Zscaler Private Access v0.0.12, Jul 30 24

Zscaler Private Access v0.0.12 published on Tuesday, Jul 30, 2024 by Zscaler

zpa.PolicyCapabilitiesRule

Explore with Pulumi AI

Zscaler Private Access v0.0.12 published on Tuesday, Jul 30, 2024 by Zscaler

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as zpa from "@bdzscaler/pulumi-zpa";
import * as zpa from "@pulumi/zpa";

const thisIdPController = zpa.getIdPController({
    name: "IdP_Users",
});
const emailUserSso = zpa.getSAMLAttribute({
    name: "Email_IdP_Users",
    idpName: "IdP_Users",
});
const groupUser = zpa.getSAMLAttribute({
    name: "GroupName_IdP_Users",
    idpName: "IdP_Users",
});
const a000 = zpa.getSCIMGroups({
    name: "A000",
    idpName: "IdP_Users",
});
const b000 = zpa.getSCIMGroups({
    name: "B000",
    idpName: "IdP_Users",
});
const thisPolicyCapabilitiesRule = new zpa.PolicyCapabilitiesRule("thisPolicyCapabilitiesRule", {
    description: "Example",
    action: "CHECK_CAPABILITIES",
    privilegedCapabilities: {
        fileUpload: true,
        fileDownload: true,
        inspectFileUpload: true,
        clipboardCopy: true,
        clipboardPaste: true,
        recordSession: true,
    },
    conditions: [{
        operator: "OR",
        operands: [
            {
                objectType: "SAML",
                entryValues: [
                    {
                        rhs: "user1@example.com",
                        lhs: emailUserSso.then(emailUserSso => emailUserSso.id),
                    },
                    {
                        rhs: "A000",
                        lhs: groupUser.then(groupUser => groupUser.id),
                    },
                ],
            },
            {
                objectType: "SCIM_GROUP",
                entryValues: [
                    {
                        rhs: a000.then(a000 => a000.id),
                        lhs: thisIdPController.then(thisIdPController => thisIdPController.id),
                    },
                    {
                        rhs: b000.then(b000 => b000.id),
                        lhs: thisIdPController.then(thisIdPController => thisIdPController.id),
                    },
                ],
            },
        ],
    }],
});

import pulumi
import pulumi_zpa as zpa
import zscaler_pulumi_zpa as zpa

this_id_p_controller = zpa.get_id_p_controller(name="IdP_Users")
email_user_sso = zpa.get_saml_attribute(name="Email_IdP_Users",
    idp_name="IdP_Users")
group_user = zpa.get_saml_attribute(name="GroupName_IdP_Users",
    idp_name="IdP_Users")
a000 = zpa.get_scim_groups(name="A000",
    idp_name="IdP_Users")
b000 = zpa.get_scim_groups(name="B000",
    idp_name="IdP_Users")
this_policy_capabilities_rule = zpa.PolicyCapabilitiesRule("thisPolicyCapabilitiesRule",
    description="Example",
    action="CHECK_CAPABILITIES",
    privileged_capabilities=zpa.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs(
        file_upload=True,
        file_download=True,
        inspect_file_upload=True,
        clipboard_copy=True,
        clipboard_paste=True,
        record_session=True,
    ),
    conditions=[zpa.PolicyCapabilitiesRuleConditionArgs(
        operator="OR",
        operands=[
            zpa.PolicyCapabilitiesRuleConditionOperandArgs(
                object_type="SAML",
                entry_values=[
                    zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs(
                        rhs="user1@example.com",
                        lhs=email_user_sso.id,
                    ),
                    zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs(
                        rhs="A000",
                        lhs=group_user.id,
                    ),
                ],
            ),
            zpa.PolicyCapabilitiesRuleConditionOperandArgs(
                object_type="SCIM_GROUP",
                entry_values=[
                    zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs(
                        rhs=a000.id,
                        lhs=this_id_p_controller.id,
                    ),
                    zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs(
                        rhs=b000.id,
                        lhs=this_id_p_controller.id,
                    ),
                ],
            ),
        ],
    )])

package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/zscaler/pulumi-zpa/sdk/go/zpa"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		thisIdPController, err := zpa.GetIdPController(ctx, &zpa.GetIdPControllerArgs{
			Name: pulumi.StringRef("IdP_Users"),
		}, nil)
		if err != nil {
			return err
		}
		emailUserSso, err := zpa.GetSAMLAttribute(ctx, &zpa.GetSAMLAttributeArgs{
			Name:    pulumi.StringRef("Email_IdP_Users"),
			IdpName: pulumi.StringRef("IdP_Users"),
		}, nil)
		if err != nil {
			return err
		}
		groupUser, err := zpa.GetSAMLAttribute(ctx, &zpa.GetSAMLAttributeArgs{
			Name:    pulumi.StringRef("GroupName_IdP_Users"),
			IdpName: pulumi.StringRef("IdP_Users"),
		}, nil)
		if err != nil {
			return err
		}
		a000, err := zpa.GetSCIMGroups(ctx, &zpa.GetSCIMGroupsArgs{
			Name:    pulumi.StringRef("A000"),
			IdpName: pulumi.StringRef("IdP_Users"),
		}, nil)
		if err != nil {
			return err
		}
		b000, err := zpa.GetSCIMGroups(ctx, &zpa.GetSCIMGroupsArgs{
			Name:    pulumi.StringRef("B000"),
			IdpName: pulumi.StringRef("IdP_Users"),
		}, nil)
		if err != nil {
			return err
		}
		_, err = zpa.NewPolicyCapabilitiesRule(ctx, "thisPolicyCapabilitiesRule", &zpa.PolicyCapabilitiesRuleArgs{
			Description: pulumi.String("Example"),
			Action:      pulumi.String("CHECK_CAPABILITIES"),
			PrivilegedCapabilities: &zpa.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs{
				FileUpload:        pulumi.Bool(true),
				FileDownload:      pulumi.Bool(true),
				InspectFileUpload: pulumi.Bool(true),
				ClipboardCopy:     pulumi.Bool(true),
				ClipboardPaste:    pulumi.Bool(true),
				RecordSession:     pulumi.Bool(true),
			},
			Conditions: zpa.PolicyCapabilitiesRuleConditionArray{
				&zpa.PolicyCapabilitiesRuleConditionArgs{
					Operator: pulumi.String("OR"),
					Operands: zpa.PolicyCapabilitiesRuleConditionOperandArray{
						&zpa.PolicyCapabilitiesRuleConditionOperandArgs{
							ObjectType: pulumi.String("SAML"),
							EntryValues: zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArray{
								&zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs{
									Rhs: pulumi.String("user1@example.com"),
									Lhs: pulumi.String(emailUserSso.Id),
								},
								&zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs{
									Rhs: pulumi.String("A000"),
									Lhs: pulumi.String(groupUser.Id),
								},
							},
						},
						&zpa.PolicyCapabilitiesRuleConditionOperandArgs{
							ObjectType: pulumi.String("SCIM_GROUP"),
							EntryValues: zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArray{
								&zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs{
									Rhs: pulumi.String(a000.Id),
									Lhs: pulumi.String(thisIdPController.Id),
								},
								&zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs{
									Rhs: pulumi.String(b000.Id),
									Lhs: pulumi.String(thisIdPController.Id),
								},
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zpa = Pulumi.Zpa;
using Zpa = Zscaler.Zpa;

return await Deployment.RunAsync(() => 
{
    var thisIdPController = Zpa.GetIdPController.Invoke(new()
    {
        Name = "IdP_Users",
    });

    var emailUserSso = Zpa.GetSAMLAttribute.Invoke(new()
    {
        Name = "Email_IdP_Users",
        IdpName = "IdP_Users",
    });

    var groupUser = Zpa.GetSAMLAttribute.Invoke(new()
    {
        Name = "GroupName_IdP_Users",
        IdpName = "IdP_Users",
    });

    var a000 = Zpa.GetSCIMGroups.Invoke(new()
    {
        Name = "A000",
        IdpName = "IdP_Users",
    });

    var b000 = Zpa.GetSCIMGroups.Invoke(new()
    {
        Name = "B000",
        IdpName = "IdP_Users",
    });

    var thisPolicyCapabilitiesRule = new Zpa.PolicyCapabilitiesRule("thisPolicyCapabilitiesRule", new()
    {
        Description = "Example",
        Action = "CHECK_CAPABILITIES",
        PrivilegedCapabilities = new Zpa.Inputs.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs
        {
            FileUpload = true,
            FileDownload = true,
            InspectFileUpload = true,
            ClipboardCopy = true,
            ClipboardPaste = true,
            RecordSession = true,
        },
        Conditions = new[]
        {
            new Zpa.Inputs.PolicyCapabilitiesRuleConditionArgs
            {
                Operator = "OR",
                Operands = new[]
                {
                    new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandArgs
                    {
                        ObjectType = "SAML",
                        EntryValues = new[]
                        {
                            new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandEntryValueArgs
                            {
                                Rhs = "user1@example.com",
                                Lhs = emailUserSso.Apply(getSAMLAttributeResult => getSAMLAttributeResult.Id),
                            },
                            new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandEntryValueArgs
                            {
                                Rhs = "A000",
                                Lhs = groupUser.Apply(getSAMLAttributeResult => getSAMLAttributeResult.Id),
                            },
                        },
                    },
                    new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandArgs
                    {
                        ObjectType = "SCIM_GROUP",
                        EntryValues = new[]
                        {
                            new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandEntryValueArgs
                            {
                                Rhs = a000.Apply(getSCIMGroupsResult => getSCIMGroupsResult.Id),
                                Lhs = thisIdPController.Apply(getIdPControllerResult => getIdPControllerResult.Id),
                            },
                            new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandEntryValueArgs
                            {
                                Rhs = b000.Apply(getSCIMGroupsResult => getSCIMGroupsResult.Id),
                                Lhs = thisIdPController.Apply(getIdPControllerResult => getIdPControllerResult.Id),
                            },
                        },
                    },
                },
            },
        },
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zpa.ZpaFunctions;
import com.pulumi.zpa.inputs.GetIdPControllerArgs;
import com.pulumi.zpa.inputs.GetSAMLAttributeArgs;
import com.pulumi.zpa.inputs.GetSCIMGroupsArgs;
import com.pulumi.zpa.PolicyCapabilitiesRule;
import com.pulumi.zpa.PolicyCapabilitiesRuleArgs;
import com.pulumi.zpa.inputs.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs;
import com.pulumi.zpa.inputs.PolicyCapabilitiesRuleConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var thisIdPController = ZpaFunctions.getIdPController(GetIdPControllerArgs.builder()
            .name("IdP_Users")
            .build());

        final var emailUserSso = ZpaFunctions.getSAMLAttribute(GetSAMLAttributeArgs.builder()
            .name("Email_IdP_Users")
            .idpName("IdP_Users")
            .build());

        final var groupUser = ZpaFunctions.getSAMLAttribute(GetSAMLAttributeArgs.builder()
            .name("GroupName_IdP_Users")
            .idpName("IdP_Users")
            .build());

        final var a000 = ZpaFunctions.getSCIMGroups(GetSCIMGroupsArgs.builder()
            .name("A000")
            .idpName("IdP_Users")
            .build());

        final var b000 = ZpaFunctions.getSCIMGroups(GetSCIMGroupsArgs.builder()
            .name("B000")
            .idpName("IdP_Users")
            .build());

        var thisPolicyCapabilitiesRule = new PolicyCapabilitiesRule("thisPolicyCapabilitiesRule", PolicyCapabilitiesRuleArgs.builder()
            .description("Example")
            .action("CHECK_CAPABILITIES")
            .privilegedCapabilities(PolicyCapabilitiesRulePrivilegedCapabilitiesArgs.builder()
                .fileUpload(true)
                .fileDownload(true)
                .inspectFileUpload(true)
                .clipboardCopy(true)
                .clipboardPaste(true)
                .recordSession(true)
                .build())
            .conditions(PolicyCapabilitiesRuleConditionArgs.builder()
                .operator("OR")
                .operands(                
                    PolicyCapabilitiesRuleConditionOperandArgs.builder()
                        .objectType("SAML")
                        .entryValues(                        
                            PolicyCapabilitiesRuleConditionOperandEntryValueArgs.builder()
                                .rhs("user1@example.com")
                                .lhs(emailUserSso.applyValue(getSAMLAttributeResult -> getSAMLAttributeResult.id()))
                                .build(),
                            PolicyCapabilitiesRuleConditionOperandEntryValueArgs.builder()
                                .rhs("A000")
                                .lhs(groupUser.applyValue(getSAMLAttributeResult -> getSAMLAttributeResult.id()))
                                .build())
                        .build(),
                    PolicyCapabilitiesRuleConditionOperandArgs.builder()
                        .objectType("SCIM_GROUP")
                        .entryValues(                        
                            PolicyCapabilitiesRuleConditionOperandEntryValueArgs.builder()
                                .rhs(a000.applyValue(getSCIMGroupsResult -> getSCIMGroupsResult.id()))
                                .lhs(thisIdPController.applyValue(getIdPControllerResult -> getIdPControllerResult.id()))
                                .build(),
                            PolicyCapabilitiesRuleConditionOperandEntryValueArgs.builder()
                                .rhs(b000.applyValue(getSCIMGroupsResult -> getSCIMGroupsResult.id()))
                                .lhs(thisIdPController.applyValue(getIdPControllerResult -> getIdPControllerResult.id()))
                                .build())
                        .build())
                .build())
            .build());

    }
}

resources:
  thisPolicyCapabilitiesRule:
    type: zpa:PolicyCapabilitiesRule
    properties:
      description: Example
      action: CHECK_CAPABILITIES
      privilegedCapabilities:
        fileUpload: true
        fileDownload: true
        inspectFileUpload: true
        clipboardCopy: true
        clipboardPaste: true
        recordSession: true
      conditions:
        - operator: OR
          operands:
            - objectType: SAML
              entryValues:
                - rhs: user1@example.com
                  lhs: ${emailUserSso.id}
                - rhs: A000
                  lhs: ${groupUser.id}
            - objectType: SCIM_GROUP
              entryValues:
                - rhs: ${a000.id}
                  lhs: ${thisIdPController.id}
                - rhs: ${b000.id}
                  lhs: ${thisIdPController.id}
variables:
  thisIdPController:
    fn::invoke:
      Function: zpa:getIdPController
      Arguments:
        name: IdP_Users
  emailUserSso:
    fn::invoke:
      Function: zpa:getSAMLAttribute
      Arguments:
        name: Email_IdP_Users
        idpName: IdP_Users
  groupUser:
    fn::invoke:
      Function: zpa:getSAMLAttribute
      Arguments:
        name: GroupName_IdP_Users
        idpName: IdP_Users
  a000:
    fn::invoke:
      Function: zpa:getSCIMGroups
      Arguments:
        name: A000
        idpName: IdP_Users
  b000:
    fn::invoke:
      Function: zpa:getSCIMGroups
      Arguments:
        name: B000
        idpName: IdP_Users

LHS and RHS Values

Object Type	LHS	RHS	VALUES
APP			`application_segment_id`
APP_GROUP			`segment_group_id`
SAML	`saml_attribute_id`	`attribute_value_to_match`
SCIM	`scim_attribute_id`	`attribute_value_to_match`
SCIM_GROUP	`scim_group_attribute_id`	`attribute_value_to_match`

Create PolicyCapabilitiesRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new PolicyCapabilitiesRule(name: string, args?: PolicyCapabilitiesRuleArgs, opts?: CustomResourceOptions);

@overload
def PolicyCapabilitiesRule(resource_name: str,
                           args: Optional[PolicyCapabilitiesRuleArgs] = None,
                           opts: Optional[ResourceOptions] = None)

@overload
def PolicyCapabilitiesRule(resource_name: str,
                           opts: Optional[ResourceOptions] = None,
                           action: Optional[str] = None,
                           conditions: Optional[Sequence[PolicyCapabilitiesRuleConditionArgs]] = None,
                           description: Optional[str] = None,
                           microtenant_id: Optional[str] = None,
                           name: Optional[str] = None,
                           privileged_capabilities: Optional[PolicyCapabilitiesRulePrivilegedCapabilitiesArgs] = None)

func NewPolicyCapabilitiesRule(ctx *Context, name string, args *PolicyCapabilitiesRuleArgs, opts ...ResourceOption) (*PolicyCapabilitiesRule, error)

public PolicyCapabilitiesRule(string name, PolicyCapabilitiesRuleArgs? args = null, CustomResourceOptions? opts = null)

public PolicyCapabilitiesRule(String name, PolicyCapabilitiesRuleArgs args)
public PolicyCapabilitiesRule(String name, PolicyCapabilitiesRuleArgs args, CustomResourceOptions options)

type: zpa:PolicyCapabilitiesRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args PolicyCapabilitiesRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args PolicyCapabilitiesRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args PolicyCapabilitiesRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args PolicyCapabilitiesRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args PolicyCapabilitiesRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var policyCapabilitiesRuleResource = new Zpa.PolicyCapabilitiesRule("policyCapabilitiesRuleResource", new()
{
    Action = "string",
    Conditions = new[]
    {
        new Zpa.Inputs.PolicyCapabilitiesRuleConditionArgs
        {
            Id = "string",
            Operands = new[]
            {
                new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandArgs
                {
                    EntryValues = new[]
                    {
                        new Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandEntryValueArgs
                        {
                            Lhs = "string",
                            Rhs = "string",
                        },
                    },
                    ObjectType = "string",
                    Values = new[]
                    {
                        "string",
                    },
                },
            },
            Operator = "string",
        },
    },
    Description = "string",
    MicrotenantId = "string",
    Name = "string",
    PrivilegedCapabilities = new Zpa.Inputs.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs
    {
        ClipboardCopy = false,
        ClipboardPaste = false,
        FileDownload = false,
        FileUpload = false,
        InspectFileDownload = false,
        InspectFileUpload = false,
        MonitorSession = false,
        RecordSession = false,
        ShareSession = false,
    },
});

example, err := zpa.NewPolicyCapabilitiesRule(ctx, "policyCapabilitiesRuleResource", &zpa.PolicyCapabilitiesRuleArgs{
	Action: pulumi.String("string"),
	Conditions: zpa.PolicyCapabilitiesRuleConditionArray{
		&zpa.PolicyCapabilitiesRuleConditionArgs{
			Id: pulumi.String("string"),
			Operands: zpa.PolicyCapabilitiesRuleConditionOperandArray{
				&zpa.PolicyCapabilitiesRuleConditionOperandArgs{
					EntryValues: zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArray{
						&zpa.PolicyCapabilitiesRuleConditionOperandEntryValueArgs{
							Lhs: pulumi.String("string"),
							Rhs: pulumi.String("string"),
						},
					},
					ObjectType: pulumi.String("string"),
					Values: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
			Operator: pulumi.String("string"),
		},
	},
	Description:   pulumi.String("string"),
	MicrotenantId: pulumi.String("string"),
	Name:          pulumi.String("string"),
	PrivilegedCapabilities: &zpa.PolicyCapabilitiesRulePrivilegedCapabilitiesArgs{
		ClipboardCopy:       pulumi.Bool(false),
		ClipboardPaste:      pulumi.Bool(false),
		FileDownload:        pulumi.Bool(false),
		FileUpload:          pulumi.Bool(false),
		InspectFileDownload: pulumi.Bool(false),
		InspectFileUpload:   pulumi.Bool(false),
		MonitorSession:      pulumi.Bool(false),
		RecordSession:       pulumi.Bool(false),
		ShareSession:        pulumi.Bool(false),
	},
})

var policyCapabilitiesRuleResource = new PolicyCapabilitiesRule("policyCapabilitiesRuleResource", PolicyCapabilitiesRuleArgs.builder()
    .action("string")
    .conditions(PolicyCapabilitiesRuleConditionArgs.builder()
        .id("string")
        .operands(PolicyCapabilitiesRuleConditionOperandArgs.builder()
            .entryValues(PolicyCapabilitiesRuleConditionOperandEntryValueArgs.builder()
                .lhs("string")
                .rhs("string")
                .build())
            .objectType("string")
            .values("string")
            .build())
        .operator("string")
        .build())
    .description("string")
    .microtenantId("string")
    .name("string")
    .privilegedCapabilities(PolicyCapabilitiesRulePrivilegedCapabilitiesArgs.builder()
        .clipboardCopy(false)
        .clipboardPaste(false)
        .fileDownload(false)
        .fileUpload(false)
        .inspectFileDownload(false)
        .inspectFileUpload(false)
        .monitorSession(false)
        .recordSession(false)
        .shareSession(false)
        .build())
    .build());

policy_capabilities_rule_resource = zpa.PolicyCapabilitiesRule("policyCapabilitiesRuleResource",
    action="string",
    conditions=[{
        "id": "string",
        "operands": [{
            "entry_values": [{
                "lhs": "string",
                "rhs": "string",
            }],
            "object_type": "string",
            "values": ["string"],
        }],
        "operator": "string",
    }],
    description="string",
    microtenant_id="string",
    name="string",
    privileged_capabilities={
        "clipboard_copy": False,
        "clipboard_paste": False,
        "file_download": False,
        "file_upload": False,
        "inspect_file_download": False,
        "inspect_file_upload": False,
        "monitor_session": False,
        "record_session": False,
        "share_session": False,
    })

const policyCapabilitiesRuleResource = new zpa.PolicyCapabilitiesRule("policyCapabilitiesRuleResource", {
    action: "string",
    conditions: [{
        id: "string",
        operands: [{
            entryValues: [{
                lhs: "string",
                rhs: "string",
            }],
            objectType: "string",
            values: ["string"],
        }],
        operator: "string",
    }],
    description: "string",
    microtenantId: "string",
    name: "string",
    privilegedCapabilities: {
        clipboardCopy: false,
        clipboardPaste: false,
        fileDownload: false,
        fileUpload: false,
        inspectFileDownload: false,
        inspectFileUpload: false,
        monitorSession: false,
        recordSession: false,
        shareSession: false,
    },
});

type: zpa:PolicyCapabilitiesRule
properties:
    action: string
    conditions:
        - id: string
          operands:
            - entryValues:
                - lhs: string
                  rhs: string
              objectType: string
              values:
                - string
          operator: string
    description: string
    microtenantId: string
    name: string
    privilegedCapabilities:
        clipboardCopy: false
        clipboardPaste: false
        fileDownload: false
        fileUpload: false
        inspectFileDownload: false
        inspectFileUpload: false
        monitorSession: false
        recordSession: false
        shareSession: false

PolicyCapabilitiesRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PolicyCapabilitiesRule resource accepts the following input properties:

Action string: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
Conditions List<Zscaler.Zpa.Inputs.PolicyCapabilitiesRuleCondition>: This is for proviidng the set of conditions for the policy.
Description string: This is the description of the access policy.
MicrotenantId string
Name string: This is the name of the policy rule.
PrivilegedCapabilities Zscaler.Zpa.Inputs.PolicyCapabilitiesRulePrivilegedCapabilities

Action string: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
Conditions []PolicyCapabilitiesRuleConditionArgs: This is for proviidng the set of conditions for the policy.
Description string: This is the description of the access policy.
MicrotenantId string
Name string: This is the name of the policy rule.
PrivilegedCapabilities PolicyCapabilitiesRulePrivilegedCapabilitiesArgs

action String: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
conditions List<PolicyCapabilitiesRuleCondition>: This is for proviidng the set of conditions for the policy.
description String: This is the description of the access policy.
microtenantId String
name String: This is the name of the policy rule.
privilegedCapabilities PolicyCapabilitiesRulePrivilegedCapabilities

action string: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
conditions PolicyCapabilitiesRuleCondition[]: This is for proviidng the set of conditions for the policy.
description string: This is the description of the access policy.
microtenantId string
name string: This is the name of the policy rule.
privilegedCapabilities PolicyCapabilitiesRulePrivilegedCapabilities

action str: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
conditions Sequence[PolicyCapabilitiesRuleConditionArgs]: This is for proviidng the set of conditions for the policy.
description str: This is the description of the access policy.
microtenant_id str
name str: This is the name of the policy rule.
privileged_capabilities PolicyCapabilitiesRulePrivilegedCapabilitiesArgs

action String: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
conditions List<Property Map>: This is for proviidng the set of conditions for the policy.
description String: This is the description of the access policy.
microtenantId String
name String: This is the name of the policy rule.
privilegedCapabilities Property Map

Outputs

All input properties are implicitly available as output properties. Additionally, the PolicyCapabilitiesRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
PolicySetId string

Id string: The provider-assigned unique ID for this managed resource.
PolicySetId string

id String: The provider-assigned unique ID for this managed resource.
policySetId String

id string: The provider-assigned unique ID for this managed resource.
policySetId string

id str: The provider-assigned unique ID for this managed resource.
policy_set_id str

id String: The provider-assigned unique ID for this managed resource.
policySetId String

Look up Existing PolicyCapabilitiesRule Resource

Get an existing PolicyCapabilitiesRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PolicyCapabilitiesRuleState, opts?: CustomResourceOptions): PolicyCapabilitiesRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        conditions: Optional[Sequence[PolicyCapabilitiesRuleConditionArgs]] = None,
        description: Optional[str] = None,
        microtenant_id: Optional[str] = None,
        name: Optional[str] = None,
        policy_set_id: Optional[str] = None,
        privileged_capabilities: Optional[PolicyCapabilitiesRulePrivilegedCapabilitiesArgs] = None) -> PolicyCapabilitiesRule

func GetPolicyCapabilitiesRule(ctx *Context, name string, id IDInput, state *PolicyCapabilitiesRuleState, opts ...ResourceOption) (*PolicyCapabilitiesRule, error)

public static PolicyCapabilitiesRule Get(string name, Input<string> id, PolicyCapabilitiesRuleState? state, CustomResourceOptions? opts = null)

public static PolicyCapabilitiesRule get(String name, Output<String> id, PolicyCapabilitiesRuleState state, CustomResourceOptions options)

resources:  _:    type: zpa:PolicyCapabilitiesRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Action string: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
Conditions List<Zscaler.Zpa.Inputs.PolicyCapabilitiesRuleCondition>: This is for proviidng the set of conditions for the policy.
Description string: This is the description of the access policy.
MicrotenantId string
Name string: This is the name of the policy rule.
PolicySetId string
PrivilegedCapabilities Zscaler.Zpa.Inputs.PolicyCapabilitiesRulePrivilegedCapabilities

Action string: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
Conditions []PolicyCapabilitiesRuleConditionArgs: This is for proviidng the set of conditions for the policy.
Description string: This is the description of the access policy.
MicrotenantId string
Name string: This is the name of the policy rule.
PolicySetId string
PrivilegedCapabilities PolicyCapabilitiesRulePrivilegedCapabilitiesArgs

action String: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
conditions List<PolicyCapabilitiesRuleCondition>: This is for proviidng the set of conditions for the policy.
description String: This is the description of the access policy.
microtenantId String
name String: This is the name of the policy rule.
policySetId String
privilegedCapabilities PolicyCapabilitiesRulePrivilegedCapabilities

action string: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
conditions PolicyCapabilitiesRuleCondition[]: This is for proviidng the set of conditions for the policy.
description string: This is the description of the access policy.
microtenantId string
name string: This is the name of the policy rule.
policySetId string
privilegedCapabilities PolicyCapabilitiesRulePrivilegedCapabilities

action str: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
conditions Sequence[PolicyCapabilitiesRuleConditionArgs]: This is for proviidng the set of conditions for the policy.
description str: This is the description of the access policy.
microtenant_id str
name str: This is the name of the policy rule.
policy_set_id str
privileged_capabilities PolicyCapabilitiesRulePrivilegedCapabilitiesArgs

action String: This is for providing the rule action. Supported value: CHECK_CAPABILITIES
conditions List<Property Map>: This is for proviidng the set of conditions for the policy.
description String: This is the description of the access policy.
microtenantId String
name String: This is the name of the policy rule.
policySetId String
privilegedCapabilities Property Map

Supporting Types

PolicyCapabilitiesRuleCondition, PolicyCapabilitiesRuleConditionArgs

Id string
Operands List<Zscaler.Zpa.Inputs.PolicyCapabilitiesRuleConditionOperand>: This signifies the various policy criteria.
Operator string

Id string
Operands []PolicyCapabilitiesRuleConditionOperand: This signifies the various policy criteria.
Operator string

id String
operands List<PolicyCapabilitiesRuleConditionOperand>: This signifies the various policy criteria.
operator String

id string
operands PolicyCapabilitiesRuleConditionOperand[]: This signifies the various policy criteria.
operator string

id str
operands Sequence[PolicyCapabilitiesRuleConditionOperand]: This signifies the various policy criteria.
operator str

id String
operands List<Property Map>: This signifies the various policy criteria.
operator String

PolicyCapabilitiesRuleConditionOperand, PolicyCapabilitiesRuleConditionOperandArgs

EntryValues List<Zscaler.Zpa.Inputs.PolicyCapabilitiesRuleConditionOperandEntryValue>
ObjectType string: This is for specifying the policy critiera.
Values List<string>: This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored

EntryValues []PolicyCapabilitiesRuleConditionOperandEntryValue
ObjectType string: This is for specifying the policy critiera.
Values []string: This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored

entryValues List<PolicyCapabilitiesRuleConditionOperandEntryValue>
objectType String: This is for specifying the policy critiera.
values List<String>: This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored

entryValues PolicyCapabilitiesRuleConditionOperandEntryValue[]
objectType string: This is for specifying the policy critiera.
values string[]: This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored

entry_values Sequence[PolicyCapabilitiesRuleConditionOperandEntryValue]
object_type str: This is for specifying the policy critiera.
values Sequence[str]: This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored

entryValues List<Property Map>
objectType String: This is for specifying the policy critiera.
values List<String>: This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored

PolicyCapabilitiesRuleConditionOperandEntryValue, PolicyCapabilitiesRuleConditionOperandEntryValueArgs

Lhs string
Rhs string

Lhs string
Rhs string

lhs String
rhs String

lhs string
rhs string

lhs str
rhs str

lhs String
rhs String

PolicyCapabilitiesRulePrivilegedCapabilities, PolicyCapabilitiesRulePrivilegedCapabilitiesArgs

ClipboardCopy bool: Indicates the PRA Clipboard Copy function
ClipboardPaste bool: Indicates the PRA Clipboard Paste function
FileDownload bool: Indicates the PRA File Transfer capabilities that enables the File Download function
FileUpload bool: Indicates the PRA File Transfer capabilities that enables the File Upload function
InspectFileDownload bool: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
InspectFileUpload bool: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
MonitorSession bool: Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
RecordSession bool: Indicates the PRA Session Recording capabilities to enable PRA Session Recording
ShareSession bool: Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring

ClipboardCopy bool: Indicates the PRA Clipboard Copy function
ClipboardPaste bool: Indicates the PRA Clipboard Paste function
FileDownload bool: Indicates the PRA File Transfer capabilities that enables the File Download function
FileUpload bool: Indicates the PRA File Transfer capabilities that enables the File Upload function
InspectFileDownload bool: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
InspectFileUpload bool: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
MonitorSession bool: Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
RecordSession bool: Indicates the PRA Session Recording capabilities to enable PRA Session Recording
ShareSession bool: Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring

clipboardCopy Boolean: Indicates the PRA Clipboard Copy function
clipboardPaste Boolean: Indicates the PRA Clipboard Paste function
fileDownload Boolean: Indicates the PRA File Transfer capabilities that enables the File Download function
fileUpload Boolean: Indicates the PRA File Transfer capabilities that enables the File Upload function
inspectFileDownload Boolean: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
inspectFileUpload Boolean: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
monitorSession Boolean: Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
recordSession Boolean: Indicates the PRA Session Recording capabilities to enable PRA Session Recording
shareSession Boolean: Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring

clipboardCopy boolean: Indicates the PRA Clipboard Copy function
clipboardPaste boolean: Indicates the PRA Clipboard Paste function
fileDownload boolean: Indicates the PRA File Transfer capabilities that enables the File Download function
fileUpload boolean: Indicates the PRA File Transfer capabilities that enables the File Upload function
inspectFileDownload boolean: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
inspectFileUpload boolean: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
monitorSession boolean: Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
recordSession boolean: Indicates the PRA Session Recording capabilities to enable PRA Session Recording
shareSession boolean: Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring

clipboard_copy bool: Indicates the PRA Clipboard Copy function
clipboard_paste bool: Indicates the PRA Clipboard Paste function
file_download bool: Indicates the PRA File Transfer capabilities that enables the File Download function
file_upload bool: Indicates the PRA File Transfer capabilities that enables the File Upload function
inspect_file_download bool: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
inspect_file_upload bool: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
monitor_session bool: Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
record_session bool: Indicates the PRA Session Recording capabilities to enable PRA Session Recording
share_session bool: Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring

clipboardCopy Boolean: Indicates the PRA Clipboard Copy function
clipboardPaste Boolean: Indicates the PRA Clipboard Paste function
fileDownload Boolean: Indicates the PRA File Transfer capabilities that enables the File Download function
fileUpload Boolean: Indicates the PRA File Transfer capabilities that enables the File Upload function
inspectFileDownload Boolean: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and downloads the file following the inspection
inspectFileUpload Boolean: Inspects the file via ZIA sandbox (if you have set up the ZIA cloud and the Integrations settings) and uploads the file following the inspection
monitorSession Boolean: Indicates the PRA Monitoring Capabilities to enable the PRA Session Monitoring function
recordSession Boolean: Indicates the PRA Session Recording capabilities to enable PRA Session Recording
shareSession Boolean: Indicates the PRA Session Control and Monitoring capabilities to enable PRA Session Monitoring

Import

Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language.

Visit

Policy access capability can be imported by using <RULE ID> as the import ID.

For example:

$ pulumi import zpa:index/policyCapabilitiesRule:PolicyCapabilitiesRule example <rule_id>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: zpa zscaler/pulumi-zpa
License: MIT
Notes: This Pulumi package is based on the zpa Terraform Provider.

Zscaler Private Access v0.0.12 published on Tuesday, Jul 30, 2024 by Zscaler

zscaler/pulumi-zpa

zpa.PolicyCapabilitiesRule

On this page

On this page

Example Usage

LHS and RHS Values

Create PolicyCapabilitiesRule Resource

Constructor syntax

Parameters

Constructor example

PolicyCapabilitiesRule Resource Properties

Inputs

Outputs

Look up Existing PolicyCapabilitiesRule Resource

Supporting Types

PolicyCapabilitiesRuleCondition, PolicyCapabilitiesRuleConditionArgs

PolicyCapabilitiesRuleConditionOperand, PolicyCapabilitiesRuleConditionOperandArgs

PolicyCapabilitiesRuleConditionOperandEntryValue, PolicyCapabilitiesRuleConditionOperandEntryValueArgs

PolicyCapabilitiesRulePrivilegedCapabilities, PolicyCapabilitiesRulePrivilegedCapabilitiesArgs

Import

Package Details

On this page

On this page