Try SpotterCreate a Policy Access Rule
| "added in version" 1.0.0 of willguibr.zpacloud"
Authors: William Guilherme (@willguibr)
Install with ansible-galaxy collection install willguibr.zpacloud:==1.1.1
collections:
- name: willguibr.zpacloud
version: 1.1.1This module create/update/delete a Policy Access Rule in the ZPA Cloud.
- name: Access Policy - Intranet Web Apps
willguibr.zpacloud.zpa_policy_access_rule:
name: "Intranet Web Apps"
description: "Intranet Web Apps"
action: "ALLOW"
rule_order: 1
operator: "AND"
conditions:
- negated: false
operator: "OR"
operands:
- name: "app_seg_intranet"
object_type: "APP"
lhs: "id"
rhs: "{{ app_seg_intranet.data.id }}"
- negated: false
operator: "OR"
operands:
- name: "sg_seg_intranet"
object_type: "APP_GROUP"
lhs: "id"
rhs: "{{ seg_intranet.data.id }}"
- negated: false
operator: "OR"
operands:
- name: "engineering_group"
object_type: "SCIM_GROUP"
lhs: "{{ user_okta.data[0].id }}"
rhs: "{{ engineering_group.data[0].id }}"
id:
description: ''
type: str
name:
description:
- This is the name of the policy.
required: true
type: str
state:
choices:
- present
- absent
default: present
description: Whether the app should be present or absent.
type: str
action:
choices:
- ALLOW
- DENY
description:
- This is for providing the rule action.
required: false
type: str
operator:
choices:
- AND
- OR
description:
- This denotes the operation type.
required: false
type: str
priority:
description: ''
required: false
type: str
action_id:
description:
- This field defines the description of the server.
required: false
type: str
client_id:
description: ''
required: false
type: str
conditions:
description: ''
elements: dict
required: false
suboptions:
id:
description: ''
type: str
negated:
description: ''
required: false
type: bool
operands:
description: ''
elements: dict
required: false
suboptions:
id:
description: ''
type: str
idp_id:
description: ''
required: false
type: str
lhs:
description: ''
required: true
type: str
name:
description: ''
required: false
type: str
object_type:
choices:
- APP
- APP_GROUP
- SAML
- IDP
- CLIENT_TYPE
- TRUSTED_NETWORK
- MACHINE_GRP
- POSTURE
- SCIM
- SCIM_GROUP
- EDGE_CONNECTOR_GROUP
description: ''
required: true
type: str
rhs:
description: ''
required: false
type: str
rhs_list:
description: ''
elements: str
required: false
type: list
type: list
operator:
choices:
- AND
- OR
description: ''
required: true
type: str
type: list
custom_msg:
description:
- This is for providing a customer message for the user.
required: false
type: str
rule_order:
description: ''
required: false
type: str
customer_id:
description: ''
required: false
type: str
description:
description: ''
type: str
policy_type:
description: ''
required: false
type: str
default_rule:
description:
- This is for providing a customer message for the user.
required: false
type: bool
client_secret:
description: ''
required: false
type: str
lss_default_rule:
description: ''
required: false
type: bool
app_server_groups:
description:
- List of the server group IDs.
elements: dict
required: false
suboptions:
id:
description: ''
required: true
type: str
name:
description: ''
required: false
type: str
type: list
default_rule_name:
description: ''
type: str
app_connector_groups:
description:
- List of the app connector group IDs.
elements: dict
required: false
suboptions:
id:
description: ''
required: true
type: str
name:
description: ''
required: false
type: str
type: list