UNPKG

@bdzscaler/pulumi-zia

Version:

A Pulumi package for creating and managing zia cloud resources.

www.zscaler.com

zscaler/pulumi-zia

321 lines (320 loc) 15.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "./types/input"; import * as outputs from "./types/output"; /** * * [Official documentation](https://help.zscaler.com/zia/about-sandbox) * * [API documentation](https://help.zscaler.com/zia/sandbox-policy-settings#/sandboxRules-get) * * The **zia_sandbox_rules** resource allows the creation and management of SAndbox rules in the Zscaler Internet Access. * * ## Example Usage * * ## Import * * Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZIA configurations into Terraform-compliant HashiCorp Configuration Language. * * Visit * * **zia_sandbox_rules** can be imported by using `<RULE ID>` or `<RULE NAME>` as the import ID. * * For example: * * ```sh * $ pulumi import zia:index/sandboxRules:SandboxRules example <rule_id> * ``` * * or * * ```sh * $ pulumi import zia:index/sandboxRules:SandboxRules example <rule_name> * ``` */ export declare class SandboxRules extends pulumi.CustomResource { /** * Get an existing SandboxRules resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SandboxRulesState, opts?: pulumi.CustomResourceOptions): SandboxRules; /** * Returns true if the given object is an instance of SandboxRules. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is SandboxRules; /** * The threat categories to which the rule applies */ readonly baPolicyCategories: pulumi.Output<string[] | undefined>; /** * (String) The action configured for the rule that must take place if the traffic matches the rule criteria. Supported Values: `ALLOW` or `BLOCK` */ readonly baRuleAction: pulumi.Output<string>; /** * (Integer) */ readonly byThreatScore: pulumi.Output<number>; /** * (List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments. */ readonly departments: pulumi.Output<outputs.SandboxRulesDepartments | undefined>; /** * (String) Enter additional notes or information. The description cannot exceed 10,240 characters. */ readonly description: pulumi.Output<string | undefined>; /** * (List of Strings) File type categories for which the policy is applied. If not set, the rule is applied across all file types. */ readonly fileTypes: pulumi.Output<string[]>; /** * (Boolean) A Boolean value indicating whether a First-Time Action is specifically configured for the rule. The First-Time Action takes place when users download unknown files. The action to be applied is specified using the firstTimeOperation field. */ readonly firstTimeEnable: pulumi.Output<boolean>; /** * (String) The action that must take place when users download unknown files for the first time. Supported Values: `ALLOW_SCAN`, `QUARANTINE`, `ALLOW_NOSCAN`, `QUARANTINE_ISOLATE` */ readonly firstTimeOperation: pulumi.Output<string>; /** * (List of Objects) You can manually select up to `8` groups. When not used it implies `Any` to apply the rule to all groups. */ readonly groups: pulumi.Output<outputs.SandboxRulesGroups | undefined>; /** * (List of Objects) Labels that are applicable to the rule. */ readonly labels: pulumi.Output<outputs.SandboxRulesLabels | undefined>; /** * (List of Objects)You can manually select up to `32` location groups. When not used it implies `Any` to apply the rule to all location groups. */ readonly locationGroups: pulumi.Output<outputs.SandboxRulesLocationGroups | undefined>; /** * (List of Objects) You can manually select up to `8` locations. When not used it implies `Any` to apply the rule to all groups. */ readonly locations: pulumi.Output<outputs.SandboxRulesLocations | undefined>; /** * (Boolean) A Boolean value indicating whether to enable or disable the AI Instant Verdict option to have the Zscaler service use AI analysis to instantly assign threat scores to unknown files. This option is available to use only with specific rule actions such as Quarantine and Allow and Scan for First-Time Action. */ readonly mlActionEnabled: pulumi.Output<boolean>; /** * The File Type Control policy rule name. */ readonly name: pulumi.Output<string>; /** * (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order. */ readonly order: pulumi.Output<number>; /** * Protocol for the given rule. This field is not applicable to the Lite API. */ readonly protocols: pulumi.Output<string[]>; /** * (Integer) The admin rank specified for the rule based on your assigned admin rank. Admin rank determines the rule order that can be specified for the rule. Admin rank can be configured if it is enabled in the Advanced Settings. */ readonly rank: pulumi.Output<number>; readonly ruleId: pulumi.Output<number>; /** * (String) The state of the rule indicating whether it is enabled or disabled. Supported values: `ENABLED` or `DISABLED` */ readonly state: pulumi.Output<string>; /** * (List of Strings) The list of URL categories to which the DLP policy rule must be applied. */ readonly urlCategories: pulumi.Output<string[] | undefined>; /** * (List of Objects) You can manually select up to `4` general and/or special users. When not used it implies `Any` to apply the rule to all users. */ readonly users: pulumi.Output<outputs.SandboxRulesUsers | undefined>; /** * (List of Objects) The ZPA application segments to which the rule applies */ readonly zpaAppSegments: pulumi.Output<outputs.SandboxRulesZpaAppSegment[]>; /** * Create a SandboxRules resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: SandboxRulesArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering SandboxRules resources. */ export interface SandboxRulesState { /** * The threat categories to which the rule applies */ baPolicyCategories?: pulumi.Input<pulumi.Input<string>[]>; /** * (String) The action configured for the rule that must take place if the traffic matches the rule criteria. Supported Values: `ALLOW` or `BLOCK` */ baRuleAction?: pulumi.Input<string>; /** * (Integer) */ byThreatScore?: pulumi.Input<number>; /** * (List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments. */ departments?: pulumi.Input<inputs.SandboxRulesDepartments>; /** * (String) Enter additional notes or information. The description cannot exceed 10,240 characters. */ description?: pulumi.Input<string>; /** * (List of Strings) File type categories for which the policy is applied. If not set, the rule is applied across all file types. */ fileTypes?: pulumi.Input<pulumi.Input<string>[]>; /** * (Boolean) A Boolean value indicating whether a First-Time Action is specifically configured for the rule. The First-Time Action takes place when users download unknown files. The action to be applied is specified using the firstTimeOperation field. */ firstTimeEnable?: pulumi.Input<boolean>; /** * (String) The action that must take place when users download unknown files for the first time. Supported Values: `ALLOW_SCAN`, `QUARANTINE`, `ALLOW_NOSCAN`, `QUARANTINE_ISOLATE` */ firstTimeOperation?: pulumi.Input<string>; /** * (List of Objects) You can manually select up to `8` groups. When not used it implies `Any` to apply the rule to all groups. */ groups?: pulumi.Input<inputs.SandboxRulesGroups>; /** * (List of Objects) Labels that are applicable to the rule. */ labels?: pulumi.Input<inputs.SandboxRulesLabels>; /** * (List of Objects)You can manually select up to `32` location groups. When not used it implies `Any` to apply the rule to all location groups. */ locationGroups?: pulumi.Input<inputs.SandboxRulesLocationGroups>; /** * (List of Objects) You can manually select up to `8` locations. When not used it implies `Any` to apply the rule to all groups. */ locations?: pulumi.Input<inputs.SandboxRulesLocations>; /** * (Boolean) A Boolean value indicating whether to enable or disable the AI Instant Verdict option to have the Zscaler service use AI analysis to instantly assign threat scores to unknown files. This option is available to use only with specific rule actions such as Quarantine and Allow and Scan for First-Time Action. */ mlActionEnabled?: pulumi.Input<boolean>; /** * The File Type Control policy rule name. */ name?: pulumi.Input<string>; /** * (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order. */ order?: pulumi.Input<number>; /** * Protocol for the given rule. This field is not applicable to the Lite API. */ protocols?: pulumi.Input<pulumi.Input<string>[]>; /** * (Integer) The admin rank specified for the rule based on your assigned admin rank. Admin rank determines the rule order that can be specified for the rule. Admin rank can be configured if it is enabled in the Advanced Settings. */ rank?: pulumi.Input<number>; ruleId?: pulumi.Input<number>; /** * (String) The state of the rule indicating whether it is enabled or disabled. Supported values: `ENABLED` or `DISABLED` */ state?: pulumi.Input<string>; /** * (List of Strings) The list of URL categories to which the DLP policy rule must be applied. */ urlCategories?: pulumi.Input<pulumi.Input<string>[]>; /** * (List of Objects) You can manually select up to `4` general and/or special users. When not used it implies `Any` to apply the rule to all users. */ users?: pulumi.Input<inputs.SandboxRulesUsers>; /** * (List of Objects) The ZPA application segments to which the rule applies */ zpaAppSegments?: pulumi.Input<pulumi.Input<inputs.SandboxRulesZpaAppSegment>[]>; } /** * The set of arguments for constructing a SandboxRules resource. */ export interface SandboxRulesArgs { /** * The threat categories to which the rule applies */ baPolicyCategories?: pulumi.Input<pulumi.Input<string>[]>; /** * (String) The action configured for the rule that must take place if the traffic matches the rule criteria. Supported Values: `ALLOW` or `BLOCK` */ baRuleAction?: pulumi.Input<string>; /** * (Integer) */ byThreatScore?: pulumi.Input<number>; /** * (List of Objects) Apply to any number of departments When not used it implies `Any` to apply the rule to all departments. */ departments?: pulumi.Input<inputs.SandboxRulesDepartments>; /** * (String) Enter additional notes or information. The description cannot exceed 10,240 characters. */ description?: pulumi.Input<string>; /** * (List of Strings) File type categories for which the policy is applied. If not set, the rule is applied across all file types. */ fileTypes: pulumi.Input<pulumi.Input<string>[]>; /** * (Boolean) A Boolean value indicating whether a First-Time Action is specifically configured for the rule. The First-Time Action takes place when users download unknown files. The action to be applied is specified using the firstTimeOperation field. */ firstTimeEnable?: pulumi.Input<boolean>; /** * (String) The action that must take place when users download unknown files for the first time. Supported Values: `ALLOW_SCAN`, `QUARANTINE`, `ALLOW_NOSCAN`, `QUARANTINE_ISOLATE` */ firstTimeOperation?: pulumi.Input<string>; /** * (List of Objects) You can manually select up to `8` groups. When not used it implies `Any` to apply the rule to all groups. */ groups?: pulumi.Input<inputs.SandboxRulesGroups>; /** * (List of Objects) Labels that are applicable to the rule. */ labels?: pulumi.Input<inputs.SandboxRulesLabels>; /** * (List of Objects)You can manually select up to `32` location groups. When not used it implies `Any` to apply the rule to all location groups. */ locationGroups?: pulumi.Input<inputs.SandboxRulesLocationGroups>; /** * (List of Objects) You can manually select up to `8` locations. When not used it implies `Any` to apply the rule to all groups. */ locations?: pulumi.Input<inputs.SandboxRulesLocations>; /** * (Boolean) A Boolean value indicating whether to enable or disable the AI Instant Verdict option to have the Zscaler service use AI analysis to instantly assign threat scores to unknown files. This option is available to use only with specific rule actions such as Quarantine and Allow and Scan for First-Time Action. */ mlActionEnabled?: pulumi.Input<boolean>; /** * The File Type Control policy rule name. */ name?: pulumi.Input<string>; /** * (Integer) Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule's place in the order. */ order: pulumi.Input<number>; /** * Protocol for the given rule. This field is not applicable to the Lite API. */ protocols: pulumi.Input<pulumi.Input<string>[]>; /** * (Integer) The admin rank specified for the rule based on your assigned admin rank. Admin rank determines the rule order that can be specified for the rule. Admin rank can be configured if it is enabled in the Advanced Settings. */ rank?: pulumi.Input<number>; /** * (String) The state of the rule indicating whether it is enabled or disabled. Supported values: `ENABLED` or `DISABLED` */ state?: pulumi.Input<string>; /** * (List of Strings) The list of URL categories to which the DLP policy rule must be applied. */ urlCategories?: pulumi.Input<pulumi.Input<string>[]>; /** * (List of Objects) You can manually select up to `4` general and/or special users. When not used it implies `Any` to apply the rule to all users. */ users?: pulumi.Input<inputs.SandboxRulesUsers>; /** * (List of Objects) The ZPA application segments to which the rule applies */ zpaAppSegments?: pulumi.Input<pulumi.Input<inputs.SandboxRulesZpaAppSegment>[]>; }