Docs Home
Zscaler Private Access v0.0.12 published on Tuesday, Jul 30, 2024 by Zscaler
zpa.PolicyAccessTimeOutRuleV2
Explore with Pulumi AI
The zpa_policy_timeout_rule_v2 resource creates and manages policy access timeout rule in the Zscaler Private Access cloud using a new v2 API endpoint.
⚠️ NOTE: This resource is recommended if your configuration requires the association of more than 1000 resource criteria per rule.
⚠️ WARNING:: The attribute rule_order is now deprecated in favor of the new resource policy_access_rule_reorder
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as zpa from "@bdzscaler/pulumi-zpa";
import * as zpa from "@pulumi/zpa";
const thisIdPController = zpa.getIdPController({
name: "Idp_Name",
});
const emailUserSso = zpa.getSAMLAttribute({
name: "Email_Users",
idpName: "Idp_Name",
});
const groupUser = zpa.getSAMLAttribute({
name: "GroupName_Users",
idpName: "Idp_Name",
});
const a000 = zpa.getSCIMGroups({
name: "A000",
idpName: "Idp_Name",
});
const b000 = zpa.getSCIMGroups({
name: "B000",
idpName: "Idp_Name",
});
// Create Segment Group
const thisSegmentGroup = new zpa.SegmentGroup("thisSegmentGroup", {
description: "Example",
enabled: true,
});
// Create Policy Access Rule V2
const thisPolicyAccessTimeOutRuleV2 = new zpa.PolicyAccessTimeOutRuleV2("thisPolicyAccessTimeOutRuleV2", {
description: "Example",
action: "RE_AUTH",
reauthIdleTimeout: "10 Days",
reauthTimeout: "10 Days",
conditions: [
{
operator: "OR",
operands: [{
objectType: "APP_GROUP",
values: [thisSegmentGroup.id],
}],
},
{
operator: "OR",
operands: [
{
objectType: "SAML",
entryValues: [
{
rhs: "user1@acme.com",
lhs: emailUserSso.then(emailUserSso => emailUserSso.id),
},
{
rhs: "A000",
lhs: groupUser.then(groupUser => groupUser.id),
},
],
},
{
objectType: "SCIM_GROUP",
entryValues: [
{
rhs: a000.then(a000 => a000.id),
lhs: thisIdPController.then(thisIdPController => thisIdPController.id),
},
{
rhs: b000.then(b000 => b000.id),
lhs: thisIdPController.then(thisIdPController => thisIdPController.id),
},
],
},
],
},
{
operator: "OR",
operands: [{
objectType: "PLATFORM",
entryValues: [
{
rhs: "true",
lhs: "linux",
},
{
rhs: "true",
lhs: "android",
},
],
}],
},
],
});
import pulumi
import pulumi_zpa as zpa
import zscaler_pulumi_zpa as zpa
this_id_p_controller = zpa.get_id_p_controller(name="Idp_Name")
email_user_sso = zpa.get_saml_attribute(name="Email_Users",
idp_name="Idp_Name")
group_user = zpa.get_saml_attribute(name="GroupName_Users",
idp_name="Idp_Name")
a000 = zpa.get_scim_groups(name="A000",
idp_name="Idp_Name")
b000 = zpa.get_scim_groups(name="B000",
idp_name="Idp_Name")
# Create Segment Group
this_segment_group = zpa.SegmentGroup("thisSegmentGroup",
description="Example",
enabled=True)
# Create Policy Access Rule V2
this_policy_access_time_out_rule_v2 = zpa.PolicyAccessTimeOutRuleV2("thisPolicyAccessTimeOutRuleV2",
description="Example",
action="RE_AUTH",
reauth_idle_timeout="10 Days",
reauth_timeout="10 Days",
conditions=[
zpa.PolicyAccessTimeOutRuleV2ConditionArgs(
operator="OR",
operands=[zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs(
object_type="APP_GROUP",
values=[this_segment_group.id],
)],
),
zpa.PolicyAccessTimeOutRuleV2ConditionArgs(
operator="OR",
operands=[
zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs(
object_type="SAML",
entry_values=[
zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
rhs="user1@acme.com",
lhs=email_user_sso.id,
),
zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
rhs="A000",
lhs=group_user.id,
),
],
),
zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs(
object_type="SCIM_GROUP",
entry_values=[
zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
rhs=a000.id,
lhs=this_id_p_controller.id,
),
zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
rhs=b000.id,
lhs=this_id_p_controller.id,
),
],
),
],
),
zpa.PolicyAccessTimeOutRuleV2ConditionArgs(
operator="OR",
operands=[zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs(
object_type="PLATFORM",
entry_values=[
zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
rhs="true",
lhs="linux",
),
zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
rhs="true",
lhs="android",
),
],
)],
),
])
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/zscaler/pulumi-zpa/sdk/go/zpa"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
thisIdPController, err := zpa.GetIdPController(ctx, &zpa.GetIdPControllerArgs{
Name: pulumi.StringRef("Idp_Name"),
}, nil)
if err != nil {
return err
}
emailUserSso, err := zpa.GetSAMLAttribute(ctx, &zpa.GetSAMLAttributeArgs{
Name: pulumi.StringRef("Email_Users"),
IdpName: pulumi.StringRef("Idp_Name"),
}, nil)
if err != nil {
return err
}
groupUser, err := zpa.GetSAMLAttribute(ctx, &zpa.GetSAMLAttributeArgs{
Name: pulumi.StringRef("GroupName_Users"),
IdpName: pulumi.StringRef("Idp_Name"),
}, nil)
if err != nil {
return err
}
a000, err := zpa.GetSCIMGroups(ctx, &zpa.GetSCIMGroupsArgs{
Name: pulumi.StringRef("A000"),
IdpName: pulumi.StringRef("Idp_Name"),
}, nil)
if err != nil {
return err
}
b000, err := zpa.GetSCIMGroups(ctx, &zpa.GetSCIMGroupsArgs{
Name: pulumi.StringRef("B000"),
IdpName: pulumi.StringRef("Idp_Name"),
}, nil)
if err != nil {
return err
}
// Create Segment Group
thisSegmentGroup, err := zpa.NewSegmentGroup(ctx, "thisSegmentGroup", &zpa.SegmentGroupArgs{
Description: pulumi.String("Example"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
// Create Policy Access Rule V2
_, err = zpa.NewPolicyAccessTimeOutRuleV2(ctx, "thisPolicyAccessTimeOutRuleV2", &zpa.PolicyAccessTimeOutRuleV2Args{
Description: pulumi.String("Example"),
Action: pulumi.String("RE_AUTH"),
ReauthIdleTimeout: pulumi.String("10 Days"),
ReauthTimeout: pulumi.String("10 Days"),
Conditions: zpa.PolicyAccessTimeOutRuleV2ConditionArray{
&zpa.PolicyAccessTimeOutRuleV2ConditionArgs{
Operator: pulumi.String("OR"),
Operands: zpa.PolicyAccessTimeOutRuleV2ConditionOperandArray{
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs{
ObjectType: pulumi.String("APP_GROUP"),
Values: pulumi.StringArray{
thisSegmentGroup.ID(),
},
},
},
},
&zpa.PolicyAccessTimeOutRuleV2ConditionArgs{
Operator: pulumi.String("OR"),
Operands: zpa.PolicyAccessTimeOutRuleV2ConditionOperandArray{
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs{
ObjectType: pulumi.String("SAML"),
EntryValues: zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArray{
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
Rhs: pulumi.String("user1@acme.com"),
Lhs: pulumi.String(emailUserSso.Id),
},
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
Rhs: pulumi.String("A000"),
Lhs: pulumi.String(groupUser.Id),
},
},
},
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs{
ObjectType: pulumi.String("SCIM_GROUP"),
EntryValues: zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArray{
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
Rhs: pulumi.String(a000.Id),
Lhs: pulumi.String(thisIdPController.Id),
},
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
Rhs: pulumi.String(b000.Id),
Lhs: pulumi.String(thisIdPController.Id),
},
},
},
},
},
&zpa.PolicyAccessTimeOutRuleV2ConditionArgs{
Operator: pulumi.String("OR"),
Operands: zpa.PolicyAccessTimeOutRuleV2ConditionOperandArray{
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs{
ObjectType: pulumi.String("PLATFORM"),
EntryValues: zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArray{
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
Rhs: pulumi.String("true"),
Lhs: pulumi.String("linux"),
},
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
Rhs: pulumi.String("true"),
Lhs: pulumi.String("android"),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zpa = Pulumi.Zpa;
using Zpa = Zscaler.Zpa;
return await Deployment.RunAsync(() =>
{
var thisIdPController = Zpa.GetIdPController.Invoke(new()
{
Name = "Idp_Name",
});
var emailUserSso = Zpa.GetSAMLAttribute.Invoke(new()
{
Name = "Email_Users",
IdpName = "Idp_Name",
});
var groupUser = Zpa.GetSAMLAttribute.Invoke(new()
{
Name = "GroupName_Users",
IdpName = "Idp_Name",
});
var a000 = Zpa.GetSCIMGroups.Invoke(new()
{
Name = "A000",
IdpName = "Idp_Name",
});
var b000 = Zpa.GetSCIMGroups.Invoke(new()
{
Name = "B000",
IdpName = "Idp_Name",
});
// Create Segment Group
var thisSegmentGroup = new Zpa.SegmentGroup("thisSegmentGroup", new()
{
Description = "Example",
Enabled = true,
});
// Create Policy Access Rule V2
var thisPolicyAccessTimeOutRuleV2 = new Zpa.PolicyAccessTimeOutRuleV2("thisPolicyAccessTimeOutRuleV2", new()
{
Description = "Example",
Action = "RE_AUTH",
ReauthIdleTimeout = "10 Days",
ReauthTimeout = "10 Days",
Conditions = new[]
{
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionArgs
{
Operator = "OR",
Operands = new[]
{
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandArgs
{
ObjectType = "APP_GROUP",
Values = new[]
{
thisSegmentGroup.Id,
},
},
},
},
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionArgs
{
Operator = "OR",
Operands = new[]
{
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandArgs
{
ObjectType = "SAML",
EntryValues = new[]
{
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
{
Rhs = "user1@acme.com",
Lhs = emailUserSso.Apply(getSAMLAttributeResult => getSAMLAttributeResult.Id),
},
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
{
Rhs = "A000",
Lhs = groupUser.Apply(getSAMLAttributeResult => getSAMLAttributeResult.Id),
},
},
},
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandArgs
{
ObjectType = "SCIM_GROUP",
EntryValues = new[]
{
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
{
Rhs = a000.Apply(getSCIMGroupsResult => getSCIMGroupsResult.Id),
Lhs = thisIdPController.Apply(getIdPControllerResult => getIdPControllerResult.Id),
},
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
{
Rhs = b000.Apply(getSCIMGroupsResult => getSCIMGroupsResult.Id),
Lhs = thisIdPController.Apply(getIdPControllerResult => getIdPControllerResult.Id),
},
},
},
},
},
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionArgs
{
Operator = "OR",
Operands = new[]
{
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandArgs
{
ObjectType = "PLATFORM",
EntryValues = new[]
{
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
{
Rhs = "true",
Lhs = "linux",
},
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
{
Rhs = "true",
Lhs = "android",
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zpa.ZpaFunctions;
import com.pulumi.zpa.inputs.GetIdPControllerArgs;
import com.pulumi.zpa.inputs.GetSAMLAttributeArgs;
import com.pulumi.zpa.inputs.GetSCIMGroupsArgs;
import com.pulumi.zpa.SegmentGroup;
import com.pulumi.zpa.SegmentGroupArgs;
import com.pulumi.zpa.PolicyAccessTimeOutRuleV2;
import com.pulumi.zpa.PolicyAccessTimeOutRuleV2Args;
import com.pulumi.zpa.inputs.PolicyAccessTimeOutRuleV2ConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var thisIdPController = ZpaFunctions.getIdPController(GetIdPControllerArgs.builder()
.name("Idp_Name")
.build());
final var emailUserSso = ZpaFunctions.getSAMLAttribute(GetSAMLAttributeArgs.builder()
.name("Email_Users")
.idpName("Idp_Name")
.build());
final var groupUser = ZpaFunctions.getSAMLAttribute(GetSAMLAttributeArgs.builder()
.name("GroupName_Users")
.idpName("Idp_Name")
.build());
final var a000 = ZpaFunctions.getSCIMGroups(GetSCIMGroupsArgs.builder()
.name("A000")
.idpName("Idp_Name")
.build());
final var b000 = ZpaFunctions.getSCIMGroups(GetSCIMGroupsArgs.builder()
.name("B000")
.idpName("Idp_Name")
.build());
// Create Segment Group
var thisSegmentGroup = new SegmentGroup("thisSegmentGroup", SegmentGroupArgs.builder()
.description("Example")
.enabled(true)
.build());
// Create Policy Access Rule V2
var thisPolicyAccessTimeOutRuleV2 = new PolicyAccessTimeOutRuleV2("thisPolicyAccessTimeOutRuleV2", PolicyAccessTimeOutRuleV2Args.builder()
.description("Example")
.action("RE_AUTH")
.reauthIdleTimeout("10 Days")
.reauthTimeout("10 Days")
.conditions(
PolicyAccessTimeOutRuleV2ConditionArgs.builder()
.operator("OR")
.operands(PolicyAccessTimeOutRuleV2ConditionOperandArgs.builder()
.objectType("APP_GROUP")
.values(thisSegmentGroup.id())
.build())
.build(),
PolicyAccessTimeOutRuleV2ConditionArgs.builder()
.operator("OR")
.operands(
PolicyAccessTimeOutRuleV2ConditionOperandArgs.builder()
.objectType("SAML")
.entryValues(
PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
.rhs("user1@acme.com")
.lhs(emailUserSso.applyValue(getSAMLAttributeResult -> getSAMLAttributeResult.id()))
.build(),
PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
.rhs("A000")
.lhs(groupUser.applyValue(getSAMLAttributeResult -> getSAMLAttributeResult.id()))
.build())
.build(),
PolicyAccessTimeOutRuleV2ConditionOperandArgs.builder()
.objectType("SCIM_GROUP")
.entryValues(
PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
.rhs(a000.applyValue(getSCIMGroupsResult -> getSCIMGroupsResult.id()))
.lhs(thisIdPController.applyValue(getIdPControllerResult -> getIdPControllerResult.id()))
.build(),
PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
.rhs(b000.applyValue(getSCIMGroupsResult -> getSCIMGroupsResult.id()))
.lhs(thisIdPController.applyValue(getIdPControllerResult -> getIdPControllerResult.id()))
.build())
.build())
.build(),
PolicyAccessTimeOutRuleV2ConditionArgs.builder()
.operator("OR")
.operands(PolicyAccessTimeOutRuleV2ConditionOperandArgs.builder()
.objectType("PLATFORM")
.entryValues(
PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
.rhs("true")
.lhs("linux")
.build(),
PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
.rhs("true")
.lhs("android")
.build())
.build())
.build())
.build());
}
}
resources:
# Create Segment Group
thisSegmentGroup:
type: zpa:SegmentGroup
properties:
description: Example
enabled: true
# Create Policy Access Rule V2
thisPolicyAccessTimeOutRuleV2:
type: zpa:PolicyAccessTimeOutRuleV2
properties:
description: Example
action: RE_AUTH
reauthIdleTimeout: 10 Days
reauthTimeout: 10 Days
conditions:
- operator: OR
operands:
- objectType: APP_GROUP
values:
- ${thisSegmentGroup.id}
- operator: OR
operands:
- objectType: SAML
entryValues:
- rhs: user1@acme.com
lhs: ${emailUserSso.id}
- rhs: A000
lhs: ${groupUser.id}
- objectType: SCIM_GROUP
entryValues:
- rhs: ${a000.id}
lhs: ${thisIdPController.id}
- rhs: ${b000.id}
lhs: ${thisIdPController.id}
- operator: OR
operands:
- objectType: PLATFORM
entryValues:
- rhs: 'true'
lhs: linux
- rhs: 'true'
lhs: android
variables:
thisIdPController:
fn::invoke:
Function: zpa:getIdPController
Arguments:
name: Idp_Name
emailUserSso:
fn::invoke:
Function: zpa:getSAMLAttribute
Arguments:
name: Email_Users
idpName: Idp_Name
groupUser:
fn::invoke:
Function: zpa:getSAMLAttribute
Arguments:
name: GroupName_Users
idpName: Idp_Name
a000:
fn::invoke:
Function: zpa:getSCIMGroups
Arguments:
name: A000
idpName: Idp_Name
b000:
fn::invoke:
Function: zpa:getSCIMGroups
Arguments:
name: B000
idpName: Idp_Name
LHS and RHS Values
| Object Type | LHS | RHS | VALUES |
|---|---|---|---|
| APP | application_segment_id | ||
| APP_GROUP | segment_group_id | ||
| CLIENT_TYPE | zpn_client_type_zappl, zpn_client_type_exporter, zpn_client_type_browser_isolation, zpn_client_type_ip_anchoring, zpn_client_type_edge_connector, zpn_client_type_branch_connector, zpn_client_type_zapp_partner, zpn_client_type_zapp | ||
| SAML | saml_attribute_id | attribute_value_to_match | |
| SCIM | scim_attribute_id | attribute_value_to_match | |
| SCIM_GROUP | scim_group_attribute_id | attribute_value_to_match | |
| PLATFORM | mac, ios, windows, android, linux | "true" / "false" | |
| POSTURE | posture_udid | "true" / "false" |
Create PolicyAccessTimeOutRuleV2 Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyAccessTimeOutRuleV2(name: string, args?: PolicyAccessTimeOutRuleV2Args, opts?: CustomResourceOptions);@overload
def PolicyAccessTimeOutRuleV2(resource_name: str,
args: Optional[PolicyAccessTimeOutRuleV2Args] = None,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyAccessTimeOutRuleV2(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
conditions: Optional[Sequence[PolicyAccessTimeOutRuleV2ConditionArgs]] = None,
custom_msg: Optional[str] = None,
description: Optional[str] = None,
microtenant_id: Optional[str] = None,
name: Optional[str] = None,
reauth_idle_timeout: Optional[str] = None,
reauth_timeout: Optional[str] = None)func NewPolicyAccessTimeOutRuleV2(ctx *Context, name string, args *PolicyAccessTimeOutRuleV2Args, opts ...ResourceOption) (*PolicyAccessTimeOutRuleV2, error)public PolicyAccessTimeOutRuleV2(string name, PolicyAccessTimeOutRuleV2Args? args = null, CustomResourceOptions? opts = null)
public PolicyAccessTimeOutRuleV2(String name, PolicyAccessTimeOutRuleV2Args args)
public PolicyAccessTimeOutRuleV2(String name, PolicyAccessTimeOutRuleV2Args args, CustomResourceOptions options)
type: zpa:PolicyAccessTimeOutRuleV2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyAccessTimeOutRuleV2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyAccessTimeOutRuleV2Args
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyAccessTimeOutRuleV2Args
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyAccessTimeOutRuleV2Args
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyAccessTimeOutRuleV2Args
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyAccessTimeOutRuleV2Resource = new Zpa.PolicyAccessTimeOutRuleV2("policyAccessTimeOutRuleV2Resource", new()
{
Action = "string",
Conditions = new[]
{
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionArgs
{
Id = "string",
Operands = new[]
{
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandArgs
{
EntryValues = new[]
{
new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
{
Lhs = "string",
Rhs = "string",
},
},
ObjectType = "string",
Values = new[]
{
"string",
},
},
},
Operator = "string",
},
},
CustomMsg = "string",
Description = "string",
MicrotenantId = "string",
Name = "string",
ReauthIdleTimeout = "string",
ReauthTimeout = "string",
});
example, err := zpa.NewPolicyAccessTimeOutRuleV2(ctx, "policyAccessTimeOutRuleV2Resource", &zpa.PolicyAccessTimeOutRuleV2Args{
Action: pulumi.String("string"),
Conditions: zpa.PolicyAccessTimeOutRuleV2ConditionArray{
&zpa.PolicyAccessTimeOutRuleV2ConditionArgs{
Id: pulumi.String("string"),
Operands: zpa.PolicyAccessTimeOutRuleV2ConditionOperandArray{
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs{
EntryValues: zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArray{
&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
Lhs: pulumi.String("string"),
Rhs: pulumi.String("string"),
},
},
ObjectType: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Operator: pulumi.String("string"),
},
},
CustomMsg: pulumi.String("string"),
Description: pulumi.String("string"),
MicrotenantId: pulumi.String("string"),
Name: pulumi.String("string"),
ReauthIdleTimeout: pulumi.String("string"),
ReauthTimeout: pulumi.String("string"),
})
var policyAccessTimeOutRuleV2Resource = new PolicyAccessTimeOutRuleV2("policyAccessTimeOutRuleV2Resource", PolicyAccessTimeOutRuleV2Args.builder()
.action("string")
.conditions(PolicyAccessTimeOutRuleV2ConditionArgs.builder()
.id("string")
.operands(PolicyAccessTimeOutRuleV2ConditionOperandArgs.builder()
.entryValues(PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
.lhs("string")
.rhs("string")
.build())
.objectType("string")
.values("string")
.build())
.operator("string")
.build())
.customMsg("string")
.description("string")
.microtenantId("string")
.name("string")
.reauthIdleTimeout("string")
.reauthTimeout("string")
.build());
policy_access_time_out_rule_v2_resource = zpa.PolicyAccessTimeOutRuleV2("policyAccessTimeOutRuleV2Resource",
action="string",
conditions=[{
"id": "string",
"operands": [{
"entry_values": [{
"lhs": "string",
"rhs": "string",
}],
"object_type": "string",
"values": ["string"],
}],
"operator": "string",
}],
custom_msg="string",
description="string",
microtenant_id="string",
name="string",
reauth_idle_timeout="string",
reauth_timeout="string")
const policyAccessTimeOutRuleV2Resource = new zpa.PolicyAccessTimeOutRuleV2("policyAccessTimeOutRuleV2Resource", {
action: "string",
conditions: [{
id: "string",
operands: [{
entryValues: [{
lhs: "string",
rhs: "string",
}],
objectType: "string",
values: ["string"],
}],
operator: "string",
}],
customMsg: "string",
description: "string",
microtenantId: "string",
name: "string",
reauthIdleTimeout: "string",
reauthTimeout: "string",
});
type: zpa:PolicyAccessTimeOutRuleV2
properties:
action: string
conditions:
- id: string
operands:
- entryValues:
- lhs: string
rhs: string
objectType: string
values:
- string
operator: string
customMsg: string
description: string
microtenantId: string
name: string
reauthIdleTimeout: string
reauthTimeout: string
PolicyAccessTimeOutRuleV2 Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyAccessTimeOutRuleV2 resource accepts the following input properties:
- Action string
- This is for providing the rule action.
- Conditions
List<Zscaler.
Zpa. Inputs. Policy Access Time Out Rule V2Condition> - This is for proviidng the set of conditions for the policy.
- Custom
Msg string - This is for providing a customer message for the user.
- Description string
- This is the description of the access policy.
- Microtenant
Id string - Name string
- This is the name of the policy.
- Reauth
Idle stringTimeout - Reauth
Timeout string
- Action string
- This is for providing the rule action.
- Conditions
[]Policy
Access Time Out Rule V2Condition Args - This is for proviidng the set of conditions for the policy.
- Custom
Msg string - This is for providing a customer message for the user.
- Description string
- This is the description of the access policy.
- Microtenant
Id string - Name string
- This is the name of the policy.
- Reauth
Idle stringTimeout - Reauth
Timeout string
- action String
- This is for providing the rule action.
- conditions
List<Policy
Access Time Out Rule V2Condition> - This is for proviidng the set of conditions for the policy.
- custom
Msg String - This is for providing a customer message for the user.
- description String
- This is the description of the access policy.
- microtenant
Id String - name String
- This is the name of the policy.
- reauth
Idle StringTimeout - reauth
Timeout String
- action string
- This is for providing the rule action.
- conditions
Policy
Access Time Out Rule V2Condition[] - This is for proviidng the set of conditions for the policy.
- custom
Msg string - This is for providing a customer message for the user.
- description string
- This is the description of the access policy.
- microtenant
Id string - name string
- This is the name of the policy.
- reauth
Idle stringTimeout - reauth
Timeout string
- action str
- This is for providing the rule action.
- conditions
Sequence[Policy
Access Time Out Rule V2Condition Args] - This is for proviidng the set of conditions for the policy.
- custom_
msg str - This is for providing a customer message for the user.
- description str
- This is the description of the access policy.
- microtenant_
id str - name str
- This is the name of the policy.
- reauth_
idle_ strtimeout - reauth_
timeout str
- action String
- This is for providing the rule action.
- conditions List<Property Map>
- This is for proviidng the set of conditions for the policy.
- custom
Msg String - This is for providing a customer message for the user.
- description String
- This is the description of the access policy.
- microtenant
Id String - name String
- This is the name of the policy.
- reauth
Idle StringTimeout - reauth
Timeout String
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyAccessTimeOutRuleV2 resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Set stringId
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Set stringId
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Set StringId
- id string
- The provider-assigned unique ID for this managed resource.
- policy
Set stringId
- id str
- The provider-assigned unique ID for this managed resource.
- policy_
set_ strid
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Set StringId
Look up Existing PolicyAccessTimeOutRuleV2 Resource
Get an existing PolicyAccessTimeOutRuleV2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyAccessTimeOutRuleV2State, opts?: CustomResourceOptions): PolicyAccessTimeOutRuleV2@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
conditions: Optional[Sequence[PolicyAccessTimeOutRuleV2ConditionArgs]] = None,
custom_msg: Optional[str] = None,
description: Optional[str] = None,
microtenant_id: Optional[str] = None,
name: Optional[str] = None,
policy_set_id: Optional[str] = None,
reauth_idle_timeout: Optional[str] = None,
reauth_timeout: Optional[str] = None) -> PolicyAccessTimeOutRuleV2func GetPolicyAccessTimeOutRuleV2(ctx *Context, name string, id IDInput, state *PolicyAccessTimeOutRuleV2State, opts ...ResourceOption) (*PolicyAccessTimeOutRuleV2, error)public static PolicyAccessTimeOutRuleV2 Get(string name, Input<string> id, PolicyAccessTimeOutRuleV2State? state, CustomResourceOptions? opts = null)public static PolicyAccessTimeOutRuleV2 get(String name, Output<String> id, PolicyAccessTimeOutRuleV2State state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- This is for providing the rule action.
- Conditions
List<Zscaler.
Zpa. Inputs. Policy Access Time Out Rule V2Condition> - This is for proviidng the set of conditions for the policy.
- Custom
Msg string - This is for providing a customer message for the user.
- Description string
- This is the description of the access policy.
- Microtenant
Id string - Name string
- This is the name of the policy.
- Policy
Set stringId - Reauth
Idle stringTimeout - Reauth
Timeout string
- Action string
- This is for providing the rule action.
- Conditions
[]Policy
Access Time Out Rule V2Condition Args - This is for proviidng the set of conditions for the policy.
- Custom
Msg string - This is for providing a customer message for the user.
- Description string
- This is the description of the access policy.
- Microtenant
Id string - Name string
- This is the name of the policy.
- Policy
Set stringId - Reauth
Idle stringTimeout - Reauth
Timeout string
- action String
- This is for providing the rule action.
- conditions
List<Policy
Access Time Out Rule V2Condition> - This is for proviidng the set of conditions for the policy.
- custom
Msg String - This is for providing a customer message for the user.
- description String
- This is the description of the access policy.
- microtenant
Id String - name String
- This is the name of the policy.
- policy
Set StringId - reauth
Idle StringTimeout - reauth
Timeout String
- action string
- This is for providing the rule action.
- conditions
Policy
Access Time Out Rule V2Condition[] - This is for proviidng the set of conditions for the policy.
- custom
Msg string - This is for providing a customer message for the user.
- description string
- This is the description of the access policy.
- microtenant
Id string - name string
- This is the name of the policy.
- policy
Set stringId - reauth
Idle stringTimeout - reauth
Timeout string
- action str
- This is for providing the rule action.
- conditions
Sequence[Policy
Access Time Out Rule V2Condition Args] - This is for proviidng the set of conditions for the policy.
- custom_
msg str - This is for providing a customer message for the user.
- description str
- This is the description of the access policy.
- microtenant_
id str - name str
- This is the name of the policy.
- policy_
set_ strid - reauth_
idle_ strtimeout - reauth_
timeout str
- action String
- This is for providing the rule action.
- conditions List<Property Map>
- This is for proviidng the set of conditions for the policy.
- custom
Msg String - This is for providing a customer message for the user.
- description String
- This is the description of the access policy.
- microtenant
Id String - name String
- This is the name of the policy.
- policy
Set StringId - reauth
Idle StringTimeout - reauth
Timeout String
Supporting Types
PolicyAccessTimeOutRuleV2Condition, PolicyAccessTimeOutRuleV2ConditionArgs
- Id string
- Operands
List<Zscaler.
Zpa. Inputs. Policy Access Time Out Rule V2Condition Operand> - This signifies the various policy criteria.
- Operator string
- Id string
- Operands
[]Policy
Access Time Out Rule V2Condition Operand - This signifies the various policy criteria.
- Operator string
- id String
- operands
List<Policy
Access Time Out Rule V2Condition Operand> - This signifies the various policy criteria.
- operator String
- id string
- operands
Policy
Access Time Out Rule V2Condition Operand[] - This signifies the various policy criteria.
- operator string
- id str
- operands
Sequence[Policy
Access Time Out Rule V2Condition Operand] - This signifies the various policy criteria.
- operator str
- id String
- operands List<Property Map>
- This signifies the various policy criteria.
- operator String
PolicyAccessTimeOutRuleV2ConditionOperand, PolicyAccessTimeOutRuleV2ConditionOperandArgs
- Entry
Values List<Zscaler.Zpa. Inputs. Policy Access Time Out Rule V2Condition Operand Entry Value> - Object
Type string - This is for specifying the policy critiera.
- Values List<string>
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- Entry
Values []PolicyAccess Time Out Rule V2Condition Operand Entry Value - Object
Type string - This is for specifying the policy critiera.
- Values []string
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- entry
Values List<PolicyAccess Time Out Rule V2Condition Operand Entry Value> - object
Type String - This is for specifying the policy critiera.
- values List<String>
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- entry
Values PolicyAccess Time Out Rule V2Condition Operand Entry Value[] - object
Type string - This is for specifying the policy critiera.
- values string[]
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- entry_
values Sequence[PolicyAccess Time Out Rule V2Condition Operand Entry Value] - object_
type str - This is for specifying the policy critiera.
- values Sequence[str]
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- entry
Values List<Property Map> - object
Type String - This is for specifying the policy critiera.
- values List<String>
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
PolicyAccessTimeOutRuleV2ConditionOperandEntryValue, PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language.
Visit
Policy access timeout rule can be imported by using <RULE ID> as the import ID.
For example:
$ pulumi import zpa:index/policyAccessTimeOutRuleV2:PolicyAccessTimeOutRuleV2 example <rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zpa zscaler/pulumi-zpa
- License
- MIT
- Notes
- This Pulumi package is based on the
zpaTerraform Provider.