app_segments_ba_v2

The following methods allow for interaction with the ZPA Browser Access Application Segment v2 API endpoints.

Methods are accessible via zpa.app_segments_ba_v2

Copyright (c) 2023, Zscaler Inc.

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

class AppSegmentsBAV2API

Bases: APIClient

A client object for Broser Access Application Segments.

add_segment_ba(**kwargs)

Create a new Browser Access application segment.

Parameters:

  • name (str) – Required. Name of the application segment (user-defined).

  • domain_names (list[str]) – Required. Domain names or IP addresses for the segment.

  • segment_group_id (str) – Required. Unique identifier for the segment group.

  • server_group_ids (list[str]) – Required. List of server group IDs this segment belongs to.

  • tcp_port_ranges (list[str], optional) – Legacy format. TCP port range pairs (e.g., [‘22’, ‘22’]).

  • udp_port_ranges (list[str], optional) – Legacy format. UDP port range pairs (e.g., [‘35000’, ‘35000’]).

  • tcp_port_range (list[dict], optional) – New format. TCP port range pairs [{“from”: “8081”, “to”: “8081”}].

  • udp_port_range (list[dict], optional) – New format. UDP port range pairs [{“from”: “8081”, “to”: “8081”}].

Keyword Arguments:

  • bypass_type (str) – Bypass type for the segment. Values: ALWAYS, NEVER, ON_NET.

  • config_space (str) – Config space for the segment. Values: DEFAULT, SIEM.

  • description (str) – Additional information about the segment.

  • double_encrypt (bool) – If true, enables double encryption.

  • enabled (bool) – If true, enables the application segment.

  • health_check_type (str) – Health Check Type. Values: DEFAULT, NONE.

  • health_reporting (str) – Health Reporting mode. Values: NONE, ON_ACCESS, CONTINUOUS.

  • ip_anchored (bool) – If true, enables IP Anchoring.

  • is_cname_enabled (bool) – If true, enables CNAMEs for the segment.

  • passive_health_enabled (bool) – If true, enables Passive Health Checks.

  • icmp_access_type (str) – Sets ICMP access type for ZPA clients.

  • microtenant_id (str, optional) – ID of the microtenant, if applicable.

  • common_apps_dto (dict, optional) –

    Dictionary containing application-specific configurations.

    • apps_config (list[dict], optional): List of application configuration blocks.

    • application_port (str): The port used by the application.

    • application_protocol (str): The protocol used (e.g., HTTP, HTTPS).

    • enabled (bool): Whether the application is enabled.

    • certificate_id (bool): Whether the application is enabled.

    • domain (str): The domain name of the application.

    • name (str): The name of the application.

    • app_types (list[str]): The types of applications is optional (i.e., BROWSER_ACCESS).

Returns:

A tuple containing:

  • ApplicationSegment: The newly created application segment instance.

  • Response: The raw API response object.

  • Error: An error message, if applicable.

Return type:

tuple

Examples

Create a new browser access application segment using new TCP port format (tcp_port_range):

>>> added_segment, _, err = client.zpa.app_segments_ba_v2.add_segment_ba(
...     name=f"NewBASegment{random.randint(1000, 10000)}",
...     description=f"NewBASegment{random.randint(1000, 10000)}",
...     enabled=True,
...     domain_names=["ba_access01.securitygeek.io", "ba_access02.securitygeek.io"],
...     segment_group_id="72058304855114308",
...     server_group_ids=["72058304855090128"],
...     tcp_port_range=[{"from": "443", "to": "443"}, {"from": "4443", "to": "4443"}],
...     udp_port_range=[{"from": "443", "to": "443"}, {"from": "4443", "to": "4443"}],
...     common_apps_dto={
...         "apps_config": [
...             {
...                 "app_types": ["BROWSER_ACCESS"],
...                 "certificate_id": "72058304855021564",
...                 "application_port": "443",
...                 "application_protocol": "HTTPS",
...                 "domain": "ba_access01.securitygeek.io",
...             },
...             {
...                 "app_types": ["BROWSER_ACCESS"],
...                 "certificate_id": "72058304855021564",
...                 "application_port": "4443",
...                 "application_protocol": "HTTPS",
...                 "domain": "ba_access02.securitygeek.io",
...             },
...         ]
...     },
... )
>>> if err:
...     print(f"Error adding BA Application segment: {err}")
...     return
... print(f"BA Application Segment added successfully: {added_segment.as_dict()}")
delete_segment_ba(segment_id, force_delete=False, microtenant_id=None)

Delete an Browser Access application segment.

Parameters:

  • segment_id (str) – The unique identifier for the Browser Access application segment.

  • force_delete (bool) – Setting this field to true deletes the mapping between Browser Access Application Segment and Segment Group.

  • microtenant_id (str, optional) – The optional ID of the microtenant if applicable.

Returns:

The operation response code.

Return type:

int

Examples

Delete an Browser Access Application Segment with an id of 99999.

>>> _, _, err = client.zpa.app_segments_ba_v2.delete_segment_ba('99999')
>>> if err:
...     print(f"Error deleting BA Application Segment: {err}")
...     return
... print(f"BA Application Segment with ID '99999' deleted successfully.")
get_segment_ba(segment_id, query_params=None)

Get details of an application segment by its ID.

Parameters:

segment_id (str) – The unique ID for the application segment.

Returns:

A tuple containing (ApplicationSegment, Response, error)

Return type:

Tuple

Examples

>>> fetched_segment, _, err = client.zpa.app_segments_ba_v2.get_segment_ba('999999')
... if err:
...     print(f"Error fetching segment by ID: {err}")
...     return
... print(f"Fetched segment by ID: {fetched_segment.as_dict()}")
list_segments_ba(query_params=None, **kwargs)

Enumerates application segment browser access in your organization with pagination. A subset of application segment browser access can be returned that match a supported filter expression or query.

Parameters:

{dict} (query_params) –

Map of query parameters for the request.

[query_params.page] {str}: Specifies the page number.

[query_params.page_size] {str}: Specifies the page size.

If not provided, the default page size is 20. The max page size is 500.

[query_params.search] {str}: Search string for filtering results. [query_params.microtenant_id] {str}: The unique identifier of the microtenant of ZPA tenant.

Returns:

A tuple containing (list of ApplicationSegments instances, Response, error)

Return type:

tuple

Examples

>>> segment_list, _, err = client.zpa.app_segments_ba_v2.list_segments_ba(
... query_params={'search': 'AppSegmentBA01', 'page': '1', 'page_size': '100'})
... if err:
...     print(f"Error listing application segment browser access: {err}")
...     return
... print(f"Total application segment browser access found: {len(segment_list)}")
... for app in segments:
...     print(app.as_dict())
reformat_params = [('server_group_ids', 'serverGroups')]
update_segment_ba(segment_id, **kwargs)

Update an existing browser access application segment.

Parameters:

segment_id (str) – The unique identifier of the application segment.

Keyword Arguments:

microtenant_id (str, optional) – ID of the microtenant, if applicable.

Returns:

A tuple containing (ApplicationSegment, Response, error)

Return type:

tuple

Examples

Create an application segment using new TCP port format (tcp_port_range):

>>> updated_segment, _, err = client.zpa.app_segments_ba_v2.add_segment_ba(
...     segment_id='1455863112',
...     name=f"UpdatedBASegment_{random.randint(1000, 10000)}",
...     description=f"UpdatedBASegment_{random.randint(1000, 10000)}",
...     enabled=True,
...     domain_names=["ba_access01.acme.com", "ba_access02.acme.com"],
...     segment_group_id="72058304855114308",
...     server_group_ids=["72058304855090128"],
...     tcp_port_range=[{"from": "443", "to": "443"}, {"from": "4443", "to": "4443"}],
...     udp_port_range=[{"from": "443", "to": "443"}, {"from": "4443", "to": "4443"}],
...     common_apps_dto={
...         "apps_config": [
...             {
...                 "app_types": ["BROWSER_ACCESS"],
...                 "certificate_id": "72058304855021564",
...                 "application_port": "443",
...                 "application_protocol": "HTTPS",
...                 "domain": "ba_access01.acme.com",
...             }
...         ]
...     },
... )
>>> if err:
...     print(f"Error updating BA Application segment: {err}")
...     return
... print(f"BA Application Segment updated successfully: {updated_segment.as_dict()}")