zscaler.zpacloud.zpa_pra_approval module – Create a PRA Approval Controller.

Note

This module is part of the zscaler.zpacloud collection (version 2.0.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install zscaler.zpacloud. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: zscaler.zpacloud.zpa_pra_approval.

New in zscaler.zpacloud 1.1.0

Synopsis 

This module will create/update/delete Privileged Remote Access Approval.

Requirements 

The below requirements are needed on the host that executes this module.

Zscaler SDK Python can be obtained from PyPI https://pypi.org/project/zscaler-sdk-python/

Parameters 

Parameter	Comments
application_ids list / elements=string	The unique identifier of the pra application segment.
client_id string	The client ID for OAuth2 authentication. Required for OneAPI client authentication when use_legacy_client=false.
client_secret string	The client secret for OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using private_key.
cloud string	The ZPA cloud provisioned for your organization. Used for OneAPI client authentication when use_legacy_client=false. Choices: `"BETA"` `"GOV"` `"GOVUS"` `"PRODUCTION"` `"QA"` `"QA2"` `"PREVIEW"` `"beta"` `"production"`
customer_id string	The ZPA tenant ID found in the Administration Company menu in the ZPA console. Used for OneAPI client authentication when use_legacy_client=false.
email_ids list / elements=string	The email address of the user that you are assigning the privileged approval to
end_time string	The end date that the user no longer has access to the privileged approval i.e Tue, 07 Jun 2024 11:05:30 PST
id string	The unique identifier of the privileged approval
microtenant_id string	The unique identifier of the Microtenant for the ZPA tenant
private_key string	The private key for JWT-based OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.
provider dictionary	A dict containing authentication credentials.
client_id string	The client ID for OAuth2 authentication. Required for OneAPI client authentication when use_legacy_client=false.
client_secret string	The client secret for OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using private_key.
cloud string	The ZPA cloud provisioned for your organization. Used for OneAPI client authentication when use_legacy_client=false. Choices: `"BETA"` `"GOV"` `"GOVUS"` `"PRODUCTION"` `"QA"` `"QA2"` `"PREVIEW"` `"beta"` `"production"`
customer_id string	The ZPA tenant ID found in the Administration Company menu in the ZPA console. Used for OneAPI client authentication when use_legacy_client=false.
microtenant_id string	The ZPA Microtenant ID found in the Administration Company menu in the ZPA console. Used for OneAPI client authentication when use_legacy_client=false.
private_key string	The private key for JWT-based OAuth2 authentication. Used for OneAPI client authentication when use_legacy_client=false and not using client_secret.
use_legacy_client boolean	Whether to use the legacy Zscaler API client. When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication. When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication. Choices: `false` ← (default) `true`
vanity_domain string	The vanity domain provisioned by Zscaler for OAuth2 flows. Required for OneAPI client authentication when use_legacy_client=false.
zpa_client_id string	The ZPA API client ID generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_client_secret string	The ZPA API client secret generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_cloud string	The ZPA cloud provisioned for your organization. Required for legacy client authentication when use_legacy_client=true. Choices: `"BETA"` `"GOV"` `"GOVUS"` `"PRODUCTION"` `"QA"` `"QA2"` `"PREVIEW"` `"beta"` `"production"`
zpa_customer_id string	The ZPA tenant ID found in the Administration Company menu in the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_microtenant_id string	The ZPA Microtenant ID found in the Administration Company menu in the ZPA console. Used for legacy client authentication when use_legacy_client=true.
start_time string	The start date that the user has access to the privileged approval i.e Tue, 07 May 2024 11:05:30 PST
state string	Specifies the desired state of the resource. Choices: `"present"` ← (default) `"absent"`
use_legacy_client boolean	Whether to use the legacy Zscaler API client. When true, uses zpa_client_id/zpa_client_secret/zpa_customer_id/zpa_cloud for authentication. When false (default), uses client_id/client_secret/private_key with vanity_domain for OAuth2 authentication. Choices: `false` ← (default) `true`
vanity_domain string	The vanity domain provisioned by Zscaler for OAuth2 flows. Required for OneAPI client authentication when use_legacy_client=false.
working_hours dictionary	Privileged Approval WorkHours configuration.
days list / elements=string	The days of the week when the privileged approval is active. Choices: `"MON"` `"TUE"` `"WED"` `"THU"` `"FRI"` `"SAT"` `"SUN"`
end_time string	The local end time for the privileged approval.
end_time_cron string	The cron expression for the end time of the privileged approval, specifying the exact time of day the approval ends. Example: ‘0 0 18 ? * MON-FRI’ ends the approval at 6:00 PM on weekdays.
start_time string	The local start time for the privileged approval.
start_time_cron string	The cron expression for the start time of the privileged approval, specifying the exact time of day the approval begins. Example: ‘0 15 10 ? * MON-FRI’ starts the approval at 10:15 AM on weekdays.
time_zone string	The IANA time zone identifier for the privileged approval’s timing.
zpa_client_id string	The ZPA API client ID generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_client_secret string	The ZPA API client secret generated from the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_cloud string	The ZPA cloud provisioned for your organization. Required for legacy client authentication when use_legacy_client=true. Choices: `"BETA"` `"GOV"` `"GOVUS"` `"PRODUCTION"` `"QA"` `"QA2"` `"PREVIEW"` `"beta"` `"production"`
zpa_customer_id string	The ZPA tenant ID found in the Administration Company menu in the ZPA console. Required for legacy client authentication when use_legacy_client=true.
zpa_microtenant_id string	The ZPA Microtenant ID found in the Administration Company menu in the ZPA console. Used for legacy client authentication when use_legacy_client=true.

Notes 

Note

Check mode is supported.

Examples 

- name: Create PRA Approval
  zscaler.zpacloud.zpa_pra_approval:
    provider: '{{ zpa_cloud }}'
    state: present
    email_ids:
      - 'jdoe@example.com'
    start_time: 'Thu, 09 May 2024 8:00:00 PST'
    end_time: 'Mon, 10 Jun 2024 5:00:00 PST'
    application_ids:
      - '216199618143356658'
      - '216199618143356661'
    working_hours:
      days:
        - 'FRI'
        - 'MON'
        - 'SAT'
        - 'SUN'
        - 'THU'
        - 'TUE'
        - 'WED'
      start_time: '09:00'
      end_time: '17:00'
      start_time_cron: '0 0 16 ? * MON,TUE,WED,THU,FRI,SAT,SUN'
      end_time_cron: '0 0 0 ? * MON,TUE,WED,THU,FRI,SAT,SUN'
      time_zone: 'America/Vancouver'
  register: result

Authors

William Guilherme (@willguibr)

zscaler.zpacloud.zpa_pra_approval module – Create a PRA Approval Controller.

Synopsis

Requirements

Parameters

Notes

Examples