zscaler.ziacloud.zia_workload_groups module – Manages ZIA workload groups

Note

This module is part of the zscaler.ziacloud collection (version 2.2.3).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.ziacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.ziacloud.zia_workload_groups.

New in zscaler.ziacloud 1.0.0

Synopsis

  • Creates, updates, or deletes workload groups in Zscaler Internet Access.

  • Workload groups define a set of workloads based on tag expressions for use in ZIA policies.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

api_key

string

A string that contains the obfuscated API key.

client_id

string

The client ID for OAuth2 authentication.

client_secret

string

The client secret for OAuth2 authentication.

cloud

string

The Zscaler cloud name provisioned for your organization.

Choices:

  • "beta"

  • "production"

  • "zscaler"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerone"

  • "zscalerten"

  • "zscalerthree"

  • "zscalertwo"

  • "zscloud"

  • "zspreview"

description

string

Additional information about the workload group.

expression_json

list / elements=dictionary

JSON structure defining the workload tag expression.

Contains expression_containers with tag rules.

expression_containers

list / elements=dictionary

List of expression containers defining tag matching rules.

operator

string

Logical operator for the expression.

Choices:

  • "AND"

  • "OR"

  • "OPEN_PARENTHESES"

  • "CLOSE_PARENTHESES"

tag_container

list / elements=dictionary

Container for tags with matching criteria.

operator

string

Logical operator for tags within the container.

Choices:

  • "AND"

  • "OR"

  • "OPEN_PARENTHESES"

  • "CLOSE_PARENTHESES"

tags

list / elements=dictionary

List of tag key/value pairs.

key

string

Tag key identifier.

value

string

Tag value.

tag_type

string

Type of tag (e.g. VPC, SUBNET, VM, ENI, ATTR).

Choices:

  • "ANY"

  • "VPC"

  • "SUBNET"

  • "VM"

  • "ENI"

  • "ATTR"

id

integer

The unique identifier for the workload group.

Used to reference an existing group for update or delete.

name

string

The name of the workload group.

Required for create; use with id for update/delete by ID.

password

string

A string that contains the password for the API admin.

private_key

string

The private key for JWT-based OAuth2 authentication.

provider

dictionary

A dict containing authentication credentials.

api_key

string

Obfuscated API key.

client_id

string

OAuth2 client ID.

client_secret

string

OAuth2 client secret.

cloud

string

Zscaler cloud name.

Choices:

  • "beta"

  • "production"

  • "zscaler"

  • "zscalerbeta"

  • "zscalergov"

  • "zscalerone"

  • "zscalerten"

  • "zscalerthree"

  • "zscalertwo"

  • "zscloud"

  • "zspreview"

password

string

Password for the API admin.

private_key

string

Private key for OAuth2 JWT.

sandbox_cloud

string

Sandbox Cloud environment.

sandbox_token

string

Sandbox API Key.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

Email ID of the API admin.

vanity_domain

string

Vanity domain for OAuth2.

sandbox_cloud

string

The Sandbox cloud environment for API access.

sandbox_token

string

A string that contains the Sandbox API Key.

state

string

Specifies the desired state of the resource.

Choices:

  • "present" ← (default)

  • "absent"

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

Choices:

  • false ← (default)

  • true

username

string

A string that contains the email ID of the API admin.

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Notes

Note

  • Check mode is supported.

  • Use id or name to reference an existing workload group for update/delete.

Examples

- name: Create a workload group with expression
  zscaler.ziacloud.zia_workload_groups:
    provider: '{{ provider }}'
    name: "ATTR Workload Group"
    description: "Match by attribute"
    expression_json:
      - expression_containers:
          - tag_type: ATTR
            operator: AND
            tag_container:
              - tags:
                  - key: GroupName
                    value: example
                operator: AND

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

data

dictionary

The workload group resource record.

Returned: on success

Authors

  • William Guilherme (@willguibr)