policies#
The following methods allow for interaction with the ZPA Policy Sets API endpoints.
Methods are accessible via zpa.policies
- class PolicySetsAPI#
- add_access_rule(name, action, **kwargs)#
Add a new Access Policy rule.
See the ZPA Access Policy API reference for further detail on optional keyword parameter structures.
- Parameters:
- Keyword Arguments:
conditions (list) –
A list of conditional rule tuples. Tuples must follow the convention: Object Type, LHS value, RHS value. If you are adding multiple values for the same object type then you will need a new entry for each value. E.g.
[('app', 'id', '99999'), ('app', 'id', '88888'), ('app_group', 'id', '77777), ('client_type', 'zpn_client_type_exporter', 'zpn_client_type_zapp'), ('trusted_network', 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx', True)]
custom_msg (str) – A custom message.
description (str) – A description for the rule.
- Returns:
The resource record of the newly created access policy rule.
- Return type:
Box
- add_client_forwarding_rule(name, action, **kwargs)#
Add a new Client Forwarding Policy rule.
See the ZPA Client Forwarding Policy API reference for further detail on optional keyword parameter structures.
- Parameters:
- Keyword Arguments:
conditions (list) –
A list of conditional rule tuples. Tuples must follow the convention: Object Type, LHS value, RHS value. If you are adding multiple values for the same object type then you will need a new entry for each value. E.g.
[('app', 'id', '926196382959075416'), ('app', 'id', '926196382959075417'), ('app_group', 'id', '926196382959075332), ('client_type', 'zpn_client_type_exporter', 'zpn_client_type_zapp'), ('trusted_network', 'b15e4cad-fa6e-8182-9fc3-8125ee6a65e1', True)]
custom_msg (str) – A custom message.
description (str) – A description for the rule.
- Returns:
The resource record of the newly created Client Forwarding Policy rule.
- Return type:
Box
- add_timeout_rule(name, **kwargs)#
Add a new Timeout Policy rule.
See the ZPA Timeout Policy API reference for further detail on optional keyword parameter structures.
- Parameters:
name (str) – The name of the new rule.
**kwargs – Optional parameters.
- Keyword Arguments:
conditions (list) –
A list of conditional rule tuples. Tuples must follow the convention: Object Type, LHS value, RHS value. If you are adding multiple values for the same object type then you will need a new entry for each value. E.g.
[('app', 'id', '926196382959075416'), ('app', 'id', '926196382959075417'), ('app_group', 'id', '926196382959075332), ('client_type', 'zpn_client_type_exporter', 'zpn_client_type_zapp'), ('trusted_network', 'b15e4cad-fa6e-8182-9fc3-8125ee6a65e1', True)]
custom_msg (str) – A custom message.
description (str) – A description for the rule.
re_auth_idle_timeout (int) – The re-authentication idle timeout value in seconds.
re_auth_timeout (int) – The re-authentication timeout value in seconds.
- Returns:
The resource record of the newly created Timeout Policy rule.
- Return type:
Box
- delete_rule(policy_type, rule_id)#
Deletes the specified policy rule.
- Parameters:
- Returns:
The response code for the operation.
- Return type:
Examples
>>> zpa.policies.delete_rule(policy_id='99999', ... rule_id='88888')
- get_policy(policy_type)#
Returns the policy and rule sets for the given policy type.
- Parameters:
policy_type (str) –
The type of policy to be returned. Accepted values are:
access
- returns the Access Policytimeout
- returns the Timeout Policyclient_forwarding
- returns the Client Forwarding Policysiem
- returns the SIEM Policy- Returns:
The resource record of the specified policy type.
- Return type:
Box
Examples
Request the specified Policy.
>>> pprint(zpa.policies.get_policy('access'))
- get_rule(policy_type, rule_id)#
Returns the specified policy rule.
- Parameters:
- Returns:
The resource record for the requested rule.
- Return type:
Box
Examples
>>> policy_rule = zpa.policies.get_rule(policy_id='99999', ... rule_id='88888')
- list_rules(policy_type, **kwargs)#
Returns policy rules for a given policy type.
- Parameters:
policy_type (str) –
The policy type. Accepted values are:
access
- returns Access Policy rulestimeout
- returns Timeout Policy rulesclient_forwarding
- returns Client Forwarding Policy rules- Returns:
A list of all policy rules that match the requested type.
- Return type:
Examples
>>> for policy in zpa.policies.list_type('type') ... pprint(policy)
- reorder_rule(policy_type, rule_id, order)#
Change the order of an existing policy rule.
- Parameters:
- Returns:
The updated policy rule resource record.
- Return type:
Box
Examples
Updates the order for an existing policy rule:
>>> zpa.policies.reorder_rule(policy_type='access', ... rule_id='88888', ... order='2')
- update_rule(policy_type, rule_id, **kwargs)#
Update an existing policy rule.
Ensure you are using the correct arguments for the policy type that you want to update.
- Parameters:
- Keyword Arguments:
action (str) –
The action for the policy. Accepted values are:
allow
deny
intercept
intercept_accessible
bypass
conditions (list) –
A list of conditional rule tuples. Tuples must follow the convention: Object Type, LHS value, RHS value. If you are adding multiple values for the same object type then you will need a new entry for each value. E.g.
[('app', 'id', '926196382959075416'), ('app', 'id', '926196382959075417'), ('app_group', 'id', '926196382959075332), ('client_type', 'zpn_client_type_exporter', 'zpn_client_type_zapp'), ('trusted_network', 'b15e4cad-fa6e-8182-9fc3-8125ee6a65e1', True)]
custom_msg (str) – A custom message.
description (str) – A description for the rule.
re_auth_idle_timeout (int) – The re-authentication idle timeout value in seconds.
re_auth_timeout (int) – The re-authentication timeout value in seconds.
- Returns:
The updated policy-rule resource record.
- Return type:
Box
Examples
Updates the name only for an Access Policy rule:
>>> zpa.policies.update_rule('access', '99999', name='new_rule_name')
Updates the action only for a Client Forwarding Policy rule:
>>> zpa.policies.update_rule('client_forwarding', '888888', action='BYPASS')