1. Packages
  2. Zscaler Private Access (ZPA)
  3. API Docs
  4. PolicyTimeoutRuleV2
Zscaler Private Access v0.0.12 published on Tuesday, Jul 30, 2024 by Zscaler

zpa.PolicyTimeoutRuleV2

Explore with Pulumi AI

Deprecated: zpa.index/policytimeoutrulev2.PolicyTimeoutRuleV2 has been deprecated in favor of zpa.index/policyaccesstimeoutrulev2.PolicyAccessTimeOutRuleV2

The zpa_policy_timeout_rule_v2 resource creates and manages policy access timeout rule in the Zscaler Private Access cloud using a new v2 API endpoint.

⚠️ NOTE: This resource is recommended if your configuration requires the association of more than 1000 resource criteria per rule.

⚠️ WARNING:: The attribute rule_order is now deprecated in favor of the new resource policy_access_rule_reorder

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as zpa from "@bdzscaler/pulumi-zpa";
import * as zpa from "@pulumi/zpa";

const thisIdPController = zpa.getIdPController({
    name: "Idp_Name",
});
const emailUserSso = zpa.getSAMLAttribute({
    name: "Email_Users",
    idpName: "Idp_Name",
});
const groupUser = zpa.getSAMLAttribute({
    name: "GroupName_Users",
    idpName: "Idp_Name",
});
const a000 = zpa.getSCIMGroups({
    name: "A000",
    idpName: "Idp_Name",
});
const b000 = zpa.getSCIMGroups({
    name: "B000",
    idpName: "Idp_Name",
});
// Create Segment Group
const thisSegmentGroup = new zpa.SegmentGroup("thisSegmentGroup", {
    description: "Example",
    enabled: true,
});
// Create Policy Access Rule V2
const thisPolicyAccessTimeOutRuleV2 = new zpa.PolicyAccessTimeOutRuleV2("thisPolicyAccessTimeOutRuleV2", {
    description: "Example",
    action: "RE_AUTH",
    reauthIdleTimeout: "10 Days",
    reauthTimeout: "10 Days",
    conditions: [
        {
            operator: "OR",
            operands: [{
                objectType: "APP_GROUP",
                values: [thisSegmentGroup.id],
            }],
        },
        {
            operator: "OR",
            operands: [
                {
                    objectType: "SAML",
                    entryValues: [
                        {
                            rhs: "user1@acme.com",
                            lhs: emailUserSso.then(emailUserSso => emailUserSso.id),
                        },
                        {
                            rhs: "A000",
                            lhs: groupUser.then(groupUser => groupUser.id),
                        },
                    ],
                },
                {
                    objectType: "SCIM_GROUP",
                    entryValues: [
                        {
                            rhs: a000.then(a000 => a000.id),
                            lhs: thisIdPController.then(thisIdPController => thisIdPController.id),
                        },
                        {
                            rhs: b000.then(b000 => b000.id),
                            lhs: thisIdPController.then(thisIdPController => thisIdPController.id),
                        },
                    ],
                },
            ],
        },
        {
            operator: "OR",
            operands: [{
                objectType: "PLATFORM",
                entryValues: [
                    {
                        rhs: "true",
                        lhs: "linux",
                    },
                    {
                        rhs: "true",
                        lhs: "android",
                    },
                ],
            }],
        },
    ],
});
Copy
import pulumi
import pulumi_zpa as zpa
import zscaler_pulumi_zpa as zpa

this_id_p_controller = zpa.get_id_p_controller(name="Idp_Name")
email_user_sso = zpa.get_saml_attribute(name="Email_Users",
    idp_name="Idp_Name")
group_user = zpa.get_saml_attribute(name="GroupName_Users",
    idp_name="Idp_Name")
a000 = zpa.get_scim_groups(name="A000",
    idp_name="Idp_Name")
b000 = zpa.get_scim_groups(name="B000",
    idp_name="Idp_Name")
# Create Segment Group
this_segment_group = zpa.SegmentGroup("thisSegmentGroup",
    description="Example",
    enabled=True)
# Create Policy Access Rule V2
this_policy_access_time_out_rule_v2 = zpa.PolicyAccessTimeOutRuleV2("thisPolicyAccessTimeOutRuleV2",
    description="Example",
    action="RE_AUTH",
    reauth_idle_timeout="10 Days",
    reauth_timeout="10 Days",
    conditions=[
        zpa.PolicyAccessTimeOutRuleV2ConditionArgs(
            operator="OR",
            operands=[zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs(
                object_type="APP_GROUP",
                values=[this_segment_group.id],
            )],
        ),
        zpa.PolicyAccessTimeOutRuleV2ConditionArgs(
            operator="OR",
            operands=[
                zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs(
                    object_type="SAML",
                    entry_values=[
                        zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
                            rhs="user1@acme.com",
                            lhs=email_user_sso.id,
                        ),
                        zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
                            rhs="A000",
                            lhs=group_user.id,
                        ),
                    ],
                ),
                zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs(
                    object_type="SCIM_GROUP",
                    entry_values=[
                        zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
                            rhs=a000.id,
                            lhs=this_id_p_controller.id,
                        ),
                        zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
                            rhs=b000.id,
                            lhs=this_id_p_controller.id,
                        ),
                    ],
                ),
            ],
        ),
        zpa.PolicyAccessTimeOutRuleV2ConditionArgs(
            operator="OR",
            operands=[zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs(
                object_type="PLATFORM",
                entry_values=[
                    zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
                        rhs="true",
                        lhs="linux",
                    ),
                    zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs(
                        rhs="true",
                        lhs="android",
                    ),
                ],
            )],
        ),
    ])
Copy
package main

import (
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/zscaler/pulumi-zpa/sdk/go/zpa"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		thisIdPController, err := zpa.GetIdPController(ctx, &zpa.GetIdPControllerArgs{
			Name: pulumi.StringRef("Idp_Name"),
		}, nil)
		if err != nil {
			return err
		}
		emailUserSso, err := zpa.GetSAMLAttribute(ctx, &zpa.GetSAMLAttributeArgs{
			Name:    pulumi.StringRef("Email_Users"),
			IdpName: pulumi.StringRef("Idp_Name"),
		}, nil)
		if err != nil {
			return err
		}
		groupUser, err := zpa.GetSAMLAttribute(ctx, &zpa.GetSAMLAttributeArgs{
			Name:    pulumi.StringRef("GroupName_Users"),
			IdpName: pulumi.StringRef("Idp_Name"),
		}, nil)
		if err != nil {
			return err
		}
		a000, err := zpa.GetSCIMGroups(ctx, &zpa.GetSCIMGroupsArgs{
			Name:    pulumi.StringRef("A000"),
			IdpName: pulumi.StringRef("Idp_Name"),
		}, nil)
		if err != nil {
			return err
		}
		b000, err := zpa.GetSCIMGroups(ctx, &zpa.GetSCIMGroupsArgs{
			Name:    pulumi.StringRef("B000"),
			IdpName: pulumi.StringRef("Idp_Name"),
		}, nil)
		if err != nil {
			return err
		}
		// Create Segment Group
		thisSegmentGroup, err := zpa.NewSegmentGroup(ctx, "thisSegmentGroup", &zpa.SegmentGroupArgs{
			Description: pulumi.String("Example"),
			Enabled:     pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		// Create Policy Access Rule V2
		_, err = zpa.NewPolicyAccessTimeOutRuleV2(ctx, "thisPolicyAccessTimeOutRuleV2", &zpa.PolicyAccessTimeOutRuleV2Args{
			Description:       pulumi.String("Example"),
			Action:            pulumi.String("RE_AUTH"),
			ReauthIdleTimeout: pulumi.String("10 Days"),
			ReauthTimeout:     pulumi.String("10 Days"),
			Conditions: zpa.PolicyAccessTimeOutRuleV2ConditionArray{
				&zpa.PolicyAccessTimeOutRuleV2ConditionArgs{
					Operator: pulumi.String("OR"),
					Operands: zpa.PolicyAccessTimeOutRuleV2ConditionOperandArray{
						&zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs{
							ObjectType: pulumi.String("APP_GROUP"),
							Values: pulumi.StringArray{
								thisSegmentGroup.ID(),
							},
						},
					},
				},
				&zpa.PolicyAccessTimeOutRuleV2ConditionArgs{
					Operator: pulumi.String("OR"),
					Operands: zpa.PolicyAccessTimeOutRuleV2ConditionOperandArray{
						&zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs{
							ObjectType: pulumi.String("SAML"),
							EntryValues: zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArray{
								&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
									Rhs: pulumi.String("user1@acme.com"),
									Lhs: pulumi.String(emailUserSso.Id),
								},
								&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
									Rhs: pulumi.String("A000"),
									Lhs: pulumi.String(groupUser.Id),
								},
							},
						},
						&zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs{
							ObjectType: pulumi.String("SCIM_GROUP"),
							EntryValues: zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArray{
								&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
									Rhs: pulumi.String(a000.Id),
									Lhs: pulumi.String(thisIdPController.Id),
								},
								&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
									Rhs: pulumi.String(b000.Id),
									Lhs: pulumi.String(thisIdPController.Id),
								},
							},
						},
					},
				},
				&zpa.PolicyAccessTimeOutRuleV2ConditionArgs{
					Operator: pulumi.String("OR"),
					Operands: zpa.PolicyAccessTimeOutRuleV2ConditionOperandArray{
						&zpa.PolicyAccessTimeOutRuleV2ConditionOperandArgs{
							ObjectType: pulumi.String("PLATFORM"),
							EntryValues: zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArray{
								&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
									Rhs: pulumi.String("true"),
									Lhs: pulumi.String("linux"),
								},
								&zpa.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs{
									Rhs: pulumi.String("true"),
									Lhs: pulumi.String("android"),
								},
							},
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Zpa = Pulumi.Zpa;
using Zpa = Zscaler.Zpa;

return await Deployment.RunAsync(() => 
{
    var thisIdPController = Zpa.GetIdPController.Invoke(new()
    {
        Name = "Idp_Name",
    });

    var emailUserSso = Zpa.GetSAMLAttribute.Invoke(new()
    {
        Name = "Email_Users",
        IdpName = "Idp_Name",
    });

    var groupUser = Zpa.GetSAMLAttribute.Invoke(new()
    {
        Name = "GroupName_Users",
        IdpName = "Idp_Name",
    });

    var a000 = Zpa.GetSCIMGroups.Invoke(new()
    {
        Name = "A000",
        IdpName = "Idp_Name",
    });

    var b000 = Zpa.GetSCIMGroups.Invoke(new()
    {
        Name = "B000",
        IdpName = "Idp_Name",
    });

    // Create Segment Group
    var thisSegmentGroup = new Zpa.SegmentGroup("thisSegmentGroup", new()
    {
        Description = "Example",
        Enabled = true,
    });

    // Create Policy Access Rule V2
    var thisPolicyAccessTimeOutRuleV2 = new Zpa.PolicyAccessTimeOutRuleV2("thisPolicyAccessTimeOutRuleV2", new()
    {
        Description = "Example",
        Action = "RE_AUTH",
        ReauthIdleTimeout = "10 Days",
        ReauthTimeout = "10 Days",
        Conditions = new[]
        {
            new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionArgs
            {
                Operator = "OR",
                Operands = new[]
                {
                    new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandArgs
                    {
                        ObjectType = "APP_GROUP",
                        Values = new[]
                        {
                            thisSegmentGroup.Id,
                        },
                    },
                },
            },
            new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionArgs
            {
                Operator = "OR",
                Operands = new[]
                {
                    new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandArgs
                    {
                        ObjectType = "SAML",
                        EntryValues = new[]
                        {
                            new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
                            {
                                Rhs = "user1@acme.com",
                                Lhs = emailUserSso.Apply(getSAMLAttributeResult => getSAMLAttributeResult.Id),
                            },
                            new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
                            {
                                Rhs = "A000",
                                Lhs = groupUser.Apply(getSAMLAttributeResult => getSAMLAttributeResult.Id),
                            },
                        },
                    },
                    new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandArgs
                    {
                        ObjectType = "SCIM_GROUP",
                        EntryValues = new[]
                        {
                            new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
                            {
                                Rhs = a000.Apply(getSCIMGroupsResult => getSCIMGroupsResult.Id),
                                Lhs = thisIdPController.Apply(getIdPControllerResult => getIdPControllerResult.Id),
                            },
                            new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
                            {
                                Rhs = b000.Apply(getSCIMGroupsResult => getSCIMGroupsResult.Id),
                                Lhs = thisIdPController.Apply(getIdPControllerResult => getIdPControllerResult.Id),
                            },
                        },
                    },
                },
            },
            new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionArgs
            {
                Operator = "OR",
                Operands = new[]
                {
                    new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandArgs
                    {
                        ObjectType = "PLATFORM",
                        EntryValues = new[]
                        {
                            new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
                            {
                                Rhs = "true",
                                Lhs = "linux",
                            },
                            new Zpa.Inputs.PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs
                            {
                                Rhs = "true",
                                Lhs = "android",
                            },
                        },
                    },
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.zpa.ZpaFunctions;
import com.pulumi.zpa.inputs.GetIdPControllerArgs;
import com.pulumi.zpa.inputs.GetSAMLAttributeArgs;
import com.pulumi.zpa.inputs.GetSCIMGroupsArgs;
import com.pulumi.zpa.SegmentGroup;
import com.pulumi.zpa.SegmentGroupArgs;
import com.pulumi.zpa.PolicyAccessTimeOutRuleV2;
import com.pulumi.zpa.PolicyAccessTimeOutRuleV2Args;
import com.pulumi.zpa.inputs.PolicyAccessTimeOutRuleV2ConditionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var thisIdPController = ZpaFunctions.getIdPController(GetIdPControllerArgs.builder()
            .name("Idp_Name")
            .build());

        final var emailUserSso = ZpaFunctions.getSAMLAttribute(GetSAMLAttributeArgs.builder()
            .name("Email_Users")
            .idpName("Idp_Name")
            .build());

        final var groupUser = ZpaFunctions.getSAMLAttribute(GetSAMLAttributeArgs.builder()
            .name("GroupName_Users")
            .idpName("Idp_Name")
            .build());

        final var a000 = ZpaFunctions.getSCIMGroups(GetSCIMGroupsArgs.builder()
            .name("A000")
            .idpName("Idp_Name")
            .build());

        final var b000 = ZpaFunctions.getSCIMGroups(GetSCIMGroupsArgs.builder()
            .name("B000")
            .idpName("Idp_Name")
            .build());

        // Create Segment Group
        var thisSegmentGroup = new SegmentGroup("thisSegmentGroup", SegmentGroupArgs.builder()
            .description("Example")
            .enabled(true)
            .build());

        // Create Policy Access Rule V2
        var thisPolicyAccessTimeOutRuleV2 = new PolicyAccessTimeOutRuleV2("thisPolicyAccessTimeOutRuleV2", PolicyAccessTimeOutRuleV2Args.builder()
            .description("Example")
            .action("RE_AUTH")
            .reauthIdleTimeout("10 Days")
            .reauthTimeout("10 Days")
            .conditions(            
                PolicyAccessTimeOutRuleV2ConditionArgs.builder()
                    .operator("OR")
                    .operands(PolicyAccessTimeOutRuleV2ConditionOperandArgs.builder()
                        .objectType("APP_GROUP")
                        .values(thisSegmentGroup.id())
                        .build())
                    .build(),
                PolicyAccessTimeOutRuleV2ConditionArgs.builder()
                    .operator("OR")
                    .operands(                    
                        PolicyAccessTimeOutRuleV2ConditionOperandArgs.builder()
                            .objectType("SAML")
                            .entryValues(                            
                                PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
                                    .rhs("user1@acme.com")
                                    .lhs(emailUserSso.applyValue(getSAMLAttributeResult -> getSAMLAttributeResult.id()))
                                    .build(),
                                PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
                                    .rhs("A000")
                                    .lhs(groupUser.applyValue(getSAMLAttributeResult -> getSAMLAttributeResult.id()))
                                    .build())
                            .build(),
                        PolicyAccessTimeOutRuleV2ConditionOperandArgs.builder()
                            .objectType("SCIM_GROUP")
                            .entryValues(                            
                                PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
                                    .rhs(a000.applyValue(getSCIMGroupsResult -> getSCIMGroupsResult.id()))
                                    .lhs(thisIdPController.applyValue(getIdPControllerResult -> getIdPControllerResult.id()))
                                    .build(),
                                PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
                                    .rhs(b000.applyValue(getSCIMGroupsResult -> getSCIMGroupsResult.id()))
                                    .lhs(thisIdPController.applyValue(getIdPControllerResult -> getIdPControllerResult.id()))
                                    .build())
                            .build())
                    .build(),
                PolicyAccessTimeOutRuleV2ConditionArgs.builder()
                    .operator("OR")
                    .operands(PolicyAccessTimeOutRuleV2ConditionOperandArgs.builder()
                        .objectType("PLATFORM")
                        .entryValues(                        
                            PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
                                .rhs("true")
                                .lhs("linux")
                                .build(),
                            PolicyAccessTimeOutRuleV2ConditionOperandEntryValueArgs.builder()
                                .rhs("true")
                                .lhs("android")
                                .build())
                        .build())
                    .build())
            .build());

    }
}
Copy
resources:
  # Create Segment Group
  thisSegmentGroup:
    type: zpa:SegmentGroup
    properties:
      description: Example
      enabled: true
  # Create Policy Access Rule V2
  thisPolicyAccessTimeOutRuleV2:
    type: zpa:PolicyAccessTimeOutRuleV2
    properties:
      description: Example
      action: RE_AUTH
      reauthIdleTimeout: 10 Days
      reauthTimeout: 10 Days
      conditions:
        - operator: OR
          operands:
            - objectType: APP_GROUP
              values:
                - ${thisSegmentGroup.id}
        - operator: OR
          operands:
            - objectType: SAML
              entryValues:
                - rhs: user1@acme.com
                  lhs: ${emailUserSso.id}
                - rhs: A000
                  lhs: ${groupUser.id}
            - objectType: SCIM_GROUP
              entryValues:
                - rhs: ${a000.id}
                  lhs: ${thisIdPController.id}
                - rhs: ${b000.id}
                  lhs: ${thisIdPController.id}
        - operator: OR
          operands:
            - objectType: PLATFORM
              entryValues:
                - rhs: 'true'
                  lhs: linux
                - rhs: 'true'
                  lhs: android
variables:
  thisIdPController:
    fn::invoke:
      Function: zpa:getIdPController
      Arguments:
        name: Idp_Name
  emailUserSso:
    fn::invoke:
      Function: zpa:getSAMLAttribute
      Arguments:
        name: Email_Users
        idpName: Idp_Name
  groupUser:
    fn::invoke:
      Function: zpa:getSAMLAttribute
      Arguments:
        name: GroupName_Users
        idpName: Idp_Name
  a000:
    fn::invoke:
      Function: zpa:getSCIMGroups
      Arguments:
        name: A000
        idpName: Idp_Name
  b000:
    fn::invoke:
      Function: zpa:getSCIMGroups
      Arguments:
        name: B000
        idpName: Idp_Name
Copy

LHS and RHS Values

Object TypeLHSRHSVALUES
APPapplication_segment_id
APP_GROUPsegment_group_id
CLIENT_TYPEzpn_client_type_zappl, zpn_client_type_exporter, zpn_client_type_browser_isolation, zpn_client_type_ip_anchoring, zpn_client_type_edge_connector, zpn_client_type_branch_connector, zpn_client_type_zapp_partner, zpn_client_type_zapp
SAMLsaml_attribute_idattribute_value_to_match
SCIMscim_attribute_idattribute_value_to_match
SCIM_GROUPscim_group_attribute_idattribute_value_to_match
PLATFORMmac, ios, windows, android, linux"true" / "false"
POSTUREposture_udid"true" / "false"

Create PolicyTimeoutRuleV2 Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new PolicyTimeoutRuleV2(name: string, args?: PolicyTimeoutRuleV2Args, opts?: CustomResourceOptions);
@overload
def PolicyTimeoutRuleV2(resource_name: str,
                        args: Optional[PolicyTimeoutRuleV2Args] = None,
                        opts: Optional[ResourceOptions] = None)

@overload
def PolicyTimeoutRuleV2(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        action: Optional[str] = None,
                        conditions: Optional[Sequence[PolicyTimeoutRuleV2ConditionArgs]] = None,
                        custom_msg: Optional[str] = None,
                        description: Optional[str] = None,
                        microtenant_id: Optional[str] = None,
                        name: Optional[str] = None,
                        reauth_idle_timeout: Optional[str] = None,
                        reauth_timeout: Optional[str] = None)
func NewPolicyTimeoutRuleV2(ctx *Context, name string, args *PolicyTimeoutRuleV2Args, opts ...ResourceOption) (*PolicyTimeoutRuleV2, error)
public PolicyTimeoutRuleV2(string name, PolicyTimeoutRuleV2Args? args = null, CustomResourceOptions? opts = null)
public PolicyTimeoutRuleV2(String name, PolicyTimeoutRuleV2Args args)
public PolicyTimeoutRuleV2(String name, PolicyTimeoutRuleV2Args args, CustomResourceOptions options)
type: zpa:PolicyTimeoutRuleV2
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args PolicyTimeoutRuleV2Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args PolicyTimeoutRuleV2Args
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args PolicyTimeoutRuleV2Args
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args PolicyTimeoutRuleV2Args
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. PolicyTimeoutRuleV2Args
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

PolicyTimeoutRuleV2 Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The PolicyTimeoutRuleV2 resource accepts the following input properties:

Action string
This is for providing the rule action.
Conditions List<Zscaler.Zpa.Inputs.PolicyTimeoutRuleV2Condition>
This is for proviidng the set of conditions for the policy.
CustomMsg string
This is for providing a customer message for the user.
Description string
This is the description of the access policy.
MicrotenantId string
Name string
This is the name of the policy.
ReauthIdleTimeout string
ReauthTimeout string
Action string
This is for providing the rule action.
Conditions []PolicyTimeoutRuleV2ConditionArgs
This is for proviidng the set of conditions for the policy.
CustomMsg string
This is for providing a customer message for the user.
Description string
This is the description of the access policy.
MicrotenantId string
Name string
This is the name of the policy.
ReauthIdleTimeout string
ReauthTimeout string
action String
This is for providing the rule action.
conditions List<PolicyTimeoutRuleV2Condition>
This is for proviidng the set of conditions for the policy.
customMsg String
This is for providing a customer message for the user.
description String
This is the description of the access policy.
microtenantId String
name String
This is the name of the policy.
reauthIdleTimeout String
reauthTimeout String
action string
This is for providing the rule action.
conditions PolicyTimeoutRuleV2Condition[]
This is for proviidng the set of conditions for the policy.
customMsg string
This is for providing a customer message for the user.
description string
This is the description of the access policy.
microtenantId string
name string
This is the name of the policy.
reauthIdleTimeout string
reauthTimeout string
action str
This is for providing the rule action.
conditions Sequence[PolicyTimeoutRuleV2ConditionArgs]
This is for proviidng the set of conditions for the policy.
custom_msg str
This is for providing a customer message for the user.
description str
This is the description of the access policy.
microtenant_id str
name str
This is the name of the policy.
reauth_idle_timeout str
reauth_timeout str
action String
This is for providing the rule action.
conditions List<Property Map>
This is for proviidng the set of conditions for the policy.
customMsg String
This is for providing a customer message for the user.
description String
This is the description of the access policy.
microtenantId String
name String
This is the name of the policy.
reauthIdleTimeout String
reauthTimeout String

Outputs

All input properties are implicitly available as output properties. Additionally, the PolicyTimeoutRuleV2 resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
PolicySetId string
Id string
The provider-assigned unique ID for this managed resource.
PolicySetId string
id String
The provider-assigned unique ID for this managed resource.
policySetId String
id string
The provider-assigned unique ID for this managed resource.
policySetId string
id str
The provider-assigned unique ID for this managed resource.
policy_set_id str
id String
The provider-assigned unique ID for this managed resource.
policySetId String

Look up Existing PolicyTimeoutRuleV2 Resource

Get an existing PolicyTimeoutRuleV2 resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: PolicyTimeoutRuleV2State, opts?: CustomResourceOptions): PolicyTimeoutRuleV2
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        action: Optional[str] = None,
        conditions: Optional[Sequence[PolicyTimeoutRuleV2ConditionArgs]] = None,
        custom_msg: Optional[str] = None,
        description: Optional[str] = None,
        microtenant_id: Optional[str] = None,
        name: Optional[str] = None,
        policy_set_id: Optional[str] = None,
        reauth_idle_timeout: Optional[str] = None,
        reauth_timeout: Optional[str] = None) -> PolicyTimeoutRuleV2
func GetPolicyTimeoutRuleV2(ctx *Context, name string, id IDInput, state *PolicyTimeoutRuleV2State, opts ...ResourceOption) (*PolicyTimeoutRuleV2, error)
public static PolicyTimeoutRuleV2 Get(string name, Input<string> id, PolicyTimeoutRuleV2State? state, CustomResourceOptions? opts = null)
public static PolicyTimeoutRuleV2 get(String name, Output<String> id, PolicyTimeoutRuleV2State state, CustomResourceOptions options)
resources:  _:    type: zpa:PolicyTimeoutRuleV2    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Action string
This is for providing the rule action.
Conditions List<Zscaler.Zpa.Inputs.PolicyTimeoutRuleV2Condition>
This is for proviidng the set of conditions for the policy.
CustomMsg string
This is for providing a customer message for the user.
Description string
This is the description of the access policy.
MicrotenantId string
Name string
This is the name of the policy.
PolicySetId string
ReauthIdleTimeout string
ReauthTimeout string
Action string
This is for providing the rule action.
Conditions []PolicyTimeoutRuleV2ConditionArgs
This is for proviidng the set of conditions for the policy.
CustomMsg string
This is for providing a customer message for the user.
Description string
This is the description of the access policy.
MicrotenantId string
Name string
This is the name of the policy.
PolicySetId string
ReauthIdleTimeout string
ReauthTimeout string
action String
This is for providing the rule action.
conditions List<PolicyTimeoutRuleV2Condition>
This is for proviidng the set of conditions for the policy.
customMsg String
This is for providing a customer message for the user.
description String
This is the description of the access policy.
microtenantId String
name String
This is the name of the policy.
policySetId String
reauthIdleTimeout String
reauthTimeout String
action string
This is for providing the rule action.
conditions PolicyTimeoutRuleV2Condition[]
This is for proviidng the set of conditions for the policy.
customMsg string
This is for providing a customer message for the user.
description string
This is the description of the access policy.
microtenantId string
name string
This is the name of the policy.
policySetId string
reauthIdleTimeout string
reauthTimeout string
action str
This is for providing the rule action.
conditions Sequence[PolicyTimeoutRuleV2ConditionArgs]
This is for proviidng the set of conditions for the policy.
custom_msg str
This is for providing a customer message for the user.
description str
This is the description of the access policy.
microtenant_id str
name str
This is the name of the policy.
policy_set_id str
reauth_idle_timeout str
reauth_timeout str
action String
This is for providing the rule action.
conditions List<Property Map>
This is for proviidng the set of conditions for the policy.
customMsg String
This is for providing a customer message for the user.
description String
This is the description of the access policy.
microtenantId String
name String
This is the name of the policy.
policySetId String
reauthIdleTimeout String
reauthTimeout String

Supporting Types

PolicyTimeoutRuleV2Condition
, PolicyTimeoutRuleV2ConditionArgs

Id string
Operands List<Zscaler.Zpa.Inputs.PolicyTimeoutRuleV2ConditionOperand>
This signifies the various policy criteria.
Operator string
Id string
Operands []PolicyTimeoutRuleV2ConditionOperand
This signifies the various policy criteria.
Operator string
id String
operands List<PolicyTimeoutRuleV2ConditionOperand>
This signifies the various policy criteria.
operator String
id string
operands PolicyTimeoutRuleV2ConditionOperand[]
This signifies the various policy criteria.
operator string
id str
operands Sequence[PolicyTimeoutRuleV2ConditionOperand]
This signifies the various policy criteria.
operator str
id String
operands List<Property Map>
This signifies the various policy criteria.
operator String

PolicyTimeoutRuleV2ConditionOperand
, PolicyTimeoutRuleV2ConditionOperandArgs

EntryValues List<Zscaler.Zpa.Inputs.PolicyTimeoutRuleV2ConditionOperandEntryValue>
ObjectType string
This is for specifying the policy critiera.
Values List<string>
This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
EntryValues []PolicyTimeoutRuleV2ConditionOperandEntryValue
ObjectType string
This is for specifying the policy critiera.
Values []string
This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
entryValues List<PolicyTimeoutRuleV2ConditionOperandEntryValue>
objectType String
This is for specifying the policy critiera.
values List<String>
This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
entryValues PolicyTimeoutRuleV2ConditionOperandEntryValue[]
objectType string
This is for specifying the policy critiera.
values string[]
This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
entry_values Sequence[PolicyTimeoutRuleV2ConditionOperandEntryValue]
object_type str
This is for specifying the policy critiera.
values Sequence[str]
This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored
entryValues List<Property Map>
objectType String
This is for specifying the policy critiera.
values List<String>
This denotes a list of values for the given object type. The value depend upon the key. If rhs is defined this list will be ignored

PolicyTimeoutRuleV2ConditionOperandEntryValue
, PolicyTimeoutRuleV2ConditionOperandEntryValueArgs

Lhs string
Rhs string
Lhs string
Rhs string
lhs String
rhs String
lhs string
rhs string
lhs str
rhs str
lhs String
rhs String

Import

Zscaler offers a dedicated tool called Zscaler-Terraformer to allow the automated import of ZPA configurations into Terraform-compliant HashiCorp Configuration Language.

Visit

Policy access timeout rule can be imported by using <RULE ID> as the import ID.

For example:

$ pulumi import zpa:index/policyTimeoutRuleV2:PolicyTimeoutRuleV2 example <rule_id>
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
zpa zscaler/pulumi-zpa
License
MIT
Notes
This Pulumi package is based on the zpa Terraform Provider.