zpa.PraApprovalController
Explore with Pulumi AI
The zpa_pra_approval_controller resource creates a privileged remote access approval in the Zscaler Private Access cloud. This resource allows third-party users and contractors to be able to log in to a Privileged Remote Access (PRA) portal.
Example Usage
Coming soon!
Coming soon!
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zpa.SegmentGroup;
import com.pulumi.zpa.SegmentGroupArgs;
import com.pulumi.zpa.ConnectorGroup;
import com.pulumi.zpa.ConnectorGroupArgs;
import com.pulumi.zpa.ServerGroup;
import com.pulumi.zpa.ServerGroupArgs;
import com.pulumi.zpa.inputs.ServerGroupAppConnectorGroupArgs;
import com.pulumi.zpa.ApplicationSegment;
import com.pulumi.zpa.ApplicationSegmentArgs;
import com.pulumi.zpa.inputs.ApplicationSegmentServerGroupArgs;
import com.pulumi.zpa.PRAApproval;
import com.pulumi.zpa.PRAApprovalArgs;
import com.pulumi.zpa.inputs.PRAApprovalApplicationArgs;
import com.pulumi.zpa.inputs.PRAApprovalWorkingHourArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// ZPA Segment Group resource
var thisSegmentGroup = new SegmentGroup("thisSegmentGroup", SegmentGroupArgs.builder()
.description("Example")
.enabled(true)
.build());
// ZPA App Connector Group resource
var thisConnectorGroup = new ConnectorGroup("thisConnectorGroup", ConnectorGroupArgs.builder()
.description("Example")
.enabled(true)
.cityCountry("San Jose, CA")
.countryCode("US")
.latitude("37.338")
.longitude("-121.8863")
.location("San Jose, CA, US")
.upgradeDay("SUNDAY")
.upgradeTimeInSecs("66600")
.overrideVersionProfile(true)
.versionProfileId(0)
.dnsQueryType("IPV4")
.build());
// ZPA Server Group resource
var thisServerGroup = new ServerGroup("thisServerGroup", ServerGroupArgs.builder()
.description("Example")
.enabled(true)
.dynamicDiscovery(false)
.appConnectorGroups(ServerGroupAppConnectorGroupArgs.builder()
.ids(thisConnectorGroup.id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(thisConnectorGroup)
.build());
// ZPA Application Segment resource
var thisApplicationSegment = new ApplicationSegment("thisApplicationSegment", ApplicationSegmentArgs.builder()
.description("Example")
.enabled(true)
.healthReporting("ON_ACCESS")
.bypassType("NEVER")
.isCnameEnabled(true)
.tcpPortRanges(
"8080",
"8080")
.domainNames("server.acme.com")
.segmentGroupId(thisSegmentGroup.id())
.serverGroups(ApplicationSegmentServerGroupArgs.builder()
.ids(thisServerGroup.id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
thisServerGroup,
thisSegmentGroup)
.build());
// Create PRA Approval Controller
var thisPRAApproval = new PRAApproval("thisPRAApproval", PRAApprovalArgs.builder()
.emailIds("jdoe@acme.com")
.startTime("Tue, 07 Mar 2024 11:05:30 PST")
.endTime("Tue, 07 Jun 2024 11:05:30 PST")
.status("FUTURE")
.applications(PRAApprovalApplicationArgs.builder()
.ids(thisApplicationSegment.id())
.build())
.workingHours(PRAApprovalWorkingHourArgs.builder()
.days(
"FRI",
"MON",
"SAT",
"SUN",
"THU",
"TUE",
"WED")
.startTime("00:10")
.startTimeCron("0 0 8 ? * MON,TUE,WED,THU,FRI,SAT")
.endTime("09:15")
.endTimeCron("0 15 17 ? * MON,TUE,WED,THU,FRI,SAT")
.timezone("America/Vancouver")
.build())
.build());
}
}
resources:
# ZPA Application Segment resource
thisApplicationSegment:
type: zpa:ApplicationSegment
properties:
description: Example
enabled: true
healthReporting: ON_ACCESS
bypassType: NEVER
isCnameEnabled: true
tcpPortRanges:
- '8080'
- '8080'
domainNames:
- server.acme.com
segmentGroupId: ${thisSegmentGroup.id}
serverGroups:
- ids:
- ${thisServerGroup.id}
options:
dependson:
- ${thisServerGroup}
- ${thisSegmentGroup}
# ZPA Segment Group resource
thisSegmentGroup:
type: zpa:SegmentGroup
properties:
description: Example
enabled: true
# ZPA Server Group resource
thisServerGroup:
type: zpa:ServerGroup
properties:
description: Example
enabled: true
dynamicDiscovery: false
appConnectorGroups:
- ids:
- ${thisConnectorGroup.id}
options:
dependson:
- ${thisConnectorGroup}
# ZPA App Connector Group resource
thisConnectorGroup:
type: zpa:ConnectorGroup
properties:
description: Example
enabled: true
cityCountry: San Jose, CA
countryCode: US
latitude: '37.338'
longitude: '-121.8863'
location: San Jose, CA, US
upgradeDay: SUNDAY
upgradeTimeInSecs: '66600'
overrideVersionProfile: true
versionProfileId: 0
dnsQueryType: IPV4
# Create PRA Approval Controller
thisPRAApproval:
type: zpa:PRAApproval
properties:
emailIds:
- jdoe@acme.com
startTime: Tue, 07 Mar 2024 11:05:30 PST
endTime: Tue, 07 Jun 2024 11:05:30 PST
status: FUTURE
applications:
- ids:
- ${thisApplicationSegment.id}
workingHours:
- days:
- FRI
- MON
- SAT
- SUN
- THU
- TUE
- WED
startTime: 00:10
startTimeCron: 0 0 8 ? * MON,TUE,WED,THU,FRI,SAT
endTime: 09:15
endTimeCron: 0 15 17 ? * MON,TUE,WED,THU,FRI,SAT
timezone: America/Vancouver
Create PraApprovalController Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new PraApprovalController(name: string, args: PraApprovalControllerArgs, opts?: CustomResourceOptions);
@overload
def PraApprovalController(resource_name: str,
args: PraApprovalControllerArgs,
opts: Optional[ResourceOptions] = None)
@overload
def PraApprovalController(resource_name: str,
opts: Optional[ResourceOptions] = None,
applications: Optional[Sequence[PraApprovalControllerApplicationArgs]] = None,
email_ids: Optional[Sequence[str]] = None,
end_time: Optional[str] = None,
microtenant_id: Optional[str] = None,
start_time: Optional[str] = None,
status: Optional[str] = None,
working_hours: Optional[Sequence[PraApprovalControllerWorkingHourArgs]] = None)
func NewPraApprovalController(ctx *Context, name string, args PraApprovalControllerArgs, opts ...ResourceOption) (*PraApprovalController, error)
public PraApprovalController(string name, PraApprovalControllerArgs args, CustomResourceOptions? opts = null)
public PraApprovalController(String name, PraApprovalControllerArgs args)
public PraApprovalController(String name, PraApprovalControllerArgs args, CustomResourceOptions options)
type: zpa:PraApprovalController
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PraApprovalControllerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PraApprovalControllerArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PraApprovalControllerArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PraApprovalControllerArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PraApprovalControllerArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
PraApprovalController Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The PraApprovalController resource accepts the following input properties:
- Applications
List<Zscaler.
Zpa. Inputs. Pra Approval Controller Application> - Email
Ids List<string> - The email address of the user that you are assigning the privileged approval to
- End
Time string - The end date that the user no longer has access to the privileged approval
- Microtenant
Id string - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- Start
Time string - The start date that the user has access to the privileged approval
- Status string
- The status of the privileged approval
- Working
Hours List<Zscaler.Zpa. Inputs. Pra Approval Controller Working Hour>
- Applications
[]Pra
Approval Controller Application Args - Email
Ids []string - The email address of the user that you are assigning the privileged approval to
- End
Time string - The end date that the user no longer has access to the privileged approval
- Microtenant
Id string - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- Start
Time string - The start date that the user has access to the privileged approval
- Status string
- The status of the privileged approval
- Working
Hours []PraApproval Controller Working Hour Args
- applications
List<Pra
Approval Controller Application> - email
Ids List<String> - The email address of the user that you are assigning the privileged approval to
- end
Time String - The end date that the user no longer has access to the privileged approval
- microtenant
Id String - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- start
Time String - The start date that the user has access to the privileged approval
- status String
- The status of the privileged approval
- working
Hours List<PraApproval Controller Working Hour>
- applications
Pra
Approval Controller Application[] - email
Ids string[] - The email address of the user that you are assigning the privileged approval to
- end
Time string - The end date that the user no longer has access to the privileged approval
- microtenant
Id string - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- start
Time string - The start date that the user has access to the privileged approval
- status string
- The status of the privileged approval
- working
Hours PraApproval Controller Working Hour[]
- applications
Sequence[Pra
Approval Controller Application Args] - email_
ids Sequence[str] - The email address of the user that you are assigning the privileged approval to
- end_
time str - The end date that the user no longer has access to the privileged approval
- microtenant_
id str - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- start_
time str - The start date that the user has access to the privileged approval
- status str
- The status of the privileged approval
- working_
hours Sequence[PraApproval Controller Working Hour Args]
- applications List<Property Map>
- email
Ids List<String> - The email address of the user that you are assigning the privileged approval to
- end
Time String - The end date that the user no longer has access to the privileged approval
- microtenant
Id String - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- start
Time String - The start date that the user has access to the privileged approval
- status String
- The status of the privileged approval
- working
Hours List<Property Map>
Outputs
All input properties are implicitly available as output properties. Additionally, the PraApprovalController resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing PraApprovalController Resource
Get an existing PraApprovalController resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: PraApprovalControllerState, opts?: CustomResourceOptions): PraApprovalController
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
applications: Optional[Sequence[PraApprovalControllerApplicationArgs]] = None,
email_ids: Optional[Sequence[str]] = None,
end_time: Optional[str] = None,
microtenant_id: Optional[str] = None,
start_time: Optional[str] = None,
status: Optional[str] = None,
working_hours: Optional[Sequence[PraApprovalControllerWorkingHourArgs]] = None) -> PraApprovalController
func GetPraApprovalController(ctx *Context, name string, id IDInput, state *PraApprovalControllerState, opts ...ResourceOption) (*PraApprovalController, error)
public static PraApprovalController Get(string name, Input<string> id, PraApprovalControllerState? state, CustomResourceOptions? opts = null)
public static PraApprovalController get(String name, Output<String> id, PraApprovalControllerState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Applications
List<Zscaler.
Zpa. Inputs. Pra Approval Controller Application> - Email
Ids List<string> - The email address of the user that you are assigning the privileged approval to
- End
Time string - The end date that the user no longer has access to the privileged approval
- Microtenant
Id string - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- Start
Time string - The start date that the user has access to the privileged approval
- Status string
- The status of the privileged approval
- Working
Hours List<Zscaler.Zpa. Inputs. Pra Approval Controller Working Hour>
- Applications
[]Pra
Approval Controller Application Args - Email
Ids []string - The email address of the user that you are assigning the privileged approval to
- End
Time string - The end date that the user no longer has access to the privileged approval
- Microtenant
Id string - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- Start
Time string - The start date that the user has access to the privileged approval
- Status string
- The status of the privileged approval
- Working
Hours []PraApproval Controller Working Hour Args
- applications
List<Pra
Approval Controller Application> - email
Ids List<String> - The email address of the user that you are assigning the privileged approval to
- end
Time String - The end date that the user no longer has access to the privileged approval
- microtenant
Id String - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- start
Time String - The start date that the user has access to the privileged approval
- status String
- The status of the privileged approval
- working
Hours List<PraApproval Controller Working Hour>
- applications
Pra
Approval Controller Application[] - email
Ids string[] - The email address of the user that you are assigning the privileged approval to
- end
Time string - The end date that the user no longer has access to the privileged approval
- microtenant
Id string - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- start
Time string - The start date that the user has access to the privileged approval
- status string
- The status of the privileged approval
- working
Hours PraApproval Controller Working Hour[]
- applications
Sequence[Pra
Approval Controller Application Args] - email_
ids Sequence[str] - The email address of the user that you are assigning the privileged approval to
- end_
time str - The end date that the user no longer has access to the privileged approval
- microtenant_
id str - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- start_
time str - The start date that the user has access to the privileged approval
- status str
- The status of the privileged approval
- working_
hours Sequence[PraApproval Controller Working Hour Args]
- applications List<Property Map>
- email
Ids List<String> - The email address of the user that you are assigning the privileged approval to
- end
Time String - The end date that the user no longer has access to the privileged approval
- microtenant
Id String - The unique identifier of the Microtenant for the ZPA tenant. If you are within the Default Microtenant, pass microtenantId as 0 when making requests to retrieve data from the Default Microtenant.
- start
Time String - The start date that the user has access to the privileged approval
- status String
- The status of the privileged approval
- working
Hours List<Property Map>
Supporting Types
PraApprovalControllerApplication, PraApprovalControllerApplicationArgs
- Ids List<string>
- The unique identifier of the pra application segment
- Ids []string
- The unique identifier of the pra application segment
- ids List<String>
- The unique identifier of the pra application segment
- ids string[]
- The unique identifier of the pra application segment
- ids Sequence[str]
- The unique identifier of the pra application segment
- ids List<String>
- The unique identifier of the pra application segment
PraApprovalControllerWorkingHour, PraApprovalControllerWorkingHourArgs
- Days List<string>
- The days of the week that you want to enable the privileged approval
- End
Time string - The end time that the user no longer has access to the privileged approval
- End
Time stringCron - The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- Start
Time string - The start time that the user has access to the privileged approval
- Start
Time stringCron - The cron expression provided to configure the privileged approval start time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- Timezone string
- The time zone for the time window of a privileged approval
- Days []string
- The days of the week that you want to enable the privileged approval
- End
Time string - The end time that the user no longer has access to the privileged approval
- End
Time stringCron - The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- Start
Time string - The start time that the user has access to the privileged approval
- Start
Time stringCron - The cron expression provided to configure the privileged approval start time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- Timezone string
- The time zone for the time window of a privileged approval
- days List<String>
- The days of the week that you want to enable the privileged approval
- end
Time String - The end time that the user no longer has access to the privileged approval
- end
Time StringCron - The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- start
Time String - The start time that the user has access to the privileged approval
- start
Time StringCron - The cron expression provided to configure the privileged approval start time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- timezone String
- The time zone for the time window of a privileged approval
- days string[]
- The days of the week that you want to enable the privileged approval
- end
Time string - The end time that the user no longer has access to the privileged approval
- end
Time stringCron - The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- start
Time string - The start time that the user has access to the privileged approval
- start
Time stringCron - The cron expression provided to configure the privileged approval start time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- timezone string
- The time zone for the time window of a privileged approval
- days Sequence[str]
- The days of the week that you want to enable the privileged approval
- end_
time str - The end time that the user no longer has access to the privileged approval
- end_
time_ strcron - The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- start_
time str - The start time that the user has access to the privileged approval
- start_
time_ strcron - The cron expression provided to configure the privileged approval start time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- timezone str
- The time zone for the time window of a privileged approval
- days List<String>
- The days of the week that you want to enable the privileged approval
- end
Time String - The end time that the user no longer has access to the privileged approval
- end
Time StringCron - The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]The cron expression provided to configure the privileged approval end time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- start
Time String - The start time that the user has access to the privileged approval
- start
Time StringCron - The cron expression provided to configure the privileged approval start time working hours. The standard cron expression format is [Seconds][Minutes][Hours][Day of the Month][Month][Day of the Week][Year]
- timezone String
- The time zone for the time window of a privileged approval
Import
Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language.
Visit
zpa_pra_approval_controller can be imported by using <APPROVAL ID>
or <APPROVAL NAME>
as the import ID.
For example:
$ pulumi import zpa:index/praApprovalController:PraApprovalController this <approval_id>
or
$ pulumi import zpa:index/praApprovalController:PraApprovalController this <approval_name>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- zpa zscaler/pulumi-zpa
- License
- MIT
- Notes
- This Pulumi package is based on the
zpa
Terraform Provider.