zscaler.zpacloud.zpa_app_protection_predefined_control_info module – Retrieves App Protection Predefined Control information.

Note

This module is part of the zscaler.zpacloud collection (version 2.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.zpacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.zpacloud.zpa_app_protection_predefined_control_info.

New in zscaler.zpacloud 1.0.0

Synopsis

  • This module will allow the retrieval of information about an App Protection Predefined Control from the ZPA Cloud.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

control_group

string

The predefined control version.

Choices:

  • "Anomalies"

  • "IIS Information Leakage"

  • "Deserialization Issues"

  • "Session Fixation"

  • "SQL Injection"

  • "XSS"

  • "PHP Injection"

  • "Remote Code Execution"

  • "Remote file inclusion"

  • "Local File Inclusion"

  • "Request smuggling or Response split or Header injection"

  • "Environment and port scanners"

  • "Preprocessors"

  • "Internal Error"

  • "Protocol Issues"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

id

string

The unique identifier of the predefined control.

microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

name

string

Name of the App Protection predefined control.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

provider

dictionary

A dict containing authentication credentials.

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

version

string / required

The predefined control version.

Choices:

  • "OWASP_CRS/4.8.0"

  • "OWASP_CRS/3.3.5"

  • "OWASP_CRS/3.3.0"

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

Notes

Note

  • Check mode is not supported.

Examples

- name: Get Details of All App Protection Predefined Control
  zscaler.zpacloud.zpa_app_protection_predefined_control_info:
    provider: "{{ zpa_cloud }}"

- name: Get Details of a Specific App Predefined Control by Name
  zscaler.zpacloud.zpa_app_protection_predefined_control_info:
    provider: "{{ zpa_cloud }}"
    name: Example

- name: Get Details of a specific App Predefined Control by ID
  zscaler.zpacloud.zpa_app_protection_predefined_control_info:
    provider: "{{ zpa_cloud }}"
    id: "216196257331282583"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

controls

list / elements=dictionary

A list of dictionaries containing details about the App Protection Predefined Controls.

Returned: always

control_group

string

The group to which the control belongs (e.g., Protocol Issues).

Returned: success

Sample: "Protocol Issues"

default_group

boolean

Indicates if this is a default control group.

Returned: success

Sample: false

predefined_inspection_controls

list / elements=dictionary

A list of predefined inspection controls under the control group.

Returned: success

associated_inspection_profile_names

list / elements=dictionary

A list of associated inspection profile names that use this control.

Returned: success

id

string

The unique identifier of the inspection profile.

Returned: success

Sample: "216199618143270390"

name

string

The name of the inspection profile.

Returned: success

Sample: "BD_SA_Profile1"

control_number

string

The control number.

Returned: success

Sample: "200002"

control_type

string

The type of control (e.g., PREDEFINED).

Returned: success

Sample: "PREDEFINED"

creation_time

string

The timestamp when the control was created.

Returned: success

Sample: "1631459708"

default_action

string

The default action for this control.

Returned: success

Sample: "BLOCK"

description

string

A brief description of the predefined control.

Returned: success

Sample: "Failed to parse request body"

id

string

The unique identifier of the predefined control.

Returned: success

Sample: "72057594037930388"

modified_time

string

The timestamp when the control was last modified.

Returned: success

Sample: "1631459708"

name

string

The name of the predefined control.

Returned: success

Sample: "Failed to parse request body"

paranoia_level

string

The paranoia level associated with the control.

Returned: success

Sample: "1"

protocol_type

string

The protocol type associated with the control.

Returned: success

Sample: "HTTP"

severity

string

The severity level of the control.

Returned: success

Sample: "CRITICAL"

version

string

The version of the control.

Returned: success

Sample: "OWASP_CRS/3.3.0"

Authors

  • William Guilherme (@willguibr)