Try SpotterManage a registered Hyperledger Fabric identity
Authors: Simon Stone (@sstone1)
preview | supported by community
Install with ansible-galaxy collection install hyperledger.fabric_ansible_collection:==2.0.7
collections:
- name: hyperledger.fabric_ansible_collection
version: 2.0.7Register, update, or revoke an Hyperledger Fabric identity.
This module works with the IBM Support for Hyperledger Fabric software or the Hyperledger Fabric Open Source Stack running in a Red Hat OpenShift or Kubernetes cluster.
- name: Register a new identity
hyperledger.fabric_ansible_collection.registered_identity:
state: present
api_endpoint: https://console.example.org:32000
api_authtype: basic
api_key: xxxxxxxx
api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
certificate_authority: Org1 CA
registrar: Org1 CA Admin.json
enrollment_id: org1app
enrollment_secret: org1apppw
max_enrollments: 10
type: client
attributes:
- name: "fabcar.admin"
value: "true"
- name: Delete an existing identity
hyperledger.fabric_ansible_collection.registered_identity:
state: absent
api_endpoint: https://console.example.org:32000
api_authtype: basic
api_key: xxxxxxxx
api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
certificate_authority: Org1 CA
registrar: Org1 CA Admin.json
enrollment_id: org1app
hsm:
description:
- 'The PKCS #11 compliant HSM configuration to use for digital signatures.'
- Only required if the identity specified in I(registrar) was enrolled using an HSM.
suboptions:
label:
description:
- The HSM label that should be used for digital signatures.
type: str
pin:
description:
- The HSM pin that should be used for digital signatures.
type: str
pkcs11library:
description:
- 'The PKCS #11 library that should be used for digital signatures.'
type: str
type: dict
type:
choices:
- admin
- client
- peer
- orderer
default: client
description:
- The type of this identity.
type: str
state:
choices:
- absent
- present
default: present
description:
- C(absent) - If an identity is registered matching the specified enrollment ID, the
identity will be removed. Note that this operation is unsupported by default and
must be enabled by the certificate authority.
- C(present) - Asserts that an identity matching the specified enrollment ID and configuration
is registered. If no identity matches the specified enrollment ID, the identity
will be created. If an identity matches the specified enrollment ID but the configuration
does not match, then the identity will be updated, if it can be. If it cannot be
updated, it will be removed and re-created with the specified configuration.
type: str
api_key:
description:
- The API key for the Fabric operations console.
required: true
type: str
registrar:
description:
- The identity to use when interacting with the certificate authority.
- You can pass a string, which is the path to the JSON file where the enrolled identity
is stored.
- You can also pass a dict, which must match the result format of one of the M(enrolled_identity_info)
or M(enrolled_identity) modules.
required: true
type: raw
api_secret:
description:
- The API secret for the Fabric operations console.
- Only required when I(api_authtype) is C(basic).
type: str
attributes:
description:
- The attributes for this identity.
elements: dict
suboptions:
ecert:
description:
- Whether or not the attribute and its value will be in the enrollment certificate.
type: bool
name:
description:
- The name of the attribute.
type: str
value:
description:
- The value of the attribute.
type: str
type: list
affiliation:
description:
- The affiliation of this identity.
type: str
api_timeout:
default: 60
description:
- The timeout, in seconds, to use when interacting with the Fabric operations console.
type: int
api_authtype:
description:
- C(basic) - Authenticate to the Fabric operations console using basic authentication.
You must provide both a valid API key using I(api_key) and API secret using I(api_secret).
required: true
type: str
api_endpoint:
description:
- The URL for the Fabric operations console.
required: true
type: str
enrollment_id:
description:
- The enrollment ID, or user name, of the identity to register on the certificate
authority.
required: true
type: str
max_enrollments:
default: -1
description:
- The maximum number of times that this identity can be enrolled.
type: int
enrollment_secret:
description:
- The enrollment secret, or password, of an identity to register on the certificate
authority.
- Only required when I(state) is C(present).
type: str
certificate_authority:
description:
- The certificate authority to use to register this identity.
- You can pass a string, which is the display name of a certificate authority registered
with the Fabric operations console.
- You can also pass a dictionary, which must match the result format of one of the
M(certificate_authority_info) or M(certificate_authority) modules.
required: true
type: raw
registered_identity:
contains:
affiliation:
description:
- The affiliation of this identity.
sample: org1.department
type: str
attributes:
contains:
ecert:
description:
- Whether or not the attribute and its value will be in the enrollment certificate.
sample: true
type: bool
name:
description:
- The name of the attribute.
sample: fabcar.admin
type: str
value:
description:
- The value of the attribute.
sample: true
type: str
description:
- The attributes for this identity.
elements: dict
type: list
enrollment_id:
description:
- The enrollment ID, or user name, of the identity.
sample: org1admin
type: str
enrollment_secret:
description:
- The enrollment secret, or password, of an identity.
sample: org1adminpw
type: str
max_enrollments:
description:
- The maximum number of times that this identity can be enrolled.
sample: -1
type: int
type:
description:
- The type of this identity.
sample: admin
type: str
description:
- The registered identity.
returned: when I(state) is C(present)
type: dict