zpa.PolicyCapabilitiesRule
Explore with Pulumi AI
The zpa_policy_capabilities_rule resource creates a policy capabilities rule in the Zscaler Private Access cloud.
⚠️ WARNING:: The attribute rule_order
is now deprecated in favor of the new resource policy_access_rule_reorder
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as zpa from "@bdzscaler/pulumi-zpa";
import * as zpa from "@pulumi/zpa";
const thisIdPController = zpa.getIdPController({
name: "IdP_Users",
});
const emailUserSso = zpa.getSAMLAttribute({
name: "Email_IdP_Users",
idpName: "IdP_Users",
});
const groupUser = zpa.getSAMLAttribute({
name: "GroupName_IdP_Users",
idpName: "IdP_Users",
});
const a000 = zpa.getSCIMGroups({
name: "A000",
idpName: "IdP_Users",
});
const b000 = zpa.getSCIMGroups({
name: "B000",
idpName: "IdP_Users",
});
const thisPolicyCapabilitiesRule = new zpa.PolicyCapabilitiesRule("thisPolicyCapabilitiesRule", {
description: "Example",
action: "CHECK_CAPABILITIES",
privilegedCapabilities: {
fileUpload: true,
fileDownload: true,
inspectFileUpload: true,
clipboardCopy: true,
clipboardPaste: true,
recordSession: true,
},
conditions: [{
operator: "OR",
operands: [
{
objectType: "SAML",
entryValues: [
{
rhs: "user1@example.com",
lhs: emailUserSso.then(emailUserSso => emailUserSso.id),
},
{
rhs: "A000",
lhs: groupUser.then(groupUser => groupUser.id),
},
],
},
{
objectType: "SCIM_GROUP",
entryValues: [
{
rhs: a000.then(a000 => a000.id),
lhs: thisIdPController.then(thisIdPController => thisIdPController.id),
},
{
rhs: b000.then(b000 => b000.id),
lhs: thisIdPController.then(thisIdPController => thisIdPController.id),
},
],
},
],
}],
});
import pulumi
import pulumi_zpa as zpa
import zscaler_pulumi_zpa as zpa
this_id_p_controller = zpa.get_id_p_controller(name="IdP_Users")
email_user_sso = zpa.get_saml_attribute(name="Email_IdP_Users",
idp_name="IdP_Users")
group_user = zpa.get_saml_attribute(name="GroupName_IdP_Users",
idp_name="IdP_Users")
a000 = zpa.get_scim_groups(name="A000",
idp_name="IdP_Users")
b000 = zpa.get_scim_groups(name="B000",
idp_name="IdP_Users")
this_policy_capabilities_rule = zpa.PolicyCapabilitiesRule("thisPolicyCapabilitiesRule",
description="Example",
action="CHECK_CAPABILITIES",
privileged_capabilities=zpa.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs(
file_upload=True,
file_download=True,
inspect_file_upload=True,
clipboard_copy=True,
clipboard_paste=True,
record_session=True,
),
conditions=[zpa.PolicyCapabilitiesRuleConditionArgs(
operator="OR",
operands=[
zpa.PolicyCapabilitiesRuleConditionOperandArgs(
object_type="SAML",
entry_values=[
zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs(
rhs="user1@example.com",
lhs=email_user_sso.id,
),
zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs(
rhs="A000",
lhs=group_user.id,
),
],
),
zpa.PolicyCapabilitiesRuleConditionOperandArgs(
object_type="SCIM_GROUP",
entry_values=[
zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs(
rhs=a000.id,
lhs=this_id_p_controller.id,
),
zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs(
rhs=b000.id,
lhs=this_id_p_controller.id,
),
],
),
],
)])
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/zscaler/pulumi-zpa/sdk/go/zpa"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
thisIdPController, err := zpa.GetIdPController(ctx, &zpa.GetIdPControllerArgs{
Name: pulumi.StringRef("IdP_Users"),
}, nil)
if err != nil {
return err
}
emailUserSso, err := zpa.GetSAMLAttribute(ctx, &zpa.GetSAMLAttributeArgs{
Name: pulumi.StringRef("Email_IdP_Users"),
IdpName: pulumi.StringRef("IdP_Users"),
}, nil)
if err != nil {
return err
}
groupUser, err := zpa.GetSAMLAttribute(ctx, &zpa.GetSAMLAttributeArgs{
Name: pulumi.StringRef("GroupName_IdP_Users"),
IdpName: pulumi.StringRef("IdP_Users"),
}, nil)
if err != nil {
return err
}
a000, err := zpa.GetSCIMGroups(ctx, &zpa.GetSCIMGroupsArgs{
Name: pulumi.StringRef("A000"),
IdpName: pulumi.StringRef("IdP_Users"),
}, nil)
if err != nil {
return err
}
b000, err := zpa.GetSCIMGroups(ctx, &zpa.GetSCIMGroupsArgs{
Name: pulumi.StringRef("B000"),
IdpName: pulumi.StringRef("IdP_Users"),
}, nil)
if err != nil {
return err
}
_, err = zpa.NewPolicyCapabilitiesRule(ctx, "thisPolicyCapabilitiesRule", &zpa.PolicyCapabilitiesRuleArgs{
Description: pulumi.String("Example"),
Action: pulumi.String("CHECK_CAPABILITIES"),
PrivilegedCapabilities: &zpa.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs{
FileUpload: pulumi.Bool(true),
FileDownload: pulumi.Bool(true),
InspectFileUpload: pulumi.Bool(true),
ClipboardCopy: pulumi.Bool(true),
ClipboardPaste: pulumi.Bool(true),
RecordSession: pulumi.Bool(true),
},
Conditions: zpa.PolicyCapabilitiesRuleConditionArray{
&zpa.PolicyCapabilitiesRuleConditionArgs{
Operator: pulumi.String("OR"),
Operands: zpa.PolicyCapabilitiesRuleConditionOperandArray{
&zpa.PolicyCapabilitiesRuleConditionOperandArgs{
ObjectType: pulumi.String("SAML"),
EntryValues: zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArray{
&zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs{
Rhs: pulumi.String("user1@example.com"),
Lhs: pulumi.String(emailUserSso.Id),
},
&zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs{
Rhs: pulumi.String("A000"),
Lhs: pulumi.String(groupUser.Id),
},
},
},
&zpa.PolicyCapabilitiesRuleConditionOperandArgs{
ObjectType: pulumi.String("SCIM_GROUP"),
EntryValues: zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArray{
&zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs{
Rhs: pulumi.String(a000.Id),
Lhs: pulumi.String(thisIdPController.Id),
},
&zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs{
Rhs: pulumi.String(b000.Id),
Lhs: pulumi.String(thisIdPController.Id),
},
},
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zpa = Pulumi.Zpa;
using Zpa = Zscaler.Zpa;
return await Deployment.RunAsync(() =>
{
var thisIdPController = Zpa.GetIdPController.Invoke(new()
{
Name = "IdP_Users",
});
var emailUserSso = Zpa.GetSAMLAttribute.Invoke(new()
{
Name = "Email_IdP_Users",
IdpName = "IdP_Users",
});
var groupUser = Zpa.GetSAMLAttribute.Invoke(new()
{
Name = "GroupName_IdP_Users",
IdpName = "IdP_Users",
});
var a000 = Zpa.GetSCIMGroups.Invoke(new()
{
Name = "A000",
IdpName = "IdP_Users",
});
var b000 = Zpa.GetSCIMGroups.Invoke(new()
{
Name = "B000",
IdpName = "IdP_Users",
});
var thisPolicyCapabilitiesRule = new Zpa.PolicyCapabilitiesRule("thisPolicyCapabilitiesRule", new()
{
Description = "Example",
Action = "CHECK_CAPABILITIES",
PrivilegedCapabilities = new Zpa.Inputs.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs
{
FileUpload = true,
FileDownload = true,
InspectFileUpload = true,
ClipboardCopy = true,
ClipboardPaste = true,
RecordSession = true,
},
Conditions = new[]
{
new Zpa.Inputs.PolicyCapabilitiesRuleConditionArgs
{
Operator = "OR",
Operands = new[]
{
new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandArgs
{
ObjectType = "SAML",
EntryValues = new[]
{
new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandEntryValueArgs
{
Rhs = "user1@example.com",
Lhs = emailUserSso.Apply(getSAMLAttributeResult => getSAMLAttributeResult.Id),
},
new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandEntryValueArgs
{
Rhs = "A000",
Lhs = groupUser.Apply(getSAMLAttributeResult => getSAMLAttributeResult.Id),
},
},
},
new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandArgs
{
ObjectType = "SCIM_GROUP",
EntryValues = new[]
{
new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandEntryValueArgs
{
Rhs = a000.Apply(getSCIMGroupsResult => getSCIMGroupsResult.Id),
Lhs = thisIdPController.Apply(getIdPControllerResult => getIdPControllerResult.Id),
},
new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandEntryValueArgs
{
Rhs = b000.Apply(getSCIMGroupsResult => getSCIMGroupsResult.Id),
Lhs = thisIdPController.Apply(getIdPControllerResult => getIdPControllerResult.Id),
},
},
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zpa.ZpaFunctions;
import com.pulumi.zpa.inputs.GetIdPControllerArgs;
import com.pulumi.zpa.inputs.GetSAMLAttributeArgs;
import com.pulumi.zpa.inputs.GetSCIMGroupsArgs;
import com.pulumi.zpa.PolicyCapabilitiesRule;
import com.pulumi.zpa.PolicyCapabilitiesRuleArgs;
import com.pulumi.zpa.inputs.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs;
import com.pulumi.zpa.inputs.PolicyCapabilitiesRuleConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var thisIdPController = ZpaFunctions.getIdPController(GetIdPControllerArgs.builder()
.name("IdP_Users")
.build());
final var emailUserSso = ZpaFunctions.getSAMLAttribute(GetSAMLAttributeArgs.builder()
.name("Email_IdP_Users")
.idpName("IdP_Users")
.build());
final var groupUser = ZpaFunctions.getSAMLAttribute(GetSAMLAttributeArgs.builder()
.name("GroupName_IdP_Users")
.idpName("IdP_Users")
.build());
final var a000 = ZpaFunctions.getSCIMGroups(GetSCIMGroupsArgs.builder()
.name("A000")
.idpName("IdP_Users")
.build());
final var b000 = ZpaFunctions.getSCIMGroups(GetSCIMGroupsArgs.builder()
.name("B000")
.idpName("IdP_Users")
.build());
var thisPolicyCapabilitiesRule = new PolicyCapabilitiesRule("thisPolicyCapabilitiesRule", PolicyCapabilitiesRuleArgs.builder()
.description("Example")
.action("CHECK_CAPABILITIES")
.privilegedCapabilities(PolicyCapabilitiesRulePrivilegedCapabilitiesArgs.builder()
.fileUpload(true)
.fileDownload(true)
.inspectFileUpload(true)
.clipboardCopy(true)
.clipboardPaste(true)
.recordSession(true)
.build())
.conditions(PolicyCapabilitiesRuleConditionArgs.builder()
.operator("OR")
.operands(
PolicyCapabilitiesRuleConditionOperandArgs.builder()
.objectType("SAML")
.entryValues(
PolicyCapabilitiesRuleConditionOperandEntryValueArgs.builder()
.rhs("user1@example.com")
.lhs(emailUserSso.applyValue(getSAMLAttributeResult -> getSAMLAttributeResult.id()))
.build(),
PolicyCapabilitiesRuleConditionOperandEntryValueArgs.builder()
.rhs("A000")
.lhs(groupUser.applyValue(getSAMLAttributeResult -> getSAMLAttributeResult.id()))
.build())
.build(),
PolicyCapabilitiesRuleConditionOperandArgs.builder()
.objectType("SCIM_GROUP")
.entryValues(
PolicyCapabilitiesRuleConditionOperandEntryValueArgs.builder()
.rhs(a000.applyValue(getSCIMGroupsResult -> getSCIMGroupsResult.id()))
.lhs(thisIdPController.applyValue(getIdPControllerResult -> getIdPControllerResult.id()))
.build(),
PolicyCapabilitiesRuleConditionOperandEntryValueArgs.builder()
.rhs(b000.applyValue(getSCIMGroupsResult -> getSCIMGroupsResult.id()))
.lhs(thisIdPController.applyValue(getIdPControllerResult -> getIdPControllerResult.id()))
.build())
.build())
.build())
.build());
}
}
resources:
thisPolicyCapabilitiesRule:
type: zpa:PolicyCapabilitiesRule
properties:
description: Example
action: CHECK_CAPABILITIES
privilegedCapabilities:
fileUpload: true
fileDownload: true
inspectFileUpload: true
clipboardCopy: true
clipboardPaste: true
recordSession: true
conditions:
- operator: OR
operands:
- objectType: SAML
entryValues:
- rhs: user1@example.com
lhs: ${emailUserSso.id}
- rhs: A000
lhs: ${groupUser.id}
- objectType: SCIM_GROUP
entryValues:
- rhs: ${a000.id}
lhs: ${thisIdPController.id}
- rhs: ${b000.id}
lhs: ${thisIdPController.id}
variables:
thisIdPController:
fn::invoke:
Function: zpa:getIdPController
Arguments:
name: IdP_Users
emailUserSso:
fn::invoke:
Function: zpa:getSAMLAttribute
Arguments:
name: Email_IdP_Users
idpName: IdP_Users
groupUser:
fn::invoke:
Function: zpa:getSAMLAttribute
Arguments:
name: GroupName_IdP_Users
idpName: IdP_Users
a000:
fn::invoke:
Function: zpa:getSCIMGroups
Arguments:
name: A000
idpName: IdP_Users
b000:
fn::invoke:
Function: zpa:getSCIMGroups
Arguments:
name: B000
idpName: IdP_Users
LHS and RHS Values
Object Type | LHS | RHS | VALUES |
---|---|---|---|
APP | application_segment_id | ||
APP_GROUP | segment_group_id | ||
SAML | saml_attribute_id | attribute_value_to_match | |
SCIM | scim_attribute_id | attribute_value_to_match | |
SCIM_GROUP | scim_group_attribute_id | attribute_value_to_match |
Create PolicyCapabilitiesRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PolicyCapabilitiesRule(name: string, args?: PolicyCapabilitiesRuleArgs, opts?: CustomResourceOptions);
@overload
def PolicyCapabilitiesRule(resource_name: str,
args: Optional[PolicyCapabilitiesRuleArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def PolicyCapabilitiesRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
conditions: Optional[Sequence[PolicyCapabilitiesRuleConditionArgs]] = None,
description: Optional[str] = None,
microtenant_id: Optional[str] = None,
name: Optional[str] = None,
privileged_capabilities: Optional[PolicyCapabilitiesRulePrivilegedCapabilitiesArgs] = None)
func NewPolicyCapabilitiesRule(ctx *Context, name string, args *PolicyCapabilitiesRuleArgs, opts ...ResourceOption) (*PolicyCapabilitiesRule, error)
public PolicyCapabilitiesRule(string name, PolicyCapabilitiesRuleArgs? args = null, CustomResourceOptions? opts = null)
public PolicyCapabilitiesRule(String name, PolicyCapabilitiesRuleArgs args)
public PolicyCapabilitiesRule(String name, PolicyCapabilitiesRuleArgs args, CustomResourceOptions options)
type: zpa:PolicyCapabilitiesRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PolicyCapabilitiesRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PolicyCapabilitiesRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PolicyCapabilitiesRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PolicyCapabilitiesRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PolicyCapabilitiesRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var policyCapabilitiesRuleResource = new Zpa.PolicyCapabilitiesRule("policyCapabilitiesRuleResource", new()
{
Action = "string",
Conditions = new[]
{
new Zpa.Inputs.PolicyCapabilitiesRuleConditionArgs
{
Id = "string",
Operands = new[]
{
new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandArgs
{
EntryValues = new[]
{
new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandEntryValueArgs
{
Lhs = "string",
Rhs = "string",
},
},
ObjectType = "string",
Values = new[]
{
"string",
},
},
},
Operator = "string",
},
},
Description = "string",
MicrotenantId = "string",
Name = "string",
PrivilegedCapabilities = new Zpa.Inputs.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs
{
ClipboardCopy = false,
ClipboardPaste = false,
FileDownload = false,
FileUpload = false,
InspectFileDownload = false,
InspectFileUpload = false,
MonitorSession = false,
RecordSession = false,
ShareSession = false,
},
});
example, err := zpa.NewPolicyCapabilitiesRule(ctx, "policyCapabilitiesRuleResource", &zpa.PolicyCapabilitiesRuleArgs{
Action: pulumi.String("string"),
Conditions: zpa.PolicyCapabilitiesRuleConditionArray{
&zpa.PolicyCapabilitiesRuleConditionArgs{
Id: pulumi.String("string"),
Operands: zpa.PolicyCapabilitiesRuleConditionOperandArray{
&zpa.PolicyCapabilitiesRuleConditionOperandArgs{
EntryValues: zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArray{
&zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs{
Lhs: pulumi.String("string"),
Rhs: pulumi.String("string"),
},
},
ObjectType: pulumi.String("string"),
Values: pulumi.StringArray{
pulumi.String("string"),
},
},
},
Operator: pulumi.String("string"),
},
},
Description: pulumi.String("string"),
MicrotenantId: pulumi.String("string"),
Name: pulumi.String("string"),
PrivilegedCapabilities: &zpa.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs{
ClipboardCopy: pulumi.Bool(false),
ClipboardPaste: pulumi.Bool(false),
FileDownload: pulumi.Bool(false),
FileUpload: pulumi.Bool(false),
InspectFileDownload: pulumi.Bool(false),
InspectFileUpload: pulumi.Bool(false),
MonitorSession: pulumi.Bool(false),
RecordSession: pulumi.Bool(false),
ShareSession: pulumi.Bool(false),
},
})
var policyCapabilitiesRuleResource = new PolicyCapabilitiesRule("policyCapabilitiesRuleResource", PolicyCapabilitiesRuleArgs.builder()
.action("string")
.conditions(PolicyCapabilitiesRuleConditionArgs.builder()
.id("string")
.operands(PolicyCapabilitiesRuleConditionOperandArgs.builder()
.entryValues(PolicyCapabilitiesRuleConditionOperandEntryValueArgs.builder()
.lhs("string")
.rhs("string")
.build())
.objectType("string")
.values("string")
.build())
.operator("string")
.build())
.description("string")
.microtenantId("string")
.name("string")
.privilegedCapabilities(PolicyCapabilitiesRulePrivilegedCapabilitiesArgs.builder()
.clipboardCopy(false)
.clipboardPaste(false)
.fileDownload(false)
.fileUpload(false)
.inspectFileDownload(false)
.inspectFileUpload(false)
.monitorSession(false)
.recordSession(false)
.shareSession(false)
.build())
.build());
policy_capabilities_rule_resource = zpa.PolicyCapabilitiesRule("policyCapabilitiesRuleResource",
action="string",
conditions=[{
"id": "string",
"operands": [{
"entry_values": [{
"lhs": "string",
"rhs": "string",
}],
"object_type": "string",
"values": ["string"],
}],
"operator": "string",
}],
description="string",
microtenant_id="string",
name="string",
privileged_capabilities={
"clipboard_copy": False,
"clipboard_paste": False,
"file_download": False,
"file_upload": False,
"inspect_file_download": False,
"inspect_file_upload": False,
"monitor_session": False,
"record_session": False,
"share_session": False,
})
const policyCapabilitiesRuleResource = new zpa.PolicyCapabilitiesRule("policyCapabilitiesRuleResource", {
action: "string",
conditions: [{
id: "string",
operands: [{
entryValues: [{
lhs: "string",
rhs: "string",
}],
objectType: "string",
values: ["string"],
}],
operator: "string",
}],
description: "string",
microtenantId: "string",
name: "string",
privilegedCapabilities: {
clipboardCopy: false,
clipboardPaste: false,
fileDownload: false,
fileUpload: false,
inspectFileDownload: false,
inspectFileUpload: false,
monitorSession: false,
recordSession: false,
shareSession: false,
},
});
type: zpa:PolicyCapabilitiesRule
properties:
action: string
conditions:
- id: string
operands:
- entryValues:
- lhs: string
rhs: string
objectType: string
values:
- string
operator: string
description: string
microtenantId: string
name: string
privilegedCapabilities:
clipboardCopy: false
clipboardPaste: false
fileDownload: false
fileUpload: false
inspectFileDownload: false
inspectFileUpload: false
monitorSession: false
recordSession: false
shareSession: false
PolicyCapabilitiesRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PolicyCapabilitiesRule resource accepts the following input properties:
- Action string
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- Conditions
List<Zscaler.
Zpa. Inputs. Policy Capabilities Rule Condition> - This is for proviidng the set of conditions for the policy.
- Description string
- This is the description of the access policy.
- Microtenant
Id string - Name string
- This is the name of the policy rule.
- Privileged
Capabilities Zscaler.Zpa. Inputs. Policy Capabilities Rule Privileged Capabilities
- Action string
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- Conditions
[]Policy
Capabilities Rule Condition Args - This is for proviidng the set of conditions for the policy.
- Description string
- This is the description of the access policy.
- Microtenant
Id string - Name string
- This is the name of the policy rule.
- Privileged
Capabilities PolicyCapabilities Rule Privileged Capabilities Args
- action String
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- conditions
List<Policy
Capabilities Rule Condition> - This is for proviidng the set of conditions for the policy.
- description String
- This is the description of the access policy.
- microtenant
Id String - name String
- This is the name of the policy rule.
- privileged
Capabilities PolicyCapabilities Rule Privileged Capabilities
- action string
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- conditions
Policy
Capabilities Rule Condition[] - This is for proviidng the set of conditions for the policy.
- description string
- This is the description of the access policy.
- microtenant
Id string - name string
- This is the name of the policy rule.
- privileged
Capabilities PolicyCapabilities Rule Privileged Capabilities
- action str
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- conditions
Sequence[Policy
Capabilities Rule Condition Args] - This is for proviidng the set of conditions for the policy.
- description str
- This is the description of the access policy.
- microtenant_
id str - name str
- This is the name of the policy rule.
- privileged_
capabilities PolicyCapabilities Rule Privileged Capabilities Args
- action String
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- conditions List<Property Map>
- This is for proviidng the set of conditions for the policy.
- description String
- This is the description of the access policy.
- microtenant
Id String - name String
- This is the name of the policy rule.
- privileged
Capabilities Property Map
Outputs
All input properties are implicitly available as output properties. Additionally, the PolicyCapabilitiesRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Set stringId
- Id string
- The provider-assigned unique ID for this managed resource.
- Policy
Set stringId
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Set StringId
- id string
- The provider-assigned unique ID for this managed resource.
- policy
Set stringId
- id str
- The provider-assigned unique ID for this managed resource.
- policy_
set_ strid
- id String
- The provider-assigned unique ID for this managed resource.
- policy
Set StringId
Look up Existing PolicyCapabilitiesRule Resource
Get an existing PolicyCapabilitiesRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PolicyCapabilitiesRuleState, opts?: CustomResourceOptions): PolicyCapabilitiesRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
action: Optional[str] = None,
conditions: Optional[Sequence[PolicyCapabilitiesRuleConditionArgs]] = None,
description: Optional[str] = None,
microtenant_id: Optional[str] = None,
name: Optional[str] = None,
policy_set_id: Optional[str] = None,
privileged_capabilities: Optional[PolicyCapabilitiesRulePrivilegedCapabilitiesArgs] = None) -> PolicyCapabilitiesRule
func GetPolicyCapabilitiesRule(ctx *Context, name string, id IDInput, state *PolicyCapabilitiesRuleState, opts ...ResourceOption) (*PolicyCapabilitiesRule, error)
public static PolicyCapabilitiesRule Get(string name, Input<string> id, PolicyCapabilitiesRuleState? state, CustomResourceOptions? opts = null)
public static PolicyCapabilitiesRule get(String name, Output<String> id, PolicyCapabilitiesRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Action string
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- Conditions
List<Zscaler.
Zpa. Inputs. Policy Capabilities Rule Condition> - This is for proviidng the set of conditions for the policy.
- Description string
- This is the description of the access policy.
- Microtenant
Id string - Name string
- This is the name of the policy rule.
- Policy
Set stringId - Privileged
Capabilities Zscaler.Zpa. Inputs. Policy Capabilities Rule Privileged Capabilities
- Action string
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- Conditions
[]Policy
Capabilities Rule Condition Args - This is for proviidng the set of conditions for the policy.
- Description string
- This is the description of the access policy.
- Microtenant
Id string - Name string
- This is the name of the policy rule.
- Policy
Set stringId - Privileged
Capabilities PolicyCapabilities Rule Privileged Capabilities Args
- action String
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- conditions
List<Policy
Capabilities Rule Condition> - This is for proviidng the set of conditions for the policy.
- description String
- This is the description of the access policy.
- microtenant
Id String - name String
- This is the name of the policy rule.
- policy
Set StringId - privileged
Capabilities PolicyCapabilities Rule Privileged Capabilities
- action string
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- conditions
Policy
Capabilities Rule Condition[] - This is for proviidng the set of conditions for the policy.
- description string
- This is the description of the access policy.
- microtenant
Id string - name string
- This is the name of the policy rule.
- policy
Set stringId - privileged
Capabilities PolicyCapabilities Rule Privileged Capabilities
- action str
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- conditions
Sequence[Policy
Capabilities Rule Condition Args] - This is for proviidng the set of conditions for the policy.
- description str
- This is the description of the access policy.
- microtenant_
id str - name str
- This is the name of the policy rule.
- policy_
set_ strid - privileged_
capabilities PolicyCapabilities Rule Privileged Capabilities Args
- action String
- This is for providing the rule action. Supported value:
CHECK_CAPABILITIES
- conditions List<Property Map>
- This is for proviidng the set of conditions for the policy.
- description String
- This is the description of the access policy.
- microtenant
Id String - name String
- This is the name of the policy rule.
- policy
Set StringId - privileged
Capabilities Property Map
Supporting Types
PolicyCapabilitiesRuleCondition, PolicyCapabilitiesRuleConditionArgs
- Id string
- Operands
List<Zscaler.
Zpa. Inputs. Policy Capabilities Rule Condition Operand> - This signifies the various policy criteria.
- Operator string
- Id string
- Operands
[]Policy
Capabilities Rule Condition Operand - This signifies the various policy criteria.
- Operator string
- id String
- operands
List<Policy
Capabilities Rule Condition Operand> - This signifies the various policy criteria.
- operator String
- id string
- operands
Policy
Capabilities Rule Condition Operand[] - This signifies the various policy criteria.
- operator string
- id str
- operands
Sequence[Policy
Capabilities Rule Condition Operand] - This signifies the various policy criteria.
- operator str
- id String
- operands List<Property Map>
- This signifies the various policy criteria.
- operator String
PolicyCapabilitiesRuleConditionOperand, PolicyCapabilitiesRuleConditionOperandArgs
- Entry
Values List<Zscaler.Zpa. Inputs. Policy Capabilities Rule Condition Operand Entry Value> - Object
Type string - This is for specifying the policy critiera.
- Values List<string>
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- Entry
Values []PolicyCapabilities Rule Condition Operand Entry Value - Object
Type string - This is for specifying the policy critiera.
- Values []string
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- entry
Values List<PolicyCapabilities Rule Condition Operand Entry Value> - object
Type String - This is for specifying the policy critiera.
- values List<String>
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- entry
Values PolicyCapabilities Rule Condition Operand Entry Value[] - object
Type string - This is for specifying the policy critiera.
- values string[]
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- entry_
values Sequence[PolicyCapabilities Rule Condition Operand Entry Value] - object_
type str - This is for specifying the policy critiera.
- values Sequence[str]
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
- entry
Values List<Property Map> - object
Type String - This is for specifying the policy critiera.
- values List<String>
- This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
PolicyCapabilitiesRuleConditionOperandEntryValue, PolicyCapabilitiesRuleConditionOperandEntryValueArgs
PolicyCapabilitiesRulePrivilegedCapabilities, PolicyCapabilitiesRulePrivilegedCapabilitiesArgs
- Clipboard
Copy bool - Indicates the PRA Clipboard Copy function
- Clipboard
Paste bool - Indicates the PRA Clipboard Paste function
- File
Download bool - Indicates the PRA File Transfer capabilities that enables the File Download function
- File
Upload bool - Indicates the PRA File Transfer capabilities that enables the File Upload function
- Inspect
File boolDownload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
- Inspect
File boolUpload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
- Monitor
Session bool - Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
- Record
Session bool - Indicates the PRA Session Recording capabilities to enable PRA Session Recording
- bool
- Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring
- Clipboard
Copy bool - Indicates the PRA Clipboard Copy function
- Clipboard
Paste bool - Indicates the PRA Clipboard Paste function
- File
Download bool - Indicates the PRA File Transfer capabilities that enables the File Download function
- File
Upload bool - Indicates the PRA File Transfer capabilities that enables the File Upload function
- Inspect
File boolDownload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
- Inspect
File boolUpload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
- Monitor
Session bool - Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
- Record
Session bool - Indicates the PRA Session Recording capabilities to enable PRA Session Recording
- bool
- Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring
- clipboard
Copy Boolean - Indicates the PRA Clipboard Copy function
- clipboard
Paste Boolean - Indicates the PRA Clipboard Paste function
- file
Download Boolean - Indicates the PRA File Transfer capabilities that enables the File Download function
- file
Upload Boolean - Indicates the PRA File Transfer capabilities that enables the File Upload function
- inspect
File BooleanDownload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
- inspect
File BooleanUpload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
- monitor
Session Boolean - Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
- record
Session Boolean - Indicates the PRA Session Recording capabilities to enable PRA Session Recording
- Boolean
- Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring
- clipboard
Copy boolean - Indicates the PRA Clipboard Copy function
- clipboard
Paste boolean - Indicates the PRA Clipboard Paste function
- file
Download boolean - Indicates the PRA File Transfer capabilities that enables the File Download function
- file
Upload boolean - Indicates the PRA File Transfer capabilities that enables the File Upload function
- inspect
File booleanDownload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
- inspect
File booleanUpload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
- monitor
Session boolean - Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
- record
Session boolean - Indicates the PRA Session Recording capabilities to enable PRA Session Recording
- boolean
- Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring
- clipboard_
copy bool - Indicates the PRA Clipboard Copy function
- clipboard_
paste bool - Indicates the PRA Clipboard Paste function
- file_
download bool - Indicates the PRA File Transfer capabilities that enables the File Download function
- file_
upload bool - Indicates the PRA File Transfer capabilities that enables the File Upload function
- inspect_
file_ booldownload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
- inspect_
file_ boolupload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
- monitor_
session bool - Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
- record_
session bool - Indicates the PRA Session Recording capabilities to enable PRA Session Recording
- bool
- Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring
- clipboard
Copy Boolean - Indicates the PRA Clipboard Copy function
- clipboard
Paste Boolean - Indicates the PRA Clipboard Paste function
- file
Download Boolean - Indicates the PRA File Transfer capabilities that enables the File Download function
- file
Upload Boolean - Indicates the PRA File Transfer capabilities that enables the File Upload function
- inspect
File BooleanDownload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
- inspect
File BooleanUpload - Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
- monitor
Session Boolean - Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
- record
Session Boolean - Indicates the PRA Session Recording capabilities to enable PRA Session Recording
- Boolean
- Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language.
Visit
Policy access capability can be imported by using <RULE ID>
as the import ID.
For example:
$ pulumi import zpa:index/policyCapabilitiesRule:PolicyCapabilitiesRule example <rule_id>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zpa zscaler/pulumi-zpa
- License
- MIT
- Notes
- This Pulumi package is based on the
zpa
Terraform Provider.