app_segments_pra¶
The following methods allow for interaction with the ZPA Privileged Remote Access Application Segment API endpoints.
Methods are accessible via zpa.app_segments_pra
Copyright (c) 2023, Zscaler Inc.
Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- class AppSegmentsPRAAPI¶
Bases:
APIClientA client object for Application Segments PRA (Privileged Remote Access).
- add_segment_pra(**kwargs)¶
Create a new Privileged Remote Access (PRA) application segment.
- Parameters:
name (str) – Required. Name of the application segment (user-defined).
domain_names (list[str]) – Required. Domain names or IP addresses for the segment.
segment_group_id (str) – Required. Unique identifier for the segment group.
server_group_ids (list[str]) – Required. List of server group IDs this segment belongs to.
tcp_port_ranges (list[str], optional) – Legacy format. TCP port range pairs (e.g., [‘22’, ‘22’]).
udp_port_ranges (list[str], optional) – Legacy format. UDP port range pairs (e.g., [‘35000’, ‘35000’]).
tcp_port_range (list[dict], optional) – New format. TCP port range pairs [{“from”: “8081”, “to”: “8081”}].
udp_port_range (list[dict], optional) – New format. UDP port range pairs [{“from”: “8081”, “to”: “8081”}].
- Keyword Arguments:
bypass_type (str) – Bypass type for the segment. Values: ALWAYS, NEVER, ON_NET.
config_space (str) – Config space for the segment. Values: DEFAULT, SIEM.
description (str) – Additional information about the segment.
double_encrypt (bool) – If true, enables double encryption.
enabled (bool) – If true, enables the application segment.
health_check_type (str) – Health Check Type. Values: DEFAULT, NONE.
health_reporting (str) – Health Reporting mode. Values: NONE, ON_ACCESS, CONTINUOUS.
ip_anchored (bool) – If true, enables IP Anchoring.
is_cname_enabled (bool) – If true, enables CNAMEs for the segment.
passive_health_enabled (bool) – If true, enables Passive Health Checks.
icmp_access_type (str) – Sets ICMP access type for ZPA clients.
microtenant_id (str, optional) – ID of the microtenant, if applicable.
common_apps_dto (dict, optional) –
Dictionary containing application-specific configurations.
apps_config (list[dict], optional): List of application configuration blocks.
application_port (str): The port used by the application.
application_protocol (str): The protocol used (e.g., RDP, SSH).
- connection_security (str): The security mode for connections.
Values: ANY, NLA, NLA_EXT, TLS, VM_CONNECT, RDP.
enabled (bool): Whether the application is enabled.
domain (str): The domain name of the application.
name (str): The name of the application.
app_types (list[str]): The types of applications is optional (i.e., SECURE_REMOTE_ACCESS).
- Returns:
A tuple containing:
ApplicationSegment: The newly created application segment instance.
Response: The raw API response object.
Error: An error message, if applicable.
- Return type:
Examples
Create an application segment using new TCP port format (tcp_port_range):
>>> added_segment, _, err = client.zpa.app_segments_pra.add_segment_pra( ... name=f"NewPRASegment_{random.randint(1000, 10000)}", ... description=f"NewPRASegment_{random.randint(1000, 10000)}", ... enabled=True, ... domain_names=["rdp_pra01.acme.com"], ... segment_group_id="72058304855089379", ... server_group_ids=["72058304855090128"], ... tcp_port_range=[{"from": "3389", "to": "3389"}], ... udp_port_range=[{"from": "3389", "to": "3389"}], ... common_apps_dto={ ... "apps_config": [ ... { ... "application_port": "3389", ... "application_protocol": "RDP", ... "connection_security": "ANY", ... "enabled": True, ... "domain": "rdp_pra01.acme.com", ... "name": "rdp_pra01.acme.com", ... } ... ] ... }, ... ) >>> if err: ... print(f"Error creating segment: {err}") ... else: ... print(f"Segment created successfully: {added_segment.as_dict()}")
- delete_segment_pra(segment_id, force_delete=False, microtenant_id=None)¶
Delete an PRA application segment.
- Parameters:
- Returns:
The operation response code.
- Return type:
Examples
Delete an AppProtection Application Segment with an id of 99999.
>>> zpa.app_segments_inspection.delete('99999')
Force deletion of an AppProtection Application Segment with an id of 88888.
>>> zpa.app_segments_inspection.delete('88888', force_delete=True)
- get_segment_pra(segment_id, query_params=None)¶
Get details of an application segment by its ID.
- Parameters:
segment_id (str) – The unique ID for the application segment.
- Returns:
A tuple containing (ApplicationSegment, Response, error)
- Return type:
Tuple
Examples
>>> fetched_segment, _, err = client.zpa.app_segments_pra.get_segment_pra('999999') ... if err: ... print(f"Error fetching segment by ID: {err}") ... return ... print(f"Fetched segment by ID: {fetched_segment.as_dict()}")
- list_segments_pra(query_params=None, **kwargs)¶
Enumerates application segment pra in your organization with pagination. A subset of application segment pra can be returned that match a supported filter expression or query.
- Parameters:
{dict} (query_params) –
Map of query parameters for the request.
[query_params.page]{str}: Specifies the page number.[query_params.page_size]{str}: Specifies the page size.If not provided, the default page size is 20. The max page size is 500.
[query_params.search]{str}: Search string for filtering results.[query_params.microtenant_id]{str}: The unique identifier of the microtenant of ZPA tenant.- Returns:
A tuple containing (list of AppSegmentsPRA instances, Response, error)
- Return type:
Examples
>>> segment_list, _, err = client.zpa.app_segments_pra.list_segments_pra( ... query_params={'search': 'AppSegmentPRA01', 'page': '1', 'page_size': '100'}) ... if err: ... print(f"Error listing application segment pra: {err}") ... return ... print(f"Total application segment pra found: {len(segment_list)}") ... for app in segments: ... print(app.as_dict())
- reformat_params = [('server_group_ids', 'serverGroups')]¶
- update_segment_pra(segment_id, **kwargs)¶
Update an existing application segment.
- Parameters:
segment_id (str) – The unique identifier of the application segment.
- Keyword Arguments:
microtenant_id (str, optional) – ID of the microtenant, if applicable.
- Returns:
A tuple containing (ApplicationSegment, Response, error)
- Return type:
Examples
Create an application segment using new TCP port format (tcp_port_range):
>>> updated_segment, _, err = client.zpa.app_segments_pra.update_segment_pra( ... segment_id='9999999' ... name=f"UpdatePRASegment_{random.randint(1000, 10000)}", ... description=f"UpdatePRASegment_{random.randint(1000, 10000)}", ... enabled=True, ... domain_names=["rdp_pra01.acme.com"], ... segment_group_id="72058304855089379", ... server_group_ids=["72058304855090128"], ... tcp_port_range=[{"from": "3389", "to": "3389"}], ... udp_port_range=[{"from": "3389", "to": "3389"}], ... common_apps_dto={ ... "apps_config": [ ... { ... "application_port": "3389", ... "application_protocol": "RDP", ... "connection_security": "ANY", ... "enabled": True, ... "domain": "rdp_pra01.acme.com", ... "name": "rdp_pra01.acme.com", ... } ... ] ... }, ... ) ... if err: ... print(f"Error updating segment: {err}") ... return ... print(f"segment updated successfully: {updated_segment.as_dict()}")