zscaler.zpacloud.zpa_app_protection_custom_control module – Create, update, or delete Zscaler Private Access (ZPA) app protection custom controls.

Note

This module is part of the zscaler.zpacloud collection (version 1.4.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.zpacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.zpacloud.zpa_app_protection_custom_control.

New in zscaler.zpacloud 1.0.0

Synopsis

  • This Ansible module enables you to manage Zscaler Private Access (ZPA) app protection custom controls in the ZPA Cloud.

  • You can use this module to create new custom controls, update existing ones, or delete custom controls as needed.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

action

string

The action of the custom control.

Choices:

  • "PASS"

  • "BLOCK"

  • "REDIRECT"

action_value

string

Denotes the action. Supports any string.

client_id

string

The ZPA API client ID generated from the ZPA console.

client_secret

string

The ZPA API client secret generated from the ZPA console.

cloud

string

The ZPA cloud provisioned for your organization.

Choices:

  • "PRODUCTION"

  • "BETA"

  • "QA"

  • "QA2"

  • "GOV"

  • "GOVUS"

  • "PREVIEW"

  • "ZPATWO"

control_rule_json

string

The control rule in JSON format that has the conditions and type of control for the AppProtection control.

control_type

string

The control type of the custom control.

Choices:

  • "WEBSOCKET_PREDEFINED"

  • "WEBSOCKET_CUSTOM"

  • "THREATLABZ"

  • "CUSTOM"

  • "PREDEFINED"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

default_action

string

The performed action.

Choices:

  • "PASS"

  • "BLOCK"

  • "REDIRECT"

default_action_value

string

Used to provide the redirect URL if the default action is set to REDIRECT.

description

string

The description of the custom control.

id

string

The unique identifier of the custom control.

name

string / required

The name of the custom control.

paranoia_level

string

The OWASP Predefined Paranoia Level.

Choices:

  • "1"

  • "2"

  • "3"

  • "4"

protocol_type

string

The protocol type of the custom control.

Choices:

  • "HTTP"

  • "HTTPS"

  • "FTP"

  • "RDP"

  • "SSH"

  • "WEBSOCKET"

  • "VNC"

provider

dictionary

A dict object containing authentication details.

client_id

string

The ZPA API client ID generated from the ZPA console.

client_secret

string

The ZPA API client secret generated from the ZPA console.

cloud

string

The ZPA cloud provisioned for your organization.

Choices:

  • "PRODUCTION"

  • "BETA"

  • "QA"

  • "QA2"

  • "GOV"

  • "GOVUS"

  • "PREVIEW"

  • "ZPATWO"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

rules

list / elements=dictionary

The rules of the custom controls applied as conditions

conditions

list / elements=dictionary

The conditions of the AppProtection rule

lhs

string

The key for the object type

Choices:

  • "SIZE"

  • "VALUE"

op

string

The operation type

Choices:

  • "RX"

  • "CONTAINS"

  • "STARTS_WITH"

  • "ENDS_WITH"

  • "EQ"

  • "LE"

  • "GE"

rhs

string

The value for the given object type. Its value depends upon the key.

names

list / elements=string

The names of the AppProtection rule

type

string

The type of the AppProtection rule.

Choices:

  • "REQUEST_HEADERS"

  • "REQUEST_URI"

  • "QUERY_STRING"

  • "REQUEST_COOKIES"

  • "REQUEST_METHOD"

  • "REQUEST_BODY"

  • "RESPONSE_HEADERS"

  • "RESPONSE_BODY"

  • "WS_MAX_PAYLOAD_SIZE"

  • "WS_MAX_FRAGMENT_PER_MESSAGE"

severity

string

The severity of the AppProtection control number.

Choices:

  • "CRITICAL"

  • "ERROR"

  • "WARNING"

  • "INFO"

state

string

The state.

Choices:

  • "present" ← (default)

  • "absent"

type

string

The rules to be applied to the request or response type.

Choices:

  • "REQUEST"

  • "RESPONSE"

Notes

Note

  • Check mode is supported.

Examples

- name: Create App Protection Custom Control
  zscaler.zpacloud.zpa_app_protection_custom_controls:
    provider: "{{ zpa_cloud }}"
    name: "Example_App_Protection_Custom_Control"
    description: "Example_App_Protection_Custom_Control"
    action: "PASS"
    default_action: PASS
    paranoia_level: "2"
    severity: "CRITICAL"
    type: "REQUEST"
    protocol_type: "HTTP"
    rules:
      - conditions:
          - lhs: VALUE
            op: RX
            rhs: "test"
          - lhs: SIZE
            op: EQ
            rhs: "1000"
        names:
          - example1
          - example2
          - example3
        type: REQUEST_HEADERS

      - conditions:
          - lhs: VALUE
            op: RX
            rhs: "test"
          - lhs: SIZE
            op: LE
            rhs: "1000"
        names:
          - example1
          - example2
          - example3
        type: REQUEST_COOKIES

      - conditions:
          - lhs: SIZE
            op: EQ
            rhs: "1000"
          - lhs: VALUE
            op: CONTAINS
            rhs: "test-ansible"
        type: REQUEST_URI

      - conditions:
          - lhs: SIZE
            op: EQ
            rhs: "1000"
          - lhs: VALUE
            op: STARTS_WITH
            rhs: "test-ansible"
        type: QUERY_STRING

Authors

  • William Guilherme (@willguibr)