zscaler.zpacloud.zpa_policy_access_redirection_rule_v2 module – Manage ZPA Access Redirection Policy Rules

Note

This module is part of the zscaler.zpacloud collection (version 2.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.zpacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.zpacloud.zpa_policy_access_redirection_rule_v2.

New in zscaler.zpacloud 2.0.0

Synopsis 

Create, update, or delete a ZPA Access Redirection Policy Rule.
These rules determine how users are redirected to specific service edge groups based on identity, geography, or client type.

Requirements 

The below requirements are needed on the host that executes this module.

Zscaler SDK Python (https://pypi.org/project/zscaler-sdk-python/)

Parameters 

Parameter	Comments
action string	The redirection action to apply when the rule conditions match. Choices: `"REDIRECT_DEFAULT"` `"REDIRECT_PREFERRED"` `"REDIRECT_ALWAYS"`
client_id string	The client ID for OAuth2 authentication. Required for OneAPI client authentication when use_legacy_client=false.
client_secret string	The client secret for OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using private_key.
cloud string	The ZPA cloud provisioned for your organization. Used for OneAPI client authentication when use_legacy_client=false. Choices: `"BETA"` `"GOV"` `"GOVUS"` `"PRODUCTION"` `"QA"` `"QA2"` `"PREVIEW"` `"beta"` `"production"`
conditions list / elements=dictionary	Defines the match conditions under which the redirection rule is applied.
operands list / elements=dictionary	List of operand objects used to evaluate the condition.
entry_values dictionary	A dictionary of left-hand side (lhs) and right-hand side (rhs) values used for advanced condition matching.
lhs string	Left-hand-side value used in operand evaluation.
rhs string	Right-hand-side value used in operand evaluation.
object_type string	The type of object to match. Choices: `"CLIENT_TYPE"` `"COUNTRY_CODE"` `"SAML"` `"SCIM"`
values list / elements=string	A list of string values to match for the operand.
operator string	Logical operator used to combine multiple operands. Choices: `"AND"` `"OR"`
customer_id string	The ZPA tenant ID found in the Administration Company menu in the ZPA console. Used for OneAPI client authentication when use_legacy_client=false.
description string	A description of the redirection rule.
id string	The unique identifier of the redirection policy rule.
microtenant_id string	The identifier of the microtenant associated with the rule.
name string / required	The name of the redirection rule.
private_key string	The private key for JWT-based OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.
provider dictionary	A dict containing authentication credentials.
client_id string	The client ID for OAuth2 authentication. Required for OneAPI client authentication when use_legacy_client=false.
client_secret string	The client secret for OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using private_key.
cloud string	The ZPA cloud provisioned for your organization. Used for OneAPI client authentication when use_legacy_client=false. Choices: `"BETA"` `"GOV"` `"GOVUS"` `"PRODUCTION"` `"QA"` `"QA2"` `"PREVIEW"` `"beta"` `"production"`
customer_id string	The ZPA tenant ID found in the Administration Company menu in the ZPA console. Used for OneAPI client authentication when use_legacy_client=false.
microtenant_id string	The ZPA Microtenant ID found in the Administration Company menu in the ZPA console. Used for OneAPI client authentication when use_legacy_client=false.
private_key string	The private key for JWT-based OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.
use_legacy_client boolean	Whether to use the legacy Zscaler API client. When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication. When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication. Choices: `false` ← (default) `true`
vanity_domain string	The vanity domain provisioned by Zscaler for OAuth2 flows. Required for OneAPI client authentication when use_legacy_client=false.
zpa_client_id string	The ZPA API client ID generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_client_secret string	The ZPA API client secret generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_cloud string	The ZPA cloud provisioned for your organization. Required for legacy client authentication when use_legacy_client=true. Choices: `"BETA"` `"GOV"` `"GOVUS"` `"PRODUCTION"` `"QA"` `"QA2"` `"PREVIEW"` `"beta"` `"production"`
zpa_customer_id string	The ZPA tenant ID found in the Administration Company menu in the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_microtenant_id string	The ZPA Microtenant ID found in the Administration Company menu in the ZPA console. Used for legacy client authentication when use_legacy_client=true.
rule_order string	The evaluation order of the rule within the policy set.
service_edge_group_ids list / elements=string	A list of Service Edge Group IDs to redirect traffic to.
state string	Specifies the desired state of the resource. Choices: `"present"` ← (default) `"absent"`
use_legacy_client boolean	Whether to use the legacy Zscaler API client. When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication. When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication. Choices: `false` ← (default) `true`
vanity_domain string	The vanity domain provisioned by Zscaler for OAuth2 flows. Required for OneAPI client authentication when use_legacy_client=false.
zpa_client_id string	The ZPA API client ID generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_client_secret string	The ZPA API client secret generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_cloud string	The ZPA cloud provisioned for your organization. Required for legacy client authentication when use_legacy_client=true. Choices: `"BETA"` `"GOV"` `"GOVUS"` `"PRODUCTION"` `"QA"` `"QA2"` `"PREVIEW"` `"beta"` `"production"`
zpa_customer_id string	The ZPA tenant ID found in the Administration Company menu in the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_microtenant_id string	The ZPA Microtenant ID found in the Administration Company menu in the ZPA console. Used for legacy client authentication when use_legacy_client=true.

Notes 

Note

Check mode is supported.

Examples 

- name: "Policy Isolation Rule - Example"
  zscaler.zpacloud.zpa_policy_access_isolation_rule:
    provider: "{{ zpa_cloud }}"
    name: "Policy Isolation Rule - Example"
    description: "Policy Isolation Rule - Example"
    action: "ISOLATE"
    rule_order: 1
    operator: "AND"
    zpn_isolation_profile_id: "216196257331286656"
    conditions:
      - operator: "OR"
        operands:
          - object_type: "APP"
            lhs: "id"
            rhs: "216196257331292105"
          - object_type: "APP_GROUP"
            lhs: "id"
            rhs: "216196257331292103"
      - operator: "OR"
        operands:
          - name:
            object_type: "CLIENT_TYPE"
            lhs: "id"
            rhs: "zpn_client_type_zapp"

Authors

William Guilherme (@willguibr)

zscaler.zpacloud.zpa_policy_access_redirection_rule_v2 module – Manage ZPA Access Redirection Policy Rules

Synopsis

Requirements

Parameters

Notes

Examples