zscaler.ziacloud.zia_tenant_restriction_profile module – Manages ZIA tenant restriction profiles

Note

This module is part of the zscaler.ziacloud collection (version 2.2.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_tenant_restriction_profile.

New in zscaler.ziacloud 1.0.0

Synopsis

• Creates, updates, or deletes tenant restriction profiles for cloud app control.

• Tenant restriction profiles control access to cloud applications (e.g., Microsoft 365, Google).

Requirements

The below requirements are needed on the host that executes this module.

• Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/

Parameters

Parameter	Comments
allow_gcp_cloud_storage_read boolean	Flag to allow or disallow GCP cloud storage reads. Choices: false true
allow_google_consumers boolean	Flag to allow Google consumers. Choices: false true
allow_google_visitors boolean	Flag to allow Google visitors. Choices: false true
api_key string	A string that contains the obfuscated API key.
app_type string	Restricted tenant profile application type. Supported values include YOUTUBE, GOOGLE, MSLOGINSERVICES, SLACK, BOX, FACEBOOK, AWS, DROPBOX, WEBEX_LOGIN_SERVICES, AMAZON_S3, ZOHO_LOGIN_SERVICES, GOOGLE_CLOUD_PLATFORM, ZOOM, IBMSMARTCLOUD, GITHUB, CHATGPT_AI.
client_id string	The client ID for OAuth2 authentication.
client_secret string	The client secret for OAuth2 authentication.
cloud string	The Zscaler cloud name provisioned for your organization. Choices: "beta" "production" "zscaler" "zscalerbeta" "zscalergov" "zscalerone" "zscalerten" "zscalerthree" "zscalertwo" "zscloud" "zspreview"
description string	Additional information about the profile.
id integer	The unique identifier for the tenant restriction profile. Used to reference an existing profile for update or delete.
item_data_primary list / elements=string	Tenant profile primary item data (list of strings).
item_data_secondary list / elements=string	Tenant profile secondary item data (list of strings).
item_type_primary string	Tenant profile primary item type. See Zscaler documentation for available item types.
item_type_secondary string	Tenant profile secondary item type.
item_value list / elements=string	Tenant profile item value for YouTube categories. See Zscaler documentation for available item values.
ms_login_services_tr_v2 boolean	Flag to choose between v1 and v2 for MS Login services tenant restriction. Choices: false true
name string / required	The tenant restriction profile name. Required for create.
password string	A string that contains the password for the API admin.
private_key string	The private key for JWT-based OAuth2 authentication.
provider dictionary	A dict containing authentication credentials.
api_key string	Obfuscated API key.
client_id string	OAuth2 client ID.
client_secret string	OAuth2 client secret.
cloud string	Zscaler cloud name. Choices: "beta" "production" "zscaler" "zscalerbeta" "zscalergov" "zscalerone" "zscalerten" "zscalerthree" "zscalertwo" "zscloud" "zspreview"
password string	Password for the API admin.
private_key string	Private key for OAuth2 JWT.
sandbox_cloud string	Sandbox Cloud environment.
sandbox_token string	Sandbox API Key.
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: false ← (default) true
username string	Email ID of the API admin.
vanity_domain string	Vanity domain for OAuth2.
restrict_personal_o365_domains boolean	Flag to restrict personal domains for Office 365. Choices: false true
sandbox_cloud string	The Sandbox cloud environment for API access.
sandbox_token string	A string that contains the Sandbox API Key.
state string	Specifies the desired state of the resource. Choices: "present" ← (default) "absent"
use_legacy_client boolean	Whether to use the legacy Zscaler API client. Choices: false ← (default) true
username string	A string that contains the email ID of the API admin.
vanity_domain string	The vanity domain provisioned by Zscaler for OAuth2 flows.

Notes

Note

• Check mode is supported.

• Use id or name to reference an existing profile for update/delete.

Examples

- name: Create a tenant restriction profile for Microsoft Login Services (v1)
  zscaler.ziacloud.zia_tenant_restriction_profile:
    provider: '{{ provider }}'
    name: "MS Profile 01"
    description: "Restricts to allowed tenants"
    app_type: "MSLOGINSERVICES"
    item_type_primary: "TENANT_RESTRICTION_TENANT_DIRECTORY"
    item_data_primary:
      - "76b66e9c-201a-49dc-bb7e-e9d77604a4c2"
    item_type_secondary: "TENANT_RESTRICTION_TENANT_NAME"
    item_data_secondary:
      - "example.com"
      - "example.org"
    restrict_personal_o365_domains: false

- name: Create a tenant restriction profile for Microsoft Login Services (v2)
  zscaler.ziacloud.zia_tenant_restriction_profile:
    provider: '{{ provider }}'
    name: "SGIO-MSFT-CA_v2"
    description: "MS Login Services v2 with tenant policy IDs"
    app_type: "MSLOGINSERVICES"
    ms_login_services_tr_v2: true
    item_type_primary: "TENANT_RESTRICTION_TENANT_POLICY_ID"
    item_data_primary:
      - "76b66e9c-201a-49dc-bb7e-e9d77604a4c2:quadsj"

- name: Update a tenant restriction profile by ID
  zscaler.ziacloud.zia_tenant_restriction_profile:
    provider: '{{ provider }}'
    id: 1254654
    name: "MS Profile 01 Updated"
    description: "Updated description"

- name: Delete a tenant restriction profile
  zscaler.ziacloud.zia_tenant_restriction_profile:
    provider: '{{ provider }}'
    id: 1254654
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
data dictionary	The tenant restriction profile resource record. Returned: on success

Authors

• William Guilherme (@willguibr)

Collection links

• Issue Tracker
• Repository (Sources)