@bdzscaler/pulumi-zia

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * * [Official documentation](https://help.zscaler.com/zia/adding-rules-cloud-app-control-policy) * * [API documentation](https://help.zscaler.com/zia/cloud-app-control-policy#/webApplicationRules/{rule_type}-get) * * The **zia_cloud_app_control_rule** resource allows the creation and management of ZIA Cloud Application Control rules in the Zscaler Internet Access. * * **NOTE** Resources or DataSources to retrieve Tenant Profile or Cloud Application Risk Profile ID information are not currently available. * * ## Example Usage * * ### Basic Rule Configuration * * ### With Cloud Risk Profile Configuration * * ### With Tenant Profile Configuration * * **NOTE** Tenant profile is supported only for specific applications depending on the type * * ### With ISOLATE ACTION * * ⚠️ **WARNING 1:**: Creating a Cloud Application Control Rule with the actions containing `ISOLATE_` Cloud Browser Isolation subscription is required. See the "Cloud Application Control - Rule Types vs Actions Matrix" below. To learn more, contact Zscaler Support or your local account team. * * ## Cloud Application Control - Rule Types vs Actions Matrix * * **Note**: Refer to this matrix when configuring types vs actions for each specific rules * * | Types | Actions | * |:------------------------------------:|:-------------------------------------------------------------------------:| * |---------------|--------------------------------------------------| * | `AI_ML` | `DENY_AI_ML_WEB_USE`, `ALLOW_AI_ML_WEB_USE`, `ISOLATE_AI_ML_WEB_USE`, | * | `AI_ML` | `CAUTION_AI_ML_WEB_USE`, `DENY_AI_ML_UPLOAD`, `ALLOW_AI_ML_UPLOAD`, | * | `AI_ML` | `DENY_AI_ML_SHARE`, `ALLOW_AI_ML_SHARE`, `DENY_AI_ML_DOWNLOAD`, | * | `AI_ML` | `ALLOW_AI_ML_DOWNLOAD`, `DENY_AI_ML_DELETE`,`ALLOW_AI_ML_DELETE`, | * | `AI_ML` | `DENY_AI_ML_INVITE`, `ALLOW_AI_ML_INVITE`, `DENY_AI_ML_CHAT`, | * | `AI_ML` | `ALLOW_AI_ML_CHAT`, `DENY_AI_ML_CREATE`, `ALLOW_AI_ML_CREATE`, | * | `AI_ML` | `DENY_AI_ML_RENAME`, `ALLOW_AI_ML_RENAME` | * |-------------------------|--------------------------------------------------------| * | `BUSINESS_PRODUCTIVITY` | `ALLOW_BUSINESS_PRODUCTIVITY_APPS`, `BLOCK_BUSINESS_PRODUCTIVITY_APPS` | * | `BUSINESS_PRODUCTIVITY` | `CAUTION_BUSINESS_PRODUCTIVITY_APPS`, `ISOLATE_BUSINESS_PRODUCTIVITY_APPS`| * |------------------------|---------------------------------------------------------| * | `CONSUMER` | `ALLOW_CONSUMER_APPS`, `BLOCK_CONSUMER_APPS` | * | `CONSUMER` | `CAUTION_CONSUMER_APPS`, `ISOLATE_CONSUMER_APPS` | * |--------------------------|---------------------------------------------------------| * | `CUSTOM_CAPP` | `BLOCK_CUSTOM_CAPP_USE`, `ALLOW_CUSTOM_CAPP_USE` | * | `CUSTOM_CAPP` | `ISOLATE_CUSTOM_CAPP_USE`, `CAUTION_CUSTOM_CAPP_USE`| * |--------------------------|---------------------------------------------------------| * | `DNS_OVER_HTTPS` | `ALLOW_DNS_OVER_HTTPS_USE` | * | `DNS_OVER_HTTPS` | `DENY_DNS_OVER_HTTPS_USE` | * |-------------------------|---------------------------------------------------------| * | `ENTERPRISE_COLLABORATION` | `ALLOW_ENTERPRISE_COLLABORATION_APPS`, `ALLOW_ENTERPRISE_COLLABORATION_CHAT`, | * | `ENTERPRISE_COLLABORATION` | `ALLOW_ENTERPRISE_COLLABORATION_UPLOAD`, `ALLOW_ENTERPRISE_COLLABORATION_SHARE`, | * | `ENTERPRISE_COLLABORATION` | `BLOCK_ENTERPRISE_COLLABORATION_APPS`, `ALLOW_ENTERPRISE_COLLABORATION_EDIT`, | * | `ENTERPRISE_COLLABORATION` | `ALLOW_ENTERPRISE_COLLABORATION_RENAME`, `ALLOW_ENTERPRISE_COLLABORATION_CREATE`, | * | `ENTERPRISE_COLLABORATION` | `ALLOW_ENTERPRISE_COLLABORATION_DOWNLOAD`, `ALLOW_ENTERPRISE_COLLABORATION_HUDDLE`,| * | `ENTERPRISE_COLLABORATION` | `ALLOW_ENTERPRISE_COLLABORATION_INVITE`, `ALLOW_ENTERPRISE_COLLABORATION_MEETING`, | * | `ENTERPRISE_COLLABORATION` | `ALLOW_ENTERPRISE_COLLABORATION_DELETE`, `ALLOW_ENTERPRISE_COLLABORATION_SCREEN_SHARE`, | * | `ENTERPRISE_COLLABORATION` | `BLOCK_ENTERPRISE_COLLABORATION_CHAT`, `BLOCK_ENTERPRISE_COLLABORATION_UPLOAD`, | * | `ENTERPRISE_COLLABORATION` | `BLOCK_ENTERPRISE_COLLABORATION_SHARE`, `BLOCK_ENTERPRISE_COLLABORATION_EDIT`, | * | `ENTERPRISE_COLLABORATION` | `BLOCK_ENTERPRISE_COLLABORATION_RENAME`, `BLOCK_ENTERPRISE_COLLABORATION_CREATE`, | * | `ENTERPRISE_COLLABORATION` | `BLOCK_ENTERPRISE_COLLABORATION_DO WNLOAD`, `BLOCK_ENTERPRISE_COLLABORATION_DELETE`, | * | `ENTERPRISE_COLLABORATION` | `BLOCK_ENTERPRISE_COLLABORATION_HUDDLE`, `BLOCK_ENTERPRISE_COLLABORATION_INVITE`, | * | `ENTERPRISE_COLLABORATION` | `BLOCK_ENTERPRISE_COLLABORATION_MEETING`, `BLOCK_ENTERPRISE_COLLABORATION_SCREEN_SHARE`, | * | `ENTERPRISE_COLLABORATION` | `ISOLATE_ENTERPRISE_COLLABORATION_APPS`, `CAUTION_ENTERPRISE_COLLABORATION_APPS`, | * |--------------------------|-------------------------------------------------| * | `FILE_SHARE` | `DENY_FILE_SHARE_VIEW`, `ALLOW_FILE_SHARE_VIEW`, `CAUTION_FILE_SHARE_VIEW`, | * | `FILE_SHARE` | `DENY_FILE_SHARE_UPLOAD`, `ALLOW_FILE_SHARE_UPLOAD`, `ISOLATE_FILE_SHARE_VIEW`, | * | `FILE_SHARE` | `DENY_FILE_SHARE_SHARE`, `ALLOW_FILE_SHARE_SHARE`, `DENY_FILE_SHARE_EDIT`, | * | `FILE_SHARE` | `ALLOW_FILE_SHARE_EDIT`, `DENY_FILE_SHARE_RENAME`, `ALLOW_FILE_SHARE_RENAME`, | * | `FILE_SHARE` | `DENY_FILE_SHARE_CREATE`, `ALLOW_FILE_SHARE_CREATE`, `DENY_FILE_SHARE_DOWNLOAD`, | * | `FILE_SHARE` | `ALLOW_FILE_SHARE_DOWNLOAD`, `DENY_FILE_SHARE_DELETE`, `ALLOW_FILE_SHARE_DELETE`, | * | `FILE_SHARE` | `DENY_FILE_SHARE_FORM_SHARE`, `ALLOW_FILE_SHARE_FORM_SHARE`, `DENY_FILE_SHARE_INVITE`, | * | `FILE_SHARE` | `ALLOW_FILE_SHARE_INVITE` | * |-------------------------|-------------------------------------------------| * | `FINANCE` | `ALLOW_FINANCE_USE`, `CAUTION_FINANCE_USE` | * | `FINANCE` | `DENY_FINANCE_USE`, `ISOLATE_FINANCE_USE` | * |--------------------------|-------------------------------------------------| * | `HEALTH_CARE` | `ALLOW_HEALTH_CARE_USE`, `CAUTION_HEALTH_CARE_USE` | * | `HEALTH_CARE` | `DENY_HEALTH_CARE_USE`, `ISOLATE_HEALTH_CARE_USE` | * |-------------------------|-------------------------------------------------| * | `HOSTING_PROVIDER` | `ALLOW_HOSTING_PROVIDER_DELETE`, `DENY_HOSTING_PROVIDER_EDIT`, `ALLOW_HOSTING_PROVIDER_EDIT`, | * | `HOSTING_PROVIDER` | `ALLOW_HOSTING_PROVIDER_CREATE`, `DENY_HOSTING_PROVIDER_CREATE`,`DENY_HOSTING_PROVIDER_DELETE`, | * | `HOSTING_PROVIDER` | `ALLOW_HOSTING_PROVIDER_USE`, `DENY_HOSTING_PROVIDER_USE`, | * | `HOSTING_PROVIDER` | `ALLOW_HOSTING_PROVIDER_DOWNLOAD`, `DENY_HOSTING_PROVIDER_DOWNLOAD`, | * | `HOSTING_PROVIDER` | `ALLOW_HOSTING_PROVIDER_MOVE`, `DENY_HOSTING_PROVIDER_MOVE`, | * | `HOSTING_PROVIDER` | `ISOLATE_HOSTING_PROVIDER_USE`, `CAUTION_HOSTING_PROVIDER_USE`, | * |--------------------------|-------------------------------------------------| * | `HUMAN_RESOURCES` | `ALLOW_HUMAN_RESOURCES_USE`, `CAUTION_HUMAN_RESOURCES_USE`, | * | `HUMAN_RESOURCES` | `DENY_HUMAN_RESOURCES_USE`, `ISOLATE_HUMAN_RESOURCES_USE`, | * |--------------------------|-------------------------------------------------| * | `INSTANT_MESSAGING` | `ALLOW_CHAT`, `ALLOW_FILE_TRANSFER_IN_CHAT`, | * | `INSTANT_MESSAGING` | `ALLOW_FILE_TRANSFER_IN_CHAT`, `BLOCK_CHAT`, | * | `INSTANT_MESSAGING` | `BLOCK_FILE_TRANSFER_IN_CHAT`, `CAUTION_CHAT`, | * | `INSTANT_MESSAGING` | `CAUTION_FILE_TRANSFER_IN_CHAT`, `ISOLATE_CHAT` | * |--------------------------|-------------------------------------------------| * | `IT_SERVICES` | `ALLOW_IT_SERVICES_USE`, `CAUTION_LEGAL_USE`, | * | `IT_SERVICES` | `DENY_IT_SERVICES_USE`, `ISOLATE_IT_SERVICES_USE` | * |-------------------------|-------------------------------------------------| * | `LEGAL` | `ALLOW_LEGAL_USE`, `DENY_DNS_OVER_HTTPS_USE`, | * | `LEGAL` | `DENY_LEGAL_USE`, `ISOLATE_LEGAL_USE` | * |-------------------------|-------------------------------------------------| * | `SALES_AND_MARKETING` | `ALLOW_SALES_MARKETING_APPS`, `BLOCK_SALES_MARKETING_APPS`, | * | `SALES_AND_MARKETING` | `CAUTION_SALES_MARKETING_APPS`, `ISOLATE_SALES_MARKETING_APPS` | * |-------------------------|-------------------------------------------------| * | `STREAMING_MEDIA` | `BLOCK_STREAMING_VIEW_LISTEN`, `ALLOW_STREAMING_VIEW_LISTEN`, | * | `STREAMING_MEDIA` | `CAUTION_STREAMING_VIEW_LISTEN`, `BLOCK_STREAMING_UPLOAD`, | * | `STREAMING_MEDIA` | `ALLOW_STREAMING_UPLOAD`, `ISOLATE_STREAMING_VIEW_LISTEN` | * |-----------------------|-------------------------------------------------| * | `SOCIAL_NETWORKING` | `ALLOW_SOCIAL_NETWORKING_CHAT`, `ALLOW_SOCIAL_NETWORKING_COMMENT`, | * | `SOCIAL_NETWORKING` | `ALLOW_SOCIAL_NETWORKING_CREATE`, `ALLOW_SOCIAL_NETWORKING_EDIT`, | * | `SOCIAL_NETWORKING` | `ALLOW_SOCIAL_NETWORKING_POST`, `ALLOW_SOCIAL_NETWORKING_SHARE`, | * | `SOCIAL_NETWORKING` | `ALLOW_SOCIAL_NETWORKING_UPLOAD`, `ALLOW_SOCIAL_NETWORKING_VIEW`, | * | `SOCIAL_NETWORKING` | `BLOCK_SOCIAL_NETWORKING_CHAT`, `BLOCK_SOCIAL_NETWORKING_COMMENT`, | * | `SOCIAL_NETWORKING` | `BLOCK_SOCIAL_NETWORKING_CREATE`, `BLOCK_SOCIAL_NETWORKING_EDIT`, | * | `SOCIAL_NETWORKING` | `BLOCK_SOCIAL_NETWORKING_POST`,`BLOCK_SOCIAL_NETWORKING_SHARE`, | * | `SOCIAL_NETWORKING` | `BLOCK_SOCIAL_NETWORKING_UPLOAD`, `BLOCK_SOCIAL_NETWORKING_VIEW`, | * | `SOCIAL_NETWORKING` | `CAUTION_SOCIAL_NETWORKING_POST`, `CAUTION_SOCIAL_NETWORKING_VIEW`, | * | `SOCIAL_NETWORKING` | `ISOLATE_SOCIAL_NETWORKING_VIEW`, | * |-------------------------|-------------------------------------------------| * | `SYSTEM_AND_DEVELOPMENT` | `BLOCK_SYSTEM_DEVELOPMENT_APPS`, `ALLOW_SYSTEM_DEVELOPMENT_APPS`, | * | `SYSTEM_AND_DEVELOPMENT` | `ISOLATE_SYSTEM_DEVELOPMENT_APPS`, `BLOCK_SYSTEM_DEVELOPMENT_UPLOAD`, | * | `SYSTEM_AND_DEVELOPMENT` | `ALLOW_SYSTEM_DEVELOPMENT_UPLOAD`,`CAUTION_SYSTEM_DEVELOPMENT_APPS`, | * | `SYSTEM_AND_DEVELOPMENT` | `BLOCK_SYSTEM_DEVELOPMENT_CREATE`, `ALLOW_SYSTEM_DEVELOPMENT_CREATE`, | * | `SYSTEM_AND_DEVELOPMENT` | `BLOCK_SYSTEM_DEVELOPMENT_EDIT`, `ALLOW_SYSTEM_DEVELOPMENT_EDIT`, | * | `SYSTEM_AND_DEVELOPMENT` | `BLOCK_SYSTEM_DEVELOPMENT_SHARE`, `ALLOW_SYSTEM_DEVELOPMENT_SHARE`, | * | `SYSTEM_AND_DEVELOPMENT` | `BLOCK_SYSTEM_DEVELOPMENT_COMMENT`, `ALLOW_SYSTEM_DEVELOPMENT_COMMENT`, | * | `SYSTEM_AND_DEVELOPMENT` | `BLOCK_SYSTEM_DEVELOPMENT_REACTION`,`ALLOW_SYSTEM_DEVELOPMENT_REACTION` | * |--------------------------|-------------------------------------------------| * | `WEBMAIL` | `ALLOW_WEBMAIL_VIEW`, `ALLOW_WEBMAIL_ATTACHMENT_SEND` | * | `WEBMAIL` | `ALLOW_WEBMAIL_SEND`, `CAUTION_WEBMAIL_VIEW` | * | `WEBMAIL` | `BLOCK_WEBMAIL_VIEW`, `BLOCK_WEBMAIL_ATTACHMENT_SEND` | * | `WEBMAIL` | `BLOCK_WEBMAIL_SEND`, `ISOLATE_WEBMAIL_VIEW` | * |-------------------------|-------------------------------------------------| * * ## Cloud Application Control - Rule Types vs Tenant Profile Support * * **Note**: Refer to this matrix when configuring a Cloud App Control rule with Tenant Profile * * [Reference](https://help.zscaler.com/zia/documentation-knowledgebase/policies/cloud-apps/cloud-app-control-policies) * * | Type | Applications | tenancyProfileIds | * |:--------------------------------:|:-----------------------------:|:-------------------:| * |----------------------------------|-------------------------------|---------------------| * | `BUSINESS_PRODUCTIVITY` | `"GOOGLEANALYTICS"` | ✅ | * |----------------------------------|-------------------------------|---------------------| * | `ENTERPRISE_COLLABORATION` | `"GOOGLECALENDAR"` | ✅ | * | `ENTERPRISE_COLLABORATION` | `"GOOGLEKEEP"` | ✅ | * | `ENTERPRISE_COLLABORATION` | `"GOOGLEMEET"` | ✅ | * | `ENTERPRISE_COLLABORATION` | `"GOOGLESITES"` | ✅ | * | `ENTERPRISE_COLLABORATION` | `"WEBEX"` | ✅ | * | `ENTERPRISE_COLLABORATION` | `"SLACK"` | ✅ | * | `ENTERPRISE_COLLABORATION` | `"WEBEX_TEAMS"` | ✅ | * | `ENTERPRISE_COLLABORATION` | `"ZOOM"` | ✅ | * |----------------------------------|-------------------------------|---------------------| * | `FILE_SHARE` | `"DROPBOX"` | ✅ | * | `FILE_SHARE` | `"GDRIVE"` | ✅ | * | `FILE_SHARE` | `"GPHOTOS"` | ✅ | * |----------------------------------|-------------------------------|---------------------| * | `HOSTING_PROVIDER` | `"GCLOUDCOMPUTE"` | ✅ | * | `HOSTING_PROVIDER` | `"AWS"` | ✅ | * | `HOSTING_PROVIDER` | `"IBMSMARTCLOUD"` | ✅ | * | `HOSTING_PROVIDER` | `"GAPPENGINE"` | ✅ | * | `HOSTING_PROVIDER` | `"GOOGLE_CLOUD_PLATFORM"` | ✅ | * |----------------------------------|-------------------------------|---------------------| * | `IT_SERVICES` | `"MSLOGINSERVICES"` | ✅ | * | `IT_SERVICES` | `"GOOGLOGINSERVICE"` | ✅ | * | `IT_SERVICES` | `"WEBEX_LOGIN_SERVICES"` | ✅ | * | `IT_SERVICES` | `"ZOHO_LOGIN_SERVICES"` | ✅ | * |----------------------------------|-------------------------------|---------------------| * | `SOCIAL_NETWORKING` | `"GOOGLE_GROUPS"` | ✅ | * | `SOCIAL_NETWORKING` | `"GOOGLE_PLUS"` | ✅ | * |----------------------------------|-------------------------------|---------------------| * | `STREAMING_MEDIA` | `"YOUTUBE"` | ✅ | * | `STREAMING_MEDIA` | `"GOOGLE_STREAMING"` | ✅ | * |----------------------------------|-------------------------------|---------------------| * | `SYSTEM_AND_DEVELOPMENT` | `"GOOGLE_DEVELOPERS"` | ✅ | * | `SYSTEM_AND_DEVELOPMENT` | `"GOOGLEAPPMAKER"` | ✅ | * |----------------------------------|-------------------------------|---------------------| * | `WEBMAIL` | `"GOOGLE_WEBMAIL"` | ✅ | * |----------------------------------|-------------------------------|---------------------| * * ## Import * * Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language. * * Visit * * Policy access rule can be imported by using `<RULE_TYPE:RULE_ID>` or `<RULE_TYPE:RULE_NAME>` as the import ID. * * For example: * * ```sh * $ pulumi import zia:index/cloudAppControlRule:CloudAppControlRule this <rule_type:rule_id> * ``` * * ```sh * $ pulumi import zia:index/cloudAppControlRule:CloudAppControlRule this <"rule_type:rule_name"> * ``` */ export declare class CloudAppControlRule extends pulumi.CustomResource { /** * Get an existing CloudAppControlRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CloudAppControlRuleState, opts?: pulumi.CustomResourceOptions): CloudAppControlRule; /** * Returns true if the given object is an instance of CloudAppControlRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is CloudAppControlRule; /** * Actions allowed for the specified type. */ readonly actions: pulumi.Output<string[] | undefined>; /** * List of cloud applications for which rule will be applied */ readonly applications: pulumi.Output<string[] | undefined>; /** * nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy. */ readonly cascadingEnabled: pulumi.Output<boolean | undefined>; readonly cbiProfiles: pulumi.Output<outputs.CloudAppControlRuleCbiProfile[] | undefined>; /** * The cloud application instance ID. */ readonly cloudAppInstances: pulumi.Output<outputs.CloudAppControlRuleCloudAppInstances | undefined>; /** * The DLP server, using ICAP, to which the transaction content is forwarded. */ readonly cloudAppRiskProfiles: pulumi.Output<outputs.CloudAppControlRuleCloudAppRiskProfile[] | undefined>; /** * Name-ID pairs of departments for which rule must be applied */ readonly departments: pulumi.Output<outputs.CloudAppControlRuleDepartments | undefined>; /** * Additional information about the forwarding rule */ readonly description: pulumi.Output<string | undefined>; /** * This field is applicable for devices that are managed using Zscaler Client Connector. */ readonly deviceGroups: pulumi.Output<outputs.CloudAppControlRuleDeviceGroups | undefined>; /** * List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed * using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the * Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation. */ readonly deviceTrustLevels: pulumi.Output<string[] | undefined>; /** * Name-ID pairs of devices for which rule must be applied. */ readonly devices: pulumi.Output<outputs.CloudAppControlRuleDevices | undefined>; /** * Enforce a set a validity time period for the URL Filtering rule. */ readonly enforceTimeValidity: pulumi.Output<boolean | undefined>; /** * Name-ID pairs of groups for which rule must be applied */ readonly groups: pulumi.Output<outputs.CloudAppControlRuleGroups | undefined>; /** * The URL Filtering rule's label. */ readonly labels: pulumi.Output<outputs.CloudAppControlRuleLabels | undefined>; /** * Name-ID pairs of the location groups to which the rule must be applied. */ readonly locationGroups: pulumi.Output<outputs.CloudAppControlRuleLocationGroups | undefined>; /** * Name-ID pairs of locations for which rule must be applied */ readonly locations: pulumi.Output<outputs.CloudAppControlRuleLocations | undefined>; /** * The name of the forwarding rule */ readonly name: pulumi.Output<string>; /** * The order of execution for the forwarding rule order */ readonly order: pulumi.Output<number>; /** * Admin rank assigned to the forwarding rule */ readonly rank: pulumi.Output<number | undefined>; /** * A unique identifier assigned to the forwarding rule */ readonly ruleId: pulumi.Output<number>; /** * Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule * action is set to 'BLOCK', this field is not applicable. */ readonly sizeQuota: pulumi.Output<number | undefined>; /** * Determines whether the Firewall Filtering policy rule is enabled or disabled */ readonly state: pulumi.Output<string | undefined>; /** * Name-ID pairs of groups for which rule must be applied */ readonly tenancyProfileIds: pulumi.Output<outputs.CloudAppControlRuleTenancyProfileIds | undefined>; /** * Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule * action is set to 'BLOCK', this field is not applicable. */ readonly timeQuota: pulumi.Output<number | undefined>; /** * Name-ID pairs of time interval during which rule must be enforced. */ readonly timeWindows: pulumi.Output<outputs.CloudAppControlRuleTimeWindows | undefined>; /** * Supported App Control Types */ readonly type: pulumi.Output<string | undefined>; /** * Supported User Agent Types */ readonly userAgentTypes: pulumi.Output<string[] | undefined>; readonly userRiskScoreLevels: pulumi.Output<string[] | undefined>; /** * Name-ID pairs of users for which rule must be applied */ readonly users: pulumi.Output<outputs.CloudAppControlRuleUsers | undefined>; /** * If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time. */ readonly validityEndTime: pulumi.Output<string | undefined>; /** * If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time. */ readonly validityStartTime: pulumi.Output<string | undefined>; /** * If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use * IANA Format TimeZone. */ readonly validityTimeZoneId: pulumi.Output<string | undefined>; /** * Create a CloudAppControlRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: CloudAppControlRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering CloudAppControlRule resources. */ export interface CloudAppControlRuleState { /** * Actions allowed for the specified type. */ actions?: pulumi.Input<pulumi.Input<string>[]>; /** * List of cloud applications for which rule will be applied */ applications?: pulumi.Input<pulumi.Input<string>[]>; /** * nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy. */ cascadingEnabled?: pulumi.Input<boolean>; cbiProfiles?: pulumi.Input<pulumi.Input<inputs.CloudAppControlRuleCbiProfile>[]>; /** * The cloud application instance ID. */ cloudAppInstances?: pulumi.Input<inputs.CloudAppControlRuleCloudAppInstances>; /** * The DLP server, using ICAP, to which the transaction content is forwarded. */ cloudAppRiskProfiles?: pulumi.Input<pulumi.Input<inputs.CloudAppControlRuleCloudAppRiskProfile>[]>; /** * Name-ID pairs of departments for which rule must be applied */ departments?: pulumi.Input<inputs.CloudAppControlRuleDepartments>; /** * Additional information about the forwarding rule */ description?: pulumi.Input<string>; /** * This field is applicable for devices that are managed using Zscaler Client Connector. */ deviceGroups?: pulumi.Input<inputs.CloudAppControlRuleDeviceGroups>; /** * List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed * using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the * Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation. */ deviceTrustLevels?: pulumi.Input<pulumi.Input<string>[]>; /** * Name-ID pairs of devices for which rule must be applied. */ devices?: pulumi.Input<inputs.CloudAppControlRuleDevices>; /** * Enforce a set a validity time period for the URL Filtering rule. */ enforceTimeValidity?: pulumi.Input<boolean>; /** * Name-ID pairs of groups for which rule must be applied */ groups?: pulumi.Input<inputs.CloudAppControlRuleGroups>; /** * The URL Filtering rule's label. */ labels?: pulumi.Input<inputs.CloudAppControlRuleLabels>; /** * Name-ID pairs of the location groups to which the rule must be applied. */ locationGroups?: pulumi.Input<inputs.CloudAppControlRuleLocationGroups>; /** * Name-ID pairs of locations for which rule must be applied */ locations?: pulumi.Input<inputs.CloudAppControlRuleLocations>; /** * The name of the forwarding rule */ name?: pulumi.Input<string>; /** * The order of execution for the forwarding rule order */ order?: pulumi.Input<number>; /** * Admin rank assigned to the forwarding rule */ rank?: pulumi.Input<number>; /** * A unique identifier assigned to the forwarding rule */ ruleId?: pulumi.Input<number>; /** * Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule * action is set to 'BLOCK', this field is not applicable. */ sizeQuota?: pulumi.Input<number>; /** * Determines whether the Firewall Filtering policy rule is enabled or disabled */ state?: pulumi.Input<string>; /** * Name-ID pairs of groups for which rule must be applied */ tenancyProfileIds?: pulumi.Input<inputs.CloudAppControlRuleTenancyProfileIds>; /** * Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule * action is set to 'BLOCK', this field is not applicable. */ timeQuota?: pulumi.Input<number>; /** * Name-ID pairs of time interval during which rule must be enforced. */ timeWindows?: pulumi.Input<inputs.CloudAppControlRuleTimeWindows>; /** * Supported App Control Types */ type?: pulumi.Input<string>; /** * Supported User Agent Types */ userAgentTypes?: pulumi.Input<pulumi.Input<string>[]>; userRiskScoreLevels?: pulumi.Input<pulumi.Input<string>[]>; /** * Name-ID pairs of users for which rule must be applied */ users?: pulumi.Input<inputs.CloudAppControlRuleUsers>; /** * If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time. */ validityEndTime?: pulumi.Input<string>; /** * If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time. */ validityStartTime?: pulumi.Input<string>; /** * If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use * IANA Format TimeZone. */ validityTimeZoneId?: pulumi.Input<string>; } /** * The set of arguments for constructing a CloudAppControlRule resource. */ export interface CloudAppControlRuleArgs { /** * Actions allowed for the specified type. */ actions?: pulumi.Input<pulumi.Input<string>[]>; /** * List of cloud applications for which rule will be applied */ applications?: pulumi.Input<pulumi.Input<string>[]>; /** * nforce the URL Filtering policy on a transaction, even after it is explicitly allowed by the Cloud App Control policy. */ cascadingEnabled?: pulumi.Input<boolean>; cbiProfiles?: pulumi.Input<pulumi.Input<inputs.CloudAppControlRuleCbiProfile>[]>; /** * The cloud application instance ID. */ cloudAppInstances?: pulumi.Input<inputs.CloudAppControlRuleCloudAppInstances>; /** * The DLP server, using ICAP, to which the transaction content is forwarded. */ cloudAppRiskProfiles?: pulumi.Input<pulumi.Input<inputs.CloudAppControlRuleCloudAppRiskProfile>[]>; /** * Name-ID pairs of departments for which rule must be applied */ departments?: pulumi.Input<inputs.CloudAppControlRuleDepartments>; /** * Additional information about the forwarding rule */ description?: pulumi.Input<string>; /** * This field is applicable for devices that are managed using Zscaler Client Connector. */ deviceGroups?: pulumi.Input<inputs.CloudAppControlRuleDeviceGroups>; /** * List of device trust levels for which the rule must be applied. This field is applicable for devices that are managed * using Zscaler Client Connector. The trust levels are assigned to the devices based on your posture configurations in the * Zscaler Client Connector Portal. If no value is set, this field is ignored during the policy evaluation. */ deviceTrustLevels?: pulumi.Input<pulumi.Input<string>[]>; /** * Name-ID pairs of devices for which rule must be applied. */ devices?: pulumi.Input<inputs.CloudAppControlRuleDevices>; /** * Enforce a set a validity time period for the URL Filtering rule. */ enforceTimeValidity?: pulumi.Input<boolean>; /** * Name-ID pairs of groups for which rule must be applied */ groups?: pulumi.Input<inputs.CloudAppControlRuleGroups>; /** * The URL Filtering rule's label. */ labels?: pulumi.Input<inputs.CloudAppControlRuleLabels>; /** * Name-ID pairs of the location groups to which the rule must be applied. */ locationGroups?: pulumi.Input<inputs.CloudAppControlRuleLocationGroups>; /** * Name-ID pairs of locations for which rule must be applied */ locations?: pulumi.Input<inputs.CloudAppControlRuleLocations>; /** * The name of the forwarding rule */ name?: pulumi.Input<string>; /** * The order of execution for the forwarding rule order */ order: pulumi.Input<number>; /** * Admin rank assigned to the forwarding rule */ rank?: pulumi.Input<number>; /** * Size quota in KB beyond which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule * action is set to 'BLOCK', this field is not applicable. */ sizeQuota?: pulumi.Input<number>; /** * Determines whether the Firewall Filtering policy rule is enabled or disabled */ state?: pulumi.Input<string>; /** * Name-ID pairs of groups for which rule must be applied */ tenancyProfileIds?: pulumi.Input<inputs.CloudAppControlRuleTenancyProfileIds>; /** * Time quota in minutes, after which the URL Filtering rule is applied. If not set, no quota is enforced. If a policy rule * action is set to 'BLOCK', this field is not applicable. */ timeQuota?: pulumi.Input<number>; /** * Name-ID pairs of time interval during which rule must be enforced. */ timeWindows?: pulumi.Input<inputs.CloudAppControlRuleTimeWindows>; /** * Supported App Control Types */ type?: pulumi.Input<string>; /** * Supported User Agent Types */ userAgentTypes?: pulumi.Input<pulumi.Input<string>[]>; userRiskScoreLevels?: pulumi.Input<pulumi.Input<string>[]>; /** * Name-ID pairs of users for which rule must be applied */ users?: pulumi.Input<inputs.CloudAppControlRuleUsers>; /** * If enforceTimeValidity is set to true, the URL Filtering rule ceases to be valid on this end date and time. */ validityEndTime?: pulumi.Input<string>; /** * If enforceTimeValidity is set to true, the URL Filtering rule is valid starting on this date and time. */ validityStartTime?: pulumi.Input<string>; /** * If enforceTimeValidity is set to true, the URL Filtering rule date and time is valid based on this time zone ID. Use * IANA Format TimeZone. */ validityTimeZoneId?: pulumi.Input<string>; }