zscaler.zpacloud.zpa_cloud_browser_isolation_profile_info module – Retrieve CBI Profile.

Note

This module is part of the zscaler.zpacloud collection (version 2.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.zpacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.zpacloud.zpa_cloud_browser_isolation_profile_info.

New in zscaler.zpacloud 2.0.0

Synopsis

  • This module will allow the retrieval of CBI Profile.

Requirements

The below requirements are needed on the host that executes this module.

Parameters

Parameter

Comments

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

id

string

ID of the server group.

microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

name

string

Name of the server group.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

provider

dictionary

A dict containing authentication credentials.

client_id

string

The client ID for OAuth2 authentication.

Required for OneAPI client authentication when use_legacy_client=false.

client_secret

string

The client secret for OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using private_key.

cloud

string

The ZPA cloud provisioned for your organization.

Used for OneAPI client authentication when use_legacy_client=false.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for OneAPI client authentication when use_legacy_client=false.

private_key

string

The private key for JWT-based OAuth2 authentication.

Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

use_legacy_client

boolean

Whether to use the legacy Zscaler API client.

When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication.

When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication.

Choices:

  • false ← (default)

  • true

vanity_domain

string

The vanity domain provisioned by Zscaler for OAuth2 flows.

Required for OneAPI client authentication when use_legacy_client=false.

zpa_client_id

string

The ZPA API client ID generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_client_secret

string

The ZPA API client secret generated from the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_cloud

string

The ZPA cloud provisioned for your organization.

Required for legacy client authentication when use_legacy_client=true.

Choices:

  • "BETA"

  • "GOV"

  • "GOVUS"

  • "PRODUCTION"

  • "QA"

  • "QA2"

  • "PREVIEW"

  • "beta"

  • "production"

zpa_customer_id

string

The ZPA tenant ID found in the Administration Company menu in the ZPA console.

Required for legacy client authentication when use_legacy_client=true.

zpa_microtenant_id

string

The ZPA Microtenant ID found in the Administration Company menu in the ZPA console.

Used for legacy client authentication when use_legacy_client=true.

Notes

Note

  • Check mode is not supported.

Examples

- name: Gather Information Details of All CBI Profiles
  zscaler.zpacloud.zpa_cloud_browser_isolation_profile_info:
    provider: "{{ zpa_cloud }}"

- name: Gather Information Details of an CBI Profile by Name
  zscaler.zpacloud.zpa_cloud_browser_isolation_profile_info:
    provider: "{{ zpa_cloud }}"
    name: Example CBI Profile

- name: Gather Information Details of an CBI Profile  by ID
  zscaler.zpacloud.zpa_cloud_browser_isolation_profile_info:
    provider: "{{ zpa_cloud }}"
    id: "70132442-25f8-44eb-a5bb-caeaac67c201"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

changed

boolean

Indicates if any changes were made.

Returned: always

Sample: false

failed

boolean

Indicates if the operation failed.

Returned: always

Sample: false

profiles

list / elements=dictionary

A list of CBI Browser Isolation Profiles including their security settings, regions, and associated certificate references.

Returned: always

certificate_ids

list / elements=string

A list of associated certificate IDs.

Returned: success

Sample: []

certificates

list / elements=dictionary

A list of certificate objects (if expanded by API).

Returned: success

Sample: []

id

string

The unique identifier of the isolation profile.

Returned: success

Sample: "412da7e7-fa92-4fd3-ab74-c8bb6b3eb41c"

is_default

boolean

Indicates whether this is the default isolation profile.

Returned: success

Sample: false

name

string

The name of the isolation profile.

Returned: success

Sample: "CBI_Profile_Example"

region_ids

list / elements=string

A list of region IDs where this profile applies.

Returned: success

Sample: []

regions

list / elements=dictionary

List of region objects assigned to this profile.

Returned: success

id

string

The region ID.

Returned: success

Sample: "50d8666d-ccfb-4127-a5b4-8f3b1f1c7613"

name

string

The human-readable name of the region.

Returned: success

Sample: "Portland Oregon"

security_controls

dictionary

Security control settings applied within the isolation session.

Returned: success

allow_printing

boolean

Whether printing is allowed.

Returned: success

Sample: true

camera_and_mic

boolean

Whether camera and microphone are enabled (if present).

Returned: success

Sample: false

copy_paste

string

Controls copy-paste capability.

Returned: success

Sample: "all"

dictionary

Settings for deep linking specific apps.

Returned: success

list / elements=string

List of allowed deep link app names.

Returned: success

Sample: ["test01"]

boolean

Whether deep linking is enabled.

Returned: success

Sample: true

document_viewer

boolean

Whether the document viewer is enabled.

Returned: success

Sample: true

flattened_pdf

boolean

Whether PDFs are flattened before rendering.

Returned: success

Sample: false

local_render

boolean

Whether local rendering is enabled.

Returned: success

Sample: true

restrict_keystrokes

boolean

Whether keystroke input is restricted.

Returned: success

Sample: false

upload_download

string

Upload/download access policy.

Returned: success

Sample: "all"

watermark

dictionary

Watermark configuration for the session.

Returned: success

enabled

boolean

Whether watermarking is enabled.

Returned: success

Sample: true

message

string

The custom watermark message (if any).

Returned: success

Sample: "test"

show_message

boolean

Whether the message is displayed in the watermark.

Returned: success

Sample: true

show_timestamp

boolean

Whether to show a timestamp in the watermark.

Returned: success

Sample: true

show_user_id

boolean

Whether the user ID appears in the watermark.

Returned: success

Sample: true

Authors

  • William Guilherme (@willguibr)