to use the legacy Zscaler API client. Choices:
|
|
Email ID of the API admin. |
|
Vanity domain for OAuth2. |
|
Admin rank of the admin who creates this rule Default: |
|
The rule type selected from the available options. Choices:
|
|
The Sandbox cloud environment for API access. |
|
A string that contains the Sandbox API Key. |
|
Action must be set to CAUTION Size quota in MB beyond which the Cloud App Control rule is applied. The allowed range is between 10 MB and 100000 MB If not set, no quota is enforced. If a policy rule action is set to BLOCK, this field is not applicable. |
|
Specifies the desired state of the resource. Choices:
|
|
Name-ID pair of Tenant Profile for which rule will be applied. |
|
Action must be set to CAUTION Time quota in minutes, after which the Cloud App Control rule is applied. The allowed range is between 15 minutes and 600 minutes. If not set, no quota is enforced. If a policy rule action is set to BLOCK, this field is not applicable. |
|
Name-ID pairs of time interval during which rule must be enforced. |
|
Whether to use the legacy Zscaler API client. Choices:
|
|
Any number of user agents to which the rule applies. Choices:
|
|
Indicates the user risk level selected for the DLP rule violation. Choices:
|
|
A string that contains the email ID of the API admin. |
|
Name-ID pairs of users for which rule must be applied |
|
If enforce_time_validity is set to true, the Cloud App Control rule will cease to be valid on this end date and time. Example ( 12/21/2023 12:00 AM ) |
|
If enforce_time_validity is set to true, the Cloud App Control rule will be valid starting on this date and time. Example ( 11/20/2023 11:59 PM ) Notice that validity_start_time cannot be in the past |
|
If enforceTimeValidity is set to true, the Cloud App Control rule date and time is valid based on this time zone ID. |
|
The vanity domain provisioned by Zscaler for OAuth2 flows. |
Notes
Note
Check mode is supported.
Examples
- name: Create/Update/Delete a Cloud App Control Rule.
zscaler.ziacloud.zia_cloud_app_control_rules:
provider: '{{ provider }}'
name: "Example_WebMail_Rule"
description: "Example_WebMail_Rule"
enabled: true
order: 1
actions:
- ALLOW_WEBMAIL_VIEW
- ALLOW_WEBMAIL_ATTACHMENT_SEND
- ALLOW_WEBMAIL_SEND
applications:
- "GOOGLE_WEBMAIL"
- "YAHOO_WEBMAIL"