zscaler.zpacloud.zpa_ba_certificate_info module – Retrieves browser access certificate information.

Note

This module is part of the zscaler.zpacloud collection (version 2.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.zpacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.zpacloud.zpa_ba_certificate_info.

New in zscaler.zpacloud 1.0.0

Synopsis

  • This module will allow the retrieval of information about a browser access certificate.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

id

string

ID of the browser certificate.

microtenant_id

string

The unique identifier of the Microtenant for the ZPA tenant

name

string

Name of the browser certificate.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

provider

dictionary

A dict containing authentication credentials.

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

Notes

Note

  • Check mode is not supported.

Examples

- name: Gather Details of All Browser Certificates
  zscaler.zpacloud.zpa_ba_certificate_info:
    provider: "{{ zpa_cloud }}"

- name: Gather Details of a Specific Browser Certificates by Name
  zscaler.zpacloud.zpa_ba_certificate_info:
    provider: "{{ zpa_cloud }}"
    name: crm.acme.com

- name: Gather Details of a Specific Browser Certificates by ID
  zscaler.zpacloud.zpa_ba_certificate_info:
    provider: "{{ zpa_cloud }}"
    id: "216196257331282583"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

certificates

list / elements=dictionary

Details of the Browser Access certificates.

Returned: always

c_name

string

The common name (CN) of the Browser Access certificate.

Returned: always

Sample: "sales.bd-hashicorp.com"

certificate

string

The full certificate in PEM format.

Returned: always

Sample: "-----BEGIN CERTIFICATE-----\nMIIF0DCCBLi\n...\n-----END CERTIFICATE-----\n"

creation_time

string

The time when the certificate was created, in epoch format.

Returned: always

Sample: "1693026759"

description

string

The description of the Browser Access certificate.

Returned: always

Sample: "sales.bd-hashicorp.com"

id

string

The unique identifier of the Browser Access certificate.

Returned: always

Sample: "216199618143247244"

issued_by

string

The issuer of the certificate.

Returned: always

Sample: "CN=acme-VCD126-SRV01-CA,DC=acme,DC=com"

issued_to

string

The entity to which the certificate was issued.

Returned: always

Sample: "CN=sales.bd-hashicorp.com,OU=ITDepartment,O=BD-HashiCorp,L=SanJose,ST=CA,C=US"

microtenant_name

string

The name of the microtenant associated with the certificate.

Returned: always

Sample: "Default"

modified_by

string

The ID of the user who last modified the certificate.

Returned: always

Sample: "216199618143191041"

modified_time

string

The time when the certificate was last modified, in epoch format.

Returned: always

Sample: "1693027973"

name

string

The name of the Browser Access certificate.

Returned: always

Sample: "sales.bd-hashicorp.com"

public_key

string

The public key associated with the certificate in PEM format.

Returned: always

Sample: "-----BEGIN PUBLIC KEY-----\nMIIBIj\n...\n-----END PUBLIC KEY-----\n"

san

list / elements=string

A list of Subject Alternative Names (SANs) associated with the certificate.

Returned: always

Sample: ["sales.acme.com"]

serial_no

string

The serial number of the certificate.

Returned: always

Sample: "735924591743318636302144604206618292491649060"

valid_from_in_epoch_sec

string

The start of the certificate validity period in epoch seconds.

Returned: always

Sample: "1693027293"

valid_to_in_epoch_sec

string

The end of the certificate validity period in epoch seconds.

Returned: always

Sample: "1756099293"

Authors

  • William Guilherme (@willguibr)