zscaler.zpacloud.zpa_app_protection_security_profile module – Create, update, or delete Zscaler Private Access (ZPA) app protection security profile.

Note

This module is part of the zscaler.zpacloud collection (version 1.4.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.zpacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.zpacloud.zpa_app_protection_security_profile.

New in zscaler.zpacloud 1.0.0

Synopsis 

This Ansible module enables you to manage Zscaler Private Access (ZPA) app protection security profile in the ZPA Cloud.
You can use this module to create new app protection security profile, update existing ones, or delete app protection security profile as needed.

Requirements 

The below requirements are needed on the host that executes this module.

Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/

Parameters 

Parameter	Comments
check_control_deployment_status boolean	Check control deployment status. Choices: `false` `true`
client_id string	The ZPA API client ID generated from the ZPA console.
client_secret string	The ZPA API client secret generated from the ZPA console.
cloud string	The ZPA cloud provisioned for your organization. Choices: `"PRODUCTION"` `"BETA"` `"QA"` `"QA2"` `"GOV"` `"GOVUS"` `"PREVIEW"` `"ZPATWO"`
controls_facts list / elements=dictionary	Information about controls.
control_type string	The control type. Choices: `"WEBSOCKET_PREDEFINED"` `"WEBSOCKET_CUSTOM"` `"THREATLABZ"` `"CUSTOM"` `"PREDEFINED"`
count string	The control count.
custom_controls list / elements=dictionary	Custom controls.
action string	The control action. Choices: `"PASS"` `"BLOCK"` `"REDIRECT"`
action_value string	The control action value.
associated_inspection_profile_names list / elements=dictionary	Names of associated inspection profiles.
id string	The inspection profile ID.
name string	The inspection profile name.
control_number string	The control number.
control_rule_json string	The control rule JSON.
control_type string	The control type. Choices: `"WEBSOCKET_PREDEFINED"` `"WEBSOCKET_CUSTOM"` `"THREATLABZ"` `"CUSTOM"` `"PREDEFINED"`
default_action string	The default control action. Choices: `"PASS"` `"BLOCK"` `"REDIRECT"`
default_action_value string	The default action value.
description string	The control description.
id string	The control ID.
name string	The control name.
paranoia_level string	The OWASP Predefined Paranoia Level.
protocol_type string	The protocol type. Choices: `"HTTP"` `"HTTPS"` `"FTP"` `"RDP"` `"SSH"` `"WEBSOCKET"` `"VNC"` `"NONE"`
rules list / elements=dictionary	Control rules.
conditions list / elements=dictionary	Rule conditions.
lhs string	The left-hand side of the condition. Choices: `"SIZE"` `"VALUE"`
op string	The operator for the condition. Choices: `"RX"` `"CONTAINS"` `"STARTS_WITH"` `"ENDS_WITH"` `"EQ"` `"LE"` `"GE"`
rhs string	The right-hand side of the condition.
names list / elements=string	Control rule names.
type string	Control rule type. Choices: `"REQUEST_HEADERS"` `"REQUEST_URI"` `"QUERY_STRING"` `"REQUEST_COOKIES"` `"REQUEST_METHOD"` `"REQUEST_BODY"` `"RESPONSE_HEADERS"` `"RESPONSE_BODY"` `"WS_MAX_PAYLOAD_SIZE"` `"WS_MAX_FRAGMENT_PER_MESSAGE"`
severity string	The control severity. Choices: `"CRITICAL"` `"ERROR"` `"WARNING"` `"INFO"`
type string	The control type. Choices: `"REQUEST"` `"RESPONSE"`
version string	The control version.
customer_id string	The ZPA tenant ID found in the Administration Company menu in the ZPA console.
description string	A description of the app protection security profile.
global_control_actions list / elements=string	A list of global control actions.
id string	The unique identifier of the security profile.
incarnation_number string	The incarnation number of the profile.
name string / required	The name of the app protection security profile.
paranoia_level string	The OWASP Predefined Paranoia Level.
predef_controls_version string	The version of predefined controls.
predefined_controls list / elements=dictionary	Predefined controls.
action string	The control action. Choices: `"PASS"` `"BLOCK"` `"REDIRECT"`
action_value string	The control action value.
associated_inspection_profile_names list / elements=dictionary	Names of associated inspection profiles.
id string	The inspection profile ID.
name string	The inspection profile name.
attachment string	The control attachment.
control_group string	The control group.
control_number string	The control number.
control_type string	The control type. Choices: `"WEBSOCKET_PREDEFINED"` `"WEBSOCKET_CUSTOM"` `"THREATLABZ"` `"CUSTOM"` `"PREDEFINED"`
default_action string	The default control action. Choices: `"PASS"` `"BLOCK"` `"REDIRECT"`
default_action_value string	The default action value.
description string	The control description.
name string	The control name.
paranoia_level string	The OWASP Predefined Paranoia Level.
protocol_type string	The protocol type. Choices: `"HTTP"` `"HTTPS"` `"FTP"` `"RDP"` `"SSH"` `"WEBSOCKET"`
severity string	The control severity. Choices: `"CRITICAL"` `"ERROR"` `"WARNING"` `"INFO"`
version string	The control version.
provider dictionary	A dict object containing authentication details.
client_id string	The ZPA API client ID generated from the ZPA console.
client_secret string	The ZPA API client secret generated from the ZPA console.
cloud string	The ZPA cloud provisioned for your organization. Choices: `"PRODUCTION"` `"BETA"` `"QA"` `"QA2"` `"GOV"` `"GOVUS"` `"PREVIEW"` `"ZPATWO"`
customer_id string	The ZPA tenant ID found in the Administration Company menu in the ZPA console.
state string	The state. Choices: `"present"` ← (default) `"absent"`
threatlabz_controls list / elements=dictionary	ThreatLabZ controls.
action string	The control action. Choices: `"PASS"` `"BLOCK"` `"REDIRECT"`
action_value string	The control action value.
associated_customers list / elements=dictionary	Associated customers.
customer_id string	The customer ID.
exclude_constellation boolean	Exclude constellation. Choices: `false` `true`
is_partner boolean	Is partner. Choices: `false` `true`
name string	The customer name.
associated_inspection_profile_names list / elements=dictionary	Names of associated inspection profiles.
id string	The inspection profile ID.
name string	The inspection profile name.
attachment string	The control attachment.
control_group string	The control group.
control_number string	The control number.
control_type string	The control type. Choices: `"WEBSOCKET_PREDEFINED"` `"WEBSOCKET_CUSTOM"` `"THREATLABZ"` `"CUSTOM"` `"PREDEFINED"`
default_action string	The default control action. Choices: `"PASS"` `"BLOCK"` `"REDIRECT"`
default_action_value string	The default action value.
description string	The control description.
enabled boolean	Is the control enabled. Choices: `false` `true`
engine_version string	The engine version.
id string	The control ID.
last_deployment_time string	The last deployment time.
name string	The control name.
paranoia_level string	The OWASP Predefined Paranoia Level.
rule_deployment_state string	The rule deployment state. Choices: `"NEW"` `"IN_PROGRESS"` `"COMPLETED"`
rule_metadata string	The rule metadata.
rule_processor string	The rule processor.
ruleset_name string	The ruleset name.
ruleset_version string	The ruleset version.
severity string	The control severity. Choices: `"CRITICAL"` `"ERROR"` `"WARNING"` `"INFO"`
version string	The control version.
zscaler_facts_url string	The Zscaler info URL.
websocket_controls list / elements=dictionary	WebSocket controls.
action string	The control action. Choices: `"PASS"` `"BLOCK"` `"REDIRECT"`
action_value string	The control action value.
associated_inspection_profile_names list / elements=dictionary	Names of associated inspection profiles.
id string	The inspection profile ID.
name string	The inspection profile name.
control_number string	The control number.
control_type string	The control type. Choices: `"WEBSOCKET_PREDEFINED"` `"WEBSOCKET_CUSTOM"` `"THREATLABZ"` `"CUSTOM"` `"PREDEFINED"`
default_action string	The default control action. Choices: `"PASS"` `"BLOCK"` `"REDIRECT"`
default_action_value string	The default action value.
description string	The control description.
id string	The control ID.
name string	The control name.
paranoia_level string	The OWASP Predefined Paranoia Level.
severity string	The control severity. Choices: `"CRITICAL"` `"ERROR"` `"WARNING"` `"INFO"`
version string	The control version.
zs_defined_control_choice string	Indicates the user’s choice for the ThreatLabZ Controls. Supported values - ALL: Zscaler handles the ThreatLabZ Controls for the AppProtection profile - SPECIFIC: User handles the ThreatLabZ Controls for the AppProtection profile Choices: `"ALL"` `"SPECIFIC"`

Notes 

Note

Check mode is supported.

Examples 

- name: Create an App Protection Security Profile
  zscaler.zpacloud.zpa_app_protection_security_profile:
      provider: "{{ zpa_cloud }}"
      name: "Example_App_Protection_Security_Profile"
      description: "Example_App_Protection_Security_Profile"
      paranoia_level: "4"
      check_control_deployment_status: true
      predef_controls_version: "OWASP_CRS/3.3.0"
      zs_defined_control_choice: ALL
      predefined_controls: "{{ result.data[0].id }}"
      global_control_actions:
          - "PREDEFINED:NONE"
          - "CUSTOM:NONE"
          - "WEBSOCKET:NONE"
          - "THREATLABZ:NONE"
          - "OVERRIDE_ACTION:NONE"
      controls_facts:
          - control_type: "THREATLABZ"
            count: "23"
          - control_type: "WEBSOCKET_PREDEFINED"
            count: "11"

Authors

William Guilherme (@willguibr)

zscaler.zpacloud.zpa_app_protection_security_profile module – Create, update, or delete Zscaler Private Access (ZPA) app protection security profile.

Synopsis

Requirements

Parameters

Notes

Examples