zscaler.zpacloud.zpa_application_segment_browser_access module – Create a Browser Access Application Segment.

Note

This module is part of the zscaler.zpacloud collection (version 1.1.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.zpacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.zpacloud.zpa_application_segment_browser_access.

New in zscaler.zpacloud 1.0.0

Synopsis

  • This module create/update/delete a Browser Access Application Segment in the ZPA Cloud.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

bypass_type

string

Indicates whether users can bypass ZPA to access applications.

Choices:

  • "ALWAYS"

  • "NEVER"

  • "ON_NET"

client_id

string

The ZPA API client ID generated from the ZPA console.

client_secret

string

The ZPA API client secret generated from the ZPA console.

clientless_app_ids

list / elements=dictionary / required

allow_options

boolean

Whether the options are enabled for the Browser Access application or not

Choices:

  • false ← (default)

  • true

application_port

string

The port for the Browser Access application.

application_protocol

string

The protocol for the Browser Access application.

Choices:

  • "HTTP"

  • "HTTPS"

certificate_id

string

The unique identifier of the Browser Access certificate.

cname

string

The canonical name (CNAME DNS records) of the Browser Access application.

description

string

The description of the Browser Access application

domain

string

The domain of the Browser Access application.

enabled

boolean

Whether the Browser Access application is enabled or not.

Choices:

  • false

  • true ← (default)

name

string

The name of the Browser Access application

trust_untrusted_cert

boolean

Whether the use of untrusted certificates is enabled or disabled for the Browser Access application

Choices:

  • false ← (default)

  • true

cloud

string

The ZPA cloud provisioned for your organization.

Choices:

  • "PRODUCTION"

  • "BETA"

  • "QA"

  • "QA2"

  • "GOV"

  • "GOVUS"

  • "PREVIEW"

  • "ZPATWO"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

description

string

Description of the application.

domain_names

list / elements=string / required

List of domains and IPs.

double_encrypt

boolean

Whether Double Encryption is enabled or disabled for the app.

Choices:

  • false ← (default)

  • true

enabled

boolean

Whether this application is enabled or not.

Choices:

  • false

  • true ← (default)

health_check_type

string

Whether the health check is enabled (DEFAULT) or disabled (NONE) for the application

Choices:

  • "DEFAULT" ← (default)

  • "NONE"

health_reporting

string

Whether health reporting for the app is Continuous or On Access. Supported values: NONE, ON_ACCESS, CONTINUOUS.

Choices:

  • "NONE" ← (default)

  • "ON_ACCESS"

  • "CONTINUOUS"

icmp_access_type

boolean

Indicates the ICMP access type.

Choices:

  • false

  • true ← (default)

id

string

Unique ID.

inspect_traffic_with_zia

boolean

Indicates if Inspect Traffic with ZIA is enabled for the application

When enabled, this leverages a single posture for securing internet/SaaS and private applications

and applies Data Loss Prevention policies to the application segment you are creating

Choices:

  • false ← (default)

  • true

ip_anchored

boolean

Whether Source IP Anchoring for use with ZIA is enabled or disabled for the application

Choices:

  • false ← (default)

  • true

is_cname_enabled

boolean

Indicates if the Zscaler Client Connector (formerly Zscaler App or Z App) receives CNAME DNS records from the connectors.

Choices:

  • false

  • true ← (default)

is_incomplete_dr_config

boolean

Indicates whether or not the disaster recovery configuration is incomplete

Choices:

  • false ← (default)

  • true

name

string / required

Name of the application.

passive_health_enabled

boolean

passive health enabled.

Choices:

  • false

  • true ← (default)

provider

dictionary

A dict object containing authentication details.

client_id

string

The ZPA API client ID generated from the ZPA console.

client_secret

string

The ZPA API client secret generated from the ZPA console.

cloud

string

The ZPA cloud provisioned for your organization.

Choices:

  • "PRODUCTION"

  • "BETA"

  • "QA"

  • "QA2"

  • "GOV"

  • "GOVUS"

  • "PREVIEW"

  • "ZPATWO"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

segment_group_id

string / required

segment group id.

select_connector_close_to_app

boolean

Whether the App Connector is closest to the application (True) or closest to the user (False).

Choices:

  • false ← (default)

  • true

server_group_ids

list / elements=string / required

List of the server group IDs.

state

string

The state.

Choices:

  • "present" ← (default)

  • "absent"

tcp_keep_alive

boolean

Indicates whether TCP communication sockets are enabled or disabled.

Choices:

  • false ← (default)

  • true

tcp_port_range

list / elements=dictionary

The TCP port ranges used to access the application

from

string

The starting port for a port range

to

string

The ending port for a port range

udp_port_range

list / elements=dictionary

The UDP port ranges used to access the application

from

string

The starting port for a port range

to

string

The ending port for a port range

use_in_dr_mode

boolean

Whether or not the application resource is designated for disaster recovery

Choices:

  • false ← (default)

  • true

Examples

- name: Create an app segment
  zscaler.zpacloud.zpa_application_segment_browser_access:
    provider: "{{ zpa_cloud }}"
    name: Example Application
    description: Example Application Test
    enabled: true
    health_reporting: ON_ACCESS
    bypass_type: NEVER
    clientless_app_ids:
      - name: "crm.example.com"
        application_protocol: "HTTP"
        application_port: "8080"
        certificate_id: "216196257331282583"
        trust_untrusted_cert: true
        enabled: true
        domain: "crm.example.com"
      - name: "crm2.example.com"
        application_protocol: "HTTP"
        application_port: "8082"
        certificate_id: "216196257331282583"
        trust_untrusted_cert: true
        enabled: true
        domain: "crm.example.com"
    is_cname_enabled: true
    tcp_port_range:
      - from: "80"
        to: "80"
    domain_names:
      - crm.example.com
    segment_group_id: "216196257331291896"
    server_group_ids:
      - "216196257331291969"

Authors

  • William Guilherme (@willguibr)