zia.UserManagement
Explore with Pulumi AI
The zia_user_management resource allows the creation and management of local user account in the Zscaler Internet Access cloud. The user account resource can then be associated with several different types of resource within the ZIA tenant.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as zia from "@bdzscaler/pulumi-zia";
import * as zia from "@pulumi/zia";
const normalInternet = zia.getGroupManagement({
name: "Normal_Internet",
});
const engineering = zia.getDepartmentManagement({
name: "Engineering",
});
// ZIA Local User Account
//######## PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########
const johnAshcroft = new zia.UserManagement("johnAshcroft", {
email: "john.ashcroft@acme.com",
password: "*********************",
authMethods: ["BASIC"],
groups: {
ids: normalInternet.then(normalInternet => normalInternet.id),
},
department: {
id: engineering.then(engineering => engineering.id),
},
});
import pulumi
import pulumi_zia as zia
import zscaler_pulumi_zia as zia
normal_internet = zia.get_group_management(name="Normal_Internet")
engineering = zia.get_department_management(name="Engineering")
# ZIA Local User Account
######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########
john_ashcroft = zia.UserManagement("johnAshcroft",
email="john.ashcroft@acme.com",
password="*********************",
auth_methods=["BASIC"],
groups=zia.UserManagementGroupsArgs(
ids=normal_internet.id,
),
department=zia.UserManagementDepartmentArgs(
id=engineering.id,
))
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/zscaler/pulumi-zia/sdk/go/zia"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
normalInternet, err := zia.GetGroupManagement(ctx, &zia.GetGroupManagementArgs{
Name: pulumi.StringRef("Normal_Internet"),
}, nil)
if err != nil {
return err
}
engineering, err := zia.GetDepartmentManagement(ctx, &zia.GetDepartmentManagementArgs{
Name: pulumi.StringRef("Engineering"),
}, nil)
if err != nil {
return err
}
// ZIA Local User Account
// ######## PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########
_, err = zia.NewUserManagement(ctx, "johnAshcroft", &zia.UserManagementArgs{
Email: pulumi.String("john.ashcroft@acme.com"),
Password: pulumi.String("*********************"),
AuthMethods: pulumi.StringArray{
pulumi.String("BASIC"),
},
Groups: &zia.UserManagementGroupsArgs{
Ids: pulumi.Int(normalInternet.Id),
},
Department: &zia.UserManagementDepartmentArgs{
Id: pulumi.Int(engineering.Id),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zia = Pulumi.Zia;
using Zia = zscaler.PulumiPackage.Zia;
return await Deployment.RunAsync(() =>
{
var normalInternet = Zia.GetGroupManagement.Invoke(new()
{
Name = "Normal_Internet",
});
var engineering = Zia.GetDepartmentManagement.Invoke(new()
{
Name = "Engineering",
});
// ZIA Local User Account
//######## PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########
var johnAshcroft = new Zia.UserManagement("johnAshcroft", new()
{
Email = "john.ashcroft@acme.com",
Password = "*********************",
AuthMethods = new[]
{
"BASIC",
},
Groups = new Zia.Inputs.UserManagementGroupsArgs
{
Ids = normalInternet.Apply(getGroupManagementResult => getGroupManagementResult.Id),
},
Department = new Zia.Inputs.UserManagementDepartmentArgs
{
Id = engineering.Apply(getDepartmentManagementResult => getDepartmentManagementResult.Id),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zia.ZiaFunctions;
import com.pulumi.zia.inputs.GetGroupManagementArgs;
import com.pulumi.zia.inputs.GetDepartmentManagementArgs;
import com.pulumi.zia.UserManagement;
import com.pulumi.zia.UserManagementArgs;
import com.pulumi.zia.inputs.UserManagementGroupsArgs;
import com.pulumi.zia.inputs.UserManagementDepartmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var normalInternet = ZiaFunctions.getGroupManagement(GetGroupManagementArgs.builder()
.name("Normal_Internet")
.build());
final var engineering = ZiaFunctions.getDepartmentManagement(GetDepartmentManagementArgs.builder()
.name("Engineering")
.build());
// ZIA Local User Account
//######## PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########
var johnAshcroft = new UserManagement("johnAshcroft", UserManagementArgs.builder()
.email("john.ashcroft@acme.com")
.password("*********************")
.authMethods("BASIC")
.groups(UserManagementGroupsArgs.builder()
.ids(normalInternet.applyValue(getGroupManagementResult -> getGroupManagementResult.id()))
.build())
.department(UserManagementDepartmentArgs.builder()
.id(engineering.applyValue(getDepartmentManagementResult -> getDepartmentManagementResult.id()))
.build())
.build());
}
}
resources:
# ZIA Local User Account
######### PASSWORDS IN THIS FILE ARE FAKE AND NOT USED IN PRODUCTION SYSTEMS #########
johnAshcroft:
type: zia:UserManagement
properties:
email: john.ashcroft@acme.com
password: '*********************'
authMethods:
- BASIC
groups:
ids: ${normalInternet.id}
department:
id: ${engineering.id}
variables:
normalInternet:
fn::invoke:
Function: zia:getGroupManagement
Arguments:
name: Normal_Internet
engineering:
fn::invoke:
Function: zia:getDepartmentManagement
Arguments:
name: Engineering
Optional
The following attributes are supported:
comments
- (Optional) Additional information about this user.temp_auth_email
- (Optional) Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.auth_methods
- (Optional) Type of authentication method to be enabled. Supported values is:BASIC
Create UserManagement Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new UserManagement(name: string, args: UserManagementArgs, opts?: CustomResourceOptions);
@overload
def UserManagement(resource_name: str,
args: UserManagementArgs,
opts: Optional[ResourceOptions] = None)
@overload
def UserManagement(resource_name: str,
opts: Optional[ResourceOptions] = None,
department: Optional[UserManagementDepartmentArgs] = None,
email: Optional[str] = None,
password: Optional[str] = None,
auth_methods: Optional[Sequence[str]] = None,
comments: Optional[str] = None,
groups: Optional[UserManagementGroupsArgs] = None,
name: Optional[str] = None,
temp_auth_email: Optional[str] = None)
func NewUserManagement(ctx *Context, name string, args UserManagementArgs, opts ...ResourceOption) (*UserManagement, error)
public UserManagement(string name, UserManagementArgs args, CustomResourceOptions? opts = null)
public UserManagement(String name, UserManagementArgs args)
public UserManagement(String name, UserManagementArgs args, CustomResourceOptions options)
type: zia:UserManagement
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args UserManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args UserManagementArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserManagementArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserManagementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args UserManagementArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var userManagementResource = new Zia.UserManagement("userManagementResource", new()
{
Department = new Zia.Inputs.UserManagementDepartmentArgs
{
Comments = "string",
Deleted = false,
Id = 0,
IdpId = 0,
Name = "string",
},
Email = "string",
Password = "string",
AuthMethods = new[]
{
"string",
},
Comments = "string",
Groups = new Zia.Inputs.UserManagementGroupsArgs
{
Ids = new[]
{
0,
},
},
Name = "string",
TempAuthEmail = "string",
});
example, err := zia.NewUserManagement(ctx, "userManagementResource", &zia.UserManagementArgs{
Department: &zia.UserManagementDepartmentArgs{
Comments: pulumi.String("string"),
Deleted: pulumi.Bool(false),
Id: pulumi.Int(0),
IdpId: pulumi.Int(0),
Name: pulumi.String("string"),
},
Email: pulumi.String("string"),
Password: pulumi.String("string"),
AuthMethods: pulumi.StringArray{
pulumi.String("string"),
},
Comments: pulumi.String("string"),
Groups: &zia.UserManagementGroupsArgs{
Ids: pulumi.IntArray{
pulumi.Int(0),
},
},
Name: pulumi.String("string"),
TempAuthEmail: pulumi.String("string"),
})
var userManagementResource = new UserManagement("userManagementResource", UserManagementArgs.builder()
.department(UserManagementDepartmentArgs.builder()
.comments("string")
.deleted(false)
.id(0)
.idpId(0)
.name("string")
.build())
.email("string")
.password("string")
.authMethods("string")
.comments("string")
.groups(UserManagementGroupsArgs.builder()
.ids(0)
.build())
.name("string")
.tempAuthEmail("string")
.build());
user_management_resource = zia.UserManagement("userManagementResource",
department={
"comments": "string",
"deleted": False,
"id": 0,
"idp_id": 0,
"name": "string",
},
email="string",
password="string",
auth_methods=["string"],
comments="string",
groups={
"ids": [0],
},
name="string",
temp_auth_email="string")
const userManagementResource = new zia.UserManagement("userManagementResource", {
department: {
comments: "string",
deleted: false,
id: 0,
idpId: 0,
name: "string",
},
email: "string",
password: "string",
authMethods: ["string"],
comments: "string",
groups: {
ids: [0],
},
name: "string",
tempAuthEmail: "string",
});
type: zia:UserManagement
properties:
authMethods:
- string
comments: string
department:
comments: string
deleted: false
id: 0
idpId: 0
name: string
email: string
groups:
ids:
- 0
name: string
password: string
tempAuthEmail: string
UserManagement Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The UserManagement resource accepts the following input properties:
- Department
zscaler.
Pulumi Package. Zia. Inputs. User Management Department - Department a user belongs to
- Email string
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- Password string
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- Auth
Methods List<string> - Accepted Authentication Methods
- Comments string
- Additional information about this user.
- Groups
zscaler.
Pulumi Package. Zia. Inputs. User Management Groups - List of Groups a user belongs to. Groups are used in policies.
- Name string
- User name. This appears when choosing users for policies.
- Temp
Auth stringEmail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
- Department
User
Management Department Args - Department a user belongs to
- Email string
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- Password string
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- Auth
Methods []string - Accepted Authentication Methods
- Comments string
- Additional information about this user.
- Groups
User
Management Groups Args - List of Groups a user belongs to. Groups are used in policies.
- Name string
- User name. This appears when choosing users for policies.
- Temp
Auth stringEmail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
- department
User
Management Department - Department a user belongs to
- email String
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- password String
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- auth
Methods List<String> - Accepted Authentication Methods
- comments String
- Additional information about this user.
- groups
User
Management Groups - List of Groups a user belongs to. Groups are used in policies.
- name String
- User name. This appears when choosing users for policies.
- temp
Auth StringEmail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
- department
User
Management Department - Department a user belongs to
- email string
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- password string
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- auth
Methods string[] - Accepted Authentication Methods
- comments string
- Additional information about this user.
- groups
User
Management Groups - List of Groups a user belongs to. Groups are used in policies.
- name string
- User name. This appears when choosing users for policies.
- temp
Auth stringEmail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
- department
User
Management Department Args - Department a user belongs to
- email str
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- password str
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- auth_
methods Sequence[str] - Accepted Authentication Methods
- comments str
- Additional information about this user.
- groups
User
Management Groups Args - List of Groups a user belongs to. Groups are used in policies.
- name str
- User name. This appears when choosing users for policies.
- temp_
auth_ stremail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
- department Property Map
- Department a user belongs to
- email String
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- password String
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- auth
Methods List<String> - Accepted Authentication Methods
- comments String
- Additional information about this user.
- groups Property Map
- List of Groups a user belongs to. Groups are used in policies.
- name String
- User name. This appears when choosing users for policies.
- temp
Auth StringEmail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
Outputs
All input properties are implicitly available as output properties. Additionally, the UserManagement resource produces the following output properties:
Look up Existing UserManagement Resource
Get an existing UserManagement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UserManagementState, opts?: CustomResourceOptions): UserManagement
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auth_methods: Optional[Sequence[str]] = None,
comments: Optional[str] = None,
department: Optional[UserManagementDepartmentArgs] = None,
email: Optional[str] = None,
groups: Optional[UserManagementGroupsArgs] = None,
name: Optional[str] = None,
password: Optional[str] = None,
temp_auth_email: Optional[str] = None,
user_id: Optional[int] = None) -> UserManagement
func GetUserManagement(ctx *Context, name string, id IDInput, state *UserManagementState, opts ...ResourceOption) (*UserManagement, error)
public static UserManagement Get(string name, Input<string> id, UserManagementState? state, CustomResourceOptions? opts = null)
public static UserManagement get(String name, Output<String> id, UserManagementState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auth
Methods List<string> - Accepted Authentication Methods
- Comments string
- Additional information about this user.
- Department
zscaler.
Pulumi Package. Zia. Inputs. User Management Department - Department a user belongs to
- Email string
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- Groups
zscaler.
Pulumi Package. Zia. Inputs. User Management Groups - List of Groups a user belongs to. Groups are used in policies.
- Name string
- User name. This appears when choosing users for policies.
- Password string
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- Temp
Auth stringEmail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
- User
Id int
- Auth
Methods []string - Accepted Authentication Methods
- Comments string
- Additional information about this user.
- Department
User
Management Department Args - Department a user belongs to
- Email string
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- Groups
User
Management Groups Args - List of Groups a user belongs to. Groups are used in policies.
- Name string
- User name. This appears when choosing users for policies.
- Password string
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- Temp
Auth stringEmail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
- User
Id int
- auth
Methods List<String> - Accepted Authentication Methods
- comments String
- Additional information about this user.
- department
User
Management Department - Department a user belongs to
- email String
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- groups
User
Management Groups - List of Groups a user belongs to. Groups are used in policies.
- name String
- User name. This appears when choosing users for policies.
- password String
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- temp
Auth StringEmail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
- user
Id Integer
- auth
Methods string[] - Accepted Authentication Methods
- comments string
- Additional information about this user.
- department
User
Management Department - Department a user belongs to
- email string
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- groups
User
Management Groups - List of Groups a user belongs to. Groups are used in policies.
- name string
- User name. This appears when choosing users for policies.
- password string
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- temp
Auth stringEmail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
- user
Id number
- auth_
methods Sequence[str] - Accepted Authentication Methods
- comments str
- Additional information about this user.
- department
User
Management Department Args - Department a user belongs to
- email str
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- groups
User
Management Groups Args - List of Groups a user belongs to. Groups are used in policies.
- name str
- User name. This appears when choosing users for policies.
- password str
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- temp_
auth_ stremail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
- user_
id int
- auth
Methods List<String> - Accepted Authentication Methods
- comments String
- Additional information about this user.
- department Property Map
- Department a user belongs to
- email String
- User email consists of a user name and domain name. It does not have to be a valid email address, but it must be unique and its domain must belong to the organization.
- groups Property Map
- List of Groups a user belongs to. Groups are used in policies.
- name String
- User name. This appears when choosing users for policies.
- password String
- User's password. Applicable only when authentication type is Hosted DB. Password strength must follow what is defined in the auth settings.
- temp
Auth StringEmail - Temporary Authentication Email. If you enabled one-time tokens or links, enter the email address to which the Zscaler service sends the tokens or links. If this is empty, the service will send the email to the User email.
- user
Id Number
Supporting Types
UserManagementDepartment, UserManagementDepartmentArgs
UserManagementGroups, UserManagementGroupsArgs
- Ids List<int>
- Unique identfier for the group
- Ids []int
- Unique identfier for the group
- ids List<Integer>
- Unique identfier for the group
- ids number[]
- Unique identfier for the group
- ids Sequence[int]
- Unique identfier for the group
- ids List<Number>
- Unique identfier for the group
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language.
Visit
zia_user_management can be imported by using <USER_ID>
or <USERNAME>
as the import ID.
For example:
$ pulumi import zia:index/userManagement:UserManagement example <user_id>
or
$ pulumi import zia:index/userManagement:UserManagement example <name>
⚠️ NOTE :: This provider do not import the password attribute value during the importing process.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zia zscaler/pulumi-zia
- License
- MIT
- Notes
- This Pulumi package is based on the
zia
Terraform Provider.