zscaler.zpacloud.zpa_browser_protection_info module – Retrieves Browser Protection Profile information.

Note

This module is part of the zscaler.zpacloud collection (version 2.1.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.zpacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.zpacloud.zpa_browser_protection_info.

New in zscaler.zpacloud 1.0.0

Synopsis

  • This module will allow the retrieval of information about a Browser Protection Profile.

  • Browser Protection Profiles are used to configure browser fingerprinting and protection settings.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

name

string

The name of the Browser Protection Profile.

If not specified, returns the default/active browser protection profile.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

provider

dictionary

A dict containing authentication credentials.

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

Notes

Note

  • Check mode is not supported.

Examples

- name: Get Default/Active Browser Protection Profile
  zscaler.zpacloud.zpa_browser_protection_info:
    provider: "{{ zpa_cloud }}"

- name: Get Browser Protection Profile by Name
  zscaler.zpacloud.zpa_browser_protection_info:
    provider: "{{ zpa_cloud }}"
    name: "Zs Recommended profile"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

profile

dictionary

A dictionary containing details about the Browser Protection Profile.

Returned: always

creation_time

string

The creation time of the profile.

Returned: success

Sample: "1632150400"

criteria

list / elements=dictionary

The criteria configuration for browser protection.

Returned: success

finger_print_criteria

list / elements=dictionary

Fingerprint criteria configuration.

Returned: success

browser

list / elements=dictionary

Browser fingerprinting settings.

Returned: success

browser_eng

boolean

Collect browser engine information.

Returned: success

Sample: true

browser_eng_ver

boolean

Collect browser engine version.

Returned: success

Sample: true

browser_name

boolean

Collect browser name.

Returned: success

Sample: true

browser_version

boolean

Collect browser version.

Returned: success

Sample: true

canvas

boolean

Collect canvas fingerprinting data.

Returned: success

Sample: true

flash_ver

boolean

Collect Flash version.

Returned: success

Sample: false

fp_usr_agent_str

boolean

Collect user agent string.

Returned: success

Sample: true

boolean

Check for cookie support.

Returned: success

Sample: true

is_local_storage

boolean

Check for local storage support.

Returned: success

Sample: true

is_sess_storage

boolean

Check for session storage support.

Returned: success

Sample: true

ja3

boolean

Collect JA3 fingerprint.

Returned: success

Sample: true

mime

boolean

Collect MIME type information.

Returned: success

Sample: true

plugin

boolean

Collect plugin information.

Returned: success

Sample: true

silverlight_ver

boolean

Collect Silverlight version.

Returned: success

Sample: false

collect_location

boolean

Whether to collect location information.

Returned: success

Sample: true

fingerprint_timeout

string

Timeout in seconds for fingerprint collection.

Returned: success

Sample: "30"

location

list / elements=dictionary

Location collection settings.

Returned: success

lat

boolean

Collect latitude.

Returned: success

Sample: true

lon

boolean

Collect longitude.

Returned: success

Sample: true

system

list / elements=dictionary

System fingerprinting settings.

Returned: success

avail_screen_resolution

boolean

Collect available screen resolution.

Returned: success

Sample: true

cpu_arch

boolean

Collect CPU architecture.

Returned: success

Sample: true

curr_screen_resolution

boolean

Collect current screen resolution.

Returned: success

Sample: true

font

boolean

Collect font information.

Returned: success

Sample: true

java_ver

boolean

Collect Java version.

Returned: success

Sample: false

mobile_dev_type

boolean

Collect mobile device type.

Returned: success

Sample: true

monitor_mobile

boolean

Monitor mobile devices.

Returned: success

Sample: true

os_name

boolean

Collect operating system name.

Returned: success

Sample: true

os_version

boolean

Collect operating system version.

Returned: success

Sample: true

sys_lang

boolean

Collect system language.

Returned: success

Sample: true

tz

boolean

Collect timezone information.

Returned: success

Sample: true

usr_lang

boolean

Collect user language.

Returned: success

Sample: true

criteria_flags_mask

string

The criteria flags mask used for browser protection matching.

Returned: success

Sample: "65535"

default_csp

boolean

Whether to use the default Content Security Policy.

Returned: success

Sample: true

description

string

Additional information about the Browser Protection Profile.

Returned: success

Sample: "Default recommended browser protection profile"

id

string

The unique identifier of the Browser Protection Profile.

Returned: success

Sample: "216199618143442006"

modified_by

string

The ID of the user who last modified the profile.

Returned: success

Sample: "216199618143442000"

modified_time

string

The last modification time of the profile.

Returned: success

Sample: "1632150400"

name

string

The name of the Browser Protection Profile.

Returned: success

Sample: "Zs Recommended profile"

Authors

  • William Guilherme (@willguibr)