zscaler.zpacloud.zpa_policy_access_timeout_rule module – Create a Policy Timeout Rule
Note
This module is part of the zscaler.zpacloud collection (version 2.0.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install zscaler.zpacloud.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: zscaler.zpacloud.zpa_policy_access_timeout_rule.
New in zscaler.zpacloud 1.0.0
Synopsis
This module create/update/delete a Policy Timeout Rule in the ZPA Cloud.
Requirements
The below requirements are needed on the host that executes this module.
Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/
Parameters
Parameter |
Comments |
|---|---|
This is for providing the rule action. Choices:
|
|
The client ID for OAuth2 authentication. Required for OneAPI client authentication when use_legacy_client=false. |
|
The client secret for OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using private_key. |
|
The ZPA cloud provisioned for your organization. Used for OneAPI client authentication when use_legacy_client=false. Choices:
|
|
Specifies the set of conditions for the policy rule |
|
The operands of the condition set |
|
The unique identifier of the IdP |
|
The key for the object type |
|
The object type of the operand Choices:
|
|
The value for the given object type. Its value depends upon the key |
|
The operator of the condition set Choices:
|
|
This is for providing a customer message for the user. |
|
The ZPA tenant ID found in the Administration Company menu in the ZPA console. Used for OneAPI client authentication when use_legacy_client=false. |
|
This is the description of the access policy. |
|
The unique identifier of the policy set |
|
The unique identifier of the Microtenant for the ZPA tenant |
|
This is the name of the timeout policy. |
|
The private key for JWT-based OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using client_secret. |
|
A dict containing authentication credentials. |
|
The client ID for OAuth2 authentication. Required for OneAPI client authentication when use_legacy_client=false. |
|
The client secret for OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using private_key. |
|
The ZPA cloud provisioned for your organization. Used for OneAPI client authentication when use_legacy_client=false. Choices:
|
|
The ZPA tenant ID found in the Administration Company menu in the ZPA console. Used for OneAPI client authentication when use_legacy_client=false. |
|
The ZPA Microtenant ID found in the Administration Company menu in the ZPA console. Used for OneAPI client authentication when use_legacy_client=false. |
|
The private key for JWT-based OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using client_secret. |
|
Whether to use the legacy Zscaler API client. When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication. When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication. Choices:
|
|
The vanity domain provisioned by Zscaler for OAuth2 flows. Required for OneAPI client authentication when use_legacy_client=false. |
|
The ZPA API client ID generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true. |
|
The ZPA API client secret generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true. |
|
The ZPA cloud provisioned for your organization. Required for legacy client authentication when use_legacy_client=true. Choices:
|
|
The ZPA tenant ID found in the Administration Company menu in the ZPA console. Required for legacy client authentication when use_legacy_client=true. |
|
The ZPA Microtenant ID found in the Administration Company menu in the ZPA console. Used for legacy client authentication when use_legacy_client=true. |
|
The reauthentication idle timeout Use minute, minutes, hour, hours, day, days, or never. Timeout interval must be at least 10 minutes or ‘never. i.e 10 minutes, 1 hour, 2 hours, or never |
|
The reauthentication timeout. Use minute, minutes, hour, hours, day, days, or never. Timeout interval must be at least 10 minutes or ‘never. i.e 10 minutes, 1 hour, 2 hours, or never |
|
The policy evaluation order number of the rule. |
|
Specifies the desired state of the resource. Choices:
|
|
Whether to use the legacy Zscaler API client. When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication. When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication. Choices:
|
|
The vanity domain provisioned by Zscaler for OAuth2 flows. Required for OneAPI client authentication when use_legacy_client=false. |
|
The ZPA API client ID generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true. |
|
The ZPA API client secret generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true. |
|
The ZPA cloud provisioned for your organization. Required for legacy client authentication when use_legacy_client=true. Choices:
|
|
The ZPA tenant ID found in the Administration Company menu in the ZPA console. Required for legacy client authentication when use_legacy_client=true. |
|
The ZPA Microtenant ID found in the Administration Company menu in the ZPA console. Used for legacy client authentication when use_legacy_client=true. |
Notes
Note
Check mode is supported.
Examples
- name: "Policy Timeout Rule - Example"
zscaler.zpacloud.zpa_policy_access_timeout_rule:
provider: "{{ zpa_cloud }}"
name: "Policy Timeout Rule - Example"
description: "Policy Timeout Rule - Example"
action: "RE_AUTH"
rule_order: 1
reauth_idle_timeout: '1 day'
reauth_timeout: '10 days'
operator: "AND"
conditions:
- operator: "OR"
operands:
- object_type: "APP"
lhs: "id"
rhs: "216196257331292105"
- operator: "OR"
operands:
- object_type: "APP_GROUP"
lhs: "id"
rhs: "216196257331292103"
- operator: "AND"
operands:
- object_type: "PLATFORM"
lhs: ios
rhs: "true"
- object_type: "PLATFORM"
lhs: linux
rhs: "true"
- object_type: "PLATFORM"
lhs: windows
rhs: "true"
- operator: "OR"
operands:
- object_type: "SCIM_GROUP"
lhs: "72058304855015574"
rhs: "490880"
idp_id: "72058304855015574"
- object_type: "SCIM_GROUP"
lhs: "72058304855015574"
rhs: "490877"
idp_id: "72058304855015574"
- operator: "AND"
operands:
- object_type: "SCIM"
lhs: "72058304855015576"
rhs: "Smith"
idp_id: "72058304855015574"
- operator: "AND"
operands:
- object_type: "SAML"
lhs: "72058304855021553"
rhs: "jdoe@acme.com"
idp_id: "72058304855015574"
- operator: "OR"
operands:
- object_type: "CLIENT_TYPE"
lhs: "id"
rhs: "zpn_client_type_exporter"
- object_type: "CLIENT_TYPE"
lhs: "id"
rhs: "zpn_client_type_browser_isolation"
- object_type: "CLIENT_TYPE"
lhs: "id"
rhs: "zpn_client_type_zapp"
- operator: "OR"
operands:
- object_type: "POSTURE"
lhs: "13ba3d97-aefb-4acc-9e54-6cc230dee4a5"
rhs: "true"
- operator: "AND"
operands:
- object_type: "CLIENT_TYPE"
lhs: "id"
rhs: "zpn_client_type_exporter"
- object_type: "CLIENT_TYPE"
lhs: "id"
rhs: "zpn_client_type_zapp_partner"
- object_type: "CLIENT_TYPE"
lhs: "id"
rhs: "zpn_client_type_browser_isolation"
- object_type: "CLIENT_TYPE"
lhs: "id"
rhs: "zpn_client_type_zapp"