{"name":"zia","displayName":"pulumi-resource-zia","version":"1.3.8","description":"A native Pulumi provider for Zscaler Internet Access (ZIA).","homepage":"https://github.com/zscaler/pulumi-zia","repository":"https://github.com/zscaler/pulumi-zia","pluginDownloadURL":"github://api.github.com/zscaler","publisher":"Zscaler","namespace":"zia","language":{"csharp":{"respectSchemaVersion":true,"rootNamespace":"zscaler.PulumiPackage"},"go":{"generateResourceContainerTypes":true,"importBasePath":"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia","respectSchemaVersion":true},"nodejs":{"packageName":"@bdzscaler/pulumi-zia","respectSchemaVersion":true},"python":{"packageName":"zscaler_pulumi_zia","pyproject":{"enabled":true},"respectSchemaVersion":true}},"config":{"variables":{"apiKey":{"type":"string","description":"(Legacy) The API key for ZIA. Can also be set via the `ZIA_API_KEY` environment variable. Prefer OAuth2 credentials instead.","secret":true},"clientId":{"type":"string","description":"The OAuth2 client ID for authenticating with the Zscaler API. Can also be set via the `ZSCALER_CLIENT_ID` environment variable."},"clientSecret":{"type":"string","description":"The OAuth2 client secret for authenticating with the Zscaler API. Can also be set via the `ZSCALER_CLIENT_SECRET` environment variable.","secret":true},"cloud":{"type":"string","description":"The Zscaler cloud name (e.g. 'zscaler', 'zscalerone', 'zscalertwo', 'zscalerthree', 'zscloud', 'zscalerbeta', 'zscalergov'). Can also be set via the `ZSCALER_CLOUD` environment variable.","secret":true},"debug":{"type":"boolean","description":"If true, enables verbose Zscaler SDK logging (API requests/responses). Logs are written to stderr and optionally to the file specified by the `ZSCALER_SDK_LOG_FILE` environment variable."},"httpProxy":{"type":"string","description":"HTTP proxy URL for API requests (e.g. 'http://proxy.example.com:8080'). Can also be set via the `ZSCALER_HTTP_PROXY` environment variable."},"maxRetries":{"type":"integer","description":"Maximum number of retries for API requests. Default is determined by the SDK."},"password":{"type":"string","description":"(Legacy) The admin password for ZIA. Can also be set via the `ZIA_PASSWORD` environment variable. Prefer OAuth2 credentials instead.","secret":true},"privateKey":{"type":"string","description":"The private key for service principal authentication. Can also be set via the `ZSCALER_PRIVATE_KEY` environment variable.","secret":true},"requestTimeout":{"type":"integer","description":"Timeout in seconds for API requests."},"sandboxCloud":{"type":"string","description":"The Zscaler Sandbox cloud name. Can also be set via the `ZIA_SANDBOX_CLOUD` environment variable.","secret":true},"sandboxToken":{"type":"string","description":"The API token for Zscaler Sandbox. Can also be set via the `ZIA_SANDBOX_TOKEN` environment variable.","secret":true},"useLegacyClient":{"type":"boolean","description":"If true, use the legacy ZIA client authentication instead of OAuth2."},"username":{"type":"string","description":"(Legacy) The admin username for ZIA. Can also be set via the `ZIA_USERNAME` environment variable. Prefer OAuth2 credentials instead."},"vanityDomain":{"type":"string","description":"The vanity domain for your Zscaler organization. Can also be set via the `ZSCALER_VANITY_DOMAIN` environment variable.","secret":true},"ziaCloud":{"type":"string","description":"(Legacy) The ZIA cloud name. Can also be set via the `ZIA_CLOUD` environment variable. Prefer the 'cloud' parameter instead."}}},"types":{"zia:index:AdminUserRoleInput":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index:CBIProfileInput":{"properties":{"name":{"type":"string"},"profileSeq":{"type":"integer"},"resourceId":{"type":"string"},"url":{"type":"string"}},"type":"object"},"zia:index:ClassificationOutput":{"properties":{"category":{"type":"string"},"detectedMalware":{"type":"string"},"score":{"type":"integer"},"type":{"type":"string"}},"type":"object","required":["type","category","score","detectedMalware"]},"zia:index:CloudApplicationItem":{"properties":{"app":{"type":"string"},"appName":{"type":"string"},"parent":{"type":"string"},"parentName":{"type":"string"}},"type":"object","required":["app","appName","parent","parentName"]},"zia:index:DatacenterInfo":{"properties":{"city":{"type":"string"},"createTime":{"type":"integer"},"dontProvision":{"type":"boolean"},"dontPublish":{"type":"boolean"},"downloadBandwidth":{"type":"integer"},"forFutureUse":{"type":"boolean"},"govOnly":{"type":"boolean"},"id":{"type":"integer"},"lastModifiedTime":{"type":"integer"},"lat":{"type":"integer"},"latitude":{"type":"number"},"longi":{"type":"integer"},"longitude":{"type":"number"},"managedBcp":{"type":"boolean"},"name":{"type":"string"},"notReadyForUse":{"type":"boolean"},"ownedByCustomer":{"type":"boolean"},"provider":{"type":"string"},"regionalSurcharge":{"type":"boolean"},"thirdPartyCloud":{"type":"boolean"},"timezone":{"type":"string"},"uploadBandwidth":{"type":"integer"},"virtual":{"type":"boolean"}},"type":"object","required":["id","name","provider","city","timezone","lat","longi","latitude","longitude","govOnly","thirdPartyCloud","uploadBandwidth","downloadBandwidth","ownedByCustomer","managedBcp","dontPublish","dontProvision","notReadyForUse","forFutureUse","regionalSurcharge","createTime","lastModifiedTime","virtual"]},"zia:index:DecryptSubActionsInput":{"properties":{"blockSslTrafficWithNoSniEnabled":{"type":"boolean"},"blockUndecrypt":{"type":"boolean"},"http2Enabled":{"type":"boolean"},"minClientTlsVersion":{"type":"string"},"minServerTlsVersion":{"type":"string"},"ocspCheck":{"type":"boolean"},"serverCertificates":{"type":"string"}},"type":"object"},"zia:index:DeviceGroupItem":{"properties":{"description":{"type":"string"},"deviceCount":{"type":"integer"},"deviceNames":{"type":"string"},"groupType":{"type":"string"},"name":{"type":"string"},"osType":{"type":"string"},"predefined":{"type":"boolean"},"resourceId":{"type":"integer"}},"type":"object","required":["resourceId","name","groupType","description","osType","predefined","deviceNames","deviceCount"]},"zia:index:DlpDictionaryPatternInput":{"properties":{"action":{"type":"string"},"pattern":{"type":"string"}},"type":"object"},"zia:index:DlpDictionaryPhraseInput":{"properties":{"action":{"type":"string"},"phrase":{"type":"string"}},"type":"object"},"zia:index:DoNotDecryptSubActionsInput":{"properties":{"blockSslTrafficWithNoSniEnabled":{"type":"boolean"},"bypassOtherPolicies":{"type":"boolean"},"minTlsVersion":{"type":"string"},"ocspCheck":{"type":"boolean"},"serverCertificates":{"type":"string"}},"type":"object"},"zia:index:ExtranetDnsListInput":{"properties":{"id":{"type":"integer"},"name":{"type":"string"},"primaryDnsServer":{"type":"string"},"secondaryDnsServer":{"type":"string"},"useAsDefault":{"type":"boolean"}},"type":"object"},"zia:index:ExtranetIpPoolListInput":{"properties":{"id":{"type":"integer"},"ipEnd":{"type":"string"},"ipStart":{"type":"string"},"name":{"type":"string"},"useAsDefault":{"type":"boolean"}},"type":"object"},"zia:index:FilePropertiesOutput":{"properties":{"digitalCertificate":{"type":"string"},"fileSize":{"type":"integer"},"fileType":{"type":"string"},"issuer":{"type":"string"},"md5":{"type":"string"},"rootCa":{"type":"string"},"sha1":{"type":"string"},"sha256":{"type":"string"},"ssdeep":{"type":"string"}},"type":"object","required":["fileType","fileSize","md5","sha1","sha256","issuer","digitalCertificate","ssdeep","rootCa"]},"zia:index:FileTypeCategoryItem":{"properties":{"name":{"type":"string"},"parent":{"type":"string"},"resourceId":{"type":"integer"}},"type":"object","required":["resourceId","name","parent"]},"zia:index:GreTunnelDestVipInput":{"properties":{"datacenter":{"type":"string"},"id":{"type":"integer"},"virtualIp":{"type":"string"}},"type":"object"},"zia:index:GreTunnelDestVipOutput":{"properties":{"datacenter":{"type":"string"},"id":{"type":"integer"},"virtualIp":{"type":"string"}},"type":"object"},"zia:index:IdNameExtensionsOutput":{"properties":{"name":{"type":"string"},"resourceId":{"type":"integer"}},"type":"object","required":["resourceId","name"]},"zia:index:InstanceIdentifierInput":{"properties":{"identifierType":{"type":"string"},"instanceId":{"type":"integer"},"instanceIdentifier":{"type":"string"},"instanceIdentifierName":{"type":"string"}},"type":"object"},"zia:index:LastModifiedByOutput":{"properties":{"name":{"type":"string"},"resourceId":{"type":"integer"}},"type":"object","required":["resourceId","name"]},"zia:index:LastValidationMsgOutput":{"properties":{"errorCode":{"type":"string"},"errorMsg":{"type":"string"}},"type":"object","required":["errorMsg","errorCode"]},"zia:index:Md5HashValueInput":{"properties":{"type":{"type":"string"},"url":{"type":"string"},"urlComment":{"type":"string"}},"type":"object"},"zia:index:NetworkPortInput":{"properties":{"end":{"type":"integer"},"start":{"type":"integer"}},"type":"object"},"zia:index:OnboardableEntityOutput":{"properties":{"application":{"type":"string"},"enterpriseTenantId":{"type":"string"},"lastValidationMsg":{"$ref":"#/types/zia:index:LastValidationMsgOutput"},"name":{"type":"string"},"resourceId":{"type":"integer"},"type":{"type":"string"},"zscalerAppTenantId":{"$ref":"#/types/zia:index:LastModifiedByOutput"}},"type":"object","required":["resourceId","name","type","enterpriseTenantId","application"]},"zia:index:OriginOutput":{"properties":{"country":{"type":"string"},"language":{"type":"string"},"risk":{"type":"string"}},"type":"object","required":["risk","language","country"]},"zia:index:SandboxRssOutput":{"properties":{"risk":{"type":"string"},"signature":{"type":"string"},"signatureSources":{"type":"array","items":{"type":"string"}}},"type":"object","required":["risk","signature","signatureSources"]},"zia:index:SmartIsolationProfileInput":{"properties":{"id":{"type":"string"}},"type":"object"},"zia:index:SslInspectionActionInput":{"properties":{"decryptSubActions":{"$ref":"#/types/zia:index:DecryptSubActionsInput"},"doNotDecryptSubActions":{"$ref":"#/types/zia:index:DoNotDecryptSubActionsInput"},"overrideDefaultCertificate":{"type":"boolean"},"showEun":{"type":"boolean"},"showEunatp":{"type":"boolean"},"sslInterceptionCert":{"$ref":"#/types/zia:index:SslInterceptionCertInput"},"type":{"type":"string"}},"type":"object"},"zia:index:SslInterceptionCertInput":{"properties":{"id":{"type":"integer"}},"type":"object"},"zia:index:SubCloudDcOutput":{"properties":{"country":{"type":"string"},"name":{"type":"string"},"resourceId":{"type":"integer"}},"type":"object","required":["resourceId","name","country"]},"zia:index:SubCloudExclusionDatacenterInput":{"properties":{"country":{"type":"string"},"name":{"type":"string"},"resourceId":{"type":"integer"}},"type":"object","required":["resourceId"]},"zia:index:SubCloudExclusionInput":{"properties":{"country":{"type":"string"},"datacenter":{"$ref":"#/types/zia:index:SubCloudExclusionDatacenterInput"},"endTime":{"type":"integer"},"endTimeUtc":{"type":"string"}},"type":"object","required":["datacenter","country"]},"zia:index:SummaryDetailOutput":{"properties":{"category":{"type":"string"},"duration":{"type":"integer"},"fileType":{"type":"string"},"startTime":{"type":"integer"},"status":{"type":"string"}},"type":"object","required":["status","category","fileType","startTime","duration"]},"zia:index:UrlCategoryScopeInput":{"properties":{"scopeEntities":{"type":"array","items":{"type":"integer"}},"scopeGroupMemberEntities":{"type":"array","items":{"type":"integer"}},"type":{"type":"string"}},"type":"object"},"zia:index:UrlCategoryUrlKeywordCountsInput":{"properties":{"retainParentKeywordCount":{"type":"integer"},"retainParentUrlCount":{"type":"integer"},"totalKeywordCount":{"type":"integer"},"totalUrlCount":{"type":"integer"}},"type":"object"},"zia:index:UserDepartmentInput":{"properties":{"comments":{"type":"string"},"deleted":{"type":"boolean"},"id":{"type":"integer"},"idpId":{"type":"integer"},"name":{"type":"string"}},"type":"object"},"zia:index:UserDepartmentOutput":{"properties":{"comments":{"type":"string"},"deleted":{"type":"boolean"},"departmentId":{"type":"integer"},"idpId":{"type":"integer"},"name":{"type":"string"}},"type":"object","required":["departmentId","name","idpId","comments","deleted"]},"zia:index:UserGroupOutput":{"properties":{"comments":{"type":"string"},"groupId":{"type":"integer"},"idpId":{"type":"integer"},"name":{"type":"string"}},"type":"object","required":["groupId","name","idpId","comments"]},"zia:index:VirtualZenNodeOutput":{"properties":{"name":{"type":"string"},"nodeId":{"type":"integer"}},"type":"object","required":["nodeId","name"]},"zia:index:VpnCredentialInput":{"properties":{"fqdn":{"type":"string"},"id":{"type":"integer"},"ipAddress":{"type":"string"},"preSharedKey":{"type":"string"},"type":{"type":"string"}},"type":"object"},"zia:index:WorkloadGroupExpressionContainerInput":{"properties":{"operator":{"type":"string"},"tagContainer":{"$ref":"#/types/zia:index:WorkloadGroupTagContainerInput"},"tagType":{"type":"string"}},"type":"object"},"zia:index:WorkloadGroupExpressionJsonInput":{"properties":{"expressionContainers":{"type":"array","items":{"$ref":"#/types/zia:index:WorkloadGroupExpressionContainerInput"}}},"type":"object"},"zia:index:WorkloadGroupInput":{"properties":{"name":{"type":"string"},"resourceId":{"type":"integer"}},"type":"object","required":["resourceId"]},"zia:index:WorkloadGroupTagContainerInput":{"properties":{"operator":{"type":"string"},"tags":{"type":"array","items":{"$ref":"#/types/zia:index:WorkloadGroupTagInput"}}},"type":"object"},"zia:index:WorkloadGroupTagInput":{"properties":{"key":{"type":"string"},"value":{"type":"string"}},"type":"object"},"zia:index:ZPAAppSegmentInput":{"properties":{"externalId":{"type":"string"},"name":{"type":"string"}},"type":"object","required":["name","externalId"]},"zia:index:ZpaGatewayAppSegmentInput":{"properties":{"externalId":{"type":"string"},"name":{"type":"string"}},"type":"object"},"zia:index:ZpaServerGroupInput":{"properties":{"externalId":{"type":"string"},"name":{"type":"string"}},"type":"object"}},"provider":{"properties":{"apiKey":{"type":"string","description":"(Legacy) The API key for ZIA. Can also be set via the `ZIA_API_KEY` environment variable. Prefer OAuth2 credentials instead.","secret":true},"clientId":{"type":"string","description":"The OAuth2 client ID for authenticating with the Zscaler API. Can also be set via the `ZSCALER_CLIENT_ID` environment variable."},"clientSecret":{"type":"string","description":"The OAuth2 client secret for authenticating with the Zscaler API. Can also be set via the `ZSCALER_CLIENT_SECRET` environment variable.","secret":true},"cloud":{"type":"string","description":"The Zscaler cloud name (e.g. 'zscaler', 'zscalerone', 'zscalertwo', 'zscalerthree', 'zscloud', 'zscalerbeta', 'zscalergov'). Can also be set via the `ZSCALER_CLOUD` environment variable.","secret":true},"debug":{"type":"boolean","description":"If true, enables verbose Zscaler SDK logging (API requests/responses). Logs are written to stderr and optionally to the file specified by the `ZSCALER_SDK_LOG_FILE` environment variable."},"httpProxy":{"type":"string","description":"HTTP proxy URL for API requests (e.g. 'http://proxy.example.com:8080'). Can also be set via the `ZSCALER_HTTP_PROXY` environment variable."},"maxRetries":{"type":"integer","description":"Maximum number of retries for API requests. Default is determined by the SDK."},"password":{"type":"string","description":"(Legacy) The admin password for ZIA. Can also be set via the `ZIA_PASSWORD` environment variable. Prefer OAuth2 credentials instead.","secret":true},"privateKey":{"type":"string","description":"The private key for service principal authentication. Can also be set via the `ZSCALER_PRIVATE_KEY` environment variable.","secret":true},"requestTimeout":{"type":"integer","description":"Timeout in seconds for API requests."},"sandboxCloud":{"type":"string","description":"The Zscaler Sandbox cloud name. Can also be set via the `ZIA_SANDBOX_CLOUD` environment variable.","secret":true},"sandboxToken":{"type":"string","description":"The API token for Zscaler Sandbox. Can also be set via the `ZIA_SANDBOX_TOKEN` environment variable.","secret":true},"useLegacyClient":{"type":"boolean","description":"If true, use the legacy ZIA client authentication instead of OAuth2."},"username":{"type":"string","description":"(Legacy) The admin username for ZIA. Can also be set via the `ZIA_USERNAME` environment variable. Prefer OAuth2 credentials instead."},"vanityDomain":{"type":"string","description":"The vanity domain for your Zscaler organization. Can also be set via the `ZSCALER_VANITY_DOMAIN` environment variable.","secret":true},"ziaCloud":{"type":"string","description":"(Legacy) The ZIA cloud name. Can also be set via the `ZIA_CLOUD` environment variable. Prefer the 'cloud' parameter instead."}},"inputProperties":{"apiKey":{"type":"string","description":"(Legacy) The API key for ZIA. Can also be set via the `ZIA_API_KEY` environment variable. Prefer OAuth2 credentials instead.","secret":true},"clientId":{"type":"string","description":"The OAuth2 client ID for authenticating with the Zscaler API. Can also be set via the `ZSCALER_CLIENT_ID` environment variable."},"clientSecret":{"type":"string","description":"The OAuth2 client secret for authenticating with the Zscaler API. Can also be set via the `ZSCALER_CLIENT_SECRET` environment variable.","secret":true},"cloud":{"type":"string","description":"The Zscaler cloud name (e.g. 'zscaler', 'zscalerone', 'zscalertwo', 'zscalerthree', 'zscloud', 'zscalerbeta', 'zscalergov'). Can also be set via the `ZSCALER_CLOUD` environment variable.","secret":true},"debug":{"type":"boolean","description":"If true, enables verbose Zscaler SDK logging (API requests/responses). Logs are written to stderr and optionally to the file specified by the `ZSCALER_SDK_LOG_FILE` environment variable."},"httpProxy":{"type":"string","description":"HTTP proxy URL for API requests (e.g. 'http://proxy.example.com:8080'). Can also be set via the `ZSCALER_HTTP_PROXY` environment variable."},"maxRetries":{"type":"integer","description":"Maximum number of retries for API requests. Default is determined by the SDK."},"password":{"type":"string","description":"(Legacy) The admin password for ZIA. Can also be set via the `ZIA_PASSWORD` environment variable. Prefer OAuth2 credentials instead.","secret":true},"privateKey":{"type":"string","description":"The private key for service principal authentication. Can also be set via the `ZSCALER_PRIVATE_KEY` environment variable.","secret":true},"requestTimeout":{"type":"integer","description":"Timeout in seconds for API requests."},"sandboxCloud":{"type":"string","description":"The Zscaler Sandbox cloud name. Can also be set via the `ZIA_SANDBOX_CLOUD` environment variable.","secret":true},"sandboxToken":{"type":"string","description":"The API token for Zscaler Sandbox. Can also be set via the `ZIA_SANDBOX_TOKEN` environment variable.","secret":true},"useLegacyClient":{"type":"boolean","description":"If true, use the legacy ZIA client authentication instead of OAuth2."},"username":{"type":"string","description":"(Legacy) The admin username for ZIA. Can also be set via the `ZIA_USERNAME` environment variable. Prefer OAuth2 credentials instead."},"vanityDomain":{"type":"string","description":"The vanity domain for your Zscaler organization. Can also be set via the `ZSCALER_VANITY_DOMAIN` environment variable.","secret":true},"ziaCloud":{"type":"string","description":"(Legacy) The ZIA cloud name. Can also be set via the `ZIA_CLOUD` environment variable. Prefer the 'cloud' parameter instead."}}},"resources":{"zia:index:Activation":{"description":"The zia_activation resource triggers the activation of ZIA configuration changes in the Zscaler Internet Access (ZIA) cloud service. After making configuration changes to ZIA resources, this resource can be used to activate and push those changes to the ZIA cloud. Delete is a no-op.\n\nFor more information, see the [ZIA Configuration Activation documentation](https://help.zscaler.com/zia/activating-configuration-changes).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Configuration Activation\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.Activation(\"example\", {\n    status: \"ACTIVE\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.Activation(\"example\",\n    status=\"ACTIVE\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:Activation\n    properties:\n      status: ACTIVE\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis is a singleton resource and does not support traditional import. It is automatically managed by the provider.\n","properties":{"resourceId":{"type":"string","description":"The internal resource identifier for the activation."},"status":{"type":"string","description":"The activation status. Must be `ACTIVE` to trigger configuration activation."}},"required":["status","resourceId"],"inputProperties":{"status":{"type":"string","description":"The activation status. Must be `ACTIVE` to trigger configuration activation."}},"requiredInputs":["status"]},"zia:index:AdminRoles":{"description":"The zia_admin_roles resource manages administrator roles in the Zscaler Internet Access (ZIA) cloud service. Admin roles define the permissions and access levels for administrator users.\n\nFor more information, see the [ZIA Admin Role Management documentation](https://help.zscaler.com/zia/admin-role-management).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Admin Role\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.AdminRoles(\"example\", {\n    name: \"Example Role\",\n    rank: 7,\n    policyAccess: \"READ_WRITE\",\n    dashboardAccess: \"READ_ONLY\",\n    reportAccess: \"READ_ONLY\",\n    alertingAccess: \"READ_ONLY\",\n    usernameAccess: \"READ_ONLY\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.AdminRoles(\"example\",\n    name=\"Example Role\",\n    rank=7,\n    policy_access=\"READ_WRITE\",\n    dashboard_access=\"READ_ONLY\",\n    report_access=\"READ_ONLY\",\n    alerting_access=\"READ_ONLY\",\n    username_access=\"READ_ONLY\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:AdminRoles\n    properties:\n      name: Example Role\n      rank: 7\n      policyAccess: READ_WRITE\n      dashboardAccess: READ_ONLY\n      reportAccess: READ_ONLY\n      alertingAccess: READ_ONLY\n      usernameAccess: READ_ONLY\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing admin role can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:AdminRoles example 12345\n```\n","properties":{"adminAcctAccess":{"type":"string","description":"Admin and role management access permission. Valid values: `NONE`, `READ_ONLY`, `READ_WRITE`."},"alertingAccess":{"type":"string","description":"Alerting access permission. Valid values: `NONE`, `READ_ONLY`, `READ_WRITE`."},"analysisAccess":{"type":"string","description":"Insights logs access permission. Valid values: `NONE`, `READ_ONLY`, `READ_WRITE`."},"dashboardAccess":{"type":"string","description":"Dashboard access permission. Valid values: `NONE`, `READ_ONLY`."},"deviceInfoAccess":{"type":"string","description":"Device info access permission. Valid values: `NONE`, `READ_ONLY`."},"extFeaturePermissions":{"type":"object","additionalProperties":{"type":"string"},"description":"Map of extended feature permissions to their access levels."},"featurePermissions":{"type":"object","additionalProperties":{"type":"string"},"description":"Map of feature permissions to their access levels."},"isAuditor":{"type":"boolean","description":"Indicates whether this is an auditor role."},"isNonEditable":{"type":"boolean","description":"Indicates whether the role is non-editable (built-in system role)."},"logsLimit":{"type":"string","description":"Log range limit. Valid values: `UNRESTRICTED`, `LAST_1_HR`, `LAST_2_HRS`, `LAST_6_HRS`, `LAST_24_HRS`, `LAST_1_MONTH`."},"name":{"type":"string","description":"The name of the admin role."},"permissions":{"type":"array","items":{"type":"string"},"description":"List of functional areas to which this role has access (e.g., `POLICY`, `DASHBOARD`)."},"policyAccess":{"type":"string","description":"Policy access permission. Valid values: `NONE`, `READ_ONLY`, `READ_WRITE`."},"rank":{"type":"integer","description":"Admin rank of the role. Default: 7. Valid values: 0-7."},"reportAccess":{"type":"string","description":"Report access permission. Valid values: `NONE`, `READ_ONLY`."},"reportTimeDuration":{"type":"integer","description":"Report time duration in days."},"roleId":{"type":"integer","description":"The system-generated ID of the admin role."},"roleType":{"type":"string","description":"The admin role type. Valid values: `EXEC_INSIGHT_AND_ORG_ADMIN`, `ORG_ADMIN`."},"usernameAccess":{"type":"string","description":"Username access permission. Valid values: `NONE`, `READ_ONLY`."}},"required":["roleId"],"inputProperties":{"adminAcctAccess":{"type":"string","description":"Admin and role management access permission. Valid values: `NONE`, `READ_ONLY`, `READ_WRITE`."},"alertingAccess":{"type":"string","description":"Alerting access permission. Valid values: `NONE`, `READ_ONLY`, `READ_WRITE`."},"analysisAccess":{"type":"string","description":"Insights logs access permission. Valid values: `NONE`, `READ_ONLY`, `READ_WRITE`."},"dashboardAccess":{"type":"string","description":"Dashboard access permission. Valid values: `NONE`, `READ_ONLY`."},"deviceInfoAccess":{"type":"string","description":"Device info access permission. Valid values: `NONE`, `READ_ONLY`."},"extFeaturePermissions":{"type":"object","additionalProperties":{"type":"string"},"description":"Map of extended feature permissions to their access levels."},"featurePermissions":{"type":"object","additionalProperties":{"type":"string"},"description":"Map of feature permissions to their access levels."},"isAuditor":{"type":"boolean","description":"Indicates whether this is an auditor role."},"isNonEditable":{"type":"boolean","description":"Indicates whether the role is non-editable (built-in system role)."},"logsLimit":{"type":"string","description":"Log range limit. Valid values: `UNRESTRICTED`, `LAST_1_HR`, `LAST_2_HRS`, `LAST_6_HRS`, `LAST_24_HRS`, `LAST_1_MONTH`."},"name":{"type":"string","description":"The name of the admin role."},"permissions":{"type":"array","items":{"type":"string"},"description":"List of functional areas to which this role has access (e.g., `POLICY`, `DASHBOARD`)."},"policyAccess":{"type":"string","description":"Policy access permission. Valid values: `NONE`, `READ_ONLY`, `READ_WRITE`."},"rank":{"type":"integer","description":"Admin rank of the role. Default: 7. Valid values: 0-7."},"reportAccess":{"type":"string","description":"Report access permission. Valid values: `NONE`, `READ_ONLY`."},"reportTimeDuration":{"type":"integer","description":"Report time duration in days."},"roleType":{"type":"string","description":"The admin role type. Valid values: `EXEC_INSIGHT_AND_ORG_ADMIN`, `ORG_ADMIN`."},"usernameAccess":{"type":"string","description":"Username access permission. Valid values: `NONE`, `READ_ONLY`."}}},"zia:index:AdminUsers":{"description":"The zia_admin_users resource manages administrator users in the Zscaler Internet Access (ZIA) cloud service. Administrator users have access to the ZIA Admin Portal and can manage policies, configurations, and other administrative tasks based on their assigned role.\n\nFor more information, see the [ZIA Admin User Management documentation](https://help.zscaler.com/zia/admin-user-management).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Admin User\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nimport * as pulumi from \"@pulumi/pulumi\";\n\nconst cfg = new pulumi.Config();\nconst adminPassword = cfg.requireSecret(\"adminPassword\");\n\nconst example = new zia.AdminUsers(\"example\", {\n    loginName: \"admin@example.com\",\n    username: \"Example Admin\",\n    email: \"admin@example.com\",\n    password: adminPassword,\n    isPasswordLoginAllowed: true,\n    role: { id: 12345 },\n    adminScopeType: \"ORGANIZATION\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\ncfg = pulumi.Config()\nadmin_password = cfg.require_secret(\"adminPassword\")\n\nexample = zia.AdminUsers(\"example\",\n    login_name=\"admin@example.com\",\n    username=\"Example Admin\",\n    email=\"admin@example.com\",\n    password=admin_password,\n    is_password_login_allowed=True,\n    role={\"id\": 12345},\n    admin_scope_type=\"ORGANIZATION\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:AdminUsers\n    properties:\n      loginName: admin@example.com\n      username: Example Admin\n      email: admin@example.com\n      password:\n        fn::secret: ${adminPassword}\n      isPasswordLoginAllowed: true\n      role:\n        id: 12345\n      adminScopeType: ORGANIZATION\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing admin user can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:AdminUsers example 12345\n```\n","properties":{"adminId":{"type":"integer","description":"The system-generated ID of the admin user."},"adminScopeEntities":{"type":"array","items":{"type":"integer"},"description":"IDs of the admin scope entities (departments, locations, or location groups) when adminScopeType is not `ORGANIZATION`."},"adminScopeType":{"type":"string","description":"The admin scope type. Valid values: `ORGANIZATION`, `DEPARTMENT`, `LOCATION`, `LOCATION_GROUP`."},"comments":{"type":"string","description":"Additional information about the admin user."},"disabled":{"type":"boolean","description":"Whether the admin account is disabled."},"email":{"type":"string","description":"The admin user's email address."},"isAuditor":{"type":"boolean","description":"Indicates whether the admin is an auditor."},"isExecMobileAppEnabled":{"type":"boolean","description":"Whether Executive Insights App access is enabled. Can only be set when adminScopeType is `ORGANIZATION`."},"isNonEditable":{"type":"boolean","description":"Indicates whether the admin user is non-editable (read-only in the ZIA Admin Portal)."},"isPasswordExpired":{"type":"boolean","description":"Indicates whether the admin user's password has expired."},"isPasswordLoginAllowed":{"type":"boolean","description":"Whether password-based login is allowed for the admin user."},"isProductUpdateCommEnabled":{"type":"boolean","description":"Whether the admin can receive product update communications."},"isSecurityReportCommEnabled":{"type":"boolean","description":"Whether the admin can receive security report communications."},"isServiceUpdateCommEnabled":{"type":"boolean","description":"Whether the admin can receive service update communications."},"loginName":{"type":"string","description":"The admin user's login name (email format). Must be unique."},"password":{"type":"string","description":"The admin user's password. Required when isPasswordLoginAllowed is true. Must be 8 to 100 characters.","secret":true},"role":{"$ref":"#/types/zia:index:AdminUserRoleInput","description":"The role assigned to the admin user. Provide the role ID."},"username":{"type":"string","description":"The admin user's display name."}},"required":["loginName","username","email","adminId"],"inputProperties":{"adminScopeEntities":{"type":"array","items":{"type":"integer"},"description":"IDs of the admin scope entities (departments, locations, or location groups) when adminScopeType is not `ORGANIZATION`."},"adminScopeType":{"type":"string","description":"The admin scope type. Valid values: `ORGANIZATION`, `DEPARTMENT`, `LOCATION`, `LOCATION_GROUP`."},"comments":{"type":"string","description":"Additional information about the admin user."},"disabled":{"type":"boolean","description":"Whether the admin account is disabled."},"email":{"type":"string","description":"The admin user's email address."},"isAuditor":{"type":"boolean","description":"Indicates whether the admin is an auditor."},"isExecMobileAppEnabled":{"type":"boolean","description":"Whether Executive Insights App access is enabled. Can only be set when adminScopeType is `ORGANIZATION`."},"isNonEditable":{"type":"boolean","description":"Indicates whether the admin user is non-editable (read-only in the ZIA Admin Portal)."},"isPasswordExpired":{"type":"boolean","description":"Indicates whether the admin user's password has expired."},"isPasswordLoginAllowed":{"type":"boolean","description":"Whether password-based login is allowed for the admin user."},"isProductUpdateCommEnabled":{"type":"boolean","description":"Whether the admin can receive product update communications."},"isSecurityReportCommEnabled":{"type":"boolean","description":"Whether the admin can receive security report communications."},"isServiceUpdateCommEnabled":{"type":"boolean","description":"Whether the admin can receive service update communications."},"loginName":{"type":"string","description":"The admin user's login name (email format). Must be unique."},"password":{"type":"string","description":"The admin user's password. Required when isPasswordLoginAllowed is true. Must be 8 to 100 characters.","secret":true},"role":{"$ref":"#/types/zia:index:AdminUserRoleInput","description":"The role assigned to the admin user. Provide the role ID."},"username":{"type":"string","description":"The admin user's display name."}},"requiredInputs":["loginName","username","email"]},"zia:index:AdvancedSettings":{"description":"The zia_advanced_settings resource manages advanced settings in the Zscaler Internet Access (ZIA) cloud service. This singleton resource controls a wide range of advanced proxy, authentication, DNS resolution, and security settings including domain fronting protection, HTTP tunnel tracking, surrogate IP enforcement, and session timeout configuration.\n\nFor more information, see the [ZIA Advanced Settings documentation](https://help.zscaler.com/zia/advanced-settings).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Advanced Settings\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.AdvancedSettings(\"example\", {\n    enableOffice365: true,\n    logInternalIp: true,\n    blockHttpTunnelOnNonHttpPorts: true,\n    blockDomainFrontingOnHostHeader: true,\n    authBypassUrls: [\".example.com\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.AdvancedSettings(\"example\",\n    enable_office365=True,\n    log_internal_ip=True,\n    block_http_tunnel_on_non_http_ports=True,\n    block_domain_fronting_on_host_header=True,\n    auth_bypass_urls=[\".example.com\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:AdvancedSettings\n    properties:\n      enableOffice365: true\n      logInternalIp: true\n      blockHttpTunnelOnNonHttpPorts: true\n      blockDomainFrontingOnHostHeader: true\n      authBypassUrls:\n        - .example.com\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis is a singleton resource and does not support traditional import. It is automatically managed by the provider.\n","properties":{"authBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that bypass authentication."},"authBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass authentication."},"authBypassUrls":{"type":"array","items":{"type":"string"},"description":"URLs that bypass authentication."},"basicBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that bypass basic authentication."},"basicBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass basic authentication."},"blockConnectHostSniMismatch":{"type":"boolean","description":"Block connections where CONNECT host and SNI mismatch."},"blockDomainFrontingApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications for which domain fronting is blocked."},"blockDomainFrontingOnHostHeader":{"type":"boolean","description":"Block domain fronting when the host header mismatches the SNI."},"blockHttpTunnelOnNonHttpPorts":{"type":"boolean","description":"Block HTTP tunnels on non-HTTP ports."},"blockNonCompliantHttpRequestOnHttpPorts":{"type":"boolean","description":"Block non-compliant HTTP requests on HTTP ports."},"blockNonHttpOnHttpPortEnabled":{"type":"boolean","description":"Block non-HTTP traffic on HTTP ports."},"cascadeUrlFiltering":{"type":"boolean","description":"Enable cascading URL filtering."},"digestAuthBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that bypass digest authentication."},"digestAuthBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass digest authentication."},"digestAuthBypassUrls":{"type":"array","items":{"type":"string"},"description":"URLs that bypass digest authentication."},"dnsResolutionOnTransparentProxyApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications with DNS resolution on transparent proxy enabled."},"dnsResolutionOnTransparentProxyExemptApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications exempt from DNS resolution on transparent proxy."},"dnsResolutionOnTransparentProxyExemptUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories exempt from DNS resolution on transparent proxy."},"dnsResolutionOnTransparentProxyExemptUrls":{"type":"array","items":{"type":"string"},"description":"URLs exempt from DNS resolution on transparent proxy."},"dnsResolutionOnTransparentProxyIpv6Apps":{"type":"array","items":{"type":"string"},"description":"Cloud applications with IPv6 DNS resolution on transparent proxy enabled."},"dnsResolutionOnTransparentProxyIpv6ExemptApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications exempt from IPv6 DNS resolution on transparent proxy."},"dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories exempt from IPv6 DNS resolution on transparent proxy."},"dnsResolutionOnTransparentProxyIpv6UrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories with IPv6 DNS resolution on transparent proxy enabled."},"dnsResolutionOnTransparentProxyUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories with DNS resolution on transparent proxy enabled."},"dnsResolutionOnTransparentProxyUrls":{"type":"array","items":{"type":"string"},"description":"URLs with DNS resolution on transparent proxy enabled."},"domainFrontingBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass domain fronting detection."},"dynamicUserRiskEnabled":{"type":"boolean","description":"Enable dynamic user risk scoring."},"ecsForAllEnabled":{"type":"boolean","description":"Enable EDNS Client Subnet (ECS) for all DNS queries."},"enableAdminRankAccess":{"type":"boolean","description":"Enable admin rank-based access control."},"enableDnsResolutionOnTransparentProxy":{"type":"boolean","description":"Enable DNS resolution on transparent proxy."},"enableEvaluatePolicyOnGlobalSslBypass":{"type":"boolean","description":"Enable policy evaluation on global SSL bypass."},"enableIpv6DnsOptimizationOnAllTransparentProxy":{"type":"boolean","description":"Enable IPv6 DNS optimization on all transparent proxy connections."},"enableIpv6DnsResolutionOnTransparentProxy":{"type":"boolean","description":"Enable IPv6 DNS resolution on transparent proxy."},"enableOffice365":{"type":"boolean","description":"Enable Office 365 one-click configuration."},"enablePolicyForUnauthenticatedTraffic":{"type":"boolean","description":"Enable policy evaluation for unauthenticated traffic."},"enforceSurrogateIpForWindowsApp":{"type":"boolean","description":"Enforce surrogate IP for Windows applications."},"http2NonbrowserTrafficEnabled":{"type":"boolean","description":"Enable HTTP/2 for non-browser traffic."},"httpRangeHeaderRemoveUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories for which HTTP range headers are removed."},"kerberosBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that bypass Kerberos authentication."},"kerberosBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass Kerberos authentication."},"kerberosBypassUrls":{"type":"array","items":{"type":"string"},"description":"URLs that bypass Kerberos authentication."},"logInternalIp":{"type":"boolean","description":"Enable logging of internal IP addresses."},"preferSniOverConnHost":{"type":"boolean","description":"Prefer SNI over CONNECT host header for policy evaluation."},"preferSniOverConnHostApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that prefer SNI over CONNECT host header."},"resourceId":{"type":"string","description":"The internal resource identifier for the advanced settings."},"sipaXffHeaderEnabled":{"type":"boolean","description":"Enable X-Forwarded-For header for SIPA traffic."},"sniDnsOptimizationBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass SNI/DNS optimization."},"trackHttpTunnelOnHttpPorts":{"type":"boolean","description":"Track HTTP tunnels on HTTP ports."},"uiSessionTimeout":{"type":"integer","description":"UI session timeout in minutes."},"zscalerClientConnector1AndPacRoadWarriorInFirewall":{"type":"boolean","description":"Include Zscaler Client Connector and PAC road warrior traffic in firewall policy."}},"required":["resourceId"],"inputProperties":{"authBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that bypass authentication."},"authBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass authentication."},"authBypassUrls":{"type":"array","items":{"type":"string"},"description":"URLs that bypass authentication."},"basicBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that bypass basic authentication."},"basicBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass basic authentication."},"blockConnectHostSniMismatch":{"type":"boolean","description":"Block connections where CONNECT host and SNI mismatch."},"blockDomainFrontingApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications for which domain fronting is blocked."},"blockDomainFrontingOnHostHeader":{"type":"boolean","description":"Block domain fronting when the host header mismatches the SNI."},"blockHttpTunnelOnNonHttpPorts":{"type":"boolean","description":"Block HTTP tunnels on non-HTTP ports."},"blockNonCompliantHttpRequestOnHttpPorts":{"type":"boolean","description":"Block non-compliant HTTP requests on HTTP ports."},"blockNonHttpOnHttpPortEnabled":{"type":"boolean","description":"Block non-HTTP traffic on HTTP ports."},"cascadeUrlFiltering":{"type":"boolean","description":"Enable cascading URL filtering."},"digestAuthBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that bypass digest authentication."},"digestAuthBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass digest authentication."},"digestAuthBypassUrls":{"type":"array","items":{"type":"string"},"description":"URLs that bypass digest authentication."},"dnsResolutionOnTransparentProxyApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications with DNS resolution on transparent proxy enabled."},"dnsResolutionOnTransparentProxyExemptApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications exempt from DNS resolution on transparent proxy."},"dnsResolutionOnTransparentProxyExemptUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories exempt from DNS resolution on transparent proxy."},"dnsResolutionOnTransparentProxyExemptUrls":{"type":"array","items":{"type":"string"},"description":"URLs exempt from DNS resolution on transparent proxy."},"dnsResolutionOnTransparentProxyIpv6Apps":{"type":"array","items":{"type":"string"},"description":"Cloud applications with IPv6 DNS resolution on transparent proxy enabled."},"dnsResolutionOnTransparentProxyIpv6ExemptApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications exempt from IPv6 DNS resolution on transparent proxy."},"dnsResolutionOnTransparentProxyIpv6ExemptUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories exempt from IPv6 DNS resolution on transparent proxy."},"dnsResolutionOnTransparentProxyIpv6UrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories with IPv6 DNS resolution on transparent proxy enabled."},"dnsResolutionOnTransparentProxyUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories with DNS resolution on transparent proxy enabled."},"dnsResolutionOnTransparentProxyUrls":{"type":"array","items":{"type":"string"},"description":"URLs with DNS resolution on transparent proxy enabled."},"domainFrontingBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass domain fronting detection."},"dynamicUserRiskEnabled":{"type":"boolean","description":"Enable dynamic user risk scoring."},"ecsForAllEnabled":{"type":"boolean","description":"Enable EDNS Client Subnet (ECS) for all DNS queries."},"enableAdminRankAccess":{"type":"boolean","description":"Enable admin rank-based access control."},"enableDnsResolutionOnTransparentProxy":{"type":"boolean","description":"Enable DNS resolution on transparent proxy."},"enableEvaluatePolicyOnGlobalSslBypass":{"type":"boolean","description":"Enable policy evaluation on global SSL bypass."},"enableIpv6DnsOptimizationOnAllTransparentProxy":{"type":"boolean","description":"Enable IPv6 DNS optimization on all transparent proxy connections."},"enableIpv6DnsResolutionOnTransparentProxy":{"type":"boolean","description":"Enable IPv6 DNS resolution on transparent proxy."},"enableOffice365":{"type":"boolean","description":"Enable Office 365 one-click configuration."},"enablePolicyForUnauthenticatedTraffic":{"type":"boolean","description":"Enable policy evaluation for unauthenticated traffic."},"enforceSurrogateIpForWindowsApp":{"type":"boolean","description":"Enforce surrogate IP for Windows applications."},"http2NonbrowserTrafficEnabled":{"type":"boolean","description":"Enable HTTP/2 for non-browser traffic."},"httpRangeHeaderRemoveUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories for which HTTP range headers are removed."},"kerberosBypassApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that bypass Kerberos authentication."},"kerberosBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass Kerberos authentication."},"kerberosBypassUrls":{"type":"array","items":{"type":"string"},"description":"URLs that bypass Kerberos authentication."},"logInternalIp":{"type":"boolean","description":"Enable logging of internal IP addresses."},"preferSniOverConnHost":{"type":"boolean","description":"Prefer SNI over CONNECT host header for policy evaluation."},"preferSniOverConnHostApps":{"type":"array","items":{"type":"string"},"description":"Cloud applications that prefer SNI over CONNECT host header."},"sipaXffHeaderEnabled":{"type":"boolean","description":"Enable X-Forwarded-For header for SIPA traffic."},"sniDnsOptimizationBypassUrlCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that bypass SNI/DNS optimization."},"trackHttpTunnelOnHttpPorts":{"type":"boolean","description":"Track HTTP tunnels on HTTP ports."},"uiSessionTimeout":{"type":"integer","description":"UI session timeout in minutes."},"zscalerClientConnector1AndPacRoadWarriorInFirewall":{"type":"boolean","description":"Include Zscaler Client Connector and PAC road warrior traffic in firewall policy."}}},"zia:index:AtpMaliciousUrls":{"description":"The zia_atp_malicious_urls resource manages the list of malicious URL exceptions for Advanced Threat Protection (ATP) in the Zscaler Internet Access (ZIA) cloud service. URLs added to this list are treated as known malicious and will be blocked. This is a singleton resource.\n\nFor more information, see the [ZIA Advanced Threat Protection documentation](https://help.zscaler.com/zia/about-advanced-threat-protection-policy).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Configure ATP Malicious URL Exceptions\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.AtpMaliciousUrls(\"example\", {\n    maliciousUrls: [\n        \"malicious-site.com\",\n        \"phishing-example.net\",\n        \"bad-domain.org\",\n    ],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.AtpMaliciousUrls(\"example\",\n    malicious_urls=[\n        \"malicious-site.com\",\n        \"phishing-example.net\",\n        \"bad-domain.org\",\n    ],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:AtpMaliciousUrls\n    properties:\n      maliciousUrls:\n        - malicious-site.com\n        - phishing-example.net\n        - bad-domain.org\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n\u003e This is a singleton resource. Import is not applicable.\n","properties":{"maliciousUrls":{"type":"array","items":{"type":"string"},"description":"List of URLs to be treated as malicious by Advanced Threat Protection."},"resourceId":{"type":"string","description":"The internal resource identifier for the ATP malicious URLs."}},"required":["resourceId"],"inputProperties":{"maliciousUrls":{"type":"array","items":{"type":"string"},"description":"List of URLs to be treated as malicious by Advanced Threat Protection."}}},"zia:index:AtpMalwareInspection":{"description":"The zia_atp_malware_inspection resource manages ATP malware inspection settings in the Zscaler Internet Access (ZIA) cloud service. These settings control whether inbound and/or outbound traffic is inspected for malware. This is a singleton resource.\n\nFor more information, see the [ZIA Advanced Threat Protection documentation](https://help.zscaler.com/zia/about-advanced-threat-protection-policy).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Configure ATP Malware Inspection\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.AtpMalwareInspection(\"example\", {\n    inspectInbound: true,\n    inspectOutbound: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.AtpMalwareInspection(\"example\",\n    inspect_inbound=True,\n    inspect_outbound=True,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:AtpMalwareInspection\n    properties:\n      inspectInbound: true\n      inspectOutbound: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n\u003e This is a singleton resource. Import is not applicable.\n","properties":{"inspectInbound":{"type":"boolean","description":"Enable malware inspection for inbound traffic."},"inspectOutbound":{"type":"boolean","description":"Enable malware inspection for outbound traffic."},"resourceId":{"type":"string","description":"The internal resource identifier for the ATP malware inspection settings."}},"required":["resourceId"],"inputProperties":{"inspectInbound":{"type":"boolean","description":"Enable malware inspection for inbound traffic."},"inspectOutbound":{"type":"boolean","description":"Enable malware inspection for outbound traffic."}}},"zia:index:AtpMalwarePolicy":{"description":"The zia_atp_malware_policy resource manages the Advanced Threat Protection (ATP) malware policy settings in the Zscaler Internet Access (ZIA) cloud service. This singleton resource controls whether unscannable files and password-protected archive files are blocked.\n\nFor more information, see the [ZIA ATP documentation](https://help.zscaler.com/zia/about-advanced-threat-protection-policy).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic ATP Malware Policy\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.AtpMalwarePolicy(\"example\", {\n    blockUnscannableFiles: true,\n    blockPasswordProtectedArchiveFiles: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.AtpMalwarePolicy(\"example\",\n    block_unscannable_files=True,\n    block_password_protected_archive_files=True,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:AtpMalwarePolicy\n    properties:\n      blockUnscannableFiles: true\n      blockPasswordProtectedArchiveFiles: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis is a singleton resource and does not support traditional import. It is automatically managed by the provider.\n","properties":{"blockPasswordProtectedArchiveFiles":{"type":"boolean","description":"When set to true, password-protected archive files are blocked."},"blockUnscannableFiles":{"type":"boolean","description":"When set to true, files that cannot be scanned are blocked."},"resourceId":{"type":"string","description":"The internal resource identifier for the ATP malware policy."}},"required":["resourceId"],"inputProperties":{"blockPasswordProtectedArchiveFiles":{"type":"boolean","description":"When set to true, password-protected archive files are blocked."},"blockUnscannableFiles":{"type":"boolean","description":"When set to true, files that cannot be scanned are blocked."}}},"zia:index:AtpMalwareProtocols":{"description":"The zia_atp_malware_protocols resource manages the Advanced Threat Protection (ATP) malware protocol inspection settings in the Zscaler Internet Access (ZIA) cloud service. This singleton resource controls which protocols are inspected for malware, including HTTP, FTP over HTTP, and native FTP traffic.\n\nFor more information, see the [ZIA ATP documentation](https://help.zscaler.com/zia/about-advanced-threat-protection-policy).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic ATP Malware Protocol Settings\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.AtpMalwareProtocols(\"example\", {\n    inspectHttp: true,\n    inspectFtpOverHttp: true,\n    inspectFtp: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.AtpMalwareProtocols(\"example\",\n    inspect_http=True,\n    inspect_ftp_over_http=True,\n    inspect_ftp=True,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:AtpMalwareProtocols\n    properties:\n      inspectHttp: true\n      inspectFtpOverHttp: true\n      inspectFtp: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis is a singleton resource and does not support traditional import. It is automatically managed by the provider.\n","properties":{"inspectFtp":{"type":"boolean","description":"When set to true, native FTP traffic is inspected for malware."},"inspectFtpOverHttp":{"type":"boolean","description":"When set to true, FTP-over-HTTP traffic is inspected for malware."},"inspectHttp":{"type":"boolean","description":"When set to true, HTTP traffic is inspected for malware."},"resourceId":{"type":"string","description":"The internal resource identifier for the ATP malware protocols."}},"required":["resourceId"],"inputProperties":{"inspectFtp":{"type":"boolean","description":"When set to true, native FTP traffic is inspected for malware."},"inspectFtpOverHttp":{"type":"boolean","description":"When set to true, FTP-over-HTTP traffic is inspected for malware."},"inspectHttp":{"type":"boolean","description":"When set to true, HTTP traffic is inspected for malware."}}},"zia:index:AtpMalwareSettings":{"description":"The zia_atp_malware_settings resource manages the Advanced Threat Protection (ATP) malware settings in the Zscaler Internet Access (ZIA) cloud service. This singleton resource controls the block and capture actions for different malware categories such as viruses, trojans, worms, adware, spyware, ransomware, remote access tools, and unwanted applications.\n\nFor more information, see the [ZIA ATP documentation](https://help.zscaler.com/zia/about-advanced-threat-protection-policy).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic ATP Malware Settings\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.AtpMalwareSettings(\"example\", {\n    virusBlocked: true,\n    virusCapture: true,\n    ransomwareBlocked: true,\n    ransomwareCapture: true,\n    spywareBlocked: true,\n    trojanBlocked: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.AtpMalwareSettings(\"example\",\n    virus_blocked=True,\n    virus_capture=True,\n    ransomware_blocked=True,\n    ransomware_capture=True,\n    spyware_blocked=True,\n    trojan_blocked=True,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:AtpMalwareSettings\n    properties:\n      virusBlocked: true\n      virusCapture: true\n      ransomwareBlocked: true\n      ransomwareCapture: true\n      spywareBlocked: true\n      trojanBlocked: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis is a singleton resource and does not support traditional import. It is automatically managed by the provider.\n","properties":{"adwareBlocked":{"type":"boolean","description":"When set to true, adware threats are blocked."},"adwareCapture":{"type":"boolean","description":"When set to true, adware threats are captured for analysis."},"ransomwareBlocked":{"type":"boolean","description":"When set to true, ransomware threats are blocked."},"ransomwareCapture":{"type":"boolean","description":"When set to true, ransomware threats are captured for analysis."},"remoteAccessToolBlocked":{"type":"boolean","description":"When set to true, remote access tools are blocked."},"remoteAccessToolCapture":{"type":"boolean","description":"When set to true, remote access tools are captured for analysis."},"resourceId":{"type":"string","description":"The internal resource identifier for the ATP malware settings."},"spywareBlocked":{"type":"boolean","description":"When set to true, spyware threats are blocked."},"spywareCapture":{"type":"boolean","description":"When set to true, spyware threats are captured for analysis."},"trojanBlocked":{"type":"boolean","description":"When set to true, trojan threats are blocked."},"trojanCapture":{"type":"boolean","description":"When set to true, trojan threats are captured for analysis."},"unwantedApplicationsBlocked":{"type":"boolean","description":"When set to true, unwanted applications are blocked."},"unwantedApplicationsCapture":{"type":"boolean","description":"When set to true, unwanted applications are captured for analysis."},"virusBlocked":{"type":"boolean","description":"When set to true, virus threats are blocked."},"virusCapture":{"type":"boolean","description":"When set to true, virus threats are captured for analysis."},"wormBlocked":{"type":"boolean","description":"When set to true, worm threats are blocked."},"wormCapture":{"type":"boolean","description":"When set to true, worm threats are captured for analysis."}},"required":["resourceId"],"inputProperties":{"adwareBlocked":{"type":"boolean","description":"When set to true, adware threats are blocked."},"adwareCapture":{"type":"boolean","description":"When set to true, adware threats are captured for analysis."},"ransomwareBlocked":{"type":"boolean","description":"When set to true, ransomware threats are blocked."},"ransomwareCapture":{"type":"boolean","description":"When set to true, ransomware threats are captured for analysis."},"remoteAccessToolBlocked":{"type":"boolean","description":"When set to true, remote access tools are blocked."},"remoteAccessToolCapture":{"type":"boolean","description":"When set to true, remote access tools are captured for analysis."},"spywareBlocked":{"type":"boolean","description":"When set to true, spyware threats are blocked."},"spywareCapture":{"type":"boolean","description":"When set to true, spyware threats are captured for analysis."},"trojanBlocked":{"type":"boolean","description":"When set to true, trojan threats are blocked."},"trojanCapture":{"type":"boolean","description":"When set to true, trojan threats are captured for analysis."},"unwantedApplicationsBlocked":{"type":"boolean","description":"When set to true, unwanted applications are blocked."},"unwantedApplicationsCapture":{"type":"boolean","description":"When set to true, unwanted applications are captured for analysis."},"virusBlocked":{"type":"boolean","description":"When set to true, virus threats are blocked."},"virusCapture":{"type":"boolean","description":"When set to true, virus threats are captured for analysis."},"wormBlocked":{"type":"boolean","description":"When set to true, worm threats are blocked."},"wormCapture":{"type":"boolean","description":"When set to true, worm threats are captured for analysis."}}},"zia:index:AtpSecurityExceptions":{"description":"The zia_atp_security_exceptions resource manages the list of bypass URLs for Advanced Threat Protection (ATP) in the Zscaler Internet Access (ZIA) cloud service. URLs added to this list are excluded from ATP scanning. This is a singleton resource.\n\nFor more information, see the [ZIA Advanced Threat Protection documentation](https://help.zscaler.com/zia/about-advanced-threat-protection-policy).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Configure ATP Security Exceptions\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.AtpSecurityExceptions(\"example\", {\n    bypassUrls: [\n        \"trusted-partner.com\",\n        \"internal-app.example.org\",\n    ],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.AtpSecurityExceptions(\"example\",\n    bypass_urls=[\n        \"trusted-partner.com\",\n        \"internal-app.example.org\",\n    ],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:AtpSecurityExceptions\n    properties:\n      bypassUrls:\n        - trusted-partner.com\n        - internal-app.example.org\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n\u003e This is a singleton resource. Import is not applicable.\n","properties":{"bypassUrls":{"type":"array","items":{"type":"string"},"description":"List of URLs to be excluded (bypassed) from Advanced Threat Protection scanning."},"resourceId":{"type":"string","description":"The internal resource identifier for the ATP security exceptions."}},"required":["resourceId"],"inputProperties":{"bypassUrls":{"type":"array","items":{"type":"string"},"description":"List of URLs to be excluded (bypassed) from Advanced Threat Protection scanning."}}},"zia:index:AtpSettings":{"description":"The zia_atp_settings resource manages Advanced Threat Protection (ATP) settings in the Zscaler Internet Access (ZIA) cloud service. ATP settings control which threat categories are blocked or captured (logged) for packet capture analysis. This is a singleton resource.\n\nFor more information, see the [ZIA Advanced Threat Protection documentation](https://help.zscaler.com/zia/about-advanced-threat-protection-policy).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Configure ATP Settings\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.AtpSettings(\"example\", {\n    malwareSitesBlocked: true,\n    malwareSitesCapture: true,\n    knownPhishingSitesBlocked: true,\n    knownPhishingSitesCapture: true,\n    cmdCtlServerBlocked: true,\n    cryptoMiningBlocked: true,\n    torBlocked: true,\n    riskTolerance: 0,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.AtpSettings(\"example\",\n    malware_sites_blocked=True,\n    malware_sites_capture=True,\n    known_phishing_sites_blocked=True,\n    known_phishing_sites_capture=True,\n    cmd_ctl_server_blocked=True,\n    crypto_mining_blocked=True,\n    tor_blocked=True,\n    risk_tolerance=0,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:AtpSettings\n    properties:\n      malwareSitesBlocked: true\n      malwareSitesCapture: true\n      knownPhishingSitesBlocked: true\n      knownPhishingSitesCapture: true\n      cmdCtlServerBlocked: true\n      cryptoMiningBlocked: true\n      torBlocked: true\n      riskTolerance: 0\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n\u003e This is a singleton resource. Import is not applicable.\n","properties":{"activexBlocked":{"type":"boolean","description":"Block ActiveX controls."},"activexCapture":{"type":"boolean","description":"Enable packet capture for ActiveX events."},"adSpywareSitesBlocked":{"type":"boolean","description":"Block adware/spyware sites."},"adSpywareSitesCapture":{"type":"boolean","description":"Enable packet capture for adware/spyware site events."},"alertForUnknownSuspiciousC2Traffic":{"type":"boolean","description":"Enable alerts for unknown or suspicious C2 traffic."},"anonymizerBlocked":{"type":"boolean","description":"Block anonymizers."},"anonymizerCapture":{"type":"boolean","description":"Enable packet capture for anonymizer events."},"bitTorrentBlocked":{"type":"boolean","description":"Block BitTorrent traffic."},"bitTorrentCapture":{"type":"boolean","description":"Enable packet capture for BitTorrent events."},"blockCountriesCapture":{"type":"boolean","description":"Enable packet capture for blocked countries events."},"blockedCountries":{"type":"array","items":{"type":"string"},"description":"List of countries (ISO 3166-1 alpha-2 codes) to block."},"browserExploitsBlocked":{"type":"boolean","description":"Block browser exploits."},"browserExploitsCapture":{"type":"boolean","description":"Enable packet capture for browser exploit events."},"cmdCtlServerBlocked":{"type":"boolean","description":"Block known command-and-control servers."},"cmdCtlServerCapture":{"type":"boolean","description":"Enable packet capture for command-and-control server events."},"cmdCtlTrafficBlocked":{"type":"boolean","description":"Block command-and-control traffic."},"cmdCtlTrafficCapture":{"type":"boolean","description":"Enable packet capture for command-and-control traffic events."},"cookieStealingBlocked":{"type":"boolean","description":"Block cookie stealing attempts."},"cookieStealingPcapEnabled":{"type":"boolean","description":"Enable packet capture for cookie stealing events."},"cryptoMiningBlocked":{"type":"boolean","description":"Block crypto mining traffic."},"cryptoMiningCapture":{"type":"boolean","description":"Enable packet capture for crypto mining events."},"dgaDomainsBlocked":{"type":"boolean","description":"Block domain generation algorithm (DGA) domains."},"dgaDomainsCapture":{"type":"boolean","description":"Enable packet capture for DGA domain events."},"fileFormatVunerabilitesBlocked":{"type":"boolean","description":"Block file format vulnerabilities."},"fileFormatVunerabilitesCapture":{"type":"boolean","description":"Enable packet capture for file format vulnerability events."},"googleTalkBlocked":{"type":"boolean","description":"Block Google Talk traffic."},"googleTalkCapture":{"type":"boolean","description":"Enable packet capture for Google Talk events."},"ircTunnellingBlocked":{"type":"boolean","description":"Block IRC tunnelling."},"ircTunnellingCapture":{"type":"boolean","description":"Enable packet capture for IRC tunnelling events."},"knownPhishingSitesBlocked":{"type":"boolean","description":"Block known phishing sites."},"knownPhishingSitesCapture":{"type":"boolean","description":"Enable packet capture for known phishing site events."},"maliciousUrlsCapture":{"type":"boolean","description":"Enable packet capture for malicious URL events."},"malwareSitesBlocked":{"type":"boolean","description":"Block known malware sites."},"malwareSitesCapture":{"type":"boolean","description":"Enable packet capture for malware site events."},"potentialMaliciousRequestsBlocked":{"type":"boolean","description":"Block potentially malicious requests."},"potentialMaliciousRequestsCapture":{"type":"boolean","description":"Enable packet capture for potentially malicious request events."},"resourceId":{"type":"string","description":"The internal resource identifier for the ATP settings."},"riskTolerance":{"type":"integer","description":"Risk tolerance level. Controls the sensitivity for detecting threats."},"riskToleranceCapture":{"type":"boolean","description":"Enable packet capture for risk tolerance events."},"sshTunnellingBlocked":{"type":"boolean","description":"Block SSH tunnelling."},"sshTunnellingCapture":{"type":"boolean","description":"Enable packet capture for SSH tunnelling events."},"suspectAdwareSpywareSitesBlocked":{"type":"boolean","description":"Block suspect adware/spyware sites."},"suspectAdwareSpywareSitesCapture":{"type":"boolean","description":"Enable packet capture for suspect adware/spyware site events."},"suspectedPhishingSitesBlocked":{"type":"boolean","description":"Block suspected phishing sites."},"suspectedPhishingSitesCapture":{"type":"boolean","description":"Enable packet capture for suspected phishing site events."},"torBlocked":{"type":"boolean","description":"Block Tor traffic."},"torCapture":{"type":"boolean","description":"Enable packet capture for Tor events."},"webSpamBlocked":{"type":"boolean","description":"Block web spam."},"webSpamCapture":{"type":"boolean","description":"Enable packet capture for web spam events."}},"required":["resourceId"],"inputProperties":{"activexBlocked":{"type":"boolean","description":"Block ActiveX controls."},"activexCapture":{"type":"boolean","description":"Enable packet capture for ActiveX events."},"adSpywareSitesBlocked":{"type":"boolean","description":"Block adware/spyware sites."},"adSpywareSitesCapture":{"type":"boolean","description":"Enable packet capture for adware/spyware site events."},"alertForUnknownSuspiciousC2Traffic":{"type":"boolean","description":"Enable alerts for unknown or suspicious C2 traffic."},"anonymizerBlocked":{"type":"boolean","description":"Block anonymizers."},"anonymizerCapture":{"type":"boolean","description":"Enable packet capture for anonymizer events."},"bitTorrentBlocked":{"type":"boolean","description":"Block BitTorrent traffic."},"bitTorrentCapture":{"type":"boolean","description":"Enable packet capture for BitTorrent events."},"blockCountriesCapture":{"type":"boolean","description":"Enable packet capture for blocked countries events."},"blockedCountries":{"type":"array","items":{"type":"string"},"description":"List of countries (ISO 3166-1 alpha-2 codes) to block."},"browserExploitsBlocked":{"type":"boolean","description":"Block browser exploits."},"browserExploitsCapture":{"type":"boolean","description":"Enable packet capture for browser exploit events."},"cmdCtlServerBlocked":{"type":"boolean","description":"Block known command-and-control servers."},"cmdCtlServerCapture":{"type":"boolean","description":"Enable packet capture for command-and-control server events."},"cmdCtlTrafficBlocked":{"type":"boolean","description":"Block command-and-control traffic."},"cmdCtlTrafficCapture":{"type":"boolean","description":"Enable packet capture for command-and-control traffic events."},"cookieStealingBlocked":{"type":"boolean","description":"Block cookie stealing attempts."},"cookieStealingPcapEnabled":{"type":"boolean","description":"Enable packet capture for cookie stealing events."},"cryptoMiningBlocked":{"type":"boolean","description":"Block crypto mining traffic."},"cryptoMiningCapture":{"type":"boolean","description":"Enable packet capture for crypto mining events."},"dgaDomainsBlocked":{"type":"boolean","description":"Block domain generation algorithm (DGA) domains."},"dgaDomainsCapture":{"type":"boolean","description":"Enable packet capture for DGA domain events."},"fileFormatVunerabilitesBlocked":{"type":"boolean","description":"Block file format vulnerabilities."},"fileFormatVunerabilitesCapture":{"type":"boolean","description":"Enable packet capture for file format vulnerability events."},"googleTalkBlocked":{"type":"boolean","description":"Block Google Talk traffic."},"googleTalkCapture":{"type":"boolean","description":"Enable packet capture for Google Talk events."},"ircTunnellingBlocked":{"type":"boolean","description":"Block IRC tunnelling."},"ircTunnellingCapture":{"type":"boolean","description":"Enable packet capture for IRC tunnelling events."},"knownPhishingSitesBlocked":{"type":"boolean","description":"Block known phishing sites."},"knownPhishingSitesCapture":{"type":"boolean","description":"Enable packet capture for known phishing site events."},"maliciousUrlsCapture":{"type":"boolean","description":"Enable packet capture for malicious URL events."},"malwareSitesBlocked":{"type":"boolean","description":"Block known malware sites."},"malwareSitesCapture":{"type":"boolean","description":"Enable packet capture for malware site events."},"potentialMaliciousRequestsBlocked":{"type":"boolean","description":"Block potentially malicious requests."},"potentialMaliciousRequestsCapture":{"type":"boolean","description":"Enable packet capture for potentially malicious request events."},"riskTolerance":{"type":"integer","description":"Risk tolerance level. Controls the sensitivity for detecting threats."},"riskToleranceCapture":{"type":"boolean","description":"Enable packet capture for risk tolerance events."},"sshTunnellingBlocked":{"type":"boolean","description":"Block SSH tunnelling."},"sshTunnellingCapture":{"type":"boolean","description":"Enable packet capture for SSH tunnelling events."},"suspectAdwareSpywareSitesBlocked":{"type":"boolean","description":"Block suspect adware/spyware sites."},"suspectAdwareSpywareSitesCapture":{"type":"boolean","description":"Enable packet capture for suspect adware/spyware site events."},"suspectedPhishingSitesBlocked":{"type":"boolean","description":"Block suspected phishing sites."},"suspectedPhishingSitesCapture":{"type":"boolean","description":"Enable packet capture for suspected phishing site events."},"torBlocked":{"type":"boolean","description":"Block Tor traffic."},"torCapture":{"type":"boolean","description":"Enable packet capture for Tor events."},"webSpamBlocked":{"type":"boolean","description":"Block web spam."},"webSpamCapture":{"type":"boolean","description":"Enable packet capture for web spam events."}}},"zia:index:AuthSettingsUrls":{"description":"The zia_auth_settings_urls resource manages the URLs that are exempted from user authentication in the Zscaler Internet Access (ZIA) cloud service. This singleton resource allows you to define a list of URLs that bypass the ZIA authentication process.\n\nFor more information, see the [ZIA User Authentication documentation](https://help.zscaler.com/zia/authentication-exemptions).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Authentication Settings URLs\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.AuthSettingsUrls(\"example\", {\n    urls: [\n        \".example.com\",\n        \".internal.corp.com\",\n    ],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.AuthSettingsUrls(\"example\",\n    urls=[\n        \".example.com\",\n        \".internal.corp.com\",\n    ],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:AuthSettingsUrls\n    properties:\n      urls:\n        - .example.com\n        - .internal.corp.com\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis is a singleton resource and does not support traditional import. It is automatically managed by the provider.\n","properties":{"resourceId":{"type":"string","description":"The internal resource identifier for the authentication settings URLs."},"urls":{"type":"array","items":{"type":"string"},"description":"List of URLs that are exempted from user authentication."}},"required":["resourceId"],"inputProperties":{"urls":{"type":"array","items":{"type":"string"},"description":"List of URLs that are exempted from user authentication."}}},"zia:index:BandwidthClass":{"description":"The zia_bandwidth_class resource manages bandwidth classes in the Zscaler Internet Access (ZIA) cloud service. Bandwidth classes define traffic categories based on URLs, URL categories, and web applications that can be referenced in bandwidth control rules to apply specific bandwidth limits.\n\nFor more information, see the [ZIA Bandwidth Control documentation](https://help.zscaler.com/zia/bandwidth-control).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Bandwidth Class\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.BandwidthClass(\"example\", {\n    name: \"Example Bandwidth Class\",\n    webApplications: [\"STREAMING_MEDIA\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.BandwidthClass(\"example\",\n    name=\"Example Bandwidth Class\",\n    web_applications=[\"STREAMING_MEDIA\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:BandwidthClass\n    properties:\n      name: Example Bandwidth Class\n      webApplications:\n        - STREAMING_MEDIA\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Bandwidth Class can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:BandwidthClass example 12345\n```\n","properties":{"classId":{"type":"integer","description":"The system-generated ID of the bandwidth class."},"name":{"type":"string","description":"The name of the bandwidth class. Must be unique."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories associated with the bandwidth class."},"urls":{"type":"array","items":{"type":"string"},"description":"List of URLs associated with the bandwidth class."},"webApplications":{"type":"array","items":{"type":"string"},"description":"List of web applications associated with the bandwidth class."}},"required":["classId"],"inputProperties":{"name":{"type":"string","description":"The name of the bandwidth class. Must be unique."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories associated with the bandwidth class."},"urls":{"type":"array","items":{"type":"string"},"description":"List of URLs associated with the bandwidth class."},"webApplications":{"type":"array","items":{"type":"string"},"description":"List of web applications associated with the bandwidth class."}}},"zia:index:BandwidthClassFileSize":{"description":"The zia_bandwidth_class_file_size resource manages the file size configuration for an existing bandwidth class in the Zscaler Internet Access (ZIA) cloud service. This resource updates a pre-existing bandwidth class (e.g., LARGE_FILE) with the specified file size threshold. Delete is a no-op; the underlying bandwidth class is not removed when the Pulumi resource is destroyed.\n\nFor more information, see the [ZIA Bandwidth Control documentation](https://help.zscaler.com/zia/bandwidth-control).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Bandwidth Class File Size\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.BandwidthClassFileSize(\"example\", {\n    name: \"BANDWIDTH_CAT_LARGE_FILE\",\n    type: \"BANDWIDTH_CAT_LARGE_FILE\",\n    fileSize: \"100MB\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.BandwidthClassFileSize(\"example\",\n    name=\"BANDWIDTH_CAT_LARGE_FILE\",\n    type=\"BANDWIDTH_CAT_LARGE_FILE\",\n    file_size=\"100MB\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:BandwidthClassFileSize\n    properties:\n      name: BANDWIDTH_CAT_LARGE_FILE\n      type: BANDWIDTH_CAT_LARGE_FILE\n      fileSize: 100MB\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource updates an existing bandwidth class by name and does not support traditional import. It is automatically managed by the provider.\n","properties":{"classId":{"type":"integer","description":"The system-generated ID of the bandwidth class."},"fileSize":{"type":"string","description":"The file size threshold for the bandwidth class (e.g., `100MB`)."},"name":{"type":"string","description":"The name of the existing bandwidth class to update (e.g., `BANDWIDTH_CAT_LARGE_FILE`)."},"type":{"type":"string","description":"The type of the bandwidth class (e.g., `BANDWIDTH_CAT_LARGE_FILE`)."}},"required":["classId"],"inputProperties":{"fileSize":{"type":"string","description":"The file size threshold for the bandwidth class (e.g., `100MB`)."},"name":{"type":"string","description":"The name of the existing bandwidth class to update (e.g., `BANDWIDTH_CAT_LARGE_FILE`)."},"type":{"type":"string","description":"The type of the bandwidth class (e.g., `BANDWIDTH_CAT_LARGE_FILE`)."}}},"zia:index:BandwidthClassWebConferencing":{"description":"The zia_bandwidth_classes_web_conferencing resource manages bandwidth class settings for web conferencing and VoIP in the Zscaler Internet Access (ZIA) cloud service. This resource updates an existing built-in bandwidth class by name (e.g. BANDWIDTH_CAT_WEBCONF or BANDWIDTH_CAT_VOIP). Deleting the Pulumi resource does not remove the underlying class.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Bandwidth Class Web Conferencing\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.BandwidthClassWebConferencing(\"example\", {\n    name: \"BANDWIDTH_CAT_WEBCONF\",\n    type: \"WEB_CONF\",\n    applications: [\"ZOOM\", \"WEBEX\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.BandwidthClassWebConferencing(\"example\",\n    name=\"BANDWIDTH_CAT_WEBCONF\",\n    type=\"WEB_CONF\",\n    applications=[\"ZOOM\", \"WEBEX\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:BandwidthClassWebConferencing\n    properties:\n      name: BANDWIDTH_CAT_WEBCONF\n      type: WEB_CONF\n      applications:\n        - ZOOM\n        - WEBEX\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Bandwidth Class Web Conferencing can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:BandwidthClassWebConferencing example 12345\n```\n","properties":{"applications":{"type":"array","items":{"type":"string"},"description":"List of applications associated with this bandwidth class (e.g. `ZOOM`, `WEBEX`, `TEAMS`)."},"classId":{"type":"integer","description":"The system-generated ID of the bandwidth class."},"name":{"type":"string","description":"The name of the bandwidth class (e.g. `BANDWIDTH_CAT_WEBCONF` or `BANDWIDTH_CAT_VOIP`)."},"type":{"type":"string","description":"The type of the bandwidth class (e.g. `WEB_CONF`, `VOIP`)."}},"required":["classId"],"inputProperties":{"applications":{"type":"array","items":{"type":"string"},"description":"List of applications associated with this bandwidth class (e.g. `ZOOM`, `WEBEX`, `TEAMS`)."},"name":{"type":"string","description":"The name of the bandwidth class (e.g. `BANDWIDTH_CAT_WEBCONF` or `BANDWIDTH_CAT_VOIP`)."},"type":{"type":"string","description":"The type of the bandwidth class (e.g. `WEB_CONF`, `VOIP`)."}}},"zia:index:BandwidthControlRule":{"description":"The zia_bandwidth_control_rule resource manages bandwidth control rules in the Zscaler Internet Access (ZIA) cloud service. Bandwidth control rules allow administrators to define minimum and maximum bandwidth limits for specific traffic, locations, and time windows to ensure quality of service across the network.\n\nFor more information, see the [ZIA Bandwidth Control documentation](https://help.zscaler.com/zia/bandwidth-control).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Bandwidth Control Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.BandwidthControlRule(\"example\", {\n    name: \"Example Bandwidth Control Rule\",\n    description: \"Limit streaming bandwidth\",\n    order: 1,\n    state: \"ENABLED\",\n    maxBandwidth: 50,\n    protocols: [\"ANY_RULE\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.BandwidthControlRule(\"example\",\n    name=\"Example Bandwidth Control Rule\",\n    description=\"Limit streaming bandwidth\",\n    order=1,\n    state=\"ENABLED\",\n    max_bandwidth=50,\n    protocols=[\"ANY_RULE\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:BandwidthControlRule\n    properties:\n      name: Example Bandwidth Control Rule\n      description: Limit streaming bandwidth\n      order: 1\n      state: ENABLED\n      maxBandwidth: 50\n      protocols:\n        - ANY_RULE\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Bandwidth Control Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:BandwidthControlRule example 12345\n```\n","properties":{"bandwidthClasses":{"type":"array","items":{"type":"integer"},"description":"IDs of bandwidth classes associated with this rule."},"description":{"type":"string","description":"Additional information about the bandwidth control rule."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the bandwidth control rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups for which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations for which the rule must be applied."},"maxBandwidth":{"type":"integer","description":"The maximum bandwidth percentage allowed. Valid range: 0-100."},"minBandwidth":{"type":"integer","description":"The minimum bandwidth percentage allocated. Valid range: 0-100."},"name":{"type":"string","description":"The name of the bandwidth control rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other bandwidth control rules."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocols to which the rule applies. Valid values: `ANY_RULE`, `TCP_RULE`, `UDP_RULE`, `SSL_RULE`."},"rank":{"type":"integer","description":"Admin rank of the bandwidth control rule. Valid values: 0-7. Default: 7."},"ruleId":{"type":"integer","description":"The system-generated ID of the bandwidth control rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."}},"required":["name","order","ruleId"],"inputProperties":{"bandwidthClasses":{"type":"array","items":{"type":"integer"},"description":"IDs of bandwidth classes associated with this rule."},"description":{"type":"string","description":"Additional information about the bandwidth control rule."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the bandwidth control rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups for which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations for which the rule must be applied."},"maxBandwidth":{"type":"integer","description":"The maximum bandwidth percentage allowed. Valid range: 0-100."},"minBandwidth":{"type":"integer","description":"The minimum bandwidth percentage allocated. Valid range: 0-100."},"name":{"type":"string","description":"The name of the bandwidth control rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other bandwidth control rules."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocols to which the rule applies. Valid values: `ANY_RULE`, `TCP_RULE`, `UDP_RULE`, `SSL_RULE`."},"rank":{"type":"integer","description":"Admin rank of the bandwidth control rule. Valid values: 0-7. Default: 7."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."}},"requiredInputs":["name","order"]},"zia:index:BrowserControlPolicy":{"description":"The zia_browser_control_policy resource manages browser control policy settings in the Zscaler Internet Access (ZIA) cloud service. This is a singleton resource — only one browser control policy exists per tenant. Deleting the Pulumi resource does not remove the underlying settings.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Browser Control Policy\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.BrowserControlPolicy(\"example\", {\n    allowAllBrowsers: true,\n    enableWarnings: true,\n    enableSmartBrowserIsolation: false,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.BrowserControlPolicy(\"example\",\n    allow_all_browsers=True,\n    enable_warnings=True,\n    enable_smart_browser_isolation=False,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:BrowserControlPolicy\n    properties:\n      allowAllBrowsers: true\n      enableWarnings: true\n      enableSmartBrowserIsolation: false\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis is a singleton resource. Import is not applicable because there is no unique API identifier.\n","properties":{"allowAllBrowsers":{"type":"boolean","description":"Whether to allow all browsers."},"blockedChromeVersions":{"type":"array","items":{"type":"string"},"description":"List of blocked Chrome versions."},"blockedFirefoxVersions":{"type":"array","items":{"type":"string"},"description":"List of blocked Firefox versions."},"blockedInternetExplorerVersions":{"type":"array","items":{"type":"string"},"description":"List of blocked Internet Explorer versions."},"blockedOperaVersions":{"type":"array","items":{"type":"string"},"description":"List of blocked Opera versions."},"blockedSafariVersions":{"type":"array","items":{"type":"string"},"description":"List of blocked Safari versions."},"bypassAllBrowsers":{"type":"boolean","description":"Whether to bypass all browsers."},"bypassApplications":{"type":"array","items":{"type":"string"},"description":"List of applications to bypass."},"bypassPlugins":{"type":"array","items":{"type":"string"},"description":"List of plugins to bypass."},"enableSmartBrowserIsolation":{"type":"boolean","description":"Whether to enable Smart Browser Isolation."},"enableWarnings":{"type":"boolean","description":"Whether to enable browser warnings for unsupported browsers."},"pluginCheckFrequency":{"type":"string","description":"How often to check for browser plugins. Valid values: `NEVER`, `ALWAYS`, `DAILY`, `WEEKLY`, `MONTHLY`."},"smartIsolationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for Smart Browser Isolation."},"smartIsolationProfile":{"$ref":"#/types/zia:index:SmartIsolationProfileInput","description":"The Cloud Browser Isolation profile to use for Smart Browser Isolation."},"smartIsolationUsers":{"type":"array","items":{"type":"integer"},"description":"IDs of users for Smart Browser Isolation."}},"inputProperties":{"allowAllBrowsers":{"type":"boolean","description":"Whether to allow all browsers."},"blockedChromeVersions":{"type":"array","items":{"type":"string"},"description":"List of blocked Chrome versions."},"blockedFirefoxVersions":{"type":"array","items":{"type":"string"},"description":"List of blocked Firefox versions."},"blockedInternetExplorerVersions":{"type":"array","items":{"type":"string"},"description":"List of blocked Internet Explorer versions."},"blockedOperaVersions":{"type":"array","items":{"type":"string"},"description":"List of blocked Opera versions."},"blockedSafariVersions":{"type":"array","items":{"type":"string"},"description":"List of blocked Safari versions."},"bypassAllBrowsers":{"type":"boolean","description":"Whether to bypass all browsers."},"bypassApplications":{"type":"array","items":{"type":"string"},"description":"List of applications to bypass."},"bypassPlugins":{"type":"array","items":{"type":"string"},"description":"List of plugins to bypass."},"enableSmartBrowserIsolation":{"type":"boolean","description":"Whether to enable Smart Browser Isolation."},"enableWarnings":{"type":"boolean","description":"Whether to enable browser warnings for unsupported browsers."},"pluginCheckFrequency":{"type":"string","description":"How often to check for browser plugins. Valid values: `NEVER`, `ALWAYS`, `DAILY`, `WEEKLY`, `MONTHLY`."},"smartIsolationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for Smart Browser Isolation."},"smartIsolationProfile":{"$ref":"#/types/zia:index:SmartIsolationProfileInput","description":"The Cloud Browser Isolation profile to use for Smart Browser Isolation."},"smartIsolationUsers":{"type":"array","items":{"type":"integer"},"description":"IDs of users for Smart Browser Isolation."}}},"zia:index:CasbDlpRule":{"description":"The zia_casb_dlp_rules resource manages CASB (Cloud Access Security Broker) DLP rules in the Zscaler Internet Access (ZIA) cloud service. CASB DLP rules define data loss prevention policies for SaaS applications to protect sensitive data from unauthorized access or sharing.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### CASB DLP Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.CasbDlpRule(\"example\", {\n    name: \"Example CASB DLP Rule\",\n    type: \"CASB_DLP\",\n    order: 1,\n    state: \"ENABLED\",\n    action: \"BLOCK\",\n    severity: \"HIGH\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.CasbDlpRule(\"example\",\n    name=\"Example CASB DLP Rule\",\n    type=\"CASB_DLP\",\n    order=1,\n    state=\"ENABLED\",\n    action=\"BLOCK\",\n    severity=\"HIGH\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:CasbDlpRule\n    properties:\n      name: Example CASB DLP Rule\n      type: CASB_DLP\n      order: 1\n      state: ENABLED\n      action: BLOCK\n      severity: HIGH\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing CASB DLP Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:CasbDlpRule example 12345\n```\n","properties":{"action":{"type":"string","description":"Action taken when the rule is matched (e.g. `BLOCK`, `ALLOW`, `QUARANTINE`)."},"bucketOwner":{"type":"string","description":"The bucket owner identifier."},"buckets":{"type":"array","items":{"type":"integer"},"description":"IDs of buckets."},"cloudAppTenants":{"type":"array","items":{"type":"integer"},"description":"IDs of cloud application tenants."},"collaborationScope":{"type":"array","items":{"type":"string"},"description":"Collaboration scope for the rule."},"components":{"type":"array","items":{"type":"string"},"description":"List of components for the rule."},"contentLocation":{"type":"string","description":"Content location scope for the rule."},"criteriaDomainProfiles":{"type":"array","items":{"type":"integer"},"description":"IDs of criteria-based domain profiles."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments for which the rule applies."},"description":{"type":"string","description":"Additional information about the CASB DLP rule."},"dlpEngines":{"type":"array","items":{"type":"integer"},"description":"IDs of DLP engines."},"domains":{"type":"array","items":{"type":"string"},"description":"List of domains for the rule."},"emailRecipientProfiles":{"type":"array","items":{"type":"integer"},"description":"IDs of email recipient profiles."},"entityGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of entity groups."},"excludedDomainProfiles":{"type":"array","items":{"type":"integer"},"description":"IDs of excluded domain profiles."},"externalAuditorEmail":{"type":"string","description":"Email address of the external auditor."},"fileTypes":{"type":"array","items":{"type":"string"},"description":"List of file types the rule applies to."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for which the rule applies."},"includeCriteriaDomainProfile":{"type":"boolean","description":"Whether to include criteria based on domain profiles."},"includeEmailRecipientProfile":{"type":"boolean","description":"Whether to include email recipient profile criteria."},"includeEntityGroups":{"type":"boolean","description":"Whether to include entity groups in the rule criteria."},"includedDomainProfiles":{"type":"array","items":{"type":"integer"},"description":"IDs of included domain profiles."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"name":{"type":"string","description":"The name of the CASB DLP rule. Must be unique."},"objectTypes":{"type":"array","items":{"type":"integer"},"description":"IDs of object types."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other CASB DLP rules."},"quarantineLocation":{"type":"string","description":"Quarantine location for matched content."},"rank":{"type":"integer","description":"Admin rank of the CASB DLP rule. Valid values: 0-7. Default: 7."},"recipient":{"type":"string","description":"Notification recipient."},"ruleId":{"type":"integer","description":"The system-generated ID of the CASB DLP rule."},"severity":{"type":"string","description":"Severity level of the rule (e.g. `HIGH`, `MEDIUM`, `LOW`)."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"type":{"type":"string","description":"The rule type (e.g. `CASB_DLP`)."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users for which the rule applies."},"watermarkDeleteOldVersion":{"type":"boolean","description":"Whether to delete old versions when watermarking."},"withoutContentInspection":{"type":"boolean","description":"Whether the rule applies without content inspection."}},"required":["name","type","order","ruleId"],"inputProperties":{"action":{"type":"string","description":"Action taken when the rule is matched (e.g. `BLOCK`, `ALLOW`, `QUARANTINE`)."},"bucketOwner":{"type":"string","description":"The bucket owner identifier."},"buckets":{"type":"array","items":{"type":"integer"},"description":"IDs of buckets."},"cloudAppTenants":{"type":"array","items":{"type":"integer"},"description":"IDs of cloud application tenants."},"collaborationScope":{"type":"array","items":{"type":"string"},"description":"Collaboration scope for the rule."},"components":{"type":"array","items":{"type":"string"},"description":"List of components for the rule."},"contentLocation":{"type":"string","description":"Content location scope for the rule."},"criteriaDomainProfiles":{"type":"array","items":{"type":"integer"},"description":"IDs of criteria-based domain profiles."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments for which the rule applies."},"description":{"type":"string","description":"Additional information about the CASB DLP rule."},"dlpEngines":{"type":"array","items":{"type":"integer"},"description":"IDs of DLP engines."},"domains":{"type":"array","items":{"type":"string"},"description":"List of domains for the rule."},"emailRecipientProfiles":{"type":"array","items":{"type":"integer"},"description":"IDs of email recipient profiles."},"entityGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of entity groups."},"excludedDomainProfiles":{"type":"array","items":{"type":"integer"},"description":"IDs of excluded domain profiles."},"externalAuditorEmail":{"type":"string","description":"Email address of the external auditor."},"fileTypes":{"type":"array","items":{"type":"string"},"description":"List of file types the rule applies to."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for which the rule applies."},"includeCriteriaDomainProfile":{"type":"boolean","description":"Whether to include criteria based on domain profiles."},"includeEmailRecipientProfile":{"type":"boolean","description":"Whether to include email recipient profile criteria."},"includeEntityGroups":{"type":"boolean","description":"Whether to include entity groups in the rule criteria."},"includedDomainProfiles":{"type":"array","items":{"type":"integer"},"description":"IDs of included domain profiles."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"name":{"type":"string","description":"The name of the CASB DLP rule. Must be unique."},"objectTypes":{"type":"array","items":{"type":"integer"},"description":"IDs of object types."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other CASB DLP rules."},"quarantineLocation":{"type":"string","description":"Quarantine location for matched content."},"rank":{"type":"integer","description":"Admin rank of the CASB DLP rule. Valid values: 0-7. Default: 7."},"recipient":{"type":"string","description":"Notification recipient."},"severity":{"type":"string","description":"Severity level of the rule (e.g. `HIGH`, `MEDIUM`, `LOW`)."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"type":{"type":"string","description":"The rule type (e.g. `CASB_DLP`)."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users for which the rule applies."},"watermarkDeleteOldVersion":{"type":"boolean","description":"Whether to delete old versions when watermarking."},"withoutContentInspection":{"type":"boolean","description":"Whether the rule applies without content inspection."}},"requiredInputs":["name","type","order"]},"zia:index:CasbMalwareRule":{"description":"The zia_casb_malware_rules resource manages CASB (Cloud Access Security Broker) malware rules in the Zscaler Internet Access (ZIA) cloud service. CASB malware rules define malware detection and prevention policies for SaaS applications.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### CASB Malware Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.CasbMalwareRule(\"example\", {\n    name: \"Example CASB Malware Rule\",\n    type: \"CASB_MALWARE\",\n    order: 1,\n    state: \"ENABLED\",\n    action: \"QUARANTINE\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.CasbMalwareRule(\"example\",\n    name=\"Example CASB Malware Rule\",\n    type=\"CASB_MALWARE\",\n    order=1,\n    state=\"ENABLED\",\n    action=\"QUARANTINE\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:CasbMalwareRule\n    properties:\n      name: Example CASB Malware Rule\n      type: CASB_MALWARE\n      order: 1\n      state: ENABLED\n      action: QUARANTINE\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing CASB Malware Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:CasbMalwareRule example 12345\n```\n","properties":{"action":{"type":"string","description":"Action taken when the rule is matched (e.g. `QUARANTINE`, `ALLOW`, `BLOCK`)."},"buckets":{"type":"array","items":{"type":"integer"},"description":"IDs of buckets."},"casbEmailLabelId":{"type":"integer","description":"ID of the CASB email label."},"casbTombstoneTemplateId":{"type":"integer","description":"ID of the CASB tombstone template."},"cloudAppTenantIds":{"type":"array","items":{"type":"integer"},"description":"IDs of cloud application tenant identifiers."},"cloudAppTenants":{"type":"array","items":{"type":"integer"},"description":"IDs of cloud application tenants."},"description":{"type":"string","description":"Additional information about the CASB malware rule."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"name":{"type":"string","description":"The name of the CASB malware rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other CASB malware rules."},"quarantineLocation":{"type":"string","description":"Quarantine location for matched malware content."},"ruleId":{"type":"integer","description":"The system-generated ID of the CASB malware rule."},"scanInboundEmailLink":{"type":"string","description":"Whether to scan inbound email links."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"type":{"type":"string","description":"The rule type (e.g. `CASB_MALWARE`)."}},"required":["name","type","order","ruleId"],"inputProperties":{"action":{"type":"string","description":"Action taken when the rule is matched (e.g. `QUARANTINE`, `ALLOW`, `BLOCK`)."},"buckets":{"type":"array","items":{"type":"integer"},"description":"IDs of buckets."},"casbEmailLabelId":{"type":"integer","description":"ID of the CASB email label."},"casbTombstoneTemplateId":{"type":"integer","description":"ID of the CASB tombstone template."},"cloudAppTenantIds":{"type":"array","items":{"type":"integer"},"description":"IDs of cloud application tenant identifiers."},"cloudAppTenants":{"type":"array","items":{"type":"integer"},"description":"IDs of cloud application tenants."},"description":{"type":"string","description":"Additional information about the CASB malware rule."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"name":{"type":"string","description":"The name of the CASB malware rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other CASB malware rules."},"quarantineLocation":{"type":"string","description":"Quarantine location for matched malware content."},"scanInboundEmailLink":{"type":"string","description":"Whether to scan inbound email links."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"type":{"type":"string","description":"The rule type (e.g. `CASB_MALWARE`)."}},"requiredInputs":["name","type","order"]},"zia:index:CloudAppControlRule":{"description":"The zia_cloud_app_control_rules resource manages cloud application control rules in the Zscaler Internet Access (ZIA) cloud service. Cloud app control rules define policies that govern user access to cloud applications, allowing administrators to allow, block, or isolate specific application activities.\n\nFor more information, see the [ZIA Cloud App Control documentation](https://help.zscaler.com/zia/cloud-app-control).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Cloud App Control Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.CloudAppControlRule(\"example\", {\n    name: \"Example Cloud App Control Rule\",\n    description: \"Block file sharing uploads\",\n    type: \"STREAMING_MEDIA\",\n    order: 1,\n    state: \"ENABLED\",\n    actions: [\"BLOCK\"],\n    applications: [\"YOUTUBE\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.CloudAppControlRule(\"example\",\n    name=\"Example Cloud App Control Rule\",\n    description=\"Block file sharing uploads\",\n    type=\"STREAMING_MEDIA\",\n    order=1,\n    state=\"ENABLED\",\n    actions=[\"BLOCK\"],\n    applications=[\"YOUTUBE\"],\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewCloudAppControlRule(ctx, \"example\", \u0026zia.CloudAppControlRuleArgs{\n\t\t\tName:         pulumi.String(\"Example Cloud App Control Rule\"),\n\t\t\tDescription:  pulumi.StringRef(\"Block file sharing uploads\"),\n\t\t\tType:         pulumi.String(\"STREAMING_MEDIA\"),\n\t\t\tOrder:        pulumi.Int(1),\n\t\t\tState:        pulumi.StringRef(\"ENABLED\"),\n\t\t\tActions:      pulumi.ToStringArray([]string{\"BLOCK\"}),\n\t\t\tApplications: pulumi.ToStringArray([]string{\"YOUTUBE\"}),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:CloudAppControlRule\n    properties:\n      name: Example Cloud App Control Rule\n      description: Block file sharing uploads\n      type: STREAMING_MEDIA\n      order: 1\n      state: ENABLED\n      actions:\n        - BLOCK\n      applications:\n        - YOUTUBE\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Cloud App Control Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:CloudAppControlRule example 12345\n```\n","properties":{"actions":{"type":"array","items":{"type":"string"},"description":"Actions taken when traffic matches rule criteria. Valid values: `ALLOW`, `BLOCK`, `CAUTION`, `ISOLATE`."},"applications":{"type":"array","items":{"type":"string"},"description":"List of cloud application names to which the rule applies."},"browserEunTemplateId":{"type":"integer","description":"The ID of the Browser End User Notification template."},"cascadingEnabled":{"type":"boolean","description":"If true, cascading to other rules is enabled when this rule matches."},"cbiProfile":{"$ref":"#/types/zia:index:CBIProfileInput","description":"The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'."},"cloudAppRiskProfileId":{"type":"integer","description":"The ID of the cloud application risk profile associated with this rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments for which the rule must be applied."},"description":{"type":"string","description":"Additional information about the cloud app control rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"enforceTimeValidity":{"type":"boolean","description":"Enforce a set validity time period for the rule."},"eunEnabled":{"type":"boolean","description":"If true, End User Notification is enabled for this rule."},"eunTemplateId":{"type":"integer","description":"The ID of the End User Notification template."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the cloud app control rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups for which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations for which the rule must be applied."},"name":{"type":"string","description":"The name of the cloud app control rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other cloud app control rules."},"rank":{"type":"integer","description":"Admin rank of the cloud app control rule. Valid values: 0-7. Default: 7."},"ruleId":{"type":"integer","description":"The system-generated ID of the cloud app control rule."},"sizeQuota":{"type":"integer","description":"Size quota in MB beyond which the rule is applied. Not applicable when action is 'BLOCK'."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"tenancyProfileIds":{"type":"array","items":{"type":"integer"},"description":"IDs of tenancy profiles for which the rule must be applied."},"timeQuota":{"type":"integer","description":"Time quota in minutes, after which the rule is applied. Not applicable when action is 'BLOCK'."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"type":{"type":"string","description":"The rule type, corresponding to the cloud application category. Valid values: `STREAMING_MEDIA`, `SOCIAL_NETWORKING`, `WEBMAIL`, `INSTANT_MESSAGING`, `FILE_SHARE`, `BUSINESS_PRODUCTIVITY`, `SYSTEM_AND_DEVELOPMENT`, `CONSUMER`, `HOSTING_PROVIDER`, `DNS_OVER_HTTPS`, `ENTERPRISE_COLLABORATION`, `GENERATIVE_AI`, `SALES_AND_MARKETING`, `HEALTH_CARE`, `LEGAL`, `HUMAN_RESOURCES`, `FINANCE`."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users for which the rule must be applied."}},"required":["name","type","order","ruleId"],"inputProperties":{"actions":{"type":"array","items":{"type":"string"},"description":"Actions taken when traffic matches rule criteria. Valid values: `ALLOW`, `BLOCK`, `CAUTION`, `ISOLATE`."},"applications":{"type":"array","items":{"type":"string"},"description":"List of cloud application names to which the rule applies."},"browserEunTemplateId":{"type":"integer","description":"The ID of the Browser End User Notification template."},"cascadingEnabled":{"type":"boolean","description":"If true, cascading to other rules is enabled when this rule matches."},"cbiProfile":{"$ref":"#/types/zia:index:CBIProfileInput","description":"The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'."},"cloudAppRiskProfileId":{"type":"integer","description":"The ID of the cloud application risk profile associated with this rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments for which the rule must be applied."},"description":{"type":"string","description":"Additional information about the cloud app control rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"enforceTimeValidity":{"type":"boolean","description":"Enforce a set validity time period for the rule."},"eunEnabled":{"type":"boolean","description":"If true, End User Notification is enabled for this rule."},"eunTemplateId":{"type":"integer","description":"The ID of the End User Notification template."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the cloud app control rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups for which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations for which the rule must be applied."},"name":{"type":"string","description":"The name of the cloud app control rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other cloud app control rules."},"rank":{"type":"integer","description":"Admin rank of the cloud app control rule. Valid values: 0-7. Default: 7."},"sizeQuota":{"type":"integer","description":"Size quota in MB beyond which the rule is applied. Not applicable when action is 'BLOCK'."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"tenancyProfileIds":{"type":"array","items":{"type":"integer"},"description":"IDs of tenancy profiles for which the rule must be applied."},"timeQuota":{"type":"integer","description":"Time quota in minutes, after which the rule is applied. Not applicable when action is 'BLOCK'."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"type":{"type":"string","description":"The rule type, corresponding to the cloud application category. Valid values: `STREAMING_MEDIA`, `SOCIAL_NETWORKING`, `WEBMAIL`, `INSTANT_MESSAGING`, `FILE_SHARE`, `BUSINESS_PRODUCTIVITY`, `SYSTEM_AND_DEVELOPMENT`, `CONSUMER`, `HOSTING_PROVIDER`, `DNS_OVER_HTTPS`, `ENTERPRISE_COLLABORATION`, `GENERATIVE_AI`, `SALES_AND_MARKETING`, `HEALTH_CARE`, `LEGAL`, `HUMAN_RESOURCES`, `FINANCE`."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users for which the rule must be applied."}},"requiredInputs":["name","type","order"]},"zia:index:CloudApplicationInstance":{"description":"The zia_cloud_application_instance resource manages cloud application instances in the Zscaler Internet Access (ZIA) cloud service. Cloud application instances allow you to define specific tenants or instances of cloud applications for granular policy control.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Cloud Application Instance\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.CloudApplicationInstance(\"example\", {\n    name: \"Example Instance\",\n    instanceType: \"SALESFORCE\",\n    instanceIdentifiers: [{\n        instanceIdentifier: \"example.my.salesforce.com\",\n        identifierType: \"URL\",\n    }],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.CloudApplicationInstance(\"example\",\n    name=\"Example Instance\",\n    instance_type=\"SALESFORCE\",\n    instance_identifiers=[{\n        \"instance_identifier\": \"example.my.salesforce.com\",\n        \"identifier_type\": \"URL\",\n    }],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:CloudApplicationInstance\n    properties:\n      name: Example Instance\n      instanceType: SALESFORCE\n      instanceIdentifiers:\n        - instanceIdentifier: example.my.salesforce.com\n          identifierType: URL\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Cloud Application Instance can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:CloudApplicationInstance example 12345\n```\n","properties":{"instanceId":{"type":"integer","description":"The system-generated ID of the cloud application instance."},"instanceIdentifiers":{"type":"array","items":{"$ref":"#/types/zia:index:InstanceIdentifierInput"},"description":"List of instance identifiers for the cloud application."},"instanceType":{"type":"string","description":"The type of cloud application (e.g. `SALESFORCE`, `SLACK`, `OFFICE365`)."},"name":{"type":"string","description":"The name of the cloud application instance."}},"required":["instanceId"],"inputProperties":{"instanceIdentifiers":{"type":"array","items":{"$ref":"#/types/zia:index:InstanceIdentifierInput"},"description":"List of instance identifiers for the cloud application."},"instanceType":{"type":"string","description":"The type of cloud application (e.g. `SALESFORCE`, `SLACK`, `OFFICE365`)."},"name":{"type":"string","description":"The name of the cloud application instance."}}},"zia:index:CloudNssFeed":{"description":"The zia_cloud_nss_feed resource manages Cloud NSS (Nanolog Streaming Service) feeds in the Zscaler Internet Access (ZIA) cloud service. Cloud NSS feeds allow you to stream logs from ZIA to external SIEM or log management systems via HTTPS.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Cloud NSS Feed\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.CloudNssFeed(\"example\", {\n    name: \"Example NSS Feed\",\n    feedStatus: \"ENABLED\",\n    nssLogType: \"weblog\",\n    nssFeedType: \"NSS_FOR_WEB\",\n    siemType: \"SPLUNK\",\n    connectionUrl: \"https://splunk.example.com:8088/services/collector\",\n    authenticationToken: \"your-auth-token\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.CloudNssFeed(\"example\",\n    name=\"Example NSS Feed\",\n    feed_status=\"ENABLED\",\n    nss_log_type=\"weblog\",\n    nss_feed_type=\"NSS_FOR_WEB\",\n    siem_type=\"SPLUNK\",\n    connection_url=\"https://splunk.example.com:8088/services/collector\",\n    authentication_token=\"your-auth-token\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:CloudNssFeed\n    properties:\n      name: Example NSS Feed\n      feedStatus: ENABLED\n      nssLogType: weblog\n      nssFeedType: NSS_FOR_WEB\n      siemType: SPLUNK\n      connectionUrl: https://splunk.example.com:8088/services/collector\n      authenticationToken: your-auth-token\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Cloud NSS Feed can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:CloudNssFeed example 12345\n```\n","properties":{"authenticationToken":{"type":"string","description":"Authentication token for the SIEM connection.","secret":true},"authenticationUrl":{"type":"string","description":"OAuth authentication URL for the SIEM connection."},"base64EncodedCertificate":{"type":"string","description":"Base64-encoded certificate for TLS mutual authentication."},"buckets":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of buckets."},"casbTenant":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of CASB tenants."},"clientId":{"type":"string","description":"OAuth client ID for the SIEM connection."},"clientIps":{"type":"array","items":{"type":"string"},"description":"Filter: client IP addresses."},"clientSecret":{"type":"string","description":"OAuth client secret for the SIEM connection."},"connectionHeaders":{"type":"array","items":{"type":"string"},"description":"Custom HTTP headers for the connection."},"connectionUrl":{"type":"string","description":"The HTTPS connection URL for the SIEM endpoint."},"customEscapedCharacter":{"type":"array","items":{"type":"string"},"description":"Custom characters to escape in feed output."},"departments":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of departments."},"dlpDictionaries":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of DLP dictionaries."},"dlpEngines":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of DLP engines."},"domains":{"type":"array","items":{"type":"string"},"description":"Filter: domain names."},"epsRateLimit":{"type":"integer","description":"Events per second rate limit."},"externalCollaborators":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of external collaborators."},"externalOwners":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of external owners."},"feedOutputFormat":{"type":"string","description":"The output format for the feed."},"feedStatus":{"type":"string","description":"Status of the feed. Valid values: `ENABLED`, `DISABLED`."},"grantType":{"type":"string","description":"OAuth grant type."},"internalCollaborators":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of internal collaborators."},"itsmObjectType":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of ITSM object types."},"jsonArrayToggle":{"type":"boolean","description":"Whether to output logs as a JSON array."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of location groups."},"locations":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of locations."},"maxBatchSize":{"type":"integer","description":"Maximum batch size for log delivery."},"name":{"type":"string","description":"The name of the Cloud NSS feed."},"nssFeedType":{"type":"string","description":"The NSS feed type (e.g. `NSS_FOR_WEB`, `NSS_FOR_FIREWALL`)."},"nssId":{"type":"integer","description":"The system-generated ID of the Cloud NSS feed."},"nssLogType":{"type":"string","description":"The NSS log type (e.g. `weblog`, `firewalllog`, `dnslog`)."},"nssType":{"type":"string","description":"The NSS type."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of network services."},"oauthAuthentication":{"type":"boolean","description":"Whether to use OAuth authentication for the SIEM connection."},"rules":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of rules."},"scope":{"type":"string","description":"OAuth scope."},"senderName":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of sender names."},"serverIps":{"type":"array","items":{"type":"string"},"description":"Filter: server IP addresses."},"siemType":{"type":"string","description":"The SIEM type (e.g. `SPLUNK`, `QRADAR`, `SENTINEL`)."},"timeZone":{"type":"string","description":"The timezone for log timestamps."},"urlCategories":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of URL categories."},"users":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of users."},"vpnCredentials":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of VPN credentials."}},"required":["nssId"],"inputProperties":{"authenticationToken":{"type":"string","description":"Authentication token for the SIEM connection.","secret":true},"authenticationUrl":{"type":"string","description":"OAuth authentication URL for the SIEM connection."},"base64EncodedCertificate":{"type":"string","description":"Base64-encoded certificate for TLS mutual authentication."},"buckets":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of buckets."},"casbTenant":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of CASB tenants."},"clientId":{"type":"string","description":"OAuth client ID for the SIEM connection."},"clientIps":{"type":"array","items":{"type":"string"},"description":"Filter: client IP addresses."},"clientSecret":{"type":"string","description":"OAuth client secret for the SIEM connection."},"connectionHeaders":{"type":"array","items":{"type":"string"},"description":"Custom HTTP headers for the connection."},"connectionUrl":{"type":"string","description":"The HTTPS connection URL for the SIEM endpoint."},"customEscapedCharacter":{"type":"array","items":{"type":"string"},"description":"Custom characters to escape in feed output."},"departments":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of departments."},"dlpDictionaries":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of DLP dictionaries."},"dlpEngines":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of DLP engines."},"domains":{"type":"array","items":{"type":"string"},"description":"Filter: domain names."},"epsRateLimit":{"type":"integer","description":"Events per second rate limit."},"externalCollaborators":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of external collaborators."},"externalOwners":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of external owners."},"feedOutputFormat":{"type":"string","description":"The output format for the feed."},"feedStatus":{"type":"string","description":"Status of the feed. Valid values: `ENABLED`, `DISABLED`."},"grantType":{"type":"string","description":"OAuth grant type."},"internalCollaborators":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of internal collaborators."},"itsmObjectType":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of ITSM object types."},"jsonArrayToggle":{"type":"boolean","description":"Whether to output logs as a JSON array."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of location groups."},"locations":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of locations."},"maxBatchSize":{"type":"integer","description":"Maximum batch size for log delivery."},"name":{"type":"string","description":"The name of the Cloud NSS feed."},"nssFeedType":{"type":"string","description":"The NSS feed type (e.g. `NSS_FOR_WEB`, `NSS_FOR_FIREWALL`)."},"nssLogType":{"type":"string","description":"The NSS log type (e.g. `weblog`, `firewalllog`, `dnslog`)."},"nssType":{"type":"string","description":"The NSS type."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of network services."},"oauthAuthentication":{"type":"boolean","description":"Whether to use OAuth authentication for the SIEM connection."},"rules":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of rules."},"scope":{"type":"string","description":"OAuth scope."},"senderName":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of sender names."},"serverIps":{"type":"array","items":{"type":"string"},"description":"Filter: server IP addresses."},"siemType":{"type":"string","description":"The SIEM type (e.g. `SPLUNK`, `QRADAR`, `SENTINEL`)."},"timeZone":{"type":"string","description":"The timezone for log timestamps."},"urlCategories":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of URL categories."},"users":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of users."},"vpnCredentials":{"type":"array","items":{"type":"integer"},"description":"Filter: IDs of VPN credentials."}}},"zia:index:CustomFileType":{"description":"The zia_custom_file_type resource manages custom file type controls in the Zscaler Internet Access (ZIA) cloud service. Custom file types allow you to define file extensions and types for use in file type control policies.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Custom File Type\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.CustomFileType(\"example\", {\n    name: \"Custom Archive\",\n    description: \"Custom archive file type\",\n    extension: \"myarch\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.CustomFileType(\"example\",\n    name=\"Custom Archive\",\n    description=\"Custom archive file type\",\n    extension=\"myarch\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:CustomFileType\n    properties:\n      name: Custom Archive\n      description: Custom archive file type\n      extension: myarch\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Custom File Type can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:CustomFileType example 12345\n```\n","properties":{"description":{"type":"string","description":"A description of the custom file type."},"extension":{"type":"string","description":"The file extension for this custom file type (e.g. `myarch`)."},"fileId":{"type":"integer","description":"The system-generated ID of the custom file type."},"fileTypeId":{"type":"integer","description":"The file type category ID to associate this custom file type with."},"name":{"type":"string","description":"The name of the custom file type."}},"required":["fileId"],"inputProperties":{"description":{"type":"string","description":"A description of the custom file type."},"extension":{"type":"string","description":"The file extension for this custom file type (e.g. `myarch`)."},"fileTypeId":{"type":"integer","description":"The file type category ID to associate this custom file type with."},"name":{"type":"string","description":"The name of the custom file type."}}},"zia:index:DcExclusion":{"description":"The zia_dc_exclusion resource manages data center exclusions in the Zscaler Internet Access (ZIA) cloud service. Data center exclusions allow you to temporarily exclude specific data centers from traffic forwarding during maintenance windows or other planned events.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Data Center Exclusion\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.DcExclusion(\"example\", {\n    datacenterId: 12345,\n    startTimeUtc: \"02/25/2026 08:00:00 am\",\n    endTimeUtc: \"02/25/2026 10:00:00 pm\",\n    description: \"Maintenance window exclusion\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.DcExclusion(\"example\",\n    datacenter_id=12345,\n    start_time_utc=\"02/25/2026 08:00:00 am\",\n    end_time_utc=\"02/25/2026 10:00:00 pm\",\n    description=\"Maintenance window exclusion\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:DcExclusion\n    properties:\n      datacenterId: 12345\n      startTimeUtc: \"02/25/2026 08:00:00 am\"\n      endTimeUtc: \"02/25/2026 10:00:00 pm\"\n      description: Maintenance window exclusion\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Data Center Exclusion can be imported using its datacenter ID, e.g.\n\n```sh\n$ pulumi import zia:index:DcExclusion example 12345\n```\n","properties":{"datacenterId":{"type":"integer","description":"The ID of the data center to exclude."},"description":{"type":"string","description":"A description of the data center exclusion."},"endTime":{"type":"integer","description":"Exclusion end time as Unix epoch seconds."},"endTimeUtc":{"type":"string","description":"Exclusion end time in UTC format: `MM/DD/YYYY HH:MM:SS am/pm`."},"expired":{"type":"boolean","description":"Whether the data center exclusion has expired."},"startTime":{"type":"integer","description":"Exclusion start time as Unix epoch seconds."},"startTimeUtc":{"type":"string","description":"Exclusion start time in UTC format: `MM/DD/YYYY HH:MM:SS am/pm`."}},"required":["expired"],"inputProperties":{"datacenterId":{"type":"integer","description":"The ID of the data center to exclude."},"description":{"type":"string","description":"A description of the data center exclusion."},"endTime":{"type":"integer","description":"Exclusion end time as Unix epoch seconds."},"endTimeUtc":{"type":"string","description":"Exclusion end time in UTC format: `MM/DD/YYYY HH:MM:SS am/pm`."},"startTime":{"type":"integer","description":"Exclusion start time as Unix epoch seconds."},"startTimeUtc":{"type":"string","description":"Exclusion start time in UTC format: `MM/DD/YYYY HH:MM:SS am/pm`."}}},"zia:index:DlpDictionary":{"description":"The zia_dlp_dictionaries resource manages DLP (Data Loss Prevention) dictionaries in the Zscaler Internet Access (ZIA) cloud service. DLP dictionaries are used to define custom or predefined patterns and phrases that identify sensitive data for DLP policy enforcement.\n\nFor more information, see the [ZIA Data Loss Prevention documentation](https://help.zscaler.com/zia/data-loss-prevention).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic DLP Dictionary\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.DlpDictionary(\"example\", {\n    name: \"Example DLP Dictionary\",\n    description: \"Custom DLP dictionary for detecting sensitive patterns\",\n    dictionaryType: \"PATTERNS_AND_PHRASES\",\n    customPhraseMatchType: \"MATCH_ALL_CUSTOM_PHRASE_PATTERN_DICTIONARY\",\n    phrases: [{\n        action: \"PHRASE_COUNT_TYPE_ALL\",\n        phrase: \"confidential\",\n    }],\n    patterns: [{\n        action: \"PATTERN_COUNT_TYPE_ALL\",\n        pattern: \"\\\\b\\\\d{3}-\\\\d{2}-\\\\d{4}\\\\b\",\n    }],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.DlpDictionary(\"example\",\n    name=\"Example DLP Dictionary\",\n    description=\"Custom DLP dictionary for detecting sensitive patterns\",\n    dictionary_type=\"PATTERNS_AND_PHRASES\",\n    custom_phrase_match_type=\"MATCH_ALL_CUSTOM_PHRASE_PATTERN_DICTIONARY\",\n    phrases=[{\n        \"action\": \"PHRASE_COUNT_TYPE_ALL\",\n        \"phrase\": \"confidential\",\n    }],\n    patterns=[{\n        \"action\": \"PATTERN_COUNT_TYPE_ALL\",\n        \"pattern\": \"\\\\b\\\\d{3}-\\\\d{2}-\\\\d{4}\\\\b\",\n    }],\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewDlpDictionary(ctx, \"example\", \u0026zia.DlpDictionaryArgs{\n\t\t\tName:                  pulumi.StringRef(\"Example DLP Dictionary\"),\n\t\t\tDescription:           pulumi.StringRef(\"Custom DLP dictionary for detecting sensitive patterns\"),\n\t\t\tDictionaryType:        pulumi.StringRef(\"PATTERNS_AND_PHRASES\"),\n\t\t\tCustomPhraseMatchType: pulumi.StringRef(\"MATCH_ALL_CUSTOM_PHRASE_PATTERN_DICTIONARY\"),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:DlpDictionary\n    properties:\n      name: Example DLP Dictionary\n      description: Custom DLP dictionary for detecting sensitive patterns\n      dictionaryType: PATTERNS_AND_PHRASES\n      customPhraseMatchType: MATCH_ALL_CUSTOM_PHRASE_PATTERN_DICTIONARY\n      phrases:\n        - action: PHRASE_COUNT_TYPE_ALL\n          phrase: confidential\n      patterns:\n        - action: PATTERN_COUNT_TYPE_ALL\n          pattern: \"\\\\b\\\\d{3}-\\\\d{2}-\\\\d{4}\\\\b\"\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing DLP Dictionary can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:DlpDictionary example 12345\n```\n","properties":{"confidenceThreshold":{"type":"string","description":"The DLP confidence threshold. Valid values: `CONFIDENCE_LEVEL_LOW`, `CONFIDENCE_LEVEL_MEDIUM`, `CONFIDENCE_LEVEL_HIGH`."},"custom":{"type":"boolean","description":"If true, this is a custom DLP dictionary; false indicates a predefined dictionary."},"customPhraseMatchType":{"type":"string","description":"The match type for custom phrases. Valid values: `MATCH_ALL_CUSTOM_PHRASE_PATTERN_DICTIONARY`, `MATCH_ANY_CUSTOM_PHRASE_PATTERN_DICTIONARY`."},"description":{"type":"string","description":"A description of the DLP dictionary."},"dictionaryId":{"type":"integer","description":"The system-generated ID of the DLP dictionary."},"dictionaryType":{"type":"string","description":"The type of DLP dictionary. Valid values: `PATTERNS_AND_PHRASES`, `EXACT_DATA_MATCH`, `INDEXED_DATA_MATCH`."},"hierarchicalIdentifiers":{"type":"array","items":{"type":"string"},"description":"List of hierarchical identifiers for the DLP dictionary."},"name":{"type":"string","description":"The name of the DLP dictionary. Must be unique."},"patterns":{"type":"array","items":{"$ref":"#/types/zia:index:DlpDictionaryPatternInput"},"description":"List of DLP dictionary patterns with their match actions."},"phrases":{"type":"array","items":{"$ref":"#/types/zia:index:DlpDictionaryPhraseInput"},"description":"List of DLP dictionary phrases with their match actions."},"proximity":{"type":"integer","description":"The proximity length for dictionary matching. Specifies the distance between phrases/patterns for a match."},"proximityEnabledForCustomDictionary":{"type":"boolean","description":"If true, proximity matching is enabled for this custom DLP dictionary."}},"required":["dictionaryId"],"inputProperties":{"confidenceThreshold":{"type":"string","description":"The DLP confidence threshold. Valid values: `CONFIDENCE_LEVEL_LOW`, `CONFIDENCE_LEVEL_MEDIUM`, `CONFIDENCE_LEVEL_HIGH`."},"custom":{"type":"boolean","description":"If true, this is a custom DLP dictionary; false indicates a predefined dictionary."},"customPhraseMatchType":{"type":"string","description":"The match type for custom phrases. Valid values: `MATCH_ALL_CUSTOM_PHRASE_PATTERN_DICTIONARY`, `MATCH_ANY_CUSTOM_PHRASE_PATTERN_DICTIONARY`."},"description":{"type":"string","description":"A description of the DLP dictionary."},"dictionaryType":{"type":"string","description":"The type of DLP dictionary. Valid values: `PATTERNS_AND_PHRASES`, `EXACT_DATA_MATCH`, `INDEXED_DATA_MATCH`."},"hierarchicalIdentifiers":{"type":"array","items":{"type":"string"},"description":"List of hierarchical identifiers for the DLP dictionary."},"name":{"type":"string","description":"The name of the DLP dictionary. Must be unique."},"patterns":{"type":"array","items":{"$ref":"#/types/zia:index:DlpDictionaryPatternInput"},"description":"List of DLP dictionary patterns with their match actions."},"phrases":{"type":"array","items":{"$ref":"#/types/zia:index:DlpDictionaryPhraseInput"},"description":"List of DLP dictionary phrases with their match actions."},"proximity":{"type":"integer","description":"The proximity length for dictionary matching. Specifies the distance between phrases/patterns for a match."},"proximityEnabledForCustomDictionary":{"type":"boolean","description":"If true, proximity matching is enabled for this custom DLP dictionary."}}},"zia:index:DlpEngine":{"description":"The zia_dlp_engines resource manages DLP (Data Loss Prevention) engines in the Zscaler Internet Access (ZIA) cloud service. DLP engines combine multiple DLP dictionaries using logical expressions to create sophisticated data detection criteria for DLP policy rules.\n\nFor more information, see the [ZIA Data Loss Prevention documentation](https://help.zscaler.com/zia/data-loss-prevention).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic DLP Engine\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.DlpEngine(\"example\", {\n    name: \"Example DLP Engine\",\n    description: \"Custom DLP engine combining multiple dictionaries\",\n    engineExpression: \"((D63.S \u003e 1))\",\n    customDlpEngine: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.DlpEngine(\"example\",\n    name=\"Example DLP Engine\",\n    description=\"Custom DLP engine combining multiple dictionaries\",\n    engine_expression=\"((D63.S \u003e 1))\",\n    custom_dlp_engine=True,\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewDlpEngine(ctx, \"example\", \u0026zia.DlpEngineArgs{\n\t\t\tName:             pulumi.StringRef(\"Example DLP Engine\"),\n\t\t\tDescription:      pulumi.StringRef(\"Custom DLP engine combining multiple dictionaries\"),\n\t\t\tEngineExpression: pulumi.StringRef(\"((D63.S \u003e 1))\"),\n\t\t\tCustomDlpEngine:  pulumi.BoolRef(true),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:DlpEngine\n    properties:\n      name: Example DLP Engine\n      description: Custom DLP engine combining multiple dictionaries\n      engineExpression: \"((D63.S \u003e 1))\"\n      customDlpEngine: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing DLP Engine can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:DlpEngine example 12345\n```\n","properties":{"customDlpEngine":{"type":"boolean","description":"If true, this is a custom DLP engine; false indicates a predefined engine."},"description":{"type":"string","description":"A description of the DLP engine."},"engineExpression":{"type":"string","description":"The logical expression combining DLP dictionaries. Uses dictionary IDs and operators (e.g., `((D63.S \u003e 1))`)."},"engineId":{"type":"integer","description":"The system-generated ID of the DLP engine."},"name":{"type":"string","description":"The name of the DLP engine. Must be unique."}},"required":["engineId"],"inputProperties":{"customDlpEngine":{"type":"boolean","description":"If true, this is a custom DLP engine; false indicates a predefined engine."},"description":{"type":"string","description":"A description of the DLP engine."},"engineExpression":{"type":"string","description":"The logical expression combining DLP dictionaries. Uses dictionary IDs and operators (e.g., `((D63.S \u003e 1))`)."},"name":{"type":"string","description":"The name of the DLP engine. Must be unique."}}},"zia:index:DlpNotificationTemplate":{"description":"The zia_dlp_notification_templates resource manages DLP (Data Loss Prevention) notification templates in the Zscaler Internet Access (ZIA) cloud service. DLP notification templates define the email notifications sent to users or auditors when a DLP policy rule is triggered.\n\nFor more information, see the [ZIA Data Loss Prevention documentation](https://help.zscaler.com/zia/data-loss-prevention).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic DLP Notification Template\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.DlpNotificationTemplate(\"example\", {\n    name: \"Example DLP Notification\",\n    subject: \"DLP Policy Violation Detected\",\n    attachContent: false,\n    plainTextMessage: \"A DLP policy violation was detected.\",\n    tlsEnabled: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.DlpNotificationTemplate(\"example\",\n    name=\"Example DLP Notification\",\n    subject=\"DLP Policy Violation Detected\",\n    attach_content=False,\n    plain_text_message=\"A DLP policy violation was detected.\",\n    tls_enabled=True,\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewDlpNotificationTemplate(ctx, \"example\", \u0026zia.DlpNotificationTemplateArgs{\n\t\t\tName:             pulumi.StringRef(\"Example DLP Notification\"),\n\t\t\tSubject:          pulumi.StringRef(\"DLP Policy Violation Detected\"),\n\t\t\tAttachContent:    pulumi.BoolRef(false),\n\t\t\tPlainTextMessage: pulumi.StringRef(\"A DLP policy violation was detected.\"),\n\t\t\tTlsEnabled:       pulumi.BoolRef(true),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:DlpNotificationTemplate\n    properties:\n      name: Example DLP Notification\n      subject: DLP Policy Violation Detected\n      attachContent: false\n      plainTextMessage: A DLP policy violation was detected.\n      tlsEnabled: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing DLP Notification Template can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:DlpNotificationTemplate example 12345\n```\n","properties":{"attachContent":{"type":"boolean","description":"If true, the content that triggered the DLP violation is attached to the notification email."},"htmlMessage":{"type":"string","description":"The HTML message body of the DLP notification email."},"name":{"type":"string","description":"The name of the DLP notification template. Must be unique."},"plainTextMessage":{"type":"string","description":"The plain text message body of the DLP notification email."},"subject":{"type":"string","description":"The subject line of the DLP notification email."},"templateId":{"type":"integer","description":"The system-generated ID of the DLP notification template."},"tlsEnabled":{"type":"boolean","description":"If true, TLS is enabled for delivering the DLP notification email."}},"required":["templateId"],"inputProperties":{"attachContent":{"type":"boolean","description":"If true, the content that triggered the DLP violation is attached to the notification email."},"htmlMessage":{"type":"string","description":"The HTML message body of the DLP notification email."},"name":{"type":"string","description":"The name of the DLP notification template. Must be unique."},"plainTextMessage":{"type":"string","description":"The plain text message body of the DLP notification email."},"subject":{"type":"string","description":"The subject line of the DLP notification email."},"tlsEnabled":{"type":"boolean","description":"If true, TLS is enabled for delivering the DLP notification email."}}},"zia:index:DlpWebRule":{"description":"The zia_dlp_web_rules resource manages DLP (Data Loss Prevention) web rules in the Zscaler Internet Access (ZIA) cloud service. DLP web rules define how sensitive data is handled in web traffic, allowing organizations to control and monitor the transfer of confidential information.\n\nFor more information, see the [ZIA Data Loss Prevention documentation](https://help.zscaler.com/zia/data-loss-prevention).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic DLP Web Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.DlpWebRule(\"example\", {\n    name: \"Example DLP Web Rule\",\n    description: \"Block sensitive data uploads\",\n    order: 1,\n    state: \"ENABLED\",\n    action: \"BLOCK\",\n    protocols: [\"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_RULE\"],\n    fileTypes: [\"ALL_OUTBOUND\"],\n    zccNotificationsEnabled: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.DlpWebRule(\"example\",\n    name=\"Example DLP Web Rule\",\n    description=\"Block sensitive data uploads\",\n    order=1,\n    state=\"ENABLED\",\n    action=\"BLOCK\",\n    protocols=[\"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_RULE\"],\n    file_types=[\"ALL_OUTBOUND\"],\n    zcc_notifications_enabled=True,\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewDlpWebRule(ctx, \"example\", \u0026zia.DlpWebRuleArgs{\n\t\t\tName:                    pulumi.String(\"Example DLP Web Rule\"),\n\t\t\tDescription:             pulumi.StringRef(\"Block sensitive data uploads\"),\n\t\t\tOrder:                   pulumi.Int(1),\n\t\t\tState:                   pulumi.StringRef(\"ENABLED\"),\n\t\t\tAction:                  pulumi.StringRef(\"BLOCK\"),\n\t\t\tProtocols:               pulumi.ToStringArray([]string{\"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_RULE\"}),\n\t\t\tFileTypes:               pulumi.ToStringArray([]string{\"ALL_OUTBOUND\"}),\n\t\t\tZccNotificationsEnabled: pulumi.BoolRef(true),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:DlpWebRule\n    properties:\n      name: Example DLP Web Rule\n      description: Block sensitive data uploads\n      order: 1\n      state: ENABLED\n      action: BLOCK\n      protocols:\n        - FTP_RULE\n        - HTTPS_RULE\n        - HTTP_RULE\n      fileTypes:\n        - ALL_OUTBOUND\n      zccNotificationsEnabled: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing DLP Web Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:DlpWebRule example 12345\n```\n","properties":{"action":{"type":"string","description":"Action taken when the rule is matched. Valid values: `ALLOW`, `BLOCK`, `ICAP_RESPONSE`."},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"List of cloud application names for which the rule is applied."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments for which the rule must be applied."},"description":{"type":"string","description":"Additional information about the DLP web rule."},"dlpDownloadScanEnabled":{"type":"boolean","description":"If true, DLP scanning is enabled for file downloads."},"externalAuditorEmail":{"type":"string","description":"The email address of an external auditor to whom DLP email notifications are sent."},"fileTypes":{"type":"array","items":{"type":"string"},"description":"List of file types to which the DLP policy rule must be applied."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the DLP web rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups for which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations for which the rule must be applied."},"matchOnly":{"type":"boolean","description":"If true, the rule matches but does not enforce the action."},"minSize":{"type":"integer","description":"Minimum file size (in KB) used for evaluating the DLP policy rule."},"name":{"type":"string","description":"The name of the DLP web rule. Must be unique."},"ocrEnabled":{"type":"boolean","description":"If true, Optical Character Recognition (OCR) is enabled for the DLP rule."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other DLP web rules."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocols to which the rule applies. Valid values: `FTP_RULE`, `HTTPS_RULE`, `HTTP_RULE`."},"rank":{"type":"integer","description":"Admin rank of the DLP web rule. Valid values: 0-7. Default: 7."},"ruleId":{"type":"integer","description":"The system-generated ID of the DLP web rule."},"sourceIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for which the rule must be applied."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users for which the rule must be applied."},"withoutContentInspection":{"type":"boolean","description":"If true, the DLP rule is applied without inspecting content."},"zccNotificationsEnabled":{"type":"boolean","description":"If true, Zscaler Client Connector notifications are enabled for this rule."}},"required":["name","order","ruleId"],"inputProperties":{"action":{"type":"string","description":"Action taken when the rule is matched. Valid values: `ALLOW`, `BLOCK`, `ICAP_RESPONSE`."},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"List of cloud application names for which the rule is applied."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments for which the rule must be applied."},"description":{"type":"string","description":"Additional information about the DLP web rule."},"dlpDownloadScanEnabled":{"type":"boolean","description":"If true, DLP scanning is enabled for file downloads."},"externalAuditorEmail":{"type":"string","description":"The email address of an external auditor to whom DLP email notifications are sent."},"fileTypes":{"type":"array","items":{"type":"string"},"description":"List of file types to which the DLP policy rule must be applied."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the DLP web rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups for which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations for which the rule must be applied."},"matchOnly":{"type":"boolean","description":"If true, the rule matches but does not enforce the action."},"minSize":{"type":"integer","description":"Minimum file size (in KB) used for evaluating the DLP policy rule."},"name":{"type":"string","description":"The name of the DLP web rule. Must be unique."},"ocrEnabled":{"type":"boolean","description":"If true, Optical Character Recognition (OCR) is enabled for the DLP rule."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other DLP web rules."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocols to which the rule applies. Valid values: `FTP_RULE`, `HTTPS_RULE`, `HTTP_RULE`."},"rank":{"type":"integer","description":"Admin rank of the DLP web rule. Valid values: 0-7. Default: 7."},"sourceIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for which the rule must be applied."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users for which the rule must be applied."},"withoutContentInspection":{"type":"boolean","description":"If true, the DLP rule is applied without inspecting content."},"zccNotificationsEnabled":{"type":"boolean","description":"If true, Zscaler Client Connector notifications are enabled for this rule."}},"requiredInputs":["name","order"]},"zia:index:EndUserNotification":{"description":"The zia_end_user_notification resource manages end user notification settings in the Zscaler Internet Access (ZIA) cloud service. This is a singleton resource — only one end user notification configuration exists per tenant. It controls the messages and settings displayed to end users when their traffic is blocked, cautioned, or requires an Acceptable Use Policy (AUP) acknowledgment. Deleting the Pulumi resource does not remove the underlying settings.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### End User Notification\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.EndUserNotification(\"example\", {\n    aupFrequency: \"ON_EVERY_LOGIN\",\n    notificationType: \"CUSTOM\",\n    displayReason: true,\n    displayCompanyName: true,\n    supportEmail: \"support@example.com\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.EndUserNotification(\"example\",\n    aup_frequency=\"ON_EVERY_LOGIN\",\n    notification_type=\"CUSTOM\",\n    display_reason=True,\n    display_company_name=True,\n    support_email=\"support@example.com\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:EndUserNotification\n    properties:\n      aupFrequency: ON_EVERY_LOGIN\n      notificationType: CUSTOM\n      displayReason: true\n      displayCompanyName: true\n      supportEmail: support@example.com\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis is a singleton resource. Import is not applicable because there is no unique API identifier.\n","properties":{"aupCustomFrequency":{"type":"integer","description":"Custom frequency in days for displaying the AUP. Used when aupFrequency is `CUSTOM`."},"aupDayOffset":{"type":"integer","description":"Day offset for AUP display."},"aupFrequency":{"type":"string","description":"AUP display frequency. Valid values: `NEVER`, `ON_EVERY_LOGIN`, `ONCE`, `CUSTOM`."},"aupMessage":{"type":"string","description":"The Acceptable Use Policy message displayed to users."},"cautionAgainAfter":{"type":"integer","description":"Time in minutes before showing the caution notification again."},"cautionCustomText":{"type":"string","description":"Custom text for caution notifications."},"cautionPerDomain":{"type":"boolean","description":"Whether to show caution notifications per domain."},"customText":{"type":"string","description":"Custom text displayed in the notification page."},"displayCompanyLogo":{"type":"boolean","description":"Whether to display the company logo in the notification."},"displayCompanyName":{"type":"boolean","description":"Whether to display the company name in the notification."},"displayReason":{"type":"boolean","description":"Whether to display the reason for blocking or cautioning traffic."},"idpProxyNotificationText":{"type":"string","description":"Custom text for IDP proxy notifications."},"notificationType":{"type":"string","description":"Notification type. Valid values: `DEFAULT`, `CUSTOM`."},"orgPolicyLink":{"type":"string","description":"Link to the organization's policy page."},"quarantineCustomNotificationText":{"type":"string","description":"Custom text for quarantine notifications."},"redirectUrl":{"type":"string","description":"Redirect URL for the notification page."},"securityReviewCustomLocation":{"type":"string","description":"Custom URL for security review submissions."},"securityReviewEnabled":{"type":"boolean","description":"Whether security review requests are enabled."},"securityReviewSubmitToSecurityCloud":{"type":"boolean","description":"Whether security review requests are submitted to the Zscaler security cloud."},"securityReviewText":{"type":"string","description":"Custom text for security review notifications."},"supportEmail":{"type":"string","description":"Support email address displayed in notifications."},"supportPhone":{"type":"string","description":"Support phone number displayed in notifications."},"urlCatReviewCustomLocation":{"type":"string","description":"Custom URL for URL category review submissions."},"urlCatReviewEnabled":{"type":"boolean","description":"Whether URL category review requests are enabled."},"urlCatReviewSubmitToSecurityCloud":{"type":"boolean","description":"Whether URL category review requests are submitted to the Zscaler security cloud."},"urlCatReviewText":{"type":"string","description":"Custom text for URL category review notifications."},"webDlpReviewCustomLocation":{"type":"string","description":"Custom URL for Web DLP review submissions."},"webDlpReviewEnabled":{"type":"boolean","description":"Whether Web DLP review requests are enabled."},"webDlpReviewSubmitToSecurityCloud":{"type":"boolean","description":"Whether Web DLP review requests are submitted to the Zscaler security cloud."},"webDlpReviewText":{"type":"string","description":"Custom text for Web DLP review notifications."}},"inputProperties":{"aupCustomFrequency":{"type":"integer","description":"Custom frequency in days for displaying the AUP. Used when aupFrequency is `CUSTOM`."},"aupDayOffset":{"type":"integer","description":"Day offset for AUP display."},"aupFrequency":{"type":"string","description":"AUP display frequency. Valid values: `NEVER`, `ON_EVERY_LOGIN`, `ONCE`, `CUSTOM`."},"aupMessage":{"type":"string","description":"The Acceptable Use Policy message displayed to users."},"cautionAgainAfter":{"type":"integer","description":"Time in minutes before showing the caution notification again."},"cautionCustomText":{"type":"string","description":"Custom text for caution notifications."},"cautionPerDomain":{"type":"boolean","description":"Whether to show caution notifications per domain."},"customText":{"type":"string","description":"Custom text displayed in the notification page."},"displayCompanyLogo":{"type":"boolean","description":"Whether to display the company logo in the notification."},"displayCompanyName":{"type":"boolean","description":"Whether to display the company name in the notification."},"displayReason":{"type":"boolean","description":"Whether to display the reason for blocking or cautioning traffic."},"idpProxyNotificationText":{"type":"string","description":"Custom text for IDP proxy notifications."},"notificationType":{"type":"string","description":"Notification type. Valid values: `DEFAULT`, `CUSTOM`."},"orgPolicyLink":{"type":"string","description":"Link to the organization's policy page."},"quarantineCustomNotificationText":{"type":"string","description":"Custom text for quarantine notifications."},"redirectUrl":{"type":"string","description":"Redirect URL for the notification page."},"securityReviewCustomLocation":{"type":"string","description":"Custom URL for security review submissions."},"securityReviewEnabled":{"type":"boolean","description":"Whether security review requests are enabled."},"securityReviewSubmitToSecurityCloud":{"type":"boolean","description":"Whether security review requests are submitted to the Zscaler security cloud."},"securityReviewText":{"type":"string","description":"Custom text for security review notifications."},"supportEmail":{"type":"string","description":"Support email address displayed in notifications."},"supportPhone":{"type":"string","description":"Support phone number displayed in notifications."},"urlCatReviewCustomLocation":{"type":"string","description":"Custom URL for URL category review submissions."},"urlCatReviewEnabled":{"type":"boolean","description":"Whether URL category review requests are enabled."},"urlCatReviewSubmitToSecurityCloud":{"type":"boolean","description":"Whether URL category review requests are submitted to the Zscaler security cloud."},"urlCatReviewText":{"type":"string","description":"Custom text for URL category review notifications."},"webDlpReviewCustomLocation":{"type":"string","description":"Custom URL for Web DLP review submissions."},"webDlpReviewEnabled":{"type":"boolean","description":"Whether Web DLP review requests are enabled."},"webDlpReviewSubmitToSecurityCloud":{"type":"boolean","description":"Whether Web DLP review requests are submitted to the Zscaler security cloud."},"webDlpReviewText":{"type":"string","description":"Custom text for Web DLP review notifications."}}},"zia:index:Extranet":{"description":"The zia.Extranet resource manages extranet configurations in the Zscaler Internet Access (ZIA) cloud.\nExtranets define DNS and IP pool settings for traffic forwarding.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Extranet\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.Extranet(\"example\", {\n    name: \"Example Extranet\",\n    description: \"Managed by Pulumi\",\n    extranetDnsList: [{\n        name: \"Primary DNS\",\n        primaryDnsServer: \"8.8.8.8\",\n        secondaryDnsServer: \"8.8.4.4\",\n    }],\n    extranetIpPoolList: [{\n        name: \"IP Pool 1\",\n        ipStart: \"10.0.0.1\",\n        ipEnd: \"10.0.0.254\",\n    }],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.Extranet(\"example\",\n    name=\"Example Extranet\",\n    description=\"Managed by Pulumi\",\n    extranet_dns_list=[{\n        \"name\": \"Primary DNS\",\n        \"primary_dns_server\": \"8.8.8.8\",\n        \"secondary_dns_server\": \"8.8.4.4\",\n    }],\n    extranet_ip_pool_list=[{\n        \"name\": \"IP Pool 1\",\n        \"ip_start\": \"10.0.0.1\",\n        \"ip_end\": \"10.0.0.254\",\n    }],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:Extranet\n    properties:\n      name: Example Extranet\n      description: Managed by Pulumi\n      extranetDnsList:\n        - name: Primary DNS\n          primaryDnsServer: \"8.8.8.8\"\n          secondaryDnsServer: \"8.8.4.4\"\n      extranetIpPoolList:\n        - name: IP Pool 1\n          ipStart: \"10.0.0.1\"\n          ipEnd: \"10.0.0.254\"\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing extranet can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:Extranet example 12345\n```\n","properties":{"description":{"type":"string","description":"Description of the extranet."},"extranetDnsList":{"type":"array","items":{"$ref":"#/types/zia:index:ExtranetDnsListInput"},"description":"List of DNS server entries for the extranet."},"extranetId":{"type":"integer","description":"The unique identifier for the extranet assigned by the ZIA cloud."},"extranetIpPoolList":{"type":"array","items":{"$ref":"#/types/zia:index:ExtranetIpPoolListInput"},"description":"List of IP pool entries for the extranet."},"name":{"type":"string","description":"Name of the extranet."}},"required":["extranetId"],"inputProperties":{"description":{"type":"string","description":"Description of the extranet."},"extranetDnsList":{"type":"array","items":{"$ref":"#/types/zia:index:ExtranetDnsListInput"},"description":"List of DNS server entries for the extranet."},"extranetIpPoolList":{"type":"array","items":{"$ref":"#/types/zia:index:ExtranetIpPoolListInput"},"description":"List of IP pool entries for the extranet."},"name":{"type":"string","description":"Name of the extranet."}}},"zia:index:FileTypeControlRule":{"description":"The zia.FileTypeControlRule resource manages file type control rules in the Zscaler Internet Access (ZIA) cloud.\nFile type control rules allow you to block, caution, or allow file downloads and uploads based on file types,\nprotocols, URL categories, and other criteria. Predefined rules cannot be deleted.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic File Type Control Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.FileTypeControlRule(\"example\", {\n    name: \"Example File Type Rule\",\n    order: 1,\n    description: \"Managed by Pulumi\",\n    state: \"ENABLED\",\n    filteringAction: \"BLOCK\",\n    fileTypes: [\"EXE\", \"DLL\"],\n    protocols: [\"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_PROXY\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.FileTypeControlRule(\"example\",\n    name=\"Example File Type Rule\",\n    order=1,\n    description=\"Managed by Pulumi\",\n    state=\"ENABLED\",\n    filtering_action=\"BLOCK\",\n    file_types=[\"EXE\", \"DLL\"],\n    protocols=[\"FTP_RULE\", \"HTTPS_RULE\", \"HTTP_PROXY\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:FileTypeControlRule\n    properties:\n      name: Example File Type Rule\n      order: 1\n      description: Managed by Pulumi\n      state: ENABLED\n      filteringAction: BLOCK\n      fileTypes:\n        - EXE\n        - DLL\n      protocols:\n        - FTP_RULE\n        - HTTPS_RULE\n        - HTTP_PROXY\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing file type control rule can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:FileTypeControlRule example 12345\n```\n","properties":{"activeContent":{"type":"boolean","description":"Whether the rule applies to files with active content."},"browserEunTemplateId":{"type":"integer","description":"The browser end-user notification template ID."},"capturePcap":{"type":"boolean","description":"Whether to capture PCAP data for the rule."},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"List of cloud applications to which the rule applies."},"departments":{"type":"array","items":{"type":"integer"},"description":"List of department IDs to which the rule applies."},"description":{"type":"string","description":"Description of the file type control rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"List of device group IDs to which the rule applies."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for the rule."},"devices":{"type":"array","items":{"type":"integer"},"description":"List of device IDs to which the rule applies."},"fileTypes":{"type":"array","items":{"type":"string"},"description":"List of file types to which the rule applies (e.g., 'EXE', 'DLL')."},"filteringAction":{"type":"string","description":"The action taken when traffic matches the rule (e.g., 'BLOCK', 'CAUTION', 'ALLOW')."},"groups":{"type":"array","items":{"type":"integer"},"description":"List of group IDs to which the rule applies."},"labels":{"type":"array","items":{"type":"integer"},"description":"List of label IDs associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"List of location group IDs to which the rule applies."},"locations":{"type":"array","items":{"type":"integer"},"description":"List of location IDs to which the rule applies."},"maxSize":{"type":"integer","description":"Maximum file size in bytes for the rule to apply."},"minSize":{"type":"integer","description":"Minimum file size in bytes for the rule to apply."},"name":{"type":"string","description":"Name of the file type control rule."},"operation":{"type":"string","description":"The type of file operation (e.g., 'DOWNLOAD', 'UPLOAD')."},"order":{"type":"integer","description":"The rule order of execution for the file type control rule."},"passwordProtected":{"type":"boolean","description":"Whether the rule applies to password-protected files."},"protocols":{"type":"array","items":{"type":"string"},"description":"List of protocols to which the rule applies (e.g., 'FTP_RULE', 'HTTPS_RULE')."},"rank":{"type":"integer","description":"The admin rank of the rule. Default is 7."},"ruleId":{"type":"integer","description":"The unique identifier for the file type control rule assigned by the ZIA cloud."},"sizeQuota":{"type":"integer","description":"Size quota in KB beyond which the URL filtering rule is applied."},"state":{"type":"string","description":"The rule state. Accepted values: 'ENABLED' or 'DISABLED'."},"timeQuota":{"type":"integer","description":"Time quota in minutes after which the URL filtering rule is applied."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"List of time window IDs during which the rule is active."},"unscannable":{"type":"boolean","description":"Whether the rule applies to unscannable files."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories to which the rule applies."},"users":{"type":"array","items":{"type":"integer"},"description":"List of user IDs to which the rule applies."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZPAAppSegmentInput"},"description":"List of ZPA application segments for the rule."}},"required":["name","order","ruleId"],"inputProperties":{"activeContent":{"type":"boolean","description":"Whether the rule applies to files with active content."},"browserEunTemplateId":{"type":"integer","description":"The browser end-user notification template ID."},"capturePcap":{"type":"boolean","description":"Whether to capture PCAP data for the rule."},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"List of cloud applications to which the rule applies."},"departments":{"type":"array","items":{"type":"integer"},"description":"List of department IDs to which the rule applies."},"description":{"type":"string","description":"Description of the file type control rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"List of device group IDs to which the rule applies."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels for the rule."},"devices":{"type":"array","items":{"type":"integer"},"description":"List of device IDs to which the rule applies."},"fileTypes":{"type":"array","items":{"type":"string"},"description":"List of file types to which the rule applies (e.g., 'EXE', 'DLL')."},"filteringAction":{"type":"string","description":"The action taken when traffic matches the rule (e.g., 'BLOCK', 'CAUTION', 'ALLOW')."},"groups":{"type":"array","items":{"type":"integer"},"description":"List of group IDs to which the rule applies."},"labels":{"type":"array","items":{"type":"integer"},"description":"List of label IDs associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"List of location group IDs to which the rule applies."},"locations":{"type":"array","items":{"type":"integer"},"description":"List of location IDs to which the rule applies."},"maxSize":{"type":"integer","description":"Maximum file size in bytes for the rule to apply."},"minSize":{"type":"integer","description":"Minimum file size in bytes for the rule to apply."},"name":{"type":"string","description":"Name of the file type control rule."},"operation":{"type":"string","description":"The type of file operation (e.g., 'DOWNLOAD', 'UPLOAD')."},"order":{"type":"integer","description":"The rule order of execution for the file type control rule."},"passwordProtected":{"type":"boolean","description":"Whether the rule applies to password-protected files."},"protocols":{"type":"array","items":{"type":"string"},"description":"List of protocols to which the rule applies (e.g., 'FTP_RULE', 'HTTPS_RULE')."},"rank":{"type":"integer","description":"The admin rank of the rule. Default is 7."},"sizeQuota":{"type":"integer","description":"Size quota in KB beyond which the URL filtering rule is applied."},"state":{"type":"string","description":"The rule state. Accepted values: 'ENABLED' or 'DISABLED'."},"timeQuota":{"type":"integer","description":"Time quota in minutes after which the URL filtering rule is applied."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"List of time window IDs during which the rule is active."},"unscannable":{"type":"boolean","description":"Whether the rule applies to unscannable files."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories to which the rule applies."},"users":{"type":"array","items":{"type":"integer"},"description":"List of user IDs to which the rule applies."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZPAAppSegmentInput"},"description":"List of ZPA application segments for the rule."}},"requiredInputs":["name","order"]},"zia:index:FirewallDNSRule":{"description":"The zia_firewall_dns_rule resource manages firewall DNS control rules in the Zscaler Internet Access (ZIA) cloud service. DNS control rules allow you to control DNS traffic by allowing, blocking, or redirecting DNS requests based on various criteria such as source, destination, applications, and DNS request types.\n\nFor more information, see the [ZIA DNS Control Policies documentation](https://help.zscaler.com/zia/dns-control-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Firewall DNS Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.FirewallDNSRule(\"example\", {\n    name: \"Example DNS Rule\",\n    description: \"Block malicious DNS requests\",\n    order: 1,\n    state: \"ENABLED\",\n    action: \"BLOCK_DROP\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.FirewallDNSRule(\"example\",\n    name=\"Example DNS Rule\",\n    description=\"Block malicious DNS requests\",\n    order=1,\n    state=\"ENABLED\",\n    action=\"BLOCK_DROP\",\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewFirewallDNSRule(ctx, \"example\", \u0026zia.FirewallDNSRuleArgs{\n\t\t\tName:        pulumi.String(\"Example DNS Rule\"),\n\t\t\tDescription: pulumi.StringRef(\"Block malicious DNS requests\"),\n\t\t\tOrder:       pulumi.Int(1),\n\t\t\tState:       pulumi.StringRef(\"ENABLED\"),\n\t\t\tAction:      pulumi.StringRef(\"BLOCK_DROP\"),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:FirewallDNSRule\n    properties:\n      name: Example DNS Rule\n      description: Block malicious DNS requests\n      order: 1\n      state: ENABLED\n      action: BLOCK_DROP\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Firewall DNS Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:FirewallDNSRule example 12345\n```\n","properties":{"action":{"type":"string","description":"The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`, `REDIR_REQ`."},"applications":{"type":"array","items":{"type":"string"},"description":"DNS application values to which the rule applies."},"blockResponseCode":{"type":"string","description":"The DNS response code to return when blocking. Valid values: `ANY`, `NONE`, `FORMERR`, `SERVFAIL`, `NXDOMAIN`, `NOTIMP`, `REFUSED`, `NOTAUTH`, `NXRRSET`."},"capturePcap":{"type":"boolean","description":"If set to true, enables packet capture (PCAP) for the rule."},"defaultRule":{"type":"boolean","description":"Indicates whether this is the default firewall DNS rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule must be applied."},"description":{"type":"string","description":"Additional information about the firewall DNS rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses, FQDNs, or wildcard FQDNs for the rule."},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries (ISO 3166-1 alpha-2 codes) for the rule."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"Destination IP address URL categories for the rule."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"destIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IPv6 address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"dnsGateway":{"type":"integer","description":"The ID of the DNS gateway associated with the rule."},"dnsRuleRequestTypes":{"type":"array","items":{"type":"string"},"description":"DNS request types to which the rule applies. Valid values: `A`, `AAAA`, `CNAME`, `MX`, `NS`, `SOA`, `TXT`, `SRV`, `PTR`, `ANY`."},"ednsEcsObject":{"type":"integer","description":"The ID of the EDNS ECS object associated with the rule."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule must be applied."},"isWebEunEnabled":{"type":"boolean","description":"If set to true, enables web end user notification for the rule."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule must be applied."},"name":{"type":"string","description":"The name of the firewall DNS rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other firewall DNS rules."},"predefined":{"type":"boolean","description":"Indicates whether this is a predefined rule."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocols to which the rule applies. Valid values: `ANY_RULE`, `TCP_RULE`, `UDP_RULE`."},"rank":{"type":"integer","description":"Admin rank of the firewall DNS policy rule. Valid values: 0-7. Default: 7."},"redirectIp":{"type":"string","description":"The IP address to redirect DNS requests to. Required when action is `REDIR_REQ`."},"resCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that apply to the response for the rule."},"ruleId":{"type":"integer","description":"The system-generated ID of the firewall DNS rule."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Source countries (ISO 3166-1 alpha-2 codes) for the rule."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"srcIps":{"type":"array","items":{"type":"string"},"description":"Source IP addresses or CIDR ranges for the rule."},"srcIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IPv6 address groups for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule must be applied."},"zpaIpGroup":{"type":"integer","description":"The ID of the ZPA IP group associated with the rule."}},"required":["name","order","ruleId"],"inputProperties":{"action":{"type":"string","description":"The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`, `REDIR_REQ`."},"applications":{"type":"array","items":{"type":"string"},"description":"DNS application values to which the rule applies."},"blockResponseCode":{"type":"string","description":"The DNS response code to return when blocking. Valid values: `ANY`, `NONE`, `FORMERR`, `SERVFAIL`, `NXDOMAIN`, `NOTIMP`, `REFUSED`, `NOTAUTH`, `NXRRSET`."},"capturePcap":{"type":"boolean","description":"If set to true, enables packet capture (PCAP) for the rule."},"defaultRule":{"type":"boolean","description":"Indicates whether this is the default firewall DNS rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule must be applied."},"description":{"type":"string","description":"Additional information about the firewall DNS rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses, FQDNs, or wildcard FQDNs for the rule."},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries (ISO 3166-1 alpha-2 codes) for the rule."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"Destination IP address URL categories for the rule."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"destIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IPv6 address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"dnsGateway":{"type":"integer","description":"The ID of the DNS gateway associated with the rule."},"dnsRuleRequestTypes":{"type":"array","items":{"type":"string"},"description":"DNS request types to which the rule applies. Valid values: `A`, `AAAA`, `CNAME`, `MX`, `NS`, `SOA`, `TXT`, `SRV`, `PTR`, `ANY`."},"ednsEcsObject":{"type":"integer","description":"The ID of the EDNS ECS object associated with the rule."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule must be applied."},"isWebEunEnabled":{"type":"boolean","description":"If set to true, enables web end user notification for the rule."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule must be applied."},"name":{"type":"string","description":"The name of the firewall DNS rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other firewall DNS rules."},"predefined":{"type":"boolean","description":"Indicates whether this is a predefined rule."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocols to which the rule applies. Valid values: `ANY_RULE`, `TCP_RULE`, `UDP_RULE`."},"rank":{"type":"integer","description":"Admin rank of the firewall DNS policy rule. Valid values: 0-7. Default: 7."},"redirectIp":{"type":"string","description":"The IP address to redirect DNS requests to. Required when action is `REDIR_REQ`."},"resCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that apply to the response for the rule."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Source countries (ISO 3166-1 alpha-2 codes) for the rule."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"srcIps":{"type":"array","items":{"type":"string"},"description":"Source IP addresses or CIDR ranges for the rule."},"srcIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IPv6 address groups for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule must be applied."},"zpaIpGroup":{"type":"integer","description":"The ID of the ZPA IP group associated with the rule."}},"requiredInputs":["name","order"]},"zia:index:FirewallFilteringRule":{"description":"The zia_firewall_filtering_rule resource manages firewall filtering rules in the Zscaler Internet Access (ZIA) cloud service. Cloud firewall rules control traffic that is forwarded to the Zscaler service for inspection, allowing you to allow, block, or apply specific actions based on source, destination, applications, and other criteria.\n\nFor more information, see the [ZIA Cloud Firewall documentation](https://help.zscaler.com/zia/firewall-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Firewall Filtering Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.FirewallFilteringRule(\"example\", {\n    name: \"Example Firewall Rule\",\n    description: \"Allow outbound traffic\",\n    order: 1,\n    state: \"ENABLED\",\n    action: \"ALLOW\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.FirewallFilteringRule(\"example\",\n    name=\"Example Firewall Rule\",\n    description=\"Allow outbound traffic\",\n    order=1,\n    state=\"ENABLED\",\n    action=\"ALLOW\",\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewFirewallFilteringRule(ctx, \"example\", \u0026zia.FirewallFilteringRuleArgs{\n\t\t\tName:        pulumi.String(\"Example Firewall Rule\"),\n\t\t\tDescription: pulumi.StringRef(\"Allow outbound traffic\"),\n\t\t\tOrder:       pulumi.Int(1),\n\t\t\tState:       pulumi.StringRef(\"ENABLED\"),\n\t\t\tAction:      pulumi.StringRef(\"ALLOW\"),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:FirewallFilteringRule\n    properties:\n      name: Example Firewall Rule\n      description: Allow outbound traffic\n      order: 1\n      state: ENABLED\n      action: ALLOW\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Firewall Filtering Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:FirewallFilteringRule example 12345\n```\n","properties":{"action":{"type":"string","description":"The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`, `EVAL_NWAPP`."},"appServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of application service groups to which the rule applies."},"appServices":{"type":"array","items":{"type":"integer"},"description":"IDs of application services to which the rule applies."},"defaultRule":{"type":"boolean","description":"Indicates whether this is the default firewall filtering rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule must be applied."},"description":{"type":"string","description":"Additional information about the firewall filtering rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses, FQDNs, or wildcard FQDNs for the rule."},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries (ISO 3166-1 alpha-2 codes) for the rule."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"Destination IP address URL categories. Allows you to identify destinations based on the URL category of the domain."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"enableFullLogging":{"type":"boolean","description":"If set to true, enables full logging for the rule."},"excludeSrcCountries":{"type":"boolean","description":"If set to true, the countries specified in sourceCountries are excluded from the rule."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule must be applied."},"name":{"type":"string","description":"The name of the firewall filtering rule. Must be unique."},"nwApplicationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network application groups to which the rule applies."},"nwApplications":{"type":"array","items":{"type":"string"},"description":"Network application values to which the rule applies (e.g., `APNS`, `DNS`, `HTTP`)."},"nwServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network service groups to which the rule applies."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"IDs of network services to which the rule applies."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other firewall filtering rules."},"predefined":{"type":"boolean","description":"Indicates whether this is a predefined rule."},"rank":{"type":"integer","description":"Admin rank of the firewall filtering policy rule. Valid values: 0-7. Default: 7."},"ruleId":{"type":"integer","description":"The system-generated ID of the firewall filtering rule."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Source countries (ISO 3166-1 alpha-2 codes) for the rule."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"srcIps":{"type":"array","items":{"type":"string"},"description":"Source IP addresses or CIDR ranges for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule must be applied."},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index:WorkloadGroupInput"},"description":"List of preconfigured workload groups to which the policy must be applied."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZPAAppSegmentInput"},"description":"List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method."}},"required":["name","order","ruleId"],"inputProperties":{"action":{"type":"string","description":"The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`, `EVAL_NWAPP`."},"appServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of application service groups to which the rule applies."},"appServices":{"type":"array","items":{"type":"integer"},"description":"IDs of application services to which the rule applies."},"defaultRule":{"type":"boolean","description":"Indicates whether this is the default firewall filtering rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule must be applied."},"description":{"type":"string","description":"Additional information about the firewall filtering rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses, FQDNs, or wildcard FQDNs for the rule."},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries (ISO 3166-1 alpha-2 codes) for the rule."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"Destination IP address URL categories. Allows you to identify destinations based on the URL category of the domain."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"enableFullLogging":{"type":"boolean","description":"If set to true, enables full logging for the rule."},"excludeSrcCountries":{"type":"boolean","description":"If set to true, the countries specified in sourceCountries are excluded from the rule."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule must be applied."},"name":{"type":"string","description":"The name of the firewall filtering rule. Must be unique."},"nwApplicationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network application groups to which the rule applies."},"nwApplications":{"type":"array","items":{"type":"string"},"description":"Network application values to which the rule applies (e.g., `APNS`, `DNS`, `HTTP`)."},"nwServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network service groups to which the rule applies."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"IDs of network services to which the rule applies."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other firewall filtering rules."},"predefined":{"type":"boolean","description":"Indicates whether this is a predefined rule."},"rank":{"type":"integer","description":"Admin rank of the firewall filtering policy rule. Valid values: 0-7. Default: 7."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Source countries (ISO 3166-1 alpha-2 codes) for the rule."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"srcIps":{"type":"array","items":{"type":"string"},"description":"Source IP addresses or CIDR ranges for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule must be applied."},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index:WorkloadGroupInput"},"description":"List of preconfigured workload groups to which the policy must be applied."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZPAAppSegmentInput"},"description":"List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method."}},"requiredInputs":["name","order"]},"zia:index:FirewallIPSRule":{"description":"The zia_firewall_ips_rule resource manages firewall IPS (Intrusion Prevention System) rules in the Zscaler Internet Access (ZIA) cloud service. IPS rules allow you to detect and prevent network intrusions by inspecting traffic for known threat signatures and anomalous patterns.\n\nFor more information, see the [ZIA IPS Control Policies documentation](https://help.zscaler.com/zia/ips-control-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Firewall IPS Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.FirewallIPSRule(\"example\", {\n    name: \"Example IPS Rule\",\n    description: \"Block intrusion attempts\",\n    order: 1,\n    state: \"ENABLED\",\n    action: \"BLOCK_DROP\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.FirewallIPSRule(\"example\",\n    name=\"Example IPS Rule\",\n    description=\"Block intrusion attempts\",\n    order=1,\n    state=\"ENABLED\",\n    action=\"BLOCK_DROP\",\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewFirewallIPSRule(ctx, \"example\", \u0026zia.FirewallIPSRuleArgs{\n\t\t\tName:        pulumi.String(\"Example IPS Rule\"),\n\t\t\tDescription: pulumi.StringRef(\"Block intrusion attempts\"),\n\t\t\tOrder:       pulumi.Int(1),\n\t\t\tState:       pulumi.StringRef(\"ENABLED\"),\n\t\t\tAction:      pulumi.StringRef(\"BLOCK_DROP\"),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:FirewallIPSRule\n    properties:\n      name: Example IPS Rule\n      description: Block intrusion attempts\n      order: 1\n      state: ENABLED\n      action: BLOCK_DROP\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Firewall IPS Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:FirewallIPSRule example 12345\n```\n","properties":{"action":{"type":"string","description":"The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`."},"capturePcap":{"type":"boolean","description":"If set to true, enables packet capture (PCAP) for the rule."},"defaultRule":{"type":"boolean","description":"Indicates whether this is the default firewall IPS rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule must be applied."},"description":{"type":"string","description":"Additional information about the firewall IPS rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses, FQDNs, or wildcard FQDNs for the rule."},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries (ISO 3166-1 alpha-2 codes) for the rule."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"Destination IP address URL categories for the rule."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"destIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IPv6 address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"enableFullLogging":{"type":"boolean","description":"If set to true, enables full logging for the rule."},"eunTemplateId":{"type":"integer","description":"The ID of the end user notification template associated with the rule."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule must be applied."},"isEunEnabled":{"type":"boolean","description":"If set to true, enables end user notification for the rule."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule must be applied."},"name":{"type":"string","description":"The name of the firewall IPS rule. Must be unique."},"nwServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network service groups to which the rule applies."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"IDs of network services to which the rule applies."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other firewall IPS rules."},"predefined":{"type":"boolean","description":"Indicates whether this is a predefined rule."},"rank":{"type":"integer","description":"Admin rank of the firewall IPS policy rule. Valid values: 0-7. Default: 7."},"resCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that apply to the response for the rule."},"ruleId":{"type":"integer","description":"The system-generated ID of the firewall IPS rule."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Source countries (ISO 3166-1 alpha-2 codes) for the rule."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"srcIps":{"type":"array","items":{"type":"string"},"description":"Source IP addresses or CIDR ranges for the rule."},"srcIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IPv6 address groups for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"threatCategories":{"type":"array","items":{"type":"integer"},"description":"IDs of threat categories to which the rule applies."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule must be applied."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZPAAppSegmentInput"},"description":"List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method."}},"required":["name","order","ruleId"],"inputProperties":{"action":{"type":"string","description":"The action the rule takes when traffic matches. Valid values: `ALLOW`, `BLOCK_DROP`, `BLOCK_RESET`, `BLOCK_ICMP`."},"capturePcap":{"type":"boolean","description":"If set to true, enables packet capture (PCAP) for the rule."},"defaultRule":{"type":"boolean","description":"Indicates whether this is the default firewall IPS rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule must be applied."},"description":{"type":"string","description":"Additional information about the firewall IPS rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses, FQDNs, or wildcard FQDNs for the rule."},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries (ISO 3166-1 alpha-2 codes) for the rule."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"Destination IP address URL categories for the rule."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"destIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IPv6 address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"enableFullLogging":{"type":"boolean","description":"If set to true, enables full logging for the rule."},"eunTemplateId":{"type":"integer","description":"The ID of the end user notification template associated with the rule."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule must be applied."},"isEunEnabled":{"type":"boolean","description":"If set to true, enables end user notification for the rule."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule must be applied."},"name":{"type":"string","description":"The name of the firewall IPS rule. Must be unique."},"nwServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network service groups to which the rule applies."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"IDs of network services to which the rule applies."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other firewall IPS rules."},"predefined":{"type":"boolean","description":"Indicates whether this is a predefined rule."},"rank":{"type":"integer","description":"Admin rank of the firewall IPS policy rule. Valid values: 0-7. Default: 7."},"resCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that apply to the response for the rule."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Source countries (ISO 3166-1 alpha-2 codes) for the rule."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"srcIps":{"type":"array","items":{"type":"string"},"description":"Source IP addresses or CIDR ranges for the rule."},"srcIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IPv6 address groups for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"threatCategories":{"type":"array","items":{"type":"integer"},"description":"IDs of threat categories to which the rule applies."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule must be applied."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZPAAppSegmentInput"},"description":"List of ZPA application segments for which this rule is applicable. This field is applicable only for the ZPA gateway forwarding method."}},"requiredInputs":["name","order"]},"zia:index:ForwardingControlProxies":{"description":"The zia.ForwardingControlProxies resource manages forwarding control proxy configurations in the\nZscaler Internet Access (ZIA) cloud. Proxies are used in forwarding control rules to direct traffic\nthrough proxy chains, ZIA, or EC-self proxy types.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Forwarding Control Proxy\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.ForwardingControlProxies(\"example\", {\n    name: \"Example Proxy\",\n    description: \"Managed by Pulumi\",\n    type: \"PROXYCHAIN\",\n    address: \"proxy.example.com\",\n    port: 8080,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.ForwardingControlProxies(\"example\",\n    name=\"Example Proxy\",\n    description=\"Managed by Pulumi\",\n    type=\"PROXYCHAIN\",\n    address=\"proxy.example.com\",\n    port=8080,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:ForwardingControlProxies\n    properties:\n      name: Example Proxy\n      description: Managed by Pulumi\n      type: PROXYCHAIN\n      address: proxy.example.com\n      port: 8080\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing forwarding control proxy can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:ForwardingControlProxies example 12345\n```\n","properties":{"address":{"type":"string","description":"The address of the proxy server."},"base64EncodeXauHeader":{"type":"boolean","description":"Whether to base64-encode the X-Authenticated-User header."},"certId":{"type":"integer","description":"The certificate ID used for the proxy."},"description":{"type":"string","description":"Description of the forwarding control proxy."},"insertXauHeader":{"type":"boolean","description":"Whether to insert the X-Authenticated-User header."},"name":{"type":"string","description":"Name of the forwarding control proxy."},"port":{"type":"integer","description":"The port number of the proxy server."},"proxyId":{"type":"integer","description":"The unique identifier for the proxy assigned by the ZIA cloud."},"type":{"type":"string","description":"The proxy type. Accepted values: 'PROXYCHAIN', 'ZIA', 'ECSELF'."}},"required":["proxyId"],"inputProperties":{"address":{"type":"string","description":"The address of the proxy server."},"base64EncodeXauHeader":{"type":"boolean","description":"Whether to base64-encode the X-Authenticated-User header."},"certId":{"type":"integer","description":"The certificate ID used for the proxy."},"description":{"type":"string","description":"Description of the forwarding control proxy."},"insertXauHeader":{"type":"boolean","description":"Whether to insert the X-Authenticated-User header."},"name":{"type":"string","description":"Name of the forwarding control proxy."},"port":{"type":"integer","description":"The port number of the proxy server."},"type":{"type":"string","description":"The proxy type. Accepted values: 'PROXYCHAIN', 'ZIA', 'ECSELF'."}}},"zia:index:ForwardingControlRule":{"description":"The zia_forwarding_control_rule resource manages forwarding control rules in the Zscaler Internet Access (ZIA) cloud service. Forwarding control rules determine how traffic is forwarded — directly to the internet, via an explicit proxy, or through Zscaler Private Access (ZPA).\n\nFor more information, see the [ZIA Forwarding Control documentation](https://help.zscaler.com/zia/forwarding-control-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Forwarding Control Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.ForwardingControlRule(\"example\", {\n    name: \"Example Forwarding Rule\",\n    description: \"Forward traffic directly\",\n    order: 1,\n    state: \"ENABLED\",\n    forwardMethod: \"DIRECT\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.ForwardingControlRule(\"example\",\n    name=\"Example Forwarding Rule\",\n    description=\"Forward traffic directly\",\n    order=1,\n    state=\"ENABLED\",\n    forward_method=\"DIRECT\",\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewForwardingControlRule(ctx, \"example\", \u0026zia.ForwardingControlRuleArgs{\n\t\t\tName:          pulumi.String(\"Example Forwarding Rule\"),\n\t\t\tDescription:   pulumi.StringRef(\"Forward traffic directly\"),\n\t\t\tOrder:         pulumi.Int(1),\n\t\t\tState:         pulumi.StringRef(\"ENABLED\"),\n\t\t\tForwardMethod: pulumi.String(\"DIRECT\"),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:ForwardingControlRule\n    properties:\n      name: Example Forwarding Rule\n      description: Forward traffic directly\n      order: 1\n      state: ENABLED\n      forwardMethod: DIRECT\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Forwarding Control Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:ForwardingControlRule example 12345\n```\n","properties":{"appServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of application service groups to which the rule applies."},"dedicatedIpGatewayId":{"type":"integer","description":"The ID of the dedicated IP gateway. Applicable only for the Proxy Chaining forwarding method."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule must be applied."},"description":{"type":"string","description":"Additional information about the forwarding control rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses, FQDNs, or wildcard FQDNs for the rule."},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries (ISO 3166-1 alpha-2 codes) for the rule."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"Destination IP address URL categories for the rule."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"destIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IPv6 address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"ecGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of Zscaler Edge Connector groups to which the rule applies."},"forwardMethod":{"type":"string","description":"The type of traffic forwarding method. Valid values: `INVALID`, `DIRECT`, `PROXYCHAIN`, `ZPA`, `ECZPA`, `ZIA`, `ECSELF`, `DROP`, `ENATDEDIP`."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule must be applied."},"name":{"type":"string","description":"The name of the forwarding control rule. Must be unique."},"nwApplicationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network application groups to which the rule applies."},"nwServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network service groups to which the rule applies."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"IDs of network services to which the rule applies."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other forwarding control rules."},"proxyGatewayId":{"type":"integer","description":"The ID of the proxy gateway. Required when forwardMethod is `PROXYCHAIN`."},"rank":{"type":"integer","description":"Admin rank of the forwarding control policy rule. Valid values: 0-7. Default: 7."},"resCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that apply to the response for the rule."},"ruleId":{"type":"integer","description":"The system-generated ID of the forwarding control rule."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"srcIps":{"type":"array","items":{"type":"string"},"description":"Source IP addresses or CIDR ranges for the rule."},"srcIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IPv6 address groups for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"type":{"type":"string","description":"The rule type. Valid values: `FORWARDING`."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule must be applied."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZPAAppSegmentInput"},"description":"List of ZPA application segments for which this rule is applicable. This field is applicable only when forwardMethod is `ZPA`."},"zpaGatewayId":{"type":"integer","description":"The ID of the ZPA gateway. Required when forwardMethod is `ZPA`."}},"required":["name","order","forwardMethod","ruleId"],"inputProperties":{"appServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of application service groups to which the rule applies."},"dedicatedIpGatewayId":{"type":"integer","description":"The ID of the dedicated IP gateway. Applicable only for the Proxy Chaining forwarding method."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule must be applied."},"description":{"type":"string","description":"Additional information about the forwarding control rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses, FQDNs, or wildcard FQDNs for the rule."},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries (ISO 3166-1 alpha-2 codes) for the rule."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"Destination IP address URL categories for the rule."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"destIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IPv6 address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"ecGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of Zscaler Edge Connector groups to which the rule applies."},"forwardMethod":{"type":"string","description":"The type of traffic forwarding method. Valid values: `INVALID`, `DIRECT`, `PROXYCHAIN`, `ZPA`, `ECZPA`, `ZIA`, `ECSELF`, `DROP`, `ENATDEDIP`."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule must be applied."},"name":{"type":"string","description":"The name of the forwarding control rule. Must be unique."},"nwApplicationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network application groups to which the rule applies."},"nwServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network service groups to which the rule applies."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"IDs of network services to which the rule applies."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other forwarding control rules."},"proxyGatewayId":{"type":"integer","description":"The ID of the proxy gateway. Required when forwardMethod is `PROXYCHAIN`."},"rank":{"type":"integer","description":"Admin rank of the forwarding control policy rule. Valid values: 0-7. Default: 7."},"resCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that apply to the response for the rule."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"srcIps":{"type":"array","items":{"type":"string"},"description":"Source IP addresses or CIDR ranges for the rule."},"srcIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IPv6 address groups for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"type":{"type":"string","description":"The rule type. Valid values: `FORWARDING`."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule must be applied."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZPAAppSegmentInput"},"description":"List of ZPA application segments for which this rule is applicable. This field is applicable only when forwardMethod is `ZPA`."},"zpaGatewayId":{"type":"integer","description":"The ID of the ZPA gateway. Required when forwardMethod is `ZPA`."}},"requiredInputs":["name","order","forwardMethod"]},"zia:index:ForwardingControlZpaGateway":{"description":"The zia.ForwardingControlZpaGateway resource manages forwarding control ZPA gateway configurations in the\nZscaler Internet Access (ZIA) cloud. ZPA gateways are used in forwarding control rules to direct traffic\nto Zscaler Private Access (ZPA) application segments through ZPA server groups.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Forwarding Control ZPA Gateway\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.ForwardingControlZpaGateway(\"example\", {\n    name: \"Example ZPA Gateway\",\n    description: \"Managed by Pulumi\",\n    type: \"ZPA\",\n    zpaServerGroup: {\n        externalId: \"server-group-external-id\",\n        name: \"Example Server Group\",\n    },\n    zpaAppSegments: [{\n        externalId: \"app-segment-external-id\",\n        name: \"Example App Segment\",\n    }],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.ForwardingControlZpaGateway(\"example\",\n    name=\"Example ZPA Gateway\",\n    description=\"Managed by Pulumi\",\n    type=\"ZPA\",\n    zpa_server_group={\n        \"external_id\": \"server-group-external-id\",\n        \"name\": \"Example Server Group\",\n    },\n    zpa_app_segments=[{\n        \"external_id\": \"app-segment-external-id\",\n        \"name\": \"Example App Segment\",\n    }],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:ForwardingControlZpaGateway\n    properties:\n      name: Example ZPA Gateway\n      description: Managed by Pulumi\n      type: ZPA\n      zpaServerGroup:\n        externalId: server-group-external-id\n        name: Example Server Group\n      zpaAppSegments:\n        - externalId: app-segment-external-id\n          name: Example App Segment\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing forwarding control ZPA gateway can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:ForwardingControlZpaGateway example 12345\n```\n","properties":{"description":{"type":"string","description":"Description of the ZPA gateway."},"gatewayId":{"type":"integer","description":"The unique identifier for the ZPA gateway assigned by the ZIA cloud."},"name":{"type":"string","description":"Name of the ZPA gateway."},"type":{"type":"string","description":"The gateway type. Accepted values: 'ZPA' or 'ECZPA'."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZpaGatewayAppSegmentInput"},"description":"List of ZPA application segments associated with the gateway."},"zpaServerGroup":{"$ref":"#/types/zia:index:ZpaServerGroupInput","description":"The ZPA server group associated with the gateway."}},"required":["gatewayId"],"inputProperties":{"description":{"type":"string","description":"Description of the ZPA gateway."},"name":{"type":"string","description":"Name of the ZPA gateway."},"type":{"type":"string","description":"The gateway type. Accepted values: 'ZPA' or 'ECZPA'."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZpaGatewayAppSegmentInput"},"description":"List of ZPA application segments associated with the gateway."},"zpaServerGroup":{"$ref":"#/types/zia:index:ZpaServerGroupInput","description":"The ZPA server group associated with the gateway."}}},"zia:index:FtpControlPolicy":{"description":"The zia.FtpControlPolicy resource manages the FTP control policy settings in the Zscaler Internet Access (ZIA) cloud.\nThis is a singleton resource (one per tenant). The policy controls whether FTP and FTP-over-HTTP traffic is allowed\nor blocked, and which URLs and URL categories are subject to FTP controls. Deleting the Pulumi resource does not\nremove the underlying settings.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic FTP Control Policy\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.FtpControlPolicy(\"example\", {\n    ftpEnabled: true,\n    ftpOverHttpEnabled: false,\n    urls: [\"example.com\"],\n    urlCategories: [\"OTHER_ADULT_MATERIAL\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.FtpControlPolicy(\"example\",\n    ftp_enabled=True,\n    ftp_over_http_enabled=False,\n    urls=[\"example.com\"],\n    url_categories=[\"OTHER_ADULT_MATERIAL\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:FtpControlPolicy\n    properties:\n      ftpEnabled: true\n      ftpOverHttpEnabled: false\n      urls:\n        - example.com\n      urlCategories:\n        - OTHER_ADULT_MATERIAL\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis is a singleton resource and import is not supported. The resource is managed by creating it in your Pulumi program.\n","properties":{"ftpEnabled":{"type":"boolean","description":"Whether native FTP traffic is enabled."},"ftpOverHttpEnabled":{"type":"boolean","description":"Whether FTP-over-HTTP traffic is enabled."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories subject to the FTP control policy."},"urls":{"type":"array","items":{"type":"string"},"description":"List of URLs subject to the FTP control policy."}},"inputProperties":{"ftpEnabled":{"type":"boolean","description":"Whether native FTP traffic is enabled."},"ftpOverHttpEnabled":{"type":"boolean","description":"Whether FTP-over-HTTP traffic is enabled."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories subject to the FTP control policy."},"urls":{"type":"array","items":{"type":"string"},"description":"List of URLs subject to the FTP control policy."}}},"zia:index:FwIpDestinationGroup":{"description":"The zia_fw_ip_destination_group resource manages firewall IP destination groups in the Zscaler Internet Access (ZIA) cloud service. IP destination groups allow you to define groups of destination IP addresses, FQDNs, or countries that can be referenced in firewall filtering rules.\n\nFor more information, see the [ZIA Firewall Policies documentation](https://help.zscaler.com/zia/firewall-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic IP Destination Group\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.FwIpDestinationGroup(\"example\", {\n    name: \"Example IP Destination Group\",\n    description: \"Group of destination IPs\",\n    type: \"DSTN_IP\",\n    addresses: [\"203.0.113.0/24\", \"198.51.100.0/24\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.FwIpDestinationGroup(\"example\",\n    name=\"Example IP Destination Group\",\n    description=\"Group of destination IPs\",\n    type=\"DSTN_IP\",\n    addresses=[\"203.0.113.0/24\", \"198.51.100.0/24\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:FwIpDestinationGroup\n    properties:\n      name: Example IP Destination Group\n      description: Group of destination IPs\n      type: DSTN_IP\n      addresses:\n        - 203.0.113.0/24\n        - 198.51.100.0/24\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing IP destination group can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:FwIpDestinationGroup example 12345\n```\n","properties":{"addresses":{"type":"array","items":{"type":"string"},"description":"List of destination IP addresses, FQDNs, or wildcard FQDNs in this group."},"countries":{"type":"array","items":{"type":"string"},"description":"List of destination countries (ISO 3166-1 alpha-2 codes). The COUNTRY_ prefix is added automatically."},"description":{"type":"string","description":"Additional information about the IP destination group."},"groupId":{"type":"integer","description":"The system-generated ID of the IP destination group."},"ipCategories":{"type":"array","items":{"type":"string"},"description":"List of URL/IP categories allowed for this group."},"name":{"type":"string","description":"The name of the IP destination group."},"type":{"type":"string","description":"Destination group type. Valid values: `DSTN_IP`, `DSTN_FQDN`, `DSTN_DOMAIN`, `DSTN_OTHER`."}},"required":["groupId"],"inputProperties":{"addresses":{"type":"array","items":{"type":"string"},"description":"List of destination IP addresses, FQDNs, or wildcard FQDNs in this group."},"countries":{"type":"array","items":{"type":"string"},"description":"List of destination countries (ISO 3166-1 alpha-2 codes). The COUNTRY_ prefix is added automatically."},"description":{"type":"string","description":"Additional information about the IP destination group."},"ipCategories":{"type":"array","items":{"type":"string"},"description":"List of URL/IP categories allowed for this group."},"name":{"type":"string","description":"The name of the IP destination group."},"type":{"type":"string","description":"Destination group type. Valid values: `DSTN_IP`, `DSTN_FQDN`, `DSTN_DOMAIN`, `DSTN_OTHER`."}}},"zia:index:FwIpSourceGroup":{"description":"The zia_fw_ip_source_group resource manages firewall IP source groups in the Zscaler Internet Access (ZIA) cloud service. IP source groups allow you to define groups of source IP addresses that can be referenced in firewall filtering rules.\n\nFor more information, see the [ZIA Firewall Policies documentation](https://help.zscaler.com/zia/firewall-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic IP Source Group\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.FwIpSourceGroup(\"example\", {\n    name: \"Example IP Source Group\",\n    description: \"Group of source IPs\",\n    ipAddresses: [\"192.168.1.0/24\", \"10.0.0.0/8\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.FwIpSourceGroup(\"example\",\n    name=\"Example IP Source Group\",\n    description=\"Group of source IPs\",\n    ip_addresses=[\"192.168.1.0/24\", \"10.0.0.0/8\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:FwIpSourceGroup\n    properties:\n      name: Example IP Source Group\n      description: Group of source IPs\n      ipAddresses:\n        - 192.168.1.0/24\n        - 10.0.0.0/8\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing IP source group can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:FwIpSourceGroup example 12345\n```\n","properties":{"description":{"type":"string","description":"Additional information about the IP source group."},"groupId":{"type":"integer","description":"The system-generated ID of the IP source group."},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"List of source IP addresses or CIDR ranges included in this group."},"name":{"type":"string","description":"The name of the IP source group."}},"required":["groupId"],"inputProperties":{"description":{"type":"string","description":"Additional information about the IP source group."},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"List of source IP addresses or CIDR ranges included in this group."},"name":{"type":"string","description":"The name of the IP source group."}}},"zia:index:FwNetworkApplicationGroup":{"description":"The zia_fw_network_application_group resource manages firewall network application groups in the Zscaler Internet Access (ZIA) cloud service. Network application groups allow you to bundle multiple network applications together for use in firewall filtering rules.\n\nFor more information, see the [ZIA Firewall Policies documentation](https://help.zscaler.com/zia/firewall-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Network Application Group\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.FwNetworkApplicationGroup(\"example\", {\n    name: \"Example App Group\",\n    description: \"Group of network applications\",\n    networkApplications: [\"APNS\", \"APPSTORE\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.FwNetworkApplicationGroup(\"example\",\n    name=\"Example App Group\",\n    description=\"Group of network applications\",\n    network_applications=[\"APNS\", \"APPSTORE\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:FwNetworkApplicationGroup\n    properties:\n      name: Example App Group\n      description: Group of network applications\n      networkApplications:\n        - APNS\n        - APPSTORE\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing network application group can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:FwNetworkApplicationGroup example 12345\n```\n","properties":{"appId":{"type":"integer","description":"The system-generated ID of the network application group."},"description":{"type":"string","description":"Additional information about the network application group."},"name":{"type":"string","description":"The name of the network application group."},"networkApplications":{"type":"array","items":{"type":"string"},"description":"List of network application identifiers that belong to this group (e.g., `APNS`, `APPSTORE`)."}},"required":["appId"],"inputProperties":{"description":{"type":"string","description":"Additional information about the network application group."},"name":{"type":"string","description":"The name of the network application group."},"networkApplications":{"type":"array","items":{"type":"string"},"description":"List of network application identifiers that belong to this group (e.g., `APNS`, `APPSTORE`)."}}},"zia:index:FwNetworkService":{"description":"The zia_fw_network_service resource manages firewall network services in the Zscaler Internet Access (ZIA) cloud service. Network services define the TCP/UDP port ranges used in firewall filtering rules.\n\nFor more information, see the [ZIA Firewall Policies documentation](https://help.zscaler.com/zia/firewall-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Network Service\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.FwNetworkService(\"example\", {\n    name: \"Example Network Service\",\n    description: \"Custom network service\",\n    destTcpPorts: [\n        { start: 443, end: 443 },\n        { start: 8080, end: 8090 },\n    ],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.FwNetworkService(\"example\",\n    name=\"Example Network Service\",\n    description=\"Custom network service\",\n    dest_tcp_ports=[\n        {\"start\": 443, \"end\": 443},\n        {\"start\": 8080, \"end\": 8090},\n    ],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:FwNetworkService\n    properties:\n      name: Example Network Service\n      description: Custom network service\n      destTcpPorts:\n        - start: 443\n          end: 443\n        - start: 8080\n          end: 8090\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing network service can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:FwNetworkService example 12345\n```\n","properties":{"description":{"type":"string","description":"Additional information about the network service."},"destTcpPorts":{"type":"array","items":{"$ref":"#/types/zia:index:NetworkPortInput"},"description":"Destination TCP port ranges. Each entry specifies a start and end port."},"destUdpPorts":{"type":"array","items":{"$ref":"#/types/zia:index:NetworkPortInput"},"description":"Destination UDP port ranges. Each entry specifies a start and end port."},"isNameL10nTag":{"type":"boolean","description":"Indicates whether the name is a localization tag."},"name":{"type":"string","description":"The name of the network service."},"networkServiceId":{"type":"integer","description":"The system-generated ID of the network service."},"srcTcpPorts":{"type":"array","items":{"$ref":"#/types/zia:index:NetworkPortInput"},"description":"Source TCP port ranges. Each entry specifies a start and end port."},"srcUdpPorts":{"type":"array","items":{"$ref":"#/types/zia:index:NetworkPortInput"},"description":"Source UDP port ranges. Each entry specifies a start and end port."},"tag":{"type":"string","description":"The tag associated with the network service."},"type":{"type":"string","description":"The network service type. Valid values: `STANDARD`, `PREDEFINED`, `CUSTOM`."}},"required":["networkServiceId"],"inputProperties":{"description":{"type":"string","description":"Additional information about the network service."},"destTcpPorts":{"type":"array","items":{"$ref":"#/types/zia:index:NetworkPortInput"},"description":"Destination TCP port ranges. Each entry specifies a start and end port."},"destUdpPorts":{"type":"array","items":{"$ref":"#/types/zia:index:NetworkPortInput"},"description":"Destination UDP port ranges. Each entry specifies a start and end port."},"isNameL10nTag":{"type":"boolean","description":"Indicates whether the name is a localization tag."},"name":{"type":"string","description":"The name of the network service."},"srcTcpPorts":{"type":"array","items":{"$ref":"#/types/zia:index:NetworkPortInput"},"description":"Source TCP port ranges. Each entry specifies a start and end port."},"srcUdpPorts":{"type":"array","items":{"$ref":"#/types/zia:index:NetworkPortInput"},"description":"Source UDP port ranges. Each entry specifies a start and end port."},"tag":{"type":"string","description":"The tag associated with the network service."},"type":{"type":"string","description":"The network service type. Valid values: `STANDARD`, `PREDEFINED`, `CUSTOM`."}}},"zia:index:FwNetworkServiceGroup":{"description":"The zia_fw_network_service_group resource manages firewall network service groups in the Zscaler Internet Access (ZIA) cloud service. Network service groups allow you to bundle multiple network services together for use in firewall filtering rules.\n\nFor more information, see the [ZIA Firewall Policies documentation](https://help.zscaler.com/zia/firewall-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Network Service Group\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.FwNetworkServiceGroup(\"example\", {\n    name: \"Example Service Group\",\n    description: \"Group of network services\",\n    serviceIds: [12345, 67890],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.FwNetworkServiceGroup(\"example\",\n    name=\"Example Service Group\",\n    description=\"Group of network services\",\n    service_ids=[12345, 67890],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:FwNetworkServiceGroup\n    properties:\n      name: Example Service Group\n      description: Group of network services\n      serviceIds:\n        - 12345\n        - 67890\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing network service group can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:FwNetworkServiceGroup example 12345\n```\n","properties":{"description":{"type":"string","description":"Additional information about the network service group."},"groupId":{"type":"integer","description":"The system-generated ID of the network service group."},"name":{"type":"string","description":"The name of the network service group."},"serviceIds":{"type":"array","items":{"type":"integer"},"description":"IDs of network services that belong to this group."}},"required":["groupId"],"inputProperties":{"description":{"type":"string","description":"Additional information about the network service group."},"name":{"type":"string","description":"The name of the network service group."},"serviceIds":{"type":"array","items":{"type":"integer"},"description":"IDs of network services that belong to this group."}}},"zia:index:LocationManagement":{"description":"The zia_location_management resource manages locations in the Zscaler Internet Access (ZIA) cloud service. Locations represent offices, branches, or data centers with specific traffic forwarding and policy settings.\n\nFor more information, see the [ZIA Location Management documentation](https://help.zscaler.com/zia/location-management).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Location\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.LocationManagement(\"example\", {\n    name: \"Example Location\",\n    description: \"Branch office location\",\n    country: \"UNITED_STATES\",\n    tz: \"UNITED_STATES_AMERICA_LOS_ANGELES\",\n    authRequired: true,\n    ofwEnabled: true,\n    ipsControl: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.LocationManagement(\"example\",\n    name=\"Example Location\",\n    description=\"Branch office location\",\n    country=\"UNITED_STATES\",\n    tz=\"UNITED_STATES_AMERICA_LOS_ANGELES\",\n    auth_required=True,\n    ofw_enabled=True,\n    ips_control=True,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:LocationManagement\n    properties:\n      name: Example Location\n      description: Branch office location\n      country: UNITED_STATES\n      tz: UNITED_STATES_AMERICA_LOS_ANGELES\n      authRequired: true\n      ofwEnabled: true\n      ipsControl: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing location can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:LocationManagement example 12345\n```\n","properties":{"authRequired":{"type":"boolean","description":"Whether authentication is required for this location."},"basicAuthEnabled":{"type":"boolean","description":"Enable Basic authentication for the location."},"country":{"type":"string","description":"The country in which the location is located."},"description":{"type":"string","description":"Additional information about the location."},"digestAuthEnabled":{"type":"boolean","description":"Enable Digest authentication for the location."},"displayTimeUnit":{"type":"string","description":"Display time unit. Valid values: `MINUTE`, `HOUR`, `DAY`."},"dnBandwidth":{"type":"integer","description":"Download bandwidth in Mbps. If set to 0, the default value is unlimited."},"idleTimeInMinutes":{"type":"integer","description":"Idle time in minutes to disassociate a surrogate IP from the user."},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"IP addresses associated with this location."},"ipsControl":{"type":"boolean","description":"Enable IPS control for the location."},"kerberosAuth":{"type":"boolean","description":"Enable Kerberos authentication for the location."},"locationId":{"type":"integer","description":"The system-generated ID of the location."},"name":{"type":"string","description":"The name of the location."},"ofwEnabled":{"type":"boolean","description":"Enable firewall for the location."},"parentId":{"type":"integer","description":"The parent location ID. If this ID does not exist or is 0, it is implied that it is a parent location."},"ports":{"type":"array","items":{"type":"integer"},"description":"IP ports allowed to send traffic to the location."},"profile":{"type":"string","description":"Profile tag that specifies the location traffic type. Valid values: `NONE`, `CORPORATE`, `SERVER`, `GUESTWIFI`, `IOT`, `WORKLOAD`."},"sslScanEnabled":{"type":"boolean","description":"Enable SSL Inspection for the location."},"state":{"type":"string","description":"The state or province in which the location is located."},"staticLocationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of static location groups to which this location belongs."},"surrogateIp":{"type":"boolean","description":"Enable surrogate IP enforcement for known browsers."},"surrogateIpEnforcedForKnownBrowsers":{"type":"boolean","description":"Enforce surrogate IP for known browsers."},"surrogateRefreshTimeInMinutes":{"type":"integer","description":"Refresh time in minutes for re-validating the surrogacy."},"surrogateRefreshTimeUnit":{"type":"string","description":"Display refresh time unit. Valid values: `MINUTE`, `HOUR`, `DAY`."},"tz":{"type":"string","description":"The timezone of the location. Uses IANA-style identifiers."},"upBandwidth":{"type":"integer","description":"Upload bandwidth in Mbps. If set to 0, the default value is unlimited."},"vpnCredentials":{"type":"array","items":{"$ref":"#/types/zia:index:VpnCredentialInput"},"description":"VPN credentials associated with this location."},"xffForwardEnabled":{"type":"boolean","description":"Enable XFF Forwarding for the location."},"zappSslScanEnabled":{"type":"boolean","description":"Enable Zscaler App SSL Setting for the location."}},"required":["locationId"],"inputProperties":{"authRequired":{"type":"boolean","description":"Whether authentication is required for this location."},"basicAuthEnabled":{"type":"boolean","description":"Enable Basic authentication for the location."},"country":{"type":"string","description":"The country in which the location is located."},"description":{"type":"string","description":"Additional information about the location."},"digestAuthEnabled":{"type":"boolean","description":"Enable Digest authentication for the location."},"displayTimeUnit":{"type":"string","description":"Display time unit. Valid values: `MINUTE`, `HOUR`, `DAY`."},"dnBandwidth":{"type":"integer","description":"Download bandwidth in Mbps. If set to 0, the default value is unlimited."},"idleTimeInMinutes":{"type":"integer","description":"Idle time in minutes to disassociate a surrogate IP from the user."},"ipAddresses":{"type":"array","items":{"type":"string"},"description":"IP addresses associated with this location."},"ipsControl":{"type":"boolean","description":"Enable IPS control for the location."},"kerberosAuth":{"type":"boolean","description":"Enable Kerberos authentication for the location."},"name":{"type":"string","description":"The name of the location."},"ofwEnabled":{"type":"boolean","description":"Enable firewall for the location."},"parentId":{"type":"integer","description":"The parent location ID. If this ID does not exist or is 0, it is implied that it is a parent location."},"ports":{"type":"array","items":{"type":"integer"},"description":"IP ports allowed to send traffic to the location."},"profile":{"type":"string","description":"Profile tag that specifies the location traffic type. Valid values: `NONE`, `CORPORATE`, `SERVER`, `GUESTWIFI`, `IOT`, `WORKLOAD`."},"sslScanEnabled":{"type":"boolean","description":"Enable SSL Inspection for the location."},"state":{"type":"string","description":"The state or province in which the location is located."},"staticLocationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of static location groups to which this location belongs."},"surrogateIp":{"type":"boolean","description":"Enable surrogate IP enforcement for known browsers."},"surrogateIpEnforcedForKnownBrowsers":{"type":"boolean","description":"Enforce surrogate IP for known browsers."},"surrogateRefreshTimeInMinutes":{"type":"integer","description":"Refresh time in minutes for re-validating the surrogacy."},"surrogateRefreshTimeUnit":{"type":"string","description":"Display refresh time unit. Valid values: `MINUTE`, `HOUR`, `DAY`."},"tz":{"type":"string","description":"The timezone of the location. Uses IANA-style identifiers."},"upBandwidth":{"type":"integer","description":"Upload bandwidth in Mbps. If set to 0, the default value is unlimited."},"vpnCredentials":{"type":"array","items":{"$ref":"#/types/zia:index:VpnCredentialInput"},"description":"VPN credentials associated with this location."},"xffForwardEnabled":{"type":"boolean","description":"Enable XFF Forwarding for the location."},"zappSslScanEnabled":{"type":"boolean","description":"Enable Zscaler App SSL Setting for the location."}}},"zia:index:MobileMalwareProtectionPolicy":{"description":"The zia.MobileMalwareProtectionPolicy resource manages mobile malware protection policy settings in the\nZscaler Internet Access (ZIA) cloud. This is a singleton resource (one per tenant) that controls which\ncategories of mobile threats are blocked. Deleting the Pulumi resource does not remove the underlying settings.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Mobile Malware Protection Policy\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.MobileMalwareProtectionPolicy(\"example\", {\n    blockAppsWithMaliciousActivity: true,\n    blockAppsWithKnownVulnerabilities: true,\n    blockAppsSendingUnencryptedUserCredentials: true,\n    blockAppsSendingLocationInfo: false,\n    blockAppsSendingPersonallyIdentifiableInfo: false,\n    blockAppsSendingDeviceIdentifier: false,\n    blockAppsCommunicatingWithAdWebsites: false,\n    blockAppsCommunicatingWithRemoteUnknownServers: false,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.MobileMalwareProtectionPolicy(\"example\",\n    block_apps_with_malicious_activity=True,\n    block_apps_with_known_vulnerabilities=True,\n    block_apps_sending_unencrypted_user_credentials=True,\n    block_apps_sending_location_info=False,\n    block_apps_sending_personally_identifiable_info=False,\n    block_apps_sending_device_identifier=False,\n    block_apps_communicating_with_ad_websites=False,\n    block_apps_communicating_with_remote_unknown_servers=False,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:MobileMalwareProtectionPolicy\n    properties:\n      blockAppsWithMaliciousActivity: true\n      blockAppsWithKnownVulnerabilities: true\n      blockAppsSendingUnencryptedUserCredentials: true\n      blockAppsSendingLocationInfo: false\n      blockAppsSendingPersonallyIdentifiableInfo: false\n      blockAppsSendingDeviceIdentifier: false\n      blockAppsCommunicatingWithAdWebsites: false\n      blockAppsCommunicatingWithRemoteUnknownServers: false\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis is a singleton resource and import is not supported. The resource is managed by creating it in your Pulumi program.\n","properties":{"blockAppsCommunicatingWithAdWebsites":{"type":"boolean","description":"Block apps communicating with ad websites."},"blockAppsCommunicatingWithRemoteUnknownServers":{"type":"boolean","description":"Block apps communicating with remote unknown servers."},"blockAppsSendingDeviceIdentifier":{"type":"boolean","description":"Block apps sending device identifiers."},"blockAppsSendingLocationInfo":{"type":"boolean","description":"Block apps sending location information."},"blockAppsSendingPersonallyIdentifiableInfo":{"type":"boolean","description":"Block apps sending personally identifiable information."},"blockAppsSendingUnencryptedUserCredentials":{"type":"boolean","description":"Block apps sending unencrypted user credentials."},"blockAppsWithKnownVulnerabilities":{"type":"boolean","description":"Block apps with known vulnerabilities."},"blockAppsWithMaliciousActivity":{"type":"boolean","description":"Block apps with malicious activity."}},"inputProperties":{"blockAppsCommunicatingWithAdWebsites":{"type":"boolean","description":"Block apps communicating with ad websites."},"blockAppsCommunicatingWithRemoteUnknownServers":{"type":"boolean","description":"Block apps communicating with remote unknown servers."},"blockAppsSendingDeviceIdentifier":{"type":"boolean","description":"Block apps sending device identifiers."},"blockAppsSendingLocationInfo":{"type":"boolean","description":"Block apps sending location information."},"blockAppsSendingPersonallyIdentifiableInfo":{"type":"boolean","description":"Block apps sending personally identifiable information."},"blockAppsSendingUnencryptedUserCredentials":{"type":"boolean","description":"Block apps sending unencrypted user credentials."},"blockAppsWithKnownVulnerabilities":{"type":"boolean","description":"Block apps with known vulnerabilities."},"blockAppsWithMaliciousActivity":{"type":"boolean","description":"Block apps with malicious activity."}}},"zia:index:NatControlRule":{"description":"The zia_nat_control_rule resource manages NAT control rules in the Zscaler Internet Access (ZIA) cloud service. NAT control rules allow you to redirect traffic to specific IP addresses or FQDNs and ports based on various criteria such as source, destination, users, and locations.\n\nFor more information, see the [ZIA NAT Control documentation](https://help.zscaler.com/zia/nat-control-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic NAT Control Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.NatControlRule(\"example\", {\n    name: \"Example NAT Control Rule\",\n    description: \"Redirect traffic\",\n    order: 1,\n    state: \"ENABLED\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.NatControlRule(\"example\",\n    name=\"Example NAT Control Rule\",\n    description=\"Redirect traffic\",\n    order=1,\n    state=\"ENABLED\",\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewNatControlRule(ctx, \"example\", \u0026zia.NatControlRuleArgs{\n\t\t\tName:        pulumi.String(\"Example NAT Control Rule\"),\n\t\t\tDescription: pulumi.StringRef(\"Redirect traffic\"),\n\t\t\tOrder:       pulumi.Int(1),\n\t\t\tState:       pulumi.StringRef(\"ENABLED\"),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:NatControlRule\n    properties:\n      name: Example NAT Control Rule\n      description: Redirect traffic\n      order: 1\n      state: ENABLED\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing NAT Control Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:NatControlRule example 12345\n```\n","properties":{"defaultRule":{"type":"boolean","description":"Indicates whether this is the default NAT control rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule must be applied."},"description":{"type":"string","description":"Additional information about the NAT control rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses, FQDNs, or wildcard FQDNs for the rule."},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries (ISO 3166-1 alpha-2 codes) for the rule."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"Destination IP address URL categories for the rule."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"destIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IPv6 address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"enableFullLogging":{"type":"boolean","description":"If set to true, enables full logging for the rule."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule must be applied."},"name":{"type":"string","description":"The name of the NAT control rule. Must be unique."},"nwServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network service groups to which the rule applies."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"IDs of network services to which the rule applies."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other NAT control rules."},"predefined":{"type":"boolean","description":"Indicates whether this is a predefined rule."},"rank":{"type":"integer","description":"Admin rank of the NAT control policy rule. Valid values: 0-7. Default: 7."},"redirectFqdn":{"type":"string","description":"The FQDN to which traffic should be redirected."},"redirectIp":{"type":"string","description":"The IP address to which traffic should be redirected."},"redirectPort":{"type":"integer","description":"The port to which traffic should be redirected."},"resCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that apply to the response for the rule."},"ruleId":{"type":"integer","description":"The system-generated ID of the NAT control rule."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"srcIps":{"type":"array","items":{"type":"string"},"description":"Source IP addresses or CIDR ranges for the rule."},"srcIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IPv6 address groups for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule must be applied."}},"required":["name","order","ruleId"],"inputProperties":{"defaultRule":{"type":"boolean","description":"Indicates whether this is the default NAT control rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule must be applied."},"description":{"type":"string","description":"Additional information about the NAT control rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"Destination IP addresses, FQDNs, or wildcard FQDNs for the rule."},"destCountries":{"type":"array","items":{"type":"string"},"description":"Destination countries (ISO 3166-1 alpha-2 codes) for the rule."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"Destination IP address URL categories for the rule."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"destIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IPv6 address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"enableFullLogging":{"type":"boolean","description":"If set to true, enables full logging for the rule."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule must be applied."},"name":{"type":"string","description":"The name of the NAT control rule. Must be unique."},"nwServiceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of network service groups to which the rule applies."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"IDs of network services to which the rule applies."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other NAT control rules."},"predefined":{"type":"boolean","description":"Indicates whether this is a predefined rule."},"rank":{"type":"integer","description":"Admin rank of the NAT control policy rule. Valid values: 0-7. Default: 7."},"redirectFqdn":{"type":"string","description":"The FQDN to which traffic should be redirected."},"redirectIp":{"type":"string","description":"The IP address to which traffic should be redirected."},"redirectPort":{"type":"integer","description":"The port to which traffic should be redirected."},"resCategories":{"type":"array","items":{"type":"string"},"description":"URL categories that apply to the response for the rule."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"srcIps":{"type":"array","items":{"type":"string"},"description":"Source IP addresses or CIDR ranges for the rule."},"srcIpv6Groups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IPv6 address groups for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule must be applied."}},"requiredInputs":["name","order"]},"zia:index:NssServer":{"description":"The zia.NssServer resource manages NSS (Nanolog Streaming Service) server configurations in the\nZscaler Internet Access (ZIA) cloud. NSS servers are used to stream logs from ZIA to external SIEM\nor log management systems.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic NSS Server\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.NssServer(\"example\", {\n    name: \"Example NSS Server\",\n    status: \"ENABLED\",\n    type: \"NSS_FOR_FIREWALL\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.NssServer(\"example\",\n    name=\"Example NSS Server\",\n    status=\"ENABLED\",\n    type=\"NSS_FOR_FIREWALL\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:NssServer\n    properties:\n      name: Example NSS Server\n      status: ENABLED\n      type: NSS_FOR_FIREWALL\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing NSS server can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:NssServer example 12345\n```\n","properties":{"icapSvrId":{"type":"integer","description":"The ICAP server ID associated with the NSS server."},"name":{"type":"string","description":"Name of the NSS server."},"nssId":{"type":"integer","description":"The unique identifier for the NSS server assigned by the ZIA cloud."},"status":{"type":"string","description":"The status of the NSS server. Accepted values: 'ENABLED' or 'DISABLED'. Default: 'ENABLED'."},"type":{"type":"string","description":"The NSS server type. Accepted values: 'NSS_FOR_FIREWALL', 'NSS_FOR_WEB'. Default: 'NSS_FOR_FIREWALL'."}},"required":["name","nssId"],"inputProperties":{"icapSvrId":{"type":"integer","description":"The ICAP server ID associated with the NSS server."},"name":{"type":"string","description":"Name of the NSS server."},"status":{"type":"string","description":"The status of the NSS server. Accepted values: 'ENABLED' or 'DISABLED'. Default: 'ENABLED'."},"type":{"type":"string","description":"The NSS server type. Accepted values: 'NSS_FOR_FIREWALL', 'NSS_FOR_WEB'. Default: 'NSS_FOR_FIREWALL'."}},"requiredInputs":["name"]},"zia:index:RiskProfile":{"description":"The zia.RiskProfile resource manages cloud application risk profiles in the Zscaler Internet Access (ZIA) cloud.\nRisk profiles define criteria for evaluating the security posture of cloud applications based on factors such as\ncertifications, encryption, vulnerability disclosure, and more.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Risk Profile\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.RiskProfile(\"example\", {\n    profileName: \"Example Risk Profile\",\n    profileType: \"PREDEFINED\",\n    status: \"ENABLED\",\n    riskIndex: [1, 2, 3],\n    certifications: [\"CSA_STAR\", \"ISO_27001\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.RiskProfile(\"example\",\n    profile_name=\"Example Risk Profile\",\n    profile_type=\"PREDEFINED\",\n    status=\"ENABLED\",\n    risk_index=[1, 2, 3],\n    certifications=[\"CSA_STAR\", \"ISO_27001\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:RiskProfile\n    properties:\n      profileName: Example Risk Profile\n      profileType: PREDEFINED\n      status: ENABLED\n      riskIndex:\n        - 1\n        - 2\n        - 3\n      certifications:\n        - CSA_STAR\n        - ISO_27001\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing risk profile can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:RiskProfile example 12345\n```\n","properties":{"adminAuditLogs":{"type":"string","description":"Risk level for admin audit log support."},"certifications":{"type":"array","items":{"type":"string"},"description":"List of required certifications (e.g., 'CSA_STAR', 'ISO_27001')."},"customTags":{"type":"array","items":{"type":"integer"},"description":"List of custom tag IDs associated with the profile."},"dataBreach":{"type":"string","description":"Risk level for data breach history."},"dataEncryptionInTransit":{"type":"array","items":{"type":"string"},"description":"List of data encryption in transit protocols."},"dnsCaaPolicy":{"type":"string","description":"Risk level for DNS CAA policy."},"domainBasedMessageAuth":{"type":"string","description":"Risk level for DMARC support."},"domainKeysIdentifiedMail":{"type":"string","description":"Risk level for DKIM support."},"evasive":{"type":"string","description":"Risk level for evasive behavior."},"excludeCertificates":{"type":"integer","description":"Number of certifications to exclude."},"fileSharing":{"type":"string","description":"Risk level for file sharing support."},"httpSecurityHeaders":{"type":"string","description":"Risk level for HTTP security headers."},"malwareScanningForContent":{"type":"string","description":"Risk level for malware scanning."},"mfaSupport":{"type":"string","description":"Risk level for MFA support."},"passwordStrength":{"type":"string","description":"Risk level for password strength enforcement."},"poorItemsOfService":{"type":"string","description":"Risk level for poor items of service."},"profileId":{"type":"integer","description":"The unique identifier for the risk profile assigned by the ZIA cloud."},"profileName":{"type":"string","description":"Name of the risk profile."},"profileType":{"type":"string","description":"The profile type (e.g., 'PREDEFINED', 'CUSTOM')."},"remoteScreenSharing":{"type":"string","description":"Risk level for remote screen sharing support."},"riskIndex":{"type":"array","items":{"type":"integer"},"description":"List of risk index values."},"senderPolicyFramework":{"type":"string","description":"Risk level for SPF support."},"sourceIpRestrictions":{"type":"string","description":"Risk level for source IP restrictions."},"sslCertKeySize":{"type":"string","description":"Risk level for SSL certificate key size."},"sslCertValidity":{"type":"string","description":"Risk level for SSL certificate validity."},"sslPinned":{"type":"string","description":"Risk level for SSL pinning."},"status":{"type":"string","description":"The status of the risk profile (e.g., 'ENABLED', 'DISABLED')."},"supportForWaf":{"type":"string","description":"Risk level for WAF support."},"vulnerability":{"type":"string","description":"Risk level for known vulnerabilities."},"vulnerabilityDisclosure":{"type":"string","description":"Risk level for vulnerability disclosure policy."},"vulnerableToHeartBleed":{"type":"string","description":"Risk level for HeartBleed vulnerability."},"vulnerableToLogJam":{"type":"string","description":"Risk level for LogJam vulnerability."},"vulnerableToPoodle":{"type":"string","description":"Risk level for POODLE vulnerability."},"weakCipherSupport":{"type":"string","description":"Risk level for weak cipher support."}},"required":["profileName","profileId"],"inputProperties":{"adminAuditLogs":{"type":"string","description":"Risk level for admin audit log support."},"certifications":{"type":"array","items":{"type":"string"},"description":"List of required certifications (e.g., 'CSA_STAR', 'ISO_27001')."},"customTags":{"type":"array","items":{"type":"integer"},"description":"List of custom tag IDs associated with the profile."},"dataBreach":{"type":"string","description":"Risk level for data breach history."},"dataEncryptionInTransit":{"type":"array","items":{"type":"string"},"description":"List of data encryption in transit protocols."},"dnsCaaPolicy":{"type":"string","description":"Risk level for DNS CAA policy."},"domainBasedMessageAuth":{"type":"string","description":"Risk level for DMARC support."},"domainKeysIdentifiedMail":{"type":"string","description":"Risk level for DKIM support."},"evasive":{"type":"string","description":"Risk level for evasive behavior."},"excludeCertificates":{"type":"integer","description":"Number of certifications to exclude."},"fileSharing":{"type":"string","description":"Risk level for file sharing support."},"httpSecurityHeaders":{"type":"string","description":"Risk level for HTTP security headers."},"malwareScanningForContent":{"type":"string","description":"Risk level for malware scanning."},"mfaSupport":{"type":"string","description":"Risk level for MFA support."},"passwordStrength":{"type":"string","description":"Risk level for password strength enforcement."},"poorItemsOfService":{"type":"string","description":"Risk level for poor items of service."},"profileName":{"type":"string","description":"Name of the risk profile."},"profileType":{"type":"string","description":"The profile type (e.g., 'PREDEFINED', 'CUSTOM')."},"remoteScreenSharing":{"type":"string","description":"Risk level for remote screen sharing support."},"riskIndex":{"type":"array","items":{"type":"integer"},"description":"List of risk index values."},"senderPolicyFramework":{"type":"string","description":"Risk level for SPF support."},"sourceIpRestrictions":{"type":"string","description":"Risk level for source IP restrictions."},"sslCertKeySize":{"type":"string","description":"Risk level for SSL certificate key size."},"sslCertValidity":{"type":"string","description":"Risk level for SSL certificate validity."},"sslPinned":{"type":"string","description":"Risk level for SSL pinning."},"status":{"type":"string","description":"The status of the risk profile (e.g., 'ENABLED', 'DISABLED')."},"supportForWaf":{"type":"string","description":"Risk level for WAF support."},"vulnerability":{"type":"string","description":"Risk level for known vulnerabilities."},"vulnerabilityDisclosure":{"type":"string","description":"Risk level for vulnerability disclosure policy."},"vulnerableToHeartBleed":{"type":"string","description":"Risk level for HeartBleed vulnerability."},"vulnerableToLogJam":{"type":"string","description":"Risk level for LogJam vulnerability."},"vulnerableToPoodle":{"type":"string","description":"Risk level for POODLE vulnerability."},"weakCipherSupport":{"type":"string","description":"Risk level for weak cipher support."}},"requiredInputs":["profileName"]},"zia:index:RuleLabel":{"description":"The zia_rule_label resource manages rule labels in the Zscaler Internet Access (ZIA) cloud service. Rule labels are used to tag and organize firewall filtering rules, URL filtering rules, and other policy rules.\n\nFor more information, see the [ZIA Rule Labels documentation](https://help.zscaler.com/zia/rule-labels).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Rule Label\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.RuleLabel(\"example\", {\n    name: \"Example Rule Label\",\n    description: \"Label for branch office rules\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.RuleLabel(\"example\",\n    name=\"Example Rule Label\",\n    description=\"Label for branch office rules\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:RuleLabel\n    properties:\n      name: Example Rule Label\n      description: Label for branch office rules\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing rule label can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:RuleLabel example 12345\n```\n","properties":{"description":{"type":"string","description":"Additional information about the rule label. Maximum 10240 characters."},"name":{"type":"string","description":"The name of the rule label. Maximum 255 characters."},"ruleLabelId":{"type":"integer","description":"The system-generated ID of the rule label."}},"required":["ruleLabelId"],"inputProperties":{"description":{"type":"string","description":"Additional information about the rule label. Maximum 10240 characters."},"name":{"type":"string","description":"The name of the rule label. Maximum 255 characters."}}},"zia:index:SandboxBehavioralAnalysisAdvancedSettings":{"description":"The zia_sandbox_behavioral_analysis_advanced_settings resource manages the list of MD5 file hashes that are blocked by the ZIA sandbox behavioral analysis engine. This is a singleton resource. Only MD5 hashes (32 characters) are supported.\n\nFor more information, see the [ZIA Cloud Sandbox documentation](https://help.zscaler.com/zia/about-cloud-sandbox-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Block File Hashes via Sandbox Settings\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.SandboxBehavioralAnalysisAdvancedSettings(\"example\", {\n    fileHashesToBeBlocked: [\n        \"42914d6d213a20a2684064be5c80ffa9\",\n        \"c0202cf6aeab8437c638533d14563d35\",\n    ],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.SandboxBehavioralAnalysisAdvancedSettings(\"example\",\n    file_hashes_to_be_blocked=[\n        \"42914d6d213a20a2684064be5c80ffa9\",\n        \"c0202cf6aeab8437c638533d14563d35\",\n    ],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:SandboxBehavioralAnalysisAdvancedSettings\n    properties:\n      fileHashesToBeBlocked:\n        - 42914d6d213a20a2684064be5c80ffa9\n        - c0202cf6aeab8437c638533d14563d35\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n\u003e This is a singleton resource. Import is not applicable.\n","properties":{"fileHashesToBeBlocked":{"type":"array","items":{"type":"string"},"description":"List of MD5 file hashes to be blocked. Each hash must be exactly 32 characters (MD5 format). SHA1 and SHA256 are not supported."},"resourceId":{"type":"string","description":"The internal resource identifier for the sandbox settings."}},"required":["resourceId"],"inputProperties":{"fileHashesToBeBlocked":{"type":"array","items":{"type":"string"},"description":"List of MD5 file hashes to be blocked. Each hash must be exactly 32 characters (MD5 format). SHA1 and SHA256 are not supported."}}},"zia:index:SandboxBehavioralAnalysisAdvancedSettingsV2":{"description":"The zia_sandbox_behavioral_analysis_advanced_settings_v2 resource manages the V2 MD5 hash value list for the ZIA sandbox behavioral analysis engine. Each entry includes the hash URL, an optional comment, and a type (allow, deny, or malware). This is a singleton resource.\n\nFor more information, see the [ZIA Cloud Sandbox documentation](https://help.zscaler.com/zia/about-cloud-sandbox-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Manage MD5 Hash Value List\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.SandboxBehavioralAnalysisAdvancedSettingsV2(\"example\", {\n    md5HashValueList: [\n        {\n            url: \"42914d6d213a20a2684064be5c80ffa9\",\n            urlComment: \"Known safe file hash\",\n            type: \"CUSTOM_FILEHASH_ALLOW\",\n        },\n        {\n            url: \"c0202cf6aeab8437c638533d14563d35\",\n            urlComment: \"Known malicious file hash\",\n            type: \"CUSTOM_FILEHASH_DENY\",\n        },\n    ],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.SandboxBehavioralAnalysisAdvancedSettingsV2(\"example\",\n    md5_hash_value_list=[\n        {\n            \"url\": \"42914d6d213a20a2684064be5c80ffa9\",\n            \"url_comment\": \"Known safe file hash\",\n            \"type\": \"CUSTOM_FILEHASH_ALLOW\",\n        },\n        {\n            \"url\": \"c0202cf6aeab8437c638533d14563d35\",\n            \"url_comment\": \"Known malicious file hash\",\n            \"type\": \"CUSTOM_FILEHASH_DENY\",\n        },\n    ],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:SandboxBehavioralAnalysisAdvancedSettingsV2\n    properties:\n      md5HashValueList:\n        - url: 42914d6d213a20a2684064be5c80ffa9\n          urlComment: Known safe file hash\n          type: CUSTOM_FILEHASH_ALLOW\n        - url: c0202cf6aeab8437c638533d14563d35\n          urlComment: Known malicious file hash\n          type: CUSTOM_FILEHASH_DENY\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n\u003e This is a singleton resource. Import is not applicable.\n","properties":{"md5HashValueList":{"type":"array","items":{"$ref":"#/types/zia:index:Md5HashValueInput"},"description":"List of MD5 hash value entries. Each entry contains a hash URL, optional comment, and type."}},"inputProperties":{"md5HashValueList":{"type":"array","items":{"$ref":"#/types/zia:index:Md5HashValueInput"},"description":"List of MD5 hash value entries. Each entry contains a hash URL, optional comment, and type."}}},"zia:index:SandboxRule":{"description":"The zia_sandbox_rules resource manages sandbox policy rules in the Zscaler Internet Access (ZIA) cloud service. Sandbox rules define actions for file analysis based on criteria such as locations, departments, groups, users, and file types.\n\nFor more information, see the [ZIA Cloud Sandbox documentation](https://help.zscaler.com/zia/about-cloud-sandbox-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Sandbox Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.SandboxRule(\"example\", {\n    name: \"Example Sandbox Rule\",\n    description: \"Block suspicious file types\",\n    order: 1,\n    state: \"ENABLED\",\n    baRuleAction: \"ALLOW\",\n    fileTypes: [\"ALL_OUTBOUND\"],\n    protocols: [\"FTP_RULE\", \"SSL_RULE\", \"FOHTTP_RULE\", \"HTTP_PROXY\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.SandboxRule(\"example\",\n    name=\"Example Sandbox Rule\",\n    description=\"Block suspicious file types\",\n    order=1,\n    state=\"ENABLED\",\n    ba_rule_action=\"ALLOW\",\n    file_types=[\"ALL_OUTBOUND\"],\n    protocols=[\"FTP_RULE\", \"SSL_RULE\", \"FOHTTP_RULE\", \"HTTP_PROXY\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:SandboxRule\n    properties:\n      name: Example Sandbox Rule\n      description: Block suspicious file types\n      order: 1\n      state: ENABLED\n      baRuleAction: ALLOW\n      fileTypes:\n        - ALL_OUTBOUND\n      protocols:\n        - FTP_RULE\n        - SSL_RULE\n        - FOHTTP_RULE\n        - HTTP_PROXY\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Sandbox Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:SandboxRule example 12345\n```\n","properties":{"baPolicyCategories":{"type":"array","items":{"type":"string"},"description":"List of behavioral analysis policy categories."},"baRuleAction":{"type":"string","description":"The action applied when the rule is matched. Valid values: `ALLOW`, `BLOCK`, `QUARANTINE`."},"byThreatScore":{"type":"integer","description":"Threat score threshold for the rule. Files with a score above this value trigger the action."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule applies."},"description":{"type":"string","description":"Additional information about the sandbox rule."},"fileTypes":{"type":"array","items":{"type":"string"},"description":"List of file types for which the rule applies (e.g., `ALL_OUTBOUND`, `EXE`, `DLL`)."},"firstTimeEnable":{"type":"boolean","description":"If set to true, a first-time action is enabled."},"firstTimeOperation":{"type":"string","description":"The action for first-time file downloads. Valid values: `ALLOW_SCAN`, `QUARANTINE`."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule applies."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule applies."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule applies."},"mlActionEnabled":{"type":"boolean","description":"If set to true, machine learning-based analysis action is enabled."},"name":{"type":"string","description":"The name of the sandbox rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other sandbox rules."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocols to which the rule applies. Valid values: `FTP_RULE`, `SSL_RULE`, `FOHTTP_RULE`, `HTTP_PROXY`."},"rank":{"type":"integer","description":"Admin rank of the sandbox policy rule. Valid values: 0-7. Default: 7."},"ruleId":{"type":"integer","description":"The system-generated ID of the sandbox rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories to which the rule applies."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule applies."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZPAAppSegmentInput"},"description":"List of ZPA application segments to which the rule applies."}},"required":["name","order","ruleId"],"inputProperties":{"baPolicyCategories":{"type":"array","items":{"type":"string"},"description":"List of behavioral analysis policy categories."},"baRuleAction":{"type":"string","description":"The action applied when the rule is matched. Valid values: `ALLOW`, `BLOCK`, `QUARANTINE`."},"byThreatScore":{"type":"integer","description":"Threat score threshold for the rule. Files with a score above this value trigger the action."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule applies."},"description":{"type":"string","description":"Additional information about the sandbox rule."},"fileTypes":{"type":"array","items":{"type":"string"},"description":"List of file types for which the rule applies (e.g., `ALL_OUTBOUND`, `EXE`, `DLL`)."},"firstTimeEnable":{"type":"boolean","description":"If set to true, a first-time action is enabled."},"firstTimeOperation":{"type":"string","description":"The action for first-time file downloads. Valid values: `ALLOW_SCAN`, `QUARANTINE`."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule applies."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule applies."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule applies."},"mlActionEnabled":{"type":"boolean","description":"If set to true, machine learning-based analysis action is enabled."},"name":{"type":"string","description":"The name of the sandbox rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other sandbox rules."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocols to which the rule applies. Valid values: `FTP_RULE`, `SSL_RULE`, `FOHTTP_RULE`, `HTTP_PROXY`."},"rank":{"type":"integer","description":"Admin rank of the sandbox policy rule. Valid values: 0-7. Default: 7."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories to which the rule applies."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule applies."},"zpaAppSegments":{"type":"array","items":{"$ref":"#/types/zia:index:ZPAAppSegmentInput"},"description":"List of ZPA application segments to which the rule applies."}},"requiredInputs":["name","order"]},"zia:index:SandboxSubmission":{"description":"The zia_sandbox_submission resource submits files to the Zscaler cloud sandbox for analysis. Files can be submitted for full analysis or a quick discan (distributed scan). This resource is create-only; there is no remote GET API, and delete is a no-op.\n\nFor more information, see the [ZIA Cloud Sandbox Submission documentation](https://help.zscaler.com/zia/about-sandbox-analysis).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Submit a File for Sandbox Analysis\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.SandboxSubmission(\"example\", {\n    filePath: \"/tmp/suspicious-file.exe\",\n    submissionMethod: \"submit\",\n    force: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.SandboxSubmission(\"example\",\n    file_path=\"/tmp/suspicious-file.exe\",\n    submission_method=\"submit\",\n    force=True,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:SandboxSubmission\n    properties:\n      filePath: /tmp/suspicious-file.exe\n      submissionMethod: submit\n      force: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n\u003e Import is not supported for this resource.\n","properties":{"code":{"type":"integer","description":"The response status code from the sandbox submission."},"filePath":{"type":"string","description":"The local file path of the file to submit for sandbox analysis."},"fileType":{"type":"string","description":"The detected file type of the submitted file."},"force":{"type":"boolean","description":"Force re-analysis of a previously submitted file. Only applicable for 'submit' method. Not applicable for 'discan'."},"md5":{"type":"string","description":"The MD5 hash of the submitted file."},"message":{"type":"string","description":"The response message from the sandbox submission."},"submissionMethod":{"type":"string","description":"The submission method. Valid values: `submit` (full analysis) or `discan` (distributed scan)."},"submissionResult":{"type":"string","description":"The sandbox submission result string."},"virusName":{"type":"string","description":"The virus name if the file is detected as malicious."},"virusType":{"type":"string","description":"The virus type if the file is detected as malicious."}},"required":["filePath","submissionMethod"],"inputProperties":{"filePath":{"type":"string","description":"The local file path of the file to submit for sandbox analysis."},"force":{"type":"boolean","description":"Force re-analysis of a previously submitted file. Only applicable for 'submit' method. Not applicable for 'discan'."},"submissionMethod":{"type":"string","description":"The submission method. Valid values: `submit` (full analysis) or `discan` (distributed scan)."}},"requiredInputs":["filePath","submissionMethod"]},"zia:index:SecurityPolicySettings":{"description":"The zia_security_policy_settings resource manages the whitelist and blacklist URL configuration for the ZIA security policy. This is a singleton resource that controls which URLs are always allowed (whitelisted) or always blocked (blacklisted) across the organization.\n\nFor more information, see the [ZIA Security Policy Settings documentation](https://help.zscaler.com/zia/configuring-security-policy).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Security Policy Settings\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.SecurityPolicySettings(\"example\", {\n    whitelistUrls: [\n        \"example.com\",\n        \"trusted-site.org\",\n    ],\n    blacklistUrls: [\n        \"malicious-site.com\",\n        \"phishing-site.net\",\n    ],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.SecurityPolicySettings(\"example\",\n    whitelist_urls=[\n        \"example.com\",\n        \"trusted-site.org\",\n    ],\n    blacklist_urls=[\n        \"malicious-site.com\",\n        \"phishing-site.net\",\n    ],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:SecurityPolicySettings\n    properties:\n      whitelistUrls:\n        - example.com\n        - trusted-site.org\n      blacklistUrls:\n        - malicious-site.com\n        - phishing-site.net\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n\u003e This is a singleton resource. Import is not applicable.\n","properties":{"blacklistUrls":{"type":"array","items":{"type":"string"},"description":"List of URLs that are always blocked (blacklisted) by the security policy."},"resourceId":{"type":"string","description":"The internal resource identifier for the security policy settings."},"whitelistUrls":{"type":"array","items":{"type":"string"},"description":"List of URLs that are always allowed (whitelisted) by the security policy."}},"required":["resourceId"],"inputProperties":{"blacklistUrls":{"type":"array","items":{"type":"string"},"description":"List of URLs that are always blocked (blacklisted) by the security policy."},"whitelistUrls":{"type":"array","items":{"type":"string"},"description":"List of URLs that are always allowed (whitelisted) by the security policy."}}},"zia:index:SslInspectionRule":{"description":"The zia_ssl_inspection_rules resource manages SSL inspection rules in the Zscaler Internet Access (ZIA) cloud service. SSL inspection rules determine whether to decrypt, not decrypt, or block SSL/TLS traffic based on criteria such as locations, departments, groups, users, URL categories, cloud applications, and platforms.\n\nFor more information, see the [ZIA SSL Inspection documentation](https://help.zscaler.com/zia/about-ssl-inspection-policies).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic SSL Inspection Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.SslInspectionRule(\"example\", {\n    name: \"Example SSL Inspection Rule\",\n    description: \"Decrypt corporate traffic\",\n    order: 1,\n    state: \"ENABLED\",\n    action: {\n        type: \"DECRYPT\",\n        showEun: false,\n        decryptSubActions: {\n            serverCertificates: \"ALLOW\",\n            ocspCheck: true,\n            http2Enabled: true,\n        },\n    },\n    urlCategories: [\"ANY\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.SslInspectionRule(\"example\",\n    name=\"Example SSL Inspection Rule\",\n    description=\"Decrypt corporate traffic\",\n    order=1,\n    state=\"ENABLED\",\n    action={\n        \"type\": \"DECRYPT\",\n        \"show_eun\": False,\n        \"decrypt_sub_actions\": {\n            \"server_certificates\": \"ALLOW\",\n            \"ocsp_check\": True,\n            \"http2_enabled\": True,\n        },\n    },\n    url_categories=[\"ANY\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:SslInspectionRule\n    properties:\n      name: Example SSL Inspection Rule\n      description: Decrypt corporate traffic\n      order: 1\n      state: ENABLED\n      action:\n        type: DECRYPT\n        showEun: false\n        decryptSubActions:\n          serverCertificates: ALLOW\n          ocspCheck: true\n          http2Enabled: true\n      urlCategories:\n        - ANY\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing SSL Inspection Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:SslInspectionRule example 12345\n```\n","properties":{"action":{"$ref":"#/types/zia:index:SslInspectionActionInput","description":"The action configuration for the SSL inspection rule, including decrypt/do-not-decrypt sub-actions."},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"List of cloud application names to which the rule applies."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule applies."},"description":{"type":"string","description":"Additional information about the SSL inspection rule."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups to which the rule applies."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices to which the rule applies."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule applies."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule applies."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule applies."},"name":{"type":"string","description":"The name of the SSL inspection rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other SSL inspection rules."},"platforms":{"type":"array","items":{"type":"string"},"description":"Platforms to which the rule applies (e.g., `SCAN_IOS`, `SCAN_ANDROID`, `SCAN_MACOS`, `SCAN_WINDOWS`, `SCAN_LINUX`)."},"proxyGateways":{"type":"array","items":{"type":"integer"},"description":"IDs of proxy gateway configurations for the rule."},"rank":{"type":"integer","description":"Admin rank of the SSL inspection policy rule. Valid values: 0-7. Default: 7."},"roadWarriorForKerberos":{"type":"boolean","description":"Indicates whether the rule applies to road warrior (remote) users using Kerberos authentication."},"ruleId":{"type":"integer","description":"The system-generated ID of the SSL inspection rule."},"sourceIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories to which the rule applies."},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"User agent types the rule applies to."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule applies."},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index:WorkloadGroupInput"},"description":"List of preconfigured workload groups to which the policy must be applied."}},"required":["name","order","action","ruleId"],"inputProperties":{"action":{"$ref":"#/types/zia:index:SslInspectionActionInput","description":"The action configuration for the SSL inspection rule, including decrypt/do-not-decrypt sub-actions."},"cloudApplications":{"type":"array","items":{"type":"string"},"description":"List of cloud application names to which the rule applies."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments to which the rule applies."},"description":{"type":"string","description":"Additional information about the SSL inspection rule."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of destination IP address groups for the rule."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups to which the rule applies."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices to which the rule applies."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups to which the rule applies."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule applies."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations to which the rule applies."},"name":{"type":"string","description":"The name of the SSL inspection rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other SSL inspection rules."},"platforms":{"type":"array","items":{"type":"string"},"description":"Platforms to which the rule applies (e.g., `SCAN_IOS`, `SCAN_ANDROID`, `SCAN_MACOS`, `SCAN_WINDOWS`, `SCAN_LINUX`)."},"proxyGateways":{"type":"array","items":{"type":"integer"},"description":"IDs of proxy gateway configurations for the rule."},"rank":{"type":"integer","description":"Admin rank of the SSL inspection policy rule. Valid values: 0-7. Default: 7."},"roadWarriorForKerberos":{"type":"boolean","description":"Indicates whether the rule applies to road warrior (remote) users using Kerberos authentication."},"sourceIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups for the rule."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories to which the rule applies."},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"User agent types the rule applies to."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users to which the rule applies."},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index:WorkloadGroupInput"},"description":"List of preconfigured workload groups to which the policy must be applied."}},"requiredInputs":["name","order","action"]},"zia:index:SubCloud":{"description":"The zia.SubCloud resource manages sub-cloud configurations in the Zscaler Internet Access (ZIA) cloud.\nSub-clouds represent regional cloud instances with associated datacenters and exclusion rules.\nCreate and update both use the same API operation. Deleting the Pulumi resource does not remove\nthe underlying sub-cloud configuration.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Sub-Cloud\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.SubCloud(\"example\", {\n    cloudId: 1,\n    exclusions: [{\n        datacenter: {\n            resourceId: 100,\n            name: \"US-East\",\n            country: \"US\",\n        },\n        country: \"US\",\n    }],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.SubCloud(\"example\",\n    cloud_id=1,\n    exclusions=[{\n        \"datacenter\": {\n            \"resource_id\": 100,\n            \"name\": \"US-East\",\n            \"country\": \"US\",\n        },\n        \"country\": \"US\",\n    }],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:SubCloud\n    properties:\n      cloudId: 1\n      exclusions:\n        - datacenter:\n            resourceId: 100\n            name: US-East\n            country: US\n          country: US\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource uses a no-op delete. Import is not typically applicable for sub-cloud resources.\n","properties":{"cloudId":{"type":"integer","description":"The ID of the cloud to which this sub-cloud belongs."},"dcs":{"type":"array","items":{"$ref":"#/types/zia:index:SubCloudDcOutput"},"description":"List of datacenters associated with the sub-cloud."},"exclusions":{"type":"array","items":{"$ref":"#/types/zia:index:SubCloudExclusionInput"},"description":"List of datacenter exclusions for the sub-cloud."},"name":{"type":"string","description":"The name of the sub-cloud."},"resourceId":{"type":"string","description":"The resource ID of the sub-cloud."}},"required":["cloudId","resourceId"],"inputProperties":{"cloudId":{"type":"integer","description":"The ID of the cloud to which this sub-cloud belongs."},"exclusions":{"type":"array","items":{"$ref":"#/types/zia:index:SubCloudExclusionInput"},"description":"List of datacenter exclusions for the sub-cloud."}},"requiredInputs":["cloudId"]},"zia:index:SubscriptionAlert":{"description":"The zia_subscription_alert resource manages subscription alert configurations in the Zscaler Internet Access (ZIA) cloud service. Subscription alerts notify administrators about various system events with configurable severity levels across different categories including security, management, compliance, and system alerts.\n\nFor more information, see the [ZIA Subscription Alerts documentation](https://help.zscaler.com/zia/subscription-alerts).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Subscription Alert\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.SubscriptionAlert(\"example\", {\n    email: \"admin@example.com\",\n    description: \"Critical security alerts\",\n    secureSeverities: [\"CRITICAL\", \"HIGH\"],\n    systemSeverities: [\"CRITICAL\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.SubscriptionAlert(\"example\",\n    email=\"admin@example.com\",\n    description=\"Critical security alerts\",\n    secure_severities=[\"CRITICAL\", \"HIGH\"],\n    system_severities=[\"CRITICAL\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:SubscriptionAlert\n    properties:\n      email: admin@example.com\n      description: Critical security alerts\n      secureSeverities:\n        - CRITICAL\n        - HIGH\n      systemSeverities:\n        - CRITICAL\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Subscription Alert can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:SubscriptionAlert example 12345\n```\n","properties":{"alertId":{"type":"integer","description":"The system-generated ID of the subscription alert."},"complySeverities":{"type":"array","items":{"type":"string"},"description":"Severity levels for compliance alerts."},"description":{"type":"string","description":"Additional information about the subscription alert."},"email":{"type":"string","description":"The email address to which alerts are sent."},"manageSeverities":{"type":"array","items":{"type":"string"},"description":"Severity levels for management alerts."},"pt0Severities":{"type":"array","items":{"type":"string"},"description":"Severity levels for Pt0 alerts."},"secureSeverities":{"type":"array","items":{"type":"string"},"description":"Severity levels for security alerts."},"systemSeverities":{"type":"array","items":{"type":"string"},"description":"Severity levels for system alerts."}},"required":["alertId"],"inputProperties":{"complySeverities":{"type":"array","items":{"type":"string"},"description":"Severity levels for compliance alerts."},"description":{"type":"string","description":"Additional information about the subscription alert."},"email":{"type":"string","description":"The email address to which alerts are sent."},"manageSeverities":{"type":"array","items":{"type":"string"},"description":"Severity levels for management alerts."},"pt0Severities":{"type":"array","items":{"type":"string"},"description":"Severity levels for Pt0 alerts."},"secureSeverities":{"type":"array","items":{"type":"string"},"description":"Severity levels for security alerts."},"systemSeverities":{"type":"array","items":{"type":"string"},"description":"Severity levels for system alerts."}}},"zia:index:TenantRestrictionProfile":{"description":"The zia.TenantRestrictionProfile resource manages tenant restriction profiles in the\nZscaler Internet Access (ZIA) cloud. Tenant restriction profiles control access to cloud\napplication tenants (e.g., Microsoft 365, Google Workspace) by restricting users to\nauthorized tenant domains.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Tenant Restriction Profile\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.TenantRestrictionProfile(\"example\", {\n    name: \"Example Tenant Profile\",\n    description: \"Managed by Pulumi\",\n    appType: \"MICROSOFT\",\n    itemTypePrimary: \"TENANT_ID\",\n    itemDataPrimary: [\"tenant-id-12345\"],\n    restrictPersonalO365Domains: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.TenantRestrictionProfile(\"example\",\n    name=\"Example Tenant Profile\",\n    description=\"Managed by Pulumi\",\n    app_type=\"MICROSOFT\",\n    item_type_primary=\"TENANT_ID\",\n    item_data_primary=[\"tenant-id-12345\"],\n    restrict_personal_o365_domains=True,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:TenantRestrictionProfile\n    properties:\n      name: Example Tenant Profile\n      description: Managed by Pulumi\n      appType: MICROSOFT\n      itemTypePrimary: TENANT_ID\n      itemDataPrimary:\n        - tenant-id-12345\n      restrictPersonalO365Domains: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing tenant restriction profile can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:TenantRestrictionProfile example 12345\n```\n","properties":{"allowGcpCloudStorageRead":{"type":"boolean","description":"Whether to allow GCP Cloud Storage read access."},"allowGoogleConsumers":{"type":"boolean","description":"Whether to allow Google consumer accounts."},"allowGoogleVisitors":{"type":"boolean","description":"Whether to allow Google visitor accounts."},"appType":{"type":"string","description":"The cloud application type (e.g., 'MICROSOFT', 'GOOGLE')."},"description":{"type":"string","description":"Description of the tenant restriction profile."},"itemDataPrimary":{"type":"array","items":{"type":"string"},"description":"List of primary item data values (e.g., tenant IDs)."},"itemDataSecondary":{"type":"array","items":{"type":"string"},"description":"List of secondary item data values."},"itemTypePrimary":{"type":"string","description":"The primary item type (e.g., 'TENANT_ID')."},"itemTypeSecondary":{"type":"string","description":"The secondary item type."},"itemValue":{"type":"array","items":{"type":"string"},"description":"List of item values."},"msLoginServicesTrV2":{"type":"boolean","description":"Whether to enable Microsoft login services tenant restriction v2."},"name":{"type":"string","description":"Name of the tenant restriction profile."},"profileId":{"type":"integer","description":"The unique identifier for the tenant restriction profile assigned by the ZIA cloud."},"restrictPersonalO365Domains":{"type":"boolean","description":"Whether to restrict personal Office 365 domains."}},"required":["name","profileId"],"inputProperties":{"allowGcpCloudStorageRead":{"type":"boolean","description":"Whether to allow GCP Cloud Storage read access."},"allowGoogleConsumers":{"type":"boolean","description":"Whether to allow Google consumer accounts."},"allowGoogleVisitors":{"type":"boolean","description":"Whether to allow Google visitor accounts."},"appType":{"type":"string","description":"The cloud application type (e.g., 'MICROSOFT', 'GOOGLE')."},"description":{"type":"string","description":"Description of the tenant restriction profile."},"itemDataPrimary":{"type":"array","items":{"type":"string"},"description":"List of primary item data values (e.g., tenant IDs)."},"itemDataSecondary":{"type":"array","items":{"type":"string"},"description":"List of secondary item data values."},"itemTypePrimary":{"type":"string","description":"The primary item type (e.g., 'TENANT_ID')."},"itemTypeSecondary":{"type":"string","description":"The secondary item type."},"itemValue":{"type":"array","items":{"type":"string"},"description":"List of item values."},"msLoginServicesTrV2":{"type":"boolean","description":"Whether to enable Microsoft login services tenant restriction v2."},"name":{"type":"string","description":"Name of the tenant restriction profile."},"restrictPersonalO365Domains":{"type":"boolean","description":"Whether to restrict personal Office 365 domains."}},"requiredInputs":["name"]},"zia:index:TrafficCaptureRule":{"description":"The zia.TrafficCaptureRule resource manages traffic capture rules in the Zscaler Internet Access (ZIA) cloud.\nTraffic capture rules define criteria for capturing network traffic for analysis, specifying which traffic\nto capture based on source/destination IPs, locations, departments, users, applications, and other criteria.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Traffic Capture Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.TrafficCaptureRule(\"example\", {\n    name: \"Example Capture Rule\",\n    order: 1,\n    description: \"Managed by Pulumi\",\n    state: \"ENABLED\",\n    action: \"CAPTURE\",\n    srcIps: [\"192.168.1.0/24\"],\n    destAddresses: [\"10.0.0.0/8\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.TrafficCaptureRule(\"example\",\n    name=\"Example Capture Rule\",\n    order=1,\n    description=\"Managed by Pulumi\",\n    state=\"ENABLED\",\n    action=\"CAPTURE\",\n    src_ips=[\"192.168.1.0/24\"],\n    dest_addresses=[\"10.0.0.0/8\"],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:TrafficCaptureRule\n    properties:\n      name: Example Capture Rule\n      order: 1\n      description: Managed by Pulumi\n      state: ENABLED\n      action: CAPTURE\n      srcIps:\n        - 192.168.1.0/24\n      destAddresses:\n        - 10.0.0.0/8\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing traffic capture rule can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:TrafficCaptureRule example 12345\n```\n","properties":{"action":{"type":"string","description":"The action taken when traffic matches the rule (e.g., 'CAPTURE'). Default: 'CAPTURE'."},"appServiceGroups":{"type":"array","items":{"type":"integer"},"description":"List of application service group IDs."},"defaultRule":{"type":"boolean","description":"Whether this is a default rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"List of department IDs."},"description":{"type":"string","description":"Description of the traffic capture rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"List of destination addresses."},"destCountries":{"type":"array","items":{"type":"string"},"description":"List of destination country codes."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"List of destination IP categories."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"List of destination IP group IDs."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"List of device group IDs."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels."},"devices":{"type":"array","items":{"type":"integer"},"description":"List of device IDs."},"groups":{"type":"array","items":{"type":"integer"},"description":"List of group IDs."},"labels":{"type":"array","items":{"type":"integer"},"description":"List of label IDs."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"List of location group IDs."},"locations":{"type":"array","items":{"type":"integer"},"description":"List of location IDs."},"name":{"type":"string","description":"Name of the traffic capture rule."},"nwApplicationGroups":{"type":"array","items":{"type":"integer"},"description":"List of network application group IDs."},"nwApplications":{"type":"array","items":{"type":"string"},"description":"List of network applications."},"nwServiceGroups":{"type":"array","items":{"type":"integer"},"description":"List of network service group IDs."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"List of network service IDs."},"order":{"type":"integer","description":"The rule order of execution for the traffic capture rule."},"predefined":{"type":"boolean","description":"Whether this is a predefined rule."},"rank":{"type":"integer","description":"The admin rank of the rule. Default is 7."},"ruleId":{"type":"integer","description":"The unique identifier for the traffic capture rule assigned by the ZIA cloud."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"List of source country codes."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"List of source IP group IDs."},"srcIps":{"type":"array","items":{"type":"string"},"description":"List of source IP addresses or CIDR ranges."},"state":{"type":"string","description":"The rule state. Accepted values: 'ENABLED' or 'DISABLED'. Default: 'ENABLED'."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"List of time window IDs."},"txnSampling":{"type":"string","description":"Transaction sampling mode. Default: 'NONE'."},"txnSizeLimit":{"type":"string","description":"Transaction size limit. Default: 'NONE'."},"users":{"type":"array","items":{"type":"integer"},"description":"List of user IDs."},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index:WorkloadGroupInput"},"description":"List of workload groups."}},"required":["name","order","ruleId"],"inputProperties":{"action":{"type":"string","description":"The action taken when traffic matches the rule (e.g., 'CAPTURE'). Default: 'CAPTURE'."},"appServiceGroups":{"type":"array","items":{"type":"integer"},"description":"List of application service group IDs."},"defaultRule":{"type":"boolean","description":"Whether this is a default rule."},"departments":{"type":"array","items":{"type":"integer"},"description":"List of department IDs."},"description":{"type":"string","description":"Description of the traffic capture rule."},"destAddresses":{"type":"array","items":{"type":"string"},"description":"List of destination addresses."},"destCountries":{"type":"array","items":{"type":"string"},"description":"List of destination country codes."},"destIpCategories":{"type":"array","items":{"type":"string"},"description":"List of destination IP categories."},"destIpGroups":{"type":"array","items":{"type":"integer"},"description":"List of destination IP group IDs."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"List of device group IDs."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"List of device trust levels."},"devices":{"type":"array","items":{"type":"integer"},"description":"List of device IDs."},"groups":{"type":"array","items":{"type":"integer"},"description":"List of group IDs."},"labels":{"type":"array","items":{"type":"integer"},"description":"List of label IDs."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"List of location group IDs."},"locations":{"type":"array","items":{"type":"integer"},"description":"List of location IDs."},"name":{"type":"string","description":"Name of the traffic capture rule."},"nwApplicationGroups":{"type":"array","items":{"type":"integer"},"description":"List of network application group IDs."},"nwApplications":{"type":"array","items":{"type":"string"},"description":"List of network applications."},"nwServiceGroups":{"type":"array","items":{"type":"integer"},"description":"List of network service group IDs."},"nwServices":{"type":"array","items":{"type":"integer"},"description":"List of network service IDs."},"order":{"type":"integer","description":"The rule order of execution for the traffic capture rule."},"predefined":{"type":"boolean","description":"Whether this is a predefined rule."},"rank":{"type":"integer","description":"The admin rank of the rule. Default is 7."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"List of source country codes."},"srcIpGroups":{"type":"array","items":{"type":"integer"},"description":"List of source IP group IDs."},"srcIps":{"type":"array","items":{"type":"string"},"description":"List of source IP addresses or CIDR ranges."},"state":{"type":"string","description":"The rule state. Accepted values: 'ENABLED' or 'DISABLED'. Default: 'ENABLED'."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"List of time window IDs."},"txnSampling":{"type":"string","description":"Transaction sampling mode. Default: 'NONE'."},"txnSizeLimit":{"type":"string","description":"Transaction size limit. Default: 'NONE'."},"users":{"type":"array","items":{"type":"integer"},"description":"List of user IDs."},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index:WorkloadGroupInput"},"description":"List of workload groups."}},"requiredInputs":["name","order"]},"zia:index:TrafficForwardingGreTunnel":{"description":"The zia_traffic_forwarding_gre_tunnel resource manages GRE (Generic Routing Encapsulation) tunnels for traffic forwarding in the Zscaler Internet Access (ZIA) cloud service. GRE tunnels are used to forward traffic from on-premises networks to the Zscaler cloud.\n\nFor more information, see the [ZIA Traffic Forwarding documentation](https://help.zscaler.com/zia/traffic-forwarding).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic GRE Tunnel\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.TrafficForwardingGreTunnel(\"example\", {\n    sourceIp: \"203.0.113.10\",\n    comment: \"Branch office GRE tunnel\",\n    withinCountry: true,\n    ipUnnumbered: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.TrafficForwardingGreTunnel(\"example\",\n    source_ip=\"203.0.113.10\",\n    comment=\"Branch office GRE tunnel\",\n    within_country=True,\n    ip_unnumbered=True,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:TrafficForwardingGreTunnel\n    properties:\n      sourceIp: \"203.0.113.10\"\n      comment: Branch office GRE tunnel\n      withinCountry: true\n      ipUnnumbered: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing GRE tunnel can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:TrafficForwardingGreTunnel example 12345\n```\n","properties":{"comment":{"type":"string","description":"Additional information about the GRE tunnel."},"countryCode":{"type":"string","description":"Country code (ISO 3166-1 alpha-2) used when withinCountry is true to restrict VIP selection."},"internalIpRange":{"type":"string","description":"The start of the internal IP address in /29 CIDR range. Automatically assigned if not provided."},"ipUnnumbered":{"type":"boolean","description":"When set to true, indicates that the GRE tunnel interface is unnumbered (no internal IP range is assigned)."},"primaryDestVip":{"$ref":"#/types/zia:index:GreTunnelDestVipOutput","description":"The primary destination data center and virtual IP address (VIP) of the GRE tunnel."},"secondaryDestVip":{"$ref":"#/types/zia:index:GreTunnelDestVipOutput","description":"The secondary destination data center and virtual IP address (VIP) of the GRE tunnel."},"sourceIp":{"type":"string","description":"The source IP address of the GRE tunnel. This is typically a static IP associated with the location."},"tunnelId":{"type":"integer","description":"The system-generated ID of the GRE tunnel."},"withinCountry":{"type":"boolean","description":"Restrict the data center virtual IP addresses (VIPs) only to those within the same country as the source IP."}},"required":["sourceIp","tunnelId"],"inputProperties":{"comment":{"type":"string","description":"Additional information about the GRE tunnel."},"countryCode":{"type":"string","description":"Country code (ISO 3166-1 alpha-2) used when withinCountry is true to restrict VIP selection."},"internalIpRange":{"type":"string","description":"The start of the internal IP address in /29 CIDR range. Automatically assigned if not provided."},"ipUnnumbered":{"type":"boolean","description":"When set to true, indicates that the GRE tunnel interface is unnumbered (no internal IP range is assigned)."},"primaryDestVip":{"$ref":"#/types/zia:index:GreTunnelDestVipInput","description":"The primary destination data center and virtual IP address (VIP) of the GRE tunnel."},"secondaryDestVip":{"$ref":"#/types/zia:index:GreTunnelDestVipInput","description":"The secondary destination data center and virtual IP address (VIP) of the GRE tunnel."},"sourceIp":{"type":"string","description":"The source IP address of the GRE tunnel. This is typically a static IP associated with the location."},"withinCountry":{"type":"boolean","description":"Restrict the data center virtual IP addresses (VIPs) only to those within the same country as the source IP."}},"requiredInputs":["sourceIp"]},"zia:index:TrafficForwardingStaticIp":{"description":"The zia_traffic_forwarding_static_ip resource manages static IP addresses for traffic forwarding in the Zscaler Internet Access (ZIA) cloud service. Static IPs are used to associate traffic with a specific location or GRE tunnel.\n\nFor more information, see the [ZIA Traffic Forwarding documentation](https://help.zscaler.com/zia/traffic-forwarding).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Static IP\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.TrafficForwardingStaticIp(\"example\", {\n    ipAddress: \"203.0.113.10\",\n    comment: \"Branch office static IP\",\n    routableIp: true,\n    geoOverride: false,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.TrafficForwardingStaticIp(\"example\",\n    ip_address=\"203.0.113.10\",\n    comment=\"Branch office static IP\",\n    routable_ip=True,\n    geo_override=False,\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:TrafficForwardingStaticIp\n    properties:\n      ipAddress: \"203.0.113.10\"\n      comment: Branch office static IP\n      routableIp: true\n      geoOverride: false\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing static IP can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:TrafficForwardingStaticIp example 12345\n```\n","properties":{"comment":{"type":"string","description":"Additional information about the static IP."},"geoOverride":{"type":"boolean","description":"If not set, geographic coordinates and city are automatically determined from the IP address. When set to true, manually-specified latitude and longitude are used instead."},"ipAddress":{"type":"string","description":"The static IP address."},"latitude":{"type":"number","description":"Required only if geoOverride is true. Latitude of the static IP. Valid range: -90 to 90."},"longitude":{"type":"number","description":"Required only if geoOverride is true. Longitude of the static IP. Valid range: -180 to 180."},"routableIp":{"type":"boolean","description":"Indicates whether a non-RFC 1918 IP address is publicly routable."},"staticIpId":{"type":"integer","description":"The system-generated ID of the static IP."}},"required":["ipAddress","staticIpId"],"inputProperties":{"comment":{"type":"string","description":"Additional information about the static IP."},"geoOverride":{"type":"boolean","description":"If not set, geographic coordinates and city are automatically determined from the IP address. When set to true, manually-specified latitude and longitude are used instead."},"ipAddress":{"type":"string","description":"The static IP address."},"latitude":{"type":"number","description":"Required only if geoOverride is true. Latitude of the static IP. Valid range: -90 to 90."},"longitude":{"type":"number","description":"Required only if geoOverride is true. Longitude of the static IP. Valid range: -180 to 180."},"routableIp":{"type":"boolean","description":"Indicates whether a non-RFC 1918 IP address is publicly routable."}},"requiredInputs":["ipAddress"]},"zia:index:TrafficForwardingVpnCredentials":{"description":"The zia_traffic_forwarding_vpn_credentials resource manages VPN credentials for traffic forwarding in the Zscaler Internet Access (ZIA) cloud service. VPN credentials are used to authenticate IPSec VPN tunnels between on-premises equipment and the Zscaler cloud.\n\nFor more information, see the [ZIA Traffic Forwarding documentation](https://help.zscaler.com/zia/traffic-forwarding).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic VPN Credentials (UFQDN)\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nimport * as pulumi from \"@pulumi/pulumi\";\n\nconst cfg = new pulumi.Config();\nconst vpnPreSharedKey = cfg.requireSecret(\"vpnPreSharedKey\");\n\nconst example = new zia.TrafficForwardingVpnCredentials(\"example\", {\n    type: \"UFQDN\",\n    fqdn: \"user@example.com\",\n    preSharedKey: vpnPreSharedKey,\n    comments: \"Branch office VPN credentials\",\n});\n```\n\n```python\nimport pulumi\nimport zscaler_pulumi_zia as zia\n\ncfg = pulumi.Config()\nvpn_pre_shared_key = cfg.require_secret(\"vpnPreSharedKey\")\n\nexample = zia.TrafficForwardingVpnCredentials(\"example\",\n    type=\"UFQDN\",\n    fqdn=\"user@example.com\",\n    pre_shared_key=vpn_pre_shared_key,\n    comments=\"Branch office VPN credentials\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:TrafficForwardingVpnCredentials\n    properties:\n      type: UFQDN\n      fqdn: user@example.com\n      preSharedKey:\n        fn::secret: ${vpnPreSharedKey}\n      comments: Branch office VPN credentials\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing VPN credential can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:TrafficForwardingVpnCredentials example 12345\n```\n","properties":{"comments":{"type":"string","description":"Additional information about the VPN credential. Maximum 10240 characters."},"fqdn":{"type":"string","description":"Fully Qualified Domain Name (FQDN). Required when type is `UFQDN`."},"ipAddress":{"type":"string","description":"The static IP address associated with the VPN credential. Required when type is `IP`."},"preSharedKey":{"type":"string","description":"Pre-shared key (PSK) for the VPN credential. This is a secret value.","secret":true},"type":{"type":"string","description":"VPN credential type. Valid values: `IP`, `UFQDN`."},"vpnId":{"type":"integer","description":"The system-generated ID of the VPN credential."}},"required":["vpnId"],"inputProperties":{"comments":{"type":"string","description":"Additional information about the VPN credential. Maximum 10240 characters."},"fqdn":{"type":"string","description":"Fully Qualified Domain Name (FQDN). Required when type is `UFQDN`."},"ipAddress":{"type":"string","description":"The static IP address associated with the VPN credential. Required when type is `IP`."},"preSharedKey":{"type":"string","description":"Pre-shared key (PSK) for the VPN credential. This is a secret value.","secret":true},"type":{"type":"string","description":"VPN credential type. Valid values: `IP`, `UFQDN`."}}},"zia:index:URLFilteringRule":{"description":"The zia_url_filtering_rules resource manages URL filtering rules in the Zscaler Internet Access (ZIA) cloud service. URL filtering rules define the actions to take when users access URLs that match specific categories, protocols, locations, departments, groups, or users.\n\nFor more information, see the [ZIA URL Filtering documentation](https://help.zscaler.com/zia/url-filtering).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic URL Filtering Rule\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.URLFilteringRule(\"example\", {\n    name: \"Example URL Filtering Rule\",\n    description: \"Allow access to business URLs\",\n    order: 1,\n    state: \"ENABLED\",\n    action: \"ALLOW\",\n    protocols: [\"ANY_RULE\"],\n    urlCategories: [\"ANY\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.URLFilteringRule(\"example\",\n    name=\"Example URL Filtering Rule\",\n    description=\"Allow access to business URLs\",\n    order=1,\n    state=\"ENABLED\",\n    action=\"ALLOW\",\n    protocols=[\"ANY_RULE\"],\n    url_categories=[\"ANY\"],\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewURLFilteringRule(ctx, \"example\", \u0026zia.URLFilteringRuleArgs{\n\t\t\tName:          pulumi.String(\"Example URL Filtering Rule\"),\n\t\t\tDescription:   pulumi.StringRef(\"Allow access to business URLs\"),\n\t\t\tOrder:         pulumi.Int(1),\n\t\t\tState:         pulumi.StringRef(\"ENABLED\"),\n\t\t\tAction:        pulumi.StringRef(\"ALLOW\"),\n\t\t\tProtocols:     pulumi.ToStringArray([]string{\"ANY_RULE\"}),\n\t\t\tUrlCategories: pulumi.ToStringArray([]string{\"ANY\"}),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:URLFilteringRule\n    properties:\n      name: Example URL Filtering Rule\n      description: Allow access to business URLs\n      order: 1\n      state: ENABLED\n      action: ALLOW\n      protocols:\n        - ANY_RULE\n      urlCategories:\n        - ANY\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing URL Filtering Rule can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:URLFilteringRule example 12345\n```\n","properties":{"action":{"type":"string","description":"Action taken when traffic matches rule criteria. Valid values: `BLOCK`, `CAUTION`, `ALLOW`, `ISOLATE`."},"blockOverride":{"type":"boolean","description":"When set to true, a 'BLOCK' action can be overridden. Can only be set when action is 'BLOCK'."},"browserEunTemplateId":{"type":"integer","description":"Browser End User Notification template ID. Only applicable when action is 'BLOCK' or 'CAUTION'."},"cbiProfile":{"$ref":"#/types/zia:index:CBIProfileInput","description":"The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'."},"ciparule":{"type":"boolean","description":"If set to true, the CIPA Compliance rule is enabled."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments for which the rule must be applied."},"description":{"type":"string","description":"Additional information about the URL filtering rule. Maximum 10240 characters."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"endUserNotificationUrl":{"type":"string","description":"URL of end user notification page to be displayed when the rule is matched. Not applicable if either 'overrideUsers' or 'overrideGroups' is specified."},"enforceTimeValidity":{"type":"boolean","description":"Enforce a set validity time period for the URL filtering rule."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the URL filtering rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations for which the rule must be applied."},"name":{"type":"string","description":"The name of the URL filtering rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other URL filtering rules."},"overrideGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for which this rule can be overridden. Only applicable when action is 'BLOCK' and blockOverride is true."},"overrideUsers":{"type":"array","items":{"type":"integer"},"description":"IDs of users for which this rule can be overridden. Only applicable when action is 'BLOCK' and blockOverride is true."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocols to which the rule applies. Valid values: `SMRULEF_ZPA_BROKERS_RULE`, `ANY_RULE`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `SSL_RULE`."},"rank":{"type":"integer","description":"Admin rank of the URL filtering policy rule. Valid values: 0-7. Default: 7."},"requestMethods":{"type":"array","items":{"type":"string"},"description":"Request methods to which the rule applies. Valid values: `CONNECT`, `DELETE`, `GET`, `HEAD`, `OPTIONS`, `OTHER`, `POST`, `PUT`, `TRACE`."},"ruleId":{"type":"integer","description":"The system-generated ID of the URL filtering rule."},"sizeQuota":{"type":"integer","description":"Size quota in MB beyond which the URL filtering rule is applied. If not set, no quota is enforced. Valid range: 10-100000. Not applicable when action is 'BLOCK'."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Source countries (ISO 3166-1 alpha-2 codes) for the rule."},"sourceIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeQuota":{"type":"integer","description":"Time quota in minutes, after which the URL filtering rule is applied. If not set, no quota is enforced. Valid range: 15-600. Not applicable when action is 'BLOCK'."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories to which the rule applies. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for available categories."},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"User agent types the rule applies to. Valid values: `CHROME`, `FIREFOX`, `MSIE`, `MSEDGE`, `MSCHREDGE`, `OPERA`, `SAFARI`, `OTHER`."},"userRiskScoreLevels":{"type":"array","items":{"type":"string"},"description":"User risk score levels for the rule. Valid values: `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users for which the rule must be applied."},"validityEndTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL filtering rule ceases to be valid on this end date and time (RFC 1123 format)."},"validityStartTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL filtering rule is valid starting on this date and time (RFC 1123 format)."},"validityTimeZoneId":{"type":"string","description":"If enforceTimeValidity is set to true, the URL filtering rule date and time is valid based on this time zone ID. Use IANA format (e.g. 'America/Los_Angeles'). See https://nodatime.org/TimeZones for the complete list."},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index:WorkloadGroupInput"},"description":"List of preconfigured workload groups to which the policy must be applied."}},"required":["name","order","ruleId"],"inputProperties":{"action":{"type":"string","description":"Action taken when traffic matches rule criteria. Valid values: `BLOCK`, `CAUTION`, `ALLOW`, `ISOLATE`."},"blockOverride":{"type":"boolean","description":"When set to true, a 'BLOCK' action can be overridden. Can only be set when action is 'BLOCK'."},"browserEunTemplateId":{"type":"integer","description":"Browser End User Notification template ID. Only applicable when action is 'BLOCK' or 'CAUTION'."},"cbiProfile":{"$ref":"#/types/zia:index:CBIProfileInput","description":"The Cloud Browser Isolation (CBI) profile. Required when action is 'ISOLATE'."},"ciparule":{"type":"boolean","description":"If set to true, the CIPA Compliance rule is enabled."},"departments":{"type":"array","items":{"type":"integer"},"description":"IDs of departments for which the rule must be applied."},"description":{"type":"string","description":"Additional information about the URL filtering rule. Maximum 10240 characters."},"deviceGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of device groups for which the rule must be applied. Applicable for devices managed using Zscaler Client Connector."},"deviceTrustLevels":{"type":"array","items":{"type":"string"},"description":"Device trust levels for the rule. Valid values: `ANY`, `UNKNOWN_DEVICETRUSTLEVEL`, `LOW_TRUST`, `MEDIUM_TRUST`, `HIGH_TRUST`."},"devices":{"type":"array","items":{"type":"integer"},"description":"IDs of devices for which the rule must be applied."},"endUserNotificationUrl":{"type":"string","description":"URL of end user notification page to be displayed when the rule is matched. Not applicable if either 'overrideUsers' or 'overrideGroups' is specified."},"enforceTimeValidity":{"type":"boolean","description":"Enforce a set validity time period for the URL filtering rule."},"groups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for which the rule must be applied."},"labels":{"type":"array","items":{"type":"integer"},"description":"IDs of labels associated with the URL filtering rule."},"locationGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of location groups to which the rule must be applied."},"locations":{"type":"array","items":{"type":"integer"},"description":"IDs of locations for which the rule must be applied."},"name":{"type":"string","description":"The name of the URL filtering rule. Must be unique."},"order":{"type":"integer","description":"The order of execution of the rule with respect to other URL filtering rules."},"overrideGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of groups for which this rule can be overridden. Only applicable when action is 'BLOCK' and blockOverride is true."},"overrideUsers":{"type":"array","items":{"type":"integer"},"description":"IDs of users for which this rule can be overridden. Only applicable when action is 'BLOCK' and blockOverride is true."},"protocols":{"type":"array","items":{"type":"string"},"description":"Protocols to which the rule applies. Valid values: `SMRULEF_ZPA_BROKERS_RULE`, `ANY_RULE`, `TCP_RULE`, `UDP_RULE`, `DOHTTPS_RULE`, `TUNNELSSL_RULE`, `HTTP_PROXY`, `FOHTTP_RULE`, `FTP_RULE`, `SSL_RULE`."},"rank":{"type":"integer","description":"Admin rank of the URL filtering policy rule. Valid values: 0-7. Default: 7."},"requestMethods":{"type":"array","items":{"type":"string"},"description":"Request methods to which the rule applies. Valid values: `CONNECT`, `DELETE`, `GET`, `HEAD`, `OPTIONS`, `OTHER`, `POST`, `PUT`, `TRACE`."},"sizeQuota":{"type":"integer","description":"Size quota in MB beyond which the URL filtering rule is applied. If not set, no quota is enforced. Valid range: 10-100000. Not applicable when action is 'BLOCK'."},"sourceCountries":{"type":"array","items":{"type":"string"},"description":"Source countries (ISO 3166-1 alpha-2 codes) for the rule."},"sourceIpGroups":{"type":"array","items":{"type":"integer"},"description":"IDs of source IP address groups."},"state":{"type":"string","description":"Rule state. Valid values: `ENABLED`, `DISABLED`."},"timeQuota":{"type":"integer","description":"Time quota in minutes, after which the URL filtering rule is applied. If not set, no quota is enforced. Valid range: 15-600. Not applicable when action is 'BLOCK'."},"timeWindows":{"type":"array","items":{"type":"integer"},"description":"IDs of time intervals during which the rule must be enforced."},"urlCategories":{"type":"array","items":{"type":"string"},"description":"List of URL categories to which the rule applies. See the [URL Categories API](https://help.zscaler.com/zia/url-categories#/urlCategories-get) for available categories."},"userAgentTypes":{"type":"array","items":{"type":"string"},"description":"User agent types the rule applies to. Valid values: `CHROME`, `FIREFOX`, `MSIE`, `MSEDGE`, `MSCHREDGE`, `OPERA`, `SAFARI`, `OTHER`."},"userRiskScoreLevels":{"type":"array","items":{"type":"string"},"description":"User risk score levels for the rule. Valid values: `LOW`, `MEDIUM`, `HIGH`, `CRITICAL`."},"users":{"type":"array","items":{"type":"integer"},"description":"IDs of users for which the rule must be applied."},"validityEndTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL filtering rule ceases to be valid on this end date and time (RFC 1123 format)."},"validityStartTime":{"type":"string","description":"If enforceTimeValidity is set to true, the URL filtering rule is valid starting on this date and time (RFC 1123 format)."},"validityTimeZoneId":{"type":"string","description":"If enforceTimeValidity is set to true, the URL filtering rule date and time is valid based on this time zone ID. Use IANA format (e.g. 'America/Los_Angeles'). See https://nodatime.org/TimeZones for the complete list."},"workloadGroups":{"type":"array","items":{"$ref":"#/types/zia:index:WorkloadGroupInput"},"description":"List of preconfigured workload groups to which the policy must be applied."}},"requiredInputs":["name","order"]},"zia:index:UrlCategory":{"description":"The zia_url_categories resource manages custom URL categories in the Zscaler Internet Access (ZIA) cloud service. Custom URL categories allow administrators to define their own groupings of URLs, keywords, and IP ranges for use in URL filtering policies.\n\nFor more information, see the [ZIA URL Categories documentation](https://help.zscaler.com/zia/url-categories).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Custom URL Category\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.UrlCategory(\"example\", {\n    configuredName: \"Example Custom Category\",\n    description: \"Custom category for internal tools\",\n    superCategory: \"USER_DEFINED\",\n    type: \"URL_CATEGORY\",\n    urls: [\n        \"internal.example.com\",\n        \"tools.example.com\",\n    ],\n    customCategory: true,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.UrlCategory(\"example\",\n    configured_name=\"Example Custom Category\",\n    description=\"Custom category for internal tools\",\n    super_category=\"USER_DEFINED\",\n    type=\"URL_CATEGORY\",\n    urls=[\n        \"internal.example.com\",\n        \"tools.example.com\",\n    ],\n    custom_category=True,\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewUrlCategory(ctx, \"example\", \u0026zia.UrlCategoryArgs{\n\t\t\tConfiguredName: pulumi.StringRef(\"Example Custom Category\"),\n\t\t\tDescription:    pulumi.StringRef(\"Custom category for internal tools\"),\n\t\t\tSuperCategory:  pulumi.StringRef(\"USER_DEFINED\"),\n\t\t\tType:           pulumi.StringRef(\"URL_CATEGORY\"),\n\t\t\tUrls:           pulumi.ToStringArray([]string{\"internal.example.com\", \"tools.example.com\"}),\n\t\t\tCustomCategory: pulumi.BoolRef(true),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:UrlCategory\n    properties:\n      configuredName: Example Custom Category\n      description: Custom category for internal tools\n      superCategory: USER_DEFINED\n      type: URL_CATEGORY\n      urls:\n        - internal.example.com\n        - tools.example.com\n      customCategory: true\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing URL Category can be imported using its resource ID, e.g.\n\n```sh\n$ pulumi import zia:index:UrlCategory example CUSTOM_01\n```\n","properties":{"categoryId":{"type":"string","description":"The system-generated ID of the URL category."},"configuredName":{"type":"string","description":"The name of the URL category. Must be unique."},"customCategory":{"type":"boolean","description":"If true, this is a custom URL category. Set to true for custom categories."},"customIpRangesCount":{"type":"integer","description":"The number of custom IP ranges in the category."},"customUrlsCount":{"type":"integer","description":"The number of custom URLs in the category."},"dbCategorizedUrls":{"type":"array","items":{"type":"string"},"description":"URLs added to a custom URL category that have been categorized by the Zscaler database."},"description":{"type":"string","description":"A description of the URL category. Maximum 256 characters."},"editable":{"type":"boolean","description":"Whether the URL category is editable."},"ipRanges":{"type":"array","items":{"type":"string"},"description":"List of custom IP address ranges associated with the URL category."},"ipRangesRetainingParentCategory":{"type":"array","items":{"type":"string"},"description":"List of IP ranges that retain their parent category classification."},"ipRangesRetainingParentCategoryCount":{"type":"integer","description":"The number of IP ranges retaining parent category."},"keywords":{"type":"array","items":{"type":"string"},"description":"List of custom keywords associated with the URL category."},"keywordsRetainingParentCategory":{"type":"array","items":{"type":"string"},"description":"List of keywords that retain their parent category classification."},"regexPatterns":{"type":"array","items":{"type":"string"},"description":"List of regex-based patterns for URL matching."},"regexPatternsRetainingParentCategory":{"type":"array","items":{"type":"string"},"description":"List of regex patterns that retain their parent category classification."},"scopes":{"type":"array","items":{"$ref":"#/types/zia:index:UrlCategoryScopeInput"},"description":"Scopes for the custom URL category, defining location or department restrictions."},"superCategory":{"type":"string","description":"The super category for the URL category (e.g., `USER_DEFINED`)."},"type":{"type":"string","description":"The type of URL category. Valid values: `URL_CATEGORY`, `TLD_CATEGORY`, `ALL`."},"urlKeywordCounts":{"$ref":"#/types/zia:index:UrlCategoryUrlKeywordCountsInput","description":"URL and keyword count statistics for the category."},"urlType":{"type":"string","description":"The URL type. Valid values: `EXACT`, `REGEX`."},"urls":{"type":"array","items":{"type":"string"},"description":"List of custom URLs to add to the category."},"urlsRetainingParentCategoryCount":{"type":"integer","description":"The number of URLs retaining parent category."},"val":{"type":"integer","description":"The internal numeric value of the URL category."}},"required":["categoryId"],"inputProperties":{"configuredName":{"type":"string","description":"The name of the URL category. Must be unique."},"customCategory":{"type":"boolean","description":"If true, this is a custom URL category. Set to true for custom categories."},"dbCategorizedUrls":{"type":"array","items":{"type":"string"},"description":"URLs added to a custom URL category that have been categorized by the Zscaler database."},"description":{"type":"string","description":"A description of the URL category. Maximum 256 characters."},"ipRanges":{"type":"array","items":{"type":"string"},"description":"List of custom IP address ranges associated with the URL category."},"ipRangesRetainingParentCategory":{"type":"array","items":{"type":"string"},"description":"List of IP ranges that retain their parent category classification."},"keywords":{"type":"array","items":{"type":"string"},"description":"List of custom keywords associated with the URL category."},"keywordsRetainingParentCategory":{"type":"array","items":{"type":"string"},"description":"List of keywords that retain their parent category classification."},"regexPatterns":{"type":"array","items":{"type":"string"},"description":"List of regex-based patterns for URL matching."},"regexPatternsRetainingParentCategory":{"type":"array","items":{"type":"string"},"description":"List of regex patterns that retain their parent category classification."},"scopes":{"type":"array","items":{"$ref":"#/types/zia:index:UrlCategoryScopeInput"},"description":"Scopes for the custom URL category, defining location or department restrictions."},"superCategory":{"type":"string","description":"The super category for the URL category (e.g., `USER_DEFINED`)."},"type":{"type":"string","description":"The type of URL category. Valid values: `URL_CATEGORY`, `TLD_CATEGORY`, `ALL`."},"urlKeywordCounts":{"$ref":"#/types/zia:index:UrlCategoryUrlKeywordCountsInput","description":"URL and keyword count statistics for the category."},"urlType":{"type":"string","description":"The URL type. Valid values: `EXACT`, `REGEX`."},"urls":{"type":"array","items":{"type":"string"},"description":"List of custom URLs to add to the category."}}},"zia:index:UrlCategoryPredefined":{"description":"The zia_url_categories_predefined resource manages predefined URL category overrides in the Zscaler Internet Access (ZIA) cloud service. This resource allows administrators to add custom URLs, keywords, and IP ranges to existing predefined (built-in) URL categories. Predefined categories cannot be deleted; the delete operation is a no-op.\n\nFor more information, see the [ZIA URL Categories documentation](https://help.zscaler.com/zia/url-categories).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Override a Predefined URL Category\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.UrlCategoryPredefined(\"example\", {\n    name: \"FINANCE\",\n    urls: [\n        \"finance.example.com\",\n        \"banking.example.com\",\n    ],\n    keywords: [\"financial-portal\"],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.UrlCategoryPredefined(\"example\",\n    name=\"FINANCE\",\n    urls=[\n        \"finance.example.com\",\n        \"banking.example.com\",\n    ],\n    keywords=[\"financial-portal\"],\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewUrlCategoryPredefined(ctx, \"example\", \u0026zia.UrlCategoryPredefinedArgs{\n\t\t\tName:     pulumi.String(\"FINANCE\"),\n\t\t\tUrls:     pulumi.ToStringArray([]string{\"finance.example.com\", \"banking.example.com\"}),\n\t\t\tKeywords: pulumi.ToStringArray([]string{\"financial-portal\"}),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:UrlCategoryPredefined\n    properties:\n      name: FINANCE\n      urls:\n        - finance.example.com\n        - banking.example.com\n      keywords:\n        - financial-portal\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Predefined URL Category override can be imported using its category ID, e.g.\n\n```sh\n$ pulumi import zia:index:UrlCategoryPredefined example FINANCE\n```\n","properties":{"categoryId":{"type":"string","description":"The system-generated ID of the predefined URL category."},"configuredName":{"type":"string","description":"The configured display name of the predefined URL category."},"customIpRangesCount":{"type":"integer","description":"The number of custom IP ranges in the category."},"customUrlsCount":{"type":"integer","description":"The number of custom URLs in the category."},"dbCategorizedUrls":{"type":"array","items":{"type":"string"},"description":"URLs in this category that have been categorized by the Zscaler database."},"editable":{"type":"boolean","description":"Whether the predefined URL category is editable."},"ipRanges":{"type":"array","items":{"type":"string"},"description":"List of custom IP address ranges to add to the predefined category."},"ipRangesRetainingParentCategory":{"type":"array","items":{"type":"string"},"description":"List of IP ranges that retain their parent category classification."},"ipRangesRetainingParentCategoryCount":{"type":"integer","description":"The number of IP ranges retaining parent category."},"keywords":{"type":"array","items":{"type":"string"},"description":"List of custom keywords to add to the predefined category."},"keywordsRetainingParentCategory":{"type":"array","items":{"type":"string"},"description":"List of keywords that retain their parent category classification."},"name":{"type":"string","description":"The name or ID of the predefined URL category to override (e.g., `FINANCE`, `SOCIAL_NETWORKING`)."},"superCategory":{"type":"string","description":"The super category of the predefined URL category."},"type":{"type":"string","description":"The type of the URL category."},"urlType":{"type":"string","description":"The URL type of the predefined category."},"urls":{"type":"array","items":{"type":"string"},"description":"List of custom URLs to add to the predefined category."},"urlsRetainingParentCategoryCount":{"type":"integer","description":"The number of URLs retaining parent category."},"val":{"type":"integer","description":"The internal numeric value of the URL category."}},"required":["name","categoryId"],"inputProperties":{"ipRanges":{"type":"array","items":{"type":"string"},"description":"List of custom IP address ranges to add to the predefined category."},"ipRangesRetainingParentCategory":{"type":"array","items":{"type":"string"},"description":"List of IP ranges that retain their parent category classification."},"keywords":{"type":"array","items":{"type":"string"},"description":"List of custom keywords to add to the predefined category."},"keywordsRetainingParentCategory":{"type":"array","items":{"type":"string"},"description":"List of keywords that retain their parent category classification."},"name":{"type":"string","description":"The name or ID of the predefined URL category to override (e.g., `FINANCE`, `SOCIAL_NETWORKING`)."},"urls":{"type":"array","items":{"type":"string"},"description":"List of custom URLs to add to the predefined category."}},"requiredInputs":["name"]},"zia:index:UrlFilteringCloudAppSettings":{"description":"The zia_url_filtering_and_cloud_app_settings resource manages URL filtering and cloud application settings in the Zscaler Internet Access (ZIA) cloud service. This is a singleton resource that controls global settings for URL filtering features such as safe search enforcement, UCaaS application controls, AI/ML prompt visibility, and CIPA compliance.\n\nFor more information, see the [ZIA URL Filtering documentation](https://help.zscaler.com/zia/url-filtering).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Configure URL Filtering and Cloud App Settings\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.UrlFilteringCloudAppSettings(\"example\", {\n    enableDynamicContentCat: true,\n    enforceSafeSearch: true,\n    enableOffice365: true,\n    enableChatgptPrompt: true,\n    enableCipaCompliance: false,\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.UrlFilteringCloudAppSettings(\"example\",\n    enable_dynamic_content_cat=True,\n    enforce_safe_search=True,\n    enable_office365=True,\n    enable_chatgpt_prompt=True,\n    enable_cipa_compliance=False,\n)\n```\n\n```go\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\tzia \"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := zia.NewUrlFilteringCloudAppSettings(ctx, \"example\", \u0026zia.UrlFilteringCloudAppSettingsArgs{\n\t\t\tEnableDynamicContentCat: pulumi.BoolRef(true),\n\t\t\tEnforceSafeSearch:       pulumi.BoolRef(true),\n\t\t\tEnableOffice365:         pulumi.BoolRef(true),\n\t\t\tEnableChatgptPrompt:     pulumi.BoolRef(true),\n\t\t\tEnableCipaCompliance:    pulumi.BoolRef(false),\n\t\t})\n\t\treturn err\n\t})\n}\n```\n\n```yaml\nresources:\n  example:\n    type: zia:UrlFilteringCloudAppSettings\n    properties:\n      enableDynamicContentCat: true\n      enforceSafeSearch: true\n      enableOffice365: true\n      enableChatgptPrompt: true\n      enableCipaCompliance: false\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThe singleton URL Filtering Cloud App Settings resource can be imported using its fixed ID, e.g.\n\n```sh\n$ pulumi import zia:index:UrlFilteringCloudAppSettings example app_setting\n```\n","properties":{"blockSkype":{"type":"boolean","description":"If true, Skype is blocked."},"considerEmbeddedSites":{"type":"boolean","description":"If true, embedded sites within web pages are considered for URL filtering."},"enableBlockOverrideForNonAuthUser":{"type":"boolean","description":"If true, block override is enabled for non-authenticated users."},"enableChatgptPrompt":{"type":"boolean","description":"If true, ChatGPT prompt visibility and logging is enabled."},"enableCipaCompliance":{"type":"boolean","description":"If true, CIPA (Children's Internet Protection Act) compliance mode is enabled."},"enableClaudePrompt":{"type":"boolean","description":"If true, Claude AI prompt visibility and logging is enabled."},"enableCreativeCommonsSearchResults":{"type":"boolean","description":"If true, Creative Commons search results are enabled."},"enableDeepSeekPrompt":{"type":"boolean","description":"If true, DeepSeek AI prompt visibility and logging is enabled."},"enableDynamicContentCat":{"type":"boolean","description":"If true, dynamic content categorization is enabled."},"enableGeminiPrompt":{"type":"boolean","description":"If true, Google Gemini prompt visibility and logging is enabled."},"enableGrammarlyPrompt":{"type":"boolean","description":"If true, Grammarly AI prompt visibility and logging is enabled."},"enableGrokPrompt":{"type":"boolean","description":"If true, Grok AI prompt visibility and logging is enabled."},"enableMetaPrompt":{"type":"boolean","description":"If true, Meta AI prompt visibility and logging is enabled."},"enableMicrosoftCopilotPrompt":{"type":"boolean","description":"If true, Microsoft Copilot prompt visibility and logging is enabled."},"enableMistralAiPrompt":{"type":"boolean","description":"If true, Mistral AI prompt visibility and logging is enabled."},"enableMsftO365":{"type":"boolean","description":"If true, Microsoft Office 365 optimization is enabled."},"enableNewlyRegisteredDomains":{"type":"boolean","description":"If true, newly registered domains detection is enabled."},"enableOffice365":{"type":"boolean","description":"If true, Office 365 one-click configuration is enabled."},"enablePerPlexityPrompt":{"type":"boolean","description":"If true, Perplexity AI prompt visibility and logging is enabled."},"enablePoepPrompt":{"type":"boolean","description":"If true, POE prompt visibility and logging is enabled."},"enableUcaasLogmein":{"type":"boolean","description":"If true, UCaaS controls for LogMeIn are enabled."},"enableUcaasRingCentral":{"type":"boolean","description":"If true, UCaaS controls for RingCentral are enabled."},"enableUcaasTalkdesk":{"type":"boolean","description":"If true, UCaaS controls for Talkdesk are enabled."},"enableUcaasWebex":{"type":"boolean","description":"If true, UCaaS controls for Webex are enabled."},"enableUcaasZoom":{"type":"boolean","description":"If true, UCaaS controls for Zoom are enabled."},"enableWriterPrompt":{"type":"boolean","description":"If true, Writer AI prompt visibility and logging is enabled."},"enforceSafeSearch":{"type":"boolean","description":"If true, safe search is enforced for supported search engines."},"resourceId":{"type":"string","description":"The fixed resource ID of the singleton URL filtering cloud app settings."},"safeSearchApps":{"type":"array","items":{"type":"string"},"description":"List of application names for which safe search is enforced."},"zveloDbLookupDisabled":{"type":"boolean","description":"If true, Zvelo database lookup is disabled."}},"required":["resourceId"],"inputProperties":{"blockSkype":{"type":"boolean","description":"If true, Skype is blocked."},"considerEmbeddedSites":{"type":"boolean","description":"If true, embedded sites within web pages are considered for URL filtering."},"enableBlockOverrideForNonAuthUser":{"type":"boolean","description":"If true, block override is enabled for non-authenticated users."},"enableChatgptPrompt":{"type":"boolean","description":"If true, ChatGPT prompt visibility and logging is enabled."},"enableCipaCompliance":{"type":"boolean","description":"If true, CIPA (Children's Internet Protection Act) compliance mode is enabled."},"enableClaudePrompt":{"type":"boolean","description":"If true, Claude AI prompt visibility and logging is enabled."},"enableCreativeCommonsSearchResults":{"type":"boolean","description":"If true, Creative Commons search results are enabled."},"enableDeepSeekPrompt":{"type":"boolean","description":"If true, DeepSeek AI prompt visibility and logging is enabled."},"enableDynamicContentCat":{"type":"boolean","description":"If true, dynamic content categorization is enabled."},"enableGeminiPrompt":{"type":"boolean","description":"If true, Google Gemini prompt visibility and logging is enabled."},"enableGrammarlyPrompt":{"type":"boolean","description":"If true, Grammarly AI prompt visibility and logging is enabled."},"enableGrokPrompt":{"type":"boolean","description":"If true, Grok AI prompt visibility and logging is enabled."},"enableMetaPrompt":{"type":"boolean","description":"If true, Meta AI prompt visibility and logging is enabled."},"enableMicrosoftCopilotPrompt":{"type":"boolean","description":"If true, Microsoft Copilot prompt visibility and logging is enabled."},"enableMistralAiPrompt":{"type":"boolean","description":"If true, Mistral AI prompt visibility and logging is enabled."},"enableMsftO365":{"type":"boolean","description":"If true, Microsoft Office 365 optimization is enabled."},"enableNewlyRegisteredDomains":{"type":"boolean","description":"If true, newly registered domains detection is enabled."},"enableOffice365":{"type":"boolean","description":"If true, Office 365 one-click configuration is enabled."},"enablePerPlexityPrompt":{"type":"boolean","description":"If true, Perplexity AI prompt visibility and logging is enabled."},"enablePoepPrompt":{"type":"boolean","description":"If true, POE prompt visibility and logging is enabled."},"enableUcaasLogmein":{"type":"boolean","description":"If true, UCaaS controls for LogMeIn are enabled."},"enableUcaasRingCentral":{"type":"boolean","description":"If true, UCaaS controls for RingCentral are enabled."},"enableUcaasTalkdesk":{"type":"boolean","description":"If true, UCaaS controls for Talkdesk are enabled."},"enableUcaasWebex":{"type":"boolean","description":"If true, UCaaS controls for Webex are enabled."},"enableUcaasZoom":{"type":"boolean","description":"If true, UCaaS controls for Zoom are enabled."},"enableWriterPrompt":{"type":"boolean","description":"If true, Writer AI prompt visibility and logging is enabled."},"enforceSafeSearch":{"type":"boolean","description":"If true, safe search is enforced for supported search engines."},"safeSearchApps":{"type":"array","items":{"type":"string"},"description":"List of application names for which safe search is enforced."},"zveloDbLookupDisabled":{"type":"boolean","description":"If true, Zvelo database lookup is disabled."}}},"zia:index:UserManagementUser":{"description":"The zia.UserManagementUser resource manages user accounts in the Zscaler Internet Access (ZIA) cloud.\nUsers can be assigned to departments and groups, and enrolled with authentication methods such as\nBASIC or DIGEST.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic User Management\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nimport * as pulumi from \"@pulumi/pulumi\";\n\nconst cfg = new pulumi.Config();\nconst userPassword = cfg.requireSecret(\"userPassword\");\n\nconst example = new zia.UserManagementUser(\"example\", {\n    name: \"John Doe\",\n    email: \"john.doe@example.com\",\n    password: userPassword,\n    authMethods: [\"BASIC\"],\n    groups: [12345],\n    department: {\n        id: 67890,\n    },\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\ncfg = pulumi.Config()\nuser_password = cfg.require_secret(\"userPassword\")\n\nexample = zia.UserManagementUser(\"example\",\n    name=\"John Doe\",\n    email=\"john.doe@example.com\",\n    password=user_password,\n    auth_methods=[\"BASIC\"],\n    groups=[12345],\n    department={\n        \"id\": 67890,\n    },\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:UserManagementUser\n    properties:\n      name: John Doe\n      email: john.doe@example.com\n      password:\n        fn::secret: ${userPassword}\n      authMethods:\n        - BASIC\n      groups:\n        - 12345\n      department:\n        id: 67890\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing user can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:UserManagementUser example 12345\n```\n","properties":{"authMethods":{"type":"array","items":{"type":"string"},"description":"Authentication methods for the user. Accepted values: 'BASIC', 'DIGEST'."},"comments":{"type":"string","description":"Comments or notes about the user. Maximum 10240 characters."},"department":{"$ref":"#/types/zia:index:UserDepartmentInput","description":"The department the user belongs to."},"email":{"type":"string","description":"The user's email address. Maximum 127 characters."},"groups":{"type":"array","items":{"type":"integer"},"description":"List of group IDs the user belongs to."},"name":{"type":"string","description":"The user's full name. Maximum 127 characters."},"password":{"type":"string","description":"The user's password. This is a secret and will not be stored in plaintext in the state.","secret":true},"tempAuthEmail":{"type":"string","description":"Temporary authentication email for the user."},"userId":{"type":"integer","description":"The unique identifier for the user assigned by the ZIA cloud."}},"required":["name","email","password","userId"],"inputProperties":{"authMethods":{"type":"array","items":{"type":"string"},"description":"Authentication methods for the user. Accepted values: 'BASIC', 'DIGEST'."},"comments":{"type":"string","description":"Comments or notes about the user. Maximum 10240 characters."},"department":{"$ref":"#/types/zia:index:UserDepartmentInput","description":"The department the user belongs to."},"email":{"type":"string","description":"The user's email address. Maximum 127 characters."},"groups":{"type":"array","items":{"type":"integer"},"description":"List of group IDs the user belongs to."},"name":{"type":"string","description":"The user's full name. Maximum 127 characters."},"password":{"type":"string","description":"The user's password. This is a secret and will not be stored in plaintext in the state.","secret":true},"tempAuthEmail":{"type":"string","description":"Temporary authentication email for the user."}},"requiredInputs":["name","email","password"]},"zia:index:VzenCluster":{"description":"The zia.VzenCluster resource manages Virtual ZEN (VZEN) cluster configurations in the\nZscaler Internet Access (ZIA) cloud. VZEN clusters group multiple VZEN nodes for high availability\nand load balancing of traffic processing.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic VZEN Cluster\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.VzenCluster(\"example\", {\n    name: \"Example VZEN Cluster\",\n    status: \"ENABLED\",\n    type: \"VZEN\",\n    ipAddress: \"10.0.0.20\",\n    subnetMask: \"255.255.255.0\",\n    defaultGateway: \"10.0.0.1\",\n    ipSecEnabled: true,\n    virtualZenNodes: [12345, 67890],\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.VzenCluster(\"example\",\n    name=\"Example VZEN Cluster\",\n    status=\"ENABLED\",\n    type=\"VZEN\",\n    ip_address=\"10.0.0.20\",\n    subnet_mask=\"255.255.255.0\",\n    default_gateway=\"10.0.0.1\",\n    ip_sec_enabled=True,\n    virtual_zen_nodes=[12345, 67890],\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:VzenCluster\n    properties:\n      name: Example VZEN Cluster\n      status: ENABLED\n      type: VZEN\n      ipAddress: \"10.0.0.20\"\n      subnetMask: \"255.255.255.0\"\n      defaultGateway: \"10.0.0.1\"\n      ipSecEnabled: true\n      virtualZenNodes:\n        - 12345\n        - 67890\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing VZEN cluster can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:VzenCluster example 12345\n```\n","properties":{"clusterId":{"type":"integer","description":"The unique identifier for the VZEN cluster assigned by the ZIA cloud."},"defaultGateway":{"type":"string","description":"The default gateway of the VZEN cluster."},"ipAddress":{"type":"string","description":"The IP address of the VZEN cluster."},"ipSecEnabled":{"type":"boolean","description":"Whether IPSec is enabled on the cluster."},"name":{"type":"string","description":"Name of the VZEN cluster."},"status":{"type":"string","description":"The status of the cluster (e.g., 'ENABLED', 'DISABLED')."},"subnetMask":{"type":"string","description":"The subnet mask of the VZEN cluster."},"type":{"type":"string","description":"The type of the VZEN cluster."},"virtualZenNodes":{"type":"array","items":{"type":"integer"},"description":"List of VZEN node IDs that belong to this cluster."}},"required":["clusterId"],"inputProperties":{"defaultGateway":{"type":"string","description":"The default gateway of the VZEN cluster."},"ipAddress":{"type":"string","description":"The IP address of the VZEN cluster."},"ipSecEnabled":{"type":"boolean","description":"Whether IPSec is enabled on the cluster."},"name":{"type":"string","description":"Name of the VZEN cluster."},"status":{"type":"string","description":"The status of the cluster (e.g., 'ENABLED', 'DISABLED')."},"subnetMask":{"type":"string","description":"The subnet mask of the VZEN cluster."},"type":{"type":"string","description":"The type of the VZEN cluster."},"virtualZenNodes":{"type":"array","items":{"type":"integer"},"description":"List of VZEN node IDs that belong to this cluster."}}},"zia:index:VzenNode":{"description":"The zia.VzenNode resource manages Virtual ZEN (VZEN) node configurations in the Zscaler Internet Access (ZIA) cloud.\nVZEN nodes are virtual appliances deployed on-premises to process traffic locally before forwarding to the ZIA cloud.\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic VZEN Node\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.VzenNode(\"example\", {\n    name: \"Example VZEN Node\",\n    status: \"ENABLED\",\n    type: \"VZEN\",\n    ipAddress: \"10.0.0.10\",\n    subnetMask: \"255.255.255.0\",\n    defaultGateway: \"10.0.0.1\",\n    deploymentMode: \"STANDALONE\",\n    vzenSkuType: \"MEDIUM\",\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.VzenNode(\"example\",\n    name=\"Example VZEN Node\",\n    status=\"ENABLED\",\n    type=\"VZEN\",\n    ip_address=\"10.0.0.10\",\n    subnet_mask=\"255.255.255.0\",\n    default_gateway=\"10.0.0.1\",\n    deployment_mode=\"STANDALONE\",\n    vzen_sku_type=\"MEDIUM\",\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:VzenNode\n    properties:\n      name: Example VZEN Node\n      status: ENABLED\n      type: VZEN\n      ipAddress: \"10.0.0.10\"\n      subnetMask: \"255.255.255.0\"\n      defaultGateway: \"10.0.0.1\"\n      deploymentMode: STANDALONE\n      vzenSkuType: MEDIUM\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing VZEN node can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:VzenNode example 12345\n```\n","properties":{"clusterName":{"type":"string","description":"The cluster name if deployment mode is CLUSTER."},"defaultGateway":{"type":"string","description":"The default gateway of the VZEN node."},"deploymentMode":{"type":"string","description":"The deployment mode. Accepted values: 'STANDALONE' or 'CLUSTER'."},"establishSupportTunnelEnabled":{"type":"boolean","description":"Whether establish support tunnel is enabled."},"inProduction":{"type":"boolean","description":"Whether the node is in production."},"ipAddress":{"type":"string","description":"The IP address of the VZEN node."},"ipSecEnabled":{"type":"boolean","description":"Whether IPSec is enabled on the node."},"loadBalancerIpAddress":{"type":"string","description":"The load balancer IP address."},"name":{"type":"string","description":"Name of the VZEN node."},"nodeId":{"type":"integer","description":"The unique identifier for the VZEN node assigned by the ZIA cloud."},"onDemandSupportTunnelEnabled":{"type":"boolean","description":"Whether on-demand support tunnel is enabled."},"status":{"type":"string","description":"The status of the node. Accepted values: 'ENABLED', 'DISABLED', 'DISABLED_BY_SERVICE_PROVIDER', 'NOT_PROVISIONED_IN_SERVICE_PROVIDER', 'IN_TRIAL'."},"subnetMask":{"type":"string","description":"The subnet mask of the VZEN node."},"type":{"type":"string","description":"The type of the VZEN node."},"vzenSkuType":{"type":"string","description":"The VZEN SKU type. Accepted values: 'SMALL', 'MEDIUM', 'LARGE'."}},"required":["nodeId"],"inputProperties":{"clusterName":{"type":"string","description":"The cluster name if deployment mode is CLUSTER."},"defaultGateway":{"type":"string","description":"The default gateway of the VZEN node."},"deploymentMode":{"type":"string","description":"The deployment mode. Accepted values: 'STANDALONE' or 'CLUSTER'."},"establishSupportTunnelEnabled":{"type":"boolean","description":"Whether establish support tunnel is enabled."},"inProduction":{"type":"boolean","description":"Whether the node is in production."},"ipAddress":{"type":"string","description":"The IP address of the VZEN node."},"ipSecEnabled":{"type":"boolean","description":"Whether IPSec is enabled on the node."},"loadBalancerIpAddress":{"type":"string","description":"The load balancer IP address."},"name":{"type":"string","description":"Name of the VZEN node."},"onDemandSupportTunnelEnabled":{"type":"boolean","description":"Whether on-demand support tunnel is enabled."},"status":{"type":"string","description":"The status of the node. Accepted values: 'ENABLED', 'DISABLED', 'DISABLED_BY_SERVICE_PROVIDER', 'NOT_PROVISIONED_IN_SERVICE_PROVIDER', 'IN_TRIAL'."},"subnetMask":{"type":"string","description":"The subnet mask of the VZEN node."},"type":{"type":"string","description":"The type of the VZEN node."},"vzenSkuType":{"type":"string","description":"The VZEN SKU type. Accepted values: 'SMALL', 'MEDIUM', 'LARGE'."}}},"zia:index:WorkloadGroup":{"description":"The zia.WorkloadGroup resource manages workload groups in the Zscaler Internet Access (ZIA) cloud.\nWorkload groups define sets of cloud workloads based on tag expressions that can be used in\nfirewall rules, URL filtering rules, and other policy rules to apply policies to specific\ncloud workloads (e.g., VMs, subnets, ENIs).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Basic Workload Group\n\n```typescript\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst example = new zia.WorkloadGroup(\"example\", {\n    name: \"Example Workload Group\",\n    description: \"Managed by Pulumi\",\n    expressionJson: {\n        expressionContainers: [{\n            tagType: \"VM\",\n            operator: \"AND\",\n            tagContainer: {\n                tags: [{\n                    key: \"environment\",\n                    value: \"production\",\n                }],\n                operator: \"OR\",\n            },\n        }],\n    },\n});\n```\n\n```python\nimport zscaler_pulumi_zia as zia\n\nexample = zia.WorkloadGroup(\"example\",\n    name=\"Example Workload Group\",\n    description=\"Managed by Pulumi\",\n    expression_json={\n        \"expression_containers\": [{\n            \"tag_type\": \"VM\",\n            \"operator\": \"AND\",\n            \"tag_container\": {\n                \"tags\": [{\n                    \"key\": \"environment\",\n                    \"value\": \"production\",\n                }],\n                \"operator\": \"OR\",\n            },\n        }],\n    },\n)\n```\n\n```yaml\nresources:\n  example:\n    type: zia:WorkloadGroup\n    properties:\n      name: Example Workload Group\n      description: Managed by Pulumi\n      expressionJson:\n        expressionContainers:\n          - tagType: VM\n            operator: AND\n            tagContainer:\n              tags:\n                - key: environment\n                  value: production\n              operator: OR\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing workload group can be imported using its ID, e.g.\n\n```sh\n$ pulumi import zia:index:WorkloadGroup example 12345\n```\n","properties":{"description":{"type":"string","description":"Description of the workload group."},"expressionJson":{"$ref":"#/types/zia:index:WorkloadGroupExpressionJsonInput","description":"The expression JSON that defines the workload group matching criteria using tag expressions."},"groupId":{"type":"integer","description":"The unique identifier for the workload group assigned by the ZIA cloud."},"name":{"type":"string","description":"Name of the workload group."}},"required":["groupId"],"inputProperties":{"description":{"type":"string","description":"Description of the workload group."},"expressionJson":{"$ref":"#/types/zia:index:WorkloadGroupExpressionJsonInput","description":"The expression JSON that defines the workload group matching criteria using tag expressions."},"name":{"type":"string","description":"Name of the workload group."}}}},"functions":{"zia:index:getCasbEmailLabel":{"description":"Use this data source to look up a CASB email label by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the CASB email label to look up."},"resourceId":{"type":"integer","description":"The ID of the CASB email label to look up."}},"type":"object"},"outputs":{"properties":{"labelDeleted":{"description":"Whether the email label has been deleted.","type":"boolean"},"name":{"description":"The name of the CASB email label.","type":"string"},"resourceId":{"description":"The ID of the CASB email label.","type":"integer"}},"required":["resourceId","name","labelDeleted"],"type":"object"}},"zia:index:getCasbTenant":{"description":"Use this data source to look up a CASB tenant by ID or name.","inputs":{"properties":{"activeOnly":{"type":"boolean","description":"If true, only return active tenants."},"app":{"type":"string","description":"The application to filter by."},"appType":{"type":"string","description":"The application type to filter by."},"includeDeleted":{"type":"boolean","description":"If true, include deleted tenants in the results."},"tenantId":{"type":"integer","description":"The ID of the CASB tenant to look up."},"tenantName":{"type":"string","description":"The name of the CASB tenant to look up."}},"type":"object"},"outputs":{"properties":{"enterpriseTenantId":{"description":"The enterprise tenant ID.","type":"string"},"featuresSupported":{"description":"The list of features supported by the tenant.","items":{"type":"string"},"type":"array"},"lastTenantValidationTime":{"description":"The last tenant validation time (epoch).","type":"integer"},"modifiedTime":{"description":"The last modification time (epoch).","type":"integer"},"reAuth":{"description":"Whether re-authentication is required.","type":"boolean"},"saasApplication":{"description":"The SaaS application associated with the tenant.","type":"string"},"status":{"description":"The status of the tenant.","items":{"type":"string"},"type":"array"},"tenantDeleted":{"description":"Whether the tenant has been deleted.","type":"boolean"},"tenantId":{"description":"The ID of the CASB tenant.","type":"integer"},"tenantName":{"description":"The name of the CASB tenant.","type":"string"},"tenantWebhookEnabled":{"description":"Whether tenant webhook is enabled.","type":"boolean"},"zscalerAppTenantId":{"description":"The Zscaler application tenant ID.","type":"integer"}},"required":["tenantId","tenantName","modifiedTime","lastTenantValidationTime","saasApplication","enterpriseTenantId","tenantWebhookEnabled","tenantDeleted","reAuth","featuresSupported","status"],"type":"object"}},"zia:index:getCasbTombstoneTemplate":{"description":"Use this data source to look up a CASB quarantine tombstone template by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the tombstone template to look up."},"resourceId":{"type":"integer","description":"The ID of the tombstone template to look up."}},"type":"object"},"outputs":{"properties":{"description":{"description":"The description of the tombstone template.","type":"string"},"name":{"description":"The name of the tombstone template.","type":"string"},"resourceId":{"description":"The ID of the tombstone template.","type":"integer"}},"required":["resourceId","name","description"],"type":"object"}},"zia:index:getCloudApplications":{"description":"Use this data source to look up cloud applications by policy type, application class, or application name.","inputs":{"properties":{"appClass":{"type":"array","items":{"type":"string"},"description":"The application class(es) to filter by."},"appName":{"type":"string","description":"The application name to filter by."},"policyType":{"type":"string","description":"The policy type to filter by. Accepted values: 'cloud_application_policy', 'cloud_application_ssl_policy'."}},"type":"object","required":["policyType"]},"outputs":{"properties":{"applications":{"description":"The list of cloud applications matching the filter criteria.","items":{"$ref":"#/types/zia:index:CloudApplicationItem"},"type":"array"}},"required":["applications"],"type":"object"}},"zia:index:getCloudBrowserIsolationProfile":{"description":"Use this data source to look up a cloud browser isolation profile by name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the cloud browser isolation profile to look up."}},"type":"object"},"outputs":{"properties":{"defaultProfile":{"description":"Whether this is the default profile.","type":"boolean"},"name":{"description":"The name of the cloud browser isolation profile.","type":"string"},"resourceId":{"description":"The ID of the cloud browser isolation profile.","type":"string"},"url":{"description":"The URL of the cloud browser isolation profile.","type":"string"}},"required":["resourceId","name","url","defaultProfile"],"type":"object"}},"zia:index:getDatacenters":{"description":"Use the **zia:index/getDatacenters:getDatacenters** data source to retrieve a list of Zscaler data centers. Results can be filtered by datacenter ID, name (case-insensitive partial match), or city (case-insensitive partial match).\n\n{{% examples %}}\n## Example Usage\n\n{{% example %}}\n### Retrieve All Datacenters\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst all = zia.getDatacenters({});\nexport const datacenters = all.then(r =\u003e r.datacenters);\n```\n\n```python\nimport pulumi\nimport zscaler_pulumi_zia as zia\n\nall = zia.get_datacenters()\npulumi.export(\"datacenters\", all.datacenters)\n```\n\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/zscaler/pulumi-zia/sdk/go/pulumi-zia\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tall, err := zia.GetDatacenters(ctx, \u0026zia.GetDatacentersArgs{}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"datacenters\", pulumi.ToStringArray(all.Datacenters))\n\t\treturn nil\n\t})\n}\n```\n\n```yaml\nvariables:\n  all:\n    fn::invoke:\n      function: zia:getDatacenters\n      arguments: {}\noutputs:\n  datacenters: ${all.datacenters}\n```\n{{% /example %}}\n\n{{% example %}}\n### Filter by City\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as zia from \"@bdzscaler/pulumi-zia\";\n\nconst dc = zia.getDatacenters({ city: \"San Jose\" });\nexport const datacenters = dc.then(r =\u003e r.datacenters);\n```\n\n```python\nimport pulumi\nimport zscaler_pulumi_zia as zia\n\ndc = zia.get_datacenters(city=\"San Jose\")\npulumi.export(\"datacenters\", dc.datacenters)\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis data source is read-only and does not support import.","inputs":{"properties":{"city":{"type":"string","description":"Filter datacenters by city (case-insensitive partial match). When exactly one result is returned, this is set to that datacenter's city."},"datacenterId":{"type":"integer","description":"Filter datacenters by ID. When exactly one result is returned, this is set to that datacenter's ID."},"name":{"type":"string","description":"Filter datacenters by name (case-insensitive partial match). When exactly one result is returned, this is set to that datacenter's name."}},"type":"object"},"outputs":{"properties":{"city":{"description":"The datacenter city when exactly one result is returned.","type":"string"},"datacenterId":{"description":"The datacenter ID when exactly one result is returned.","type":"integer"},"datacenters":{"description":"List of datacenters matching the filter criteria.","items":{"$ref":"#/types/zia:index:DatacenterInfo"},"type":"array"},"name":{"description":"The datacenter name when exactly one result is returned.","type":"string"}},"required":["datacenters"],"type":"object"}},"zia:index:getDevice":{"description":"Use this data source to look up a device by ID, name, model, owner, or OS attributes.","inputs":{"properties":{"deviceModel":{"type":"string","description":"The device model to filter by."},"name":{"type":"string","description":"The name of the device to look up."},"osType":{"type":"string","description":"The OS type to filter by."},"osVersion":{"type":"string","description":"The OS version to filter by."},"ownerName":{"type":"string","description":"The owner name to filter by."},"resourceId":{"type":"integer","description":"The ID of the device to look up."}},"type":"object"},"outputs":{"properties":{"description":{"description":"The description of the device.","type":"string"},"deviceGroupType":{"description":"The device group type.","type":"string"},"deviceModel":{"description":"The model of the device.","type":"string"},"hostname":{"description":"The hostname of the device.","type":"string"},"name":{"description":"The name of the device.","type":"string"},"osType":{"description":"The OS type of the device.","type":"string"},"osVersion":{"description":"The OS version of the device.","type":"string"},"ownerName":{"description":"The name of the device owner.","type":"string"},"ownerUserId":{"description":"The user ID of the device owner.","type":"integer"},"resourceId":{"description":"The ID of the device.","type":"integer"}},"required":["resourceId","name","deviceGroupType","deviceModel","osType","osVersion","description","ownerUserId","ownerName","hostname"],"type":"object"}},"zia:index:getDeviceGroup":{"description":"Use this data source to look up a device group by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the device group to look up."},"resourceId":{"type":"integer","description":"The ID of the device group to look up."}},"type":"object"},"outputs":{"properties":{"description":{"description":"The description of the device group.","type":"string"},"deviceCount":{"description":"The number of devices in the group.","type":"integer"},"deviceNames":{"description":"The device names in the group.","type":"string"},"groupType":{"description":"The type of the device group.","type":"string"},"list":{"description":"The list of all device groups when no specific filter is provided.","items":{"$ref":"#/types/zia:index:DeviceGroupItem"},"type":"array"},"name":{"description":"The name of the device group.","type":"string"},"osType":{"description":"The OS type of the device group.","type":"string"},"predefined":{"description":"Whether the device group is predefined.","type":"boolean"},"resourceId":{"description":"The ID of the device group.","type":"integer"}},"required":["list"],"type":"object"}},"zia:index:getDlpCloudToCloudIr":{"description":"Use this data source to look up a DLP cloud-to-cloud incident receiver by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the cloud-to-cloud incident receiver to look up."},"resourceId":{"type":"integer","description":"The ID of the cloud-to-cloud incident receiver to look up."}},"type":"object"},"outputs":{"properties":{"lastModifiedBy":{"$ref":"#/types/zia:index:LastModifiedByOutput","description":"The user who last modified the incident receiver."},"lastTenantValidationTime":{"description":"The last tenant validation time (epoch).","type":"integer"},"lastValidationMsg":{"$ref":"#/types/zia:index:LastValidationMsgOutput","description":"The last validation message."},"modifiedTime":{"description":"The last modification time (epoch).","type":"integer"},"name":{"description":"The name of the cloud-to-cloud incident receiver.","type":"string"},"onboardableEntity":{"$ref":"#/types/zia:index:OnboardableEntityOutput","description":"The onboardable entity associated with the incident receiver."},"resourceId":{"description":"The ID of the cloud-to-cloud incident receiver.","type":"integer"},"status":{"description":"The status of the incident receiver.","items":{"type":"string"},"type":"array"}},"required":["resourceId","name","status","modifiedTime","lastTenantValidationTime"],"type":"object"}},"zia:index:getDlpDictionaryPredefinedIdentifiers":{"description":"Use this data source to look up predefined DLP dictionary identifiers by dictionary name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the predefined DLP dictionary to look up."}},"type":"object","required":["name"]},"outputs":{"properties":{"predefinedIdentifiers":{"description":"The list of predefined identifiers for the dictionary.","items":{"type":"string"},"type":"array"},"resourceId":{"description":"The ID of the predefined DLP dictionary.","type":"string"}},"required":["resourceId","predefinedIdentifiers"],"type":"object"}},"zia:index:getDlpEdmSchema":{"description":"Use this data source to look up a DLP Exact Data Match (EDM) schema by ID or project name.","inputs":{"properties":{"projectName":{"type":"string","description":"The project name of the DLP EDM schema to look up."},"schemaId":{"type":"integer","description":"The ID of the DLP EDM schema to look up."}},"type":"object"},"outputs":{"properties":{"cellsUsed":{"description":"The number of cells used.","type":"integer"},"fileName":{"description":"The file name of the schema.","type":"string"},"fileUploadStatus":{"description":"The file upload status.","type":"string"},"lastModifiedTime":{"description":"The last modification time (epoch).","type":"integer"},"origColCount":{"description":"The original column count.","type":"integer"},"originalFileName":{"description":"The original file name of the schema.","type":"string"},"projectName":{"description":"The project name of the DLP EDM schema.","type":"string"},"revision":{"description":"The revision number of the schema.","type":"integer"},"schedulePresent":{"description":"Whether a schedule is present.","type":"boolean"},"schemaActive":{"description":"Whether the schema is active.","type":"boolean"},"schemaId":{"description":"The ID of the DLP EDM schema.","type":"integer"}},"required":["schemaId","projectName","revision","fileName","originalFileName","fileUploadStatus","origColCount","lastModifiedTime","cellsUsed","schemaActive","schedulePresent"],"type":"object"}},"zia:index:getDlpIcapServer":{"description":"Use this data source to look up a DLP ICAP server by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the DLP ICAP server to look up."},"resourceId":{"type":"integer","description":"The ID of the DLP ICAP server to look up."}},"type":"object"},"outputs":{"properties":{"name":{"description":"The name of the DLP ICAP server.","type":"string"},"resourceId":{"description":"The ID of the DLP ICAP server.","type":"integer"},"status":{"description":"The status of the DLP ICAP server.","type":"string"},"url":{"description":"The URL of the DLP ICAP server.","type":"string"}},"required":["resourceId","name","url","status"],"type":"object"}},"zia:index:getDlpIdmProfile":{"description":"Use this data source to look up a DLP IDM profile by ID or name.","inputs":{"properties":{"profileId":{"type":"integer","description":"The ID of the DLP IDM profile to look up."},"profileName":{"type":"string","description":"The name of the DLP IDM profile to look up."}},"type":"object"},"outputs":{"properties":{"host":{"description":"The host for the IDM profile.","type":"string"},"lastModifiedTime":{"description":"The last modification time (epoch).","type":"integer"},"numDocuments":{"description":"The number of documents in the profile.","type":"integer"},"port":{"description":"The port for the IDM profile.","type":"integer"},"profileDesc":{"description":"The description of the DLP IDM profile.","type":"string"},"profileDirPath":{"description":"The directory path of the profile.","type":"string"},"profileId":{"description":"The ID of the DLP IDM profile.","type":"integer"},"profileName":{"description":"The name of the DLP IDM profile.","type":"string"},"profileType":{"description":"The type of the DLP IDM profile.","type":"string"},"scheduleDay":{"description":"The schedule day for the profile.","type":"integer"},"scheduleDayOfMonth":{"description":"The schedule days of the month.","items":{"type":"string"},"type":"array"},"scheduleDayOfWeek":{"description":"The schedule days of the week.","items":{"type":"string"},"type":"array"},"scheduleDisabled":{"description":"Whether the schedule is disabled.","type":"boolean"},"scheduleTime":{"description":"The schedule time for the profile.","type":"integer"},"scheduleType":{"description":"The schedule type for the profile.","type":"string"},"uploadStatus":{"description":"The upload status of the profile.","type":"string"},"userName":{"description":"The username associated with the profile.","type":"string"},"version":{"description":"The version of the profile.","type":"integer"},"volumeOfDocuments":{"description":"The volume of documents in the profile.","type":"integer"}},"required":["profileId","profileName","profileDesc","profileType","host","port","profileDirPath","scheduleType","scheduleDay","scheduleTime","scheduleDisabled","uploadStatus","userName","version","volumeOfDocuments","numDocuments","lastModifiedTime","scheduleDayOfMonth","scheduleDayOfWeek"],"type":"object"}},"zia:index:getDlpIdmProfileLite":{"description":"Use this data source to look up a DLP IDM profile (lite) by ID or template name.","inputs":{"properties":{"activeOnly":{"type":"boolean","description":"If true, only return active profiles."},"profileId":{"type":"integer","description":"The ID of the DLP IDM profile to look up."},"templateName":{"type":"string","description":"The template name of the DLP IDM profile to look up."}},"type":"object"},"outputs":{"properties":{"clientVm":{"$ref":"#/types/zia:index:IdNameExtensionsOutput","description":"The client VM associated with the profile."},"lastModifiedBy":{"$ref":"#/types/zia:index:IdNameExtensionsOutput","description":"The user who last modified the profile."},"lastModifiedTime":{"description":"The last modification time (epoch).","type":"integer"},"numDocuments":{"description":"The number of documents in the profile.","type":"integer"},"profileId":{"description":"The ID of the DLP IDM profile.","type":"integer"},"templateName":{"description":"The template name of the DLP IDM profile.","type":"string"}},"required":["profileId","templateName","numDocuments","lastModifiedTime"],"type":"object"}},"zia:index:getDlpIncidentReceiverServer":{"description":"Use this data source to look up a DLP incident receiver server by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the DLP incident receiver server to look up."},"resourceId":{"type":"integer","description":"The ID of the DLP incident receiver server to look up."}},"type":"object"},"outputs":{"properties":{"flags":{"description":"The flags associated with the DLP incident receiver server.","type":"integer"},"name":{"description":"The name of the DLP incident receiver server.","type":"string"},"resourceId":{"description":"The ID of the DLP incident receiver server.","type":"integer"},"status":{"description":"The status of the DLP incident receiver server.","type":"string"},"url":{"description":"The URL of the DLP incident receiver server.","type":"string"}},"required":["resourceId","name","url","status","flags"],"type":"object"}},"zia:index:getDomainProfile":{"description":"Use this data source to look up a domain profile by ID or profile name.","inputs":{"properties":{"profileId":{"type":"integer","description":"The ID of the domain profile to look up."},"profileName":{"type":"string","description":"The name of the domain profile to look up."}},"type":"object"},"outputs":{"properties":{"customDomains":{"description":"The list of custom domains in the profile.","items":{"type":"string"},"type":"array"},"description":{"description":"The description of the domain profile.","type":"string"},"includeCompanyDomains":{"description":"Whether company domains are included.","type":"boolean"},"includeSubdomains":{"description":"Whether subdomains are included.","type":"boolean"},"predefinedEmailDomains":{"description":"The list of predefined email domains in the profile.","items":{"type":"string"},"type":"array"},"profileId":{"description":"The ID of the domain profile.","type":"integer"},"profileName":{"description":"The name of the domain profile.","type":"string"}},"required":["profileId","profileName","description","includeCompanyDomains","includeSubdomains","customDomains","predefinedEmailDomains"],"type":"object"}},"zia:index:getFileTypeCategories":{"description":"Use this data source to look up file type categories, optionally filtered by ID, name, or enum type.","inputs":{"properties":{"enums":{"type":"string","description":"The enum type to filter file type categories."},"excludeCustomFileTypes":{"type":"boolean","description":"If true, exclude custom file types from the results."},"name":{"type":"string","description":"The name of the file type category to look up."},"resourceId":{"type":"integer","description":"The ID of the file type category to look up."}},"type":"object"},"outputs":{"properties":{"categories":{"description":"The list of file type categories returned.","items":{"$ref":"#/types/zia:index:FileTypeCategoryItem"},"type":"array"},"name":{"description":"The name of the matched file type category.","type":"string"},"parent":{"description":"The parent category of the matched file type category.","type":"string"},"resourceId":{"description":"The ID of the matched file type category.","type":"integer"}},"required":["categories"],"type":"object"}},"zia:index:getFwNetworkService":{"description":"Use this data source to look up a firewall network service by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the network service to look up."},"networkServiceId":{"type":"integer","description":"The ID of the network service to look up."}},"type":"object"},"outputs":{"properties":{"name":{"description":"The name of the network service.","type":"string"},"networkServiceId":{"description":"The ID of the network service.","type":"integer"}},"required":["networkServiceId","name"],"type":"object"}},"zia:index:getLocationGroup":{"description":"Use this data source to look up a location group by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the location group to look up."},"resourceId":{"type":"integer","description":"The ID of the location group to look up."}},"type":"object"},"outputs":{"properties":{"comments":{"description":"Comments or notes about the location group.","type":"string"},"deleted":{"description":"Whether the location group has been deleted.","type":"boolean"},"groupType":{"description":"The type of the location group.","type":"string"},"lastModTime":{"description":"The last modification time of the location group (epoch).","type":"integer"},"locationIds":{"description":"List of location IDs that belong to this group.","items":{"type":"integer"},"type":"array"},"name":{"description":"The name of the location group.","type":"string"},"predefined":{"description":"Whether the location group is predefined by Zscaler.","type":"boolean"},"resourceId":{"description":"The ID of the location group.","type":"integer"}},"required":["resourceId","name","deleted","groupType","comments","lastModTime","predefined","locationIds"],"type":"object"}},"zia:index:getSandboxReport":{"description":"Use this data source to retrieve a sandbox report for a given MD5 hash.","inputs":{"properties":{"details":{"type":"string","description":"The level of detail for the report. Accepted values: 'summary' or 'full'. Defaults to 'summary'."},"md5Hash":{"type":"string","description":"The MD5 hash of the file to retrieve the sandbox report for."}},"type":"object","required":["md5Hash"]},"outputs":{"properties":{"classification":{"$ref":"#/types/zia:index:ClassificationOutput","description":"Classification details of the analyzed file."},"exploit":{"description":"Exploit RSS entries from the full report.","items":{"$ref":"#/types/zia:index:SandboxRssOutput"},"type":"array"},"fileProperties":{"$ref":"#/types/zia:index:FilePropertiesOutput","description":"File properties from the sandbox analysis."},"md5Hash":{"description":"The MD5 hash of the file.","type":"string"},"networking":{"description":"Networking RSS entries from the full report.","items":{"$ref":"#/types/zia:index:SandboxRssOutput"},"type":"array"},"origin":{"$ref":"#/types/zia:index:OriginOutput","description":"Origin information of the analyzed file."},"persistence":{"description":"Persistence RSS entries from the full report.","items":{"$ref":"#/types/zia:index:SandboxRssOutput"},"type":"array"},"securityBypass":{"description":"Security bypass RSS entries from the full report.","items":{"$ref":"#/types/zia:index:SandboxRssOutput"},"type":"array"},"spyware":{"description":"Spyware RSS entries from the full report.","items":{"$ref":"#/types/zia:index:SandboxRssOutput"},"type":"array"},"stealth":{"description":"Stealth RSS entries from the full report.","items":{"$ref":"#/types/zia:index:SandboxRssOutput"},"type":"array"},"summary":{"$ref":"#/types/zia:index:SummaryDetailOutput","description":"Summary details of the sandbox analysis."},"systemSummary":{"description":"System summary RSS entries from the full report.","items":{"$ref":"#/types/zia:index:SandboxRssOutput"},"type":"array"}},"required":["md5Hash","systemSummary","spyware","networking","securityBypass","exploit","stealth","persistence"],"type":"object"}},"zia:index:getTimeWindow":{"description":"Use this data source to look up a firewall time window by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the time window to look up."},"resourceId":{"type":"integer","description":"The ID of the time window to look up."}},"type":"object"},"outputs":{"properties":{"dayOfWeek":{"description":"The days of the week the time window applies to.","items":{"type":"string"},"type":"array"},"endTime":{"description":"The end time of the time window (minutes from midnight).","type":"integer"},"name":{"description":"The name of the time window.","type":"string"},"resourceId":{"description":"The ID of the time window.","type":"integer"},"startTime":{"description":"The start time of the time window (minutes from midnight).","type":"integer"}},"required":["resourceId","name","startTime","endTime","dayOfWeek"],"type":"object"}},"zia:index:getUserManagementDepartment":{"description":"Use this data source to look up a user management department by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the department to look up."},"resourceId":{"type":"integer","description":"The ID of the department to look up."}},"type":"object"},"outputs":{"properties":{"comments":{"description":"Comments or notes about the department.","type":"string"},"deleted":{"description":"Whether the department has been deleted.","type":"boolean"},"idpId":{"description":"The IDP ID associated with the department.","type":"integer"},"name":{"description":"The name of the department.","type":"string"},"resourceId":{"description":"The ID of the department.","type":"integer"}},"required":["resourceId","name","idpId","comments","deleted"],"type":"object"}},"zia:index:getUserManagementGroup":{"description":"Use this data source to look up a user management group by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the group to look up."},"resourceId":{"type":"integer","description":"The ID of the group to look up."}},"type":"object"},"outputs":{"properties":{"comments":{"description":"Comments or notes about the group.","type":"string"},"idpId":{"description":"The IDP ID associated with the group.","type":"integer"},"name":{"description":"The name of the group.","type":"string"},"resourceId":{"description":"The ID of the group.","type":"integer"}},"required":["resourceId","name","idpId","comments"],"type":"object"}},"zia:index:getUserManagementUser":{"description":"Use this data source to look up a user management user by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the user to look up."},"userId":{"type":"integer","description":"The ID of the user to look up."}},"type":"object"},"outputs":{"properties":{"adminUser":{"description":"Whether the user is an admin user.","type":"boolean"},"authMethods":{"description":"The authentication methods configured for the user.","items":{"type":"string"},"type":"array"},"comments":{"description":"Comments or notes about the user.","type":"string"},"department":{"$ref":"#/types/zia:index:UserDepartmentOutput","description":"The department the user belongs to."},"email":{"description":"The email address of the user.","type":"string"},"groups":{"description":"The list of groups the user belongs to.","items":{"$ref":"#/types/zia:index:UserGroupOutput"},"type":"array"},"name":{"description":"The full name of the user.","type":"string"},"tempAuthEmail":{"description":"The temporary authentication email for the user.","type":"string"},"type":{"description":"The type of the user.","type":"string"},"userId":{"description":"The ID of the user.","type":"integer"}},"required":["userId","name","email","comments","tempAuthEmail","authMethods","adminUser","type","groups"],"type":"object"}},"zia:index:getVzenCluster":{"description":"Use this data source to look up a VZEN cluster by ID or name.","inputs":{"properties":{"clusterId":{"type":"integer","description":"The ID of the VZEN cluster to look up."},"name":{"type":"string","description":"The name of the VZEN cluster to look up."}},"type":"object"},"outputs":{"properties":{"clusterId":{"description":"The ID of the VZEN cluster.","type":"integer"},"defaultGateway":{"description":"The default gateway of the VZEN cluster.","type":"string"},"ipAddress":{"description":"The IP address of the VZEN cluster.","type":"string"},"ipSecEnabled":{"description":"Whether IPSec is enabled on the cluster.","type":"boolean"},"name":{"description":"The name of the VZEN cluster.","type":"string"},"status":{"description":"The status of the VZEN cluster.","type":"string"},"subnetMask":{"description":"The subnet mask of the VZEN cluster.","type":"string"},"type":{"description":"The type of the VZEN cluster.","type":"string"},"virtualZenNodes":{"description":"The list of virtual ZEN nodes in this cluster.","items":{"$ref":"#/types/zia:index:VirtualZenNodeOutput"},"type":"array"}},"required":["clusterId","name","status","type","ipAddress","subnetMask","defaultGateway","ipSecEnabled","virtualZenNodes"],"type":"object"}},"zia:index:getVzenNode":{"description":"Use this data source to look up a VZEN node by ID or name.","inputs":{"properties":{"name":{"type":"string","description":"The name of the VZEN node to look up."},"nodeId":{"type":"integer","description":"The ID of the VZEN node to look up."}},"type":"object"},"outputs":{"properties":{"clusterName":{"description":"The cluster name if deployment mode is CLUSTER.","type":"string"},"defaultGateway":{"description":"The default gateway of the VZEN node.","type":"string"},"deploymentMode":{"description":"The deployment mode (STANDALONE or CLUSTER).","type":"string"},"establishSupportTunnelEnabled":{"description":"Whether establish support tunnel is enabled.","type":"boolean"},"inProduction":{"description":"Whether the node is in production.","type":"boolean"},"ipAddress":{"description":"The IP address of the VZEN node.","type":"string"},"ipSecEnabled":{"description":"Whether IPSec is enabled on the node.","type":"boolean"},"loadBalancerIpAddress":{"description":"The load balancer IP address.","type":"string"},"name":{"description":"The name of the VZEN node.","type":"string"},"nodeId":{"description":"The ID of the VZEN node.","type":"integer"},"onDemandSupportTunnelEnabled":{"description":"Whether on-demand support tunnel is enabled.","type":"boolean"},"status":{"description":"The status of the VZEN node.","type":"string"},"subnetMask":{"description":"The subnet mask of the VZEN node.","type":"string"},"type":{"description":"The type of the VZEN node.","type":"string"},"vzenSkuType":{"description":"The VZEN SKU type (SMALL, MEDIUM, or LARGE).","type":"string"},"zGatewayId":{"description":"The ZGateway ID associated with the VZEN node.","type":"integer"}},"required":["nodeId","name","status","type","ipSecEnabled","ipAddress","subnetMask","defaultGateway","zGatewayId","inProduction","onDemandSupportTunnelEnabled","establishSupportTunnelEnabled","loadBalancerIpAddress","deploymentMode","clusterName","vzenSkuType"],"type":"object"}},"zia:index:getWorkloadGroup":{"description":"Use this data source to look up a workload group by ID or name.","inputs":{"properties":{"groupId":{"type":"integer","description":"The ID of the workload group to look up."},"name":{"type":"string","description":"The name of the workload group to look up."}},"type":"object"},"outputs":{"properties":{"description":{"description":"The description of the workload group.","type":"string"},"expression":{"description":"The expression string for the workload group.","type":"string"},"expressionJson":{"$ref":"#/types/zia:index:WorkloadGroupExpressionJsonInput","description":"The expression JSON that defines the workload group matching criteria."},"groupId":{"description":"The ID of the workload group.","type":"integer"},"lastModifiedTime":{"description":"The last modification time of the workload group (epoch).","type":"integer"},"name":{"description":"The name of the workload group.","type":"string"}},"required":["groupId","name","description","expression","lastModifiedTime"],"type":"object"}}}}