/ home / hyperledger_labs / hyperledger_labs.fabric_ansible_collection / 2.0.0 / module / external_certificate_authority

hyperledger_labs.fabric_ansible_collection.external_certificate_authority (2.0.0) — module

Manage an external Hyperledger Fabric certificate authority

Authors: Simon Stone (@sstone1)

preview | supported by community

Install collection

Install with ansible-galaxy collection install hyperledger_labs.fabric_ansible_collection:==2.0.0

Add to requirements.yml

  collections:
    - name: hyperledger_labs.fabric_ansible_collection
      version: 2.0.0

Description

Import or remove an external Hyperledger Fabric certificate authority.

This module works with the IBM Support for Hyperledger Fabric software or the Hyperledger Fabric Open Source Stack running in a Red Hat OpenShift or Kubernetes cluster.

Usage examples

Scanned by Steampunk Spotter

- name: Import the certificate authority
  hyperledger.fabric_ansible_collection.external_certificate_authority:
    status: present
    api_endpoint: https://console.example.org:32000
    api_authtype: basic
    api_key: xxxxxxxx
    api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    certificate_authority: "{{ lookup('file', 'Org1 CA.json') }}"

Scanned by Steampunk Spotter

- name: Remove the imported certificate authority
  hyperledger.fabric_ansible_collection.external_certificate_authority:
    state: absent
    api_endpoint: https://console.example.org:32000
    api_authtype: basic
    api_key: xxxxxxxx
    api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    name: Org1 CA

Inputs

name:
description:
- The name of the external certificate authority.
- Only required when I(state) is C(absent).
type: str

state:
choices:
- absent
- present
default: present
description:
- C(absent) - A certificate authority matching the specified name will be stopped
and removed.
- C(present) - Asserts that a certificate authority matching the specified name and
configuration exists. If no certificate authority matches the specified name, a
certificate authority will be created. If a certificate authority matches the specified
name but the configuration does not match, then the certificate authority will be
updated, if it can be. If it cannot be updated, it will be removed and re-created
with the specified configuration.
type: str

api_key:
description:
- The API key for the Fabric operations console.
required: true
type: str

api_secret:
description:
- The API secret for the Fabric operations console.
- Only required when I(api_authtype) is C(basic).
type: str

api_timeout:
default: 60
description:
- The timeout, in seconds, to use when interacting with the Fabric operations console.
type: int

api_authtype:
description:
- C(basic) - Authenticate to the Fabric operations console using basic authentication.
You must provide both a valid API key using I(api_key) and API secret using I(api_secret).
required: true
type: str

api_endpoint:
description:
- The URL for the Fabric operations console.
required: true
type: str

certificate_authority:
description:
- The definition of the external certificate authority
- Only required when I(state) is C(present).
suboptions:
api_url:
description:
- The URL for the API of the certificate authority.
type: str
ca_name:
description:
- The certificate authority name to use for enrollment requests.
type: str
ca_url:
description:
- The URL for the API of the certificate authority.
type: str
location:
description:
- The location of the certificate authority.
type: str
name:
description:
- The name of the certificate authority.
type: str
operations_url:
description:
- The URL for the operations service of the certificate authority.
type: str
pem:
description:
- The TLS certificate chain for the certificate authority.
- The TLS certificate chain is returned as a base64 encoded PEM.
type: str
tls_cert:
description:
- The TLS certificate chain for the certificate authority.
- The TLS certificate chain is returned as a base64 encoded PEM.
type: str
tlsca_name:
description:
- The certificate authority name to use for TLS enrollment requests.
type: str
type: dict

Outputs

certificate_authority:
  contains:
    api_url:
      description:
      - The URL for the API of the certificate authority.
      sample: https://org1ca-api.example.org:32000
      type: str
    ca_name:
      description:
      - The certificate authority name to use for enrollment requests.
      sample: ca
      type: str
    ca_url:
      description:
      - The URL for the API of the certificate authority.
      sample: https://org1ca-api.example.org:32000
      type: str
    location:
      description:
      - The location of the certificate authority.
      sample: ibmcloud
      type: str
    name:
      description:
      - The name of the certificate authority.
      sample: Org1 CA
      type: str
    operations_url:
      description:
      - The URL for the operations service of the certificate authority.
      sample: https://org1ca-operations.example.org:32000
      type: str
    pem:
      description:
      - The TLS certificate chain for the certificate authority.
      - The TLS certificate chain is returned as a base64 encoded PEM.
      sample: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...
      type: str
    tls_cert:
      description:
      - The TLS certificate chain for the certificate authority.
      - The TLS certificate chain is returned as a base64 encoded PEM.
      sample: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...
      type: str
    tlsca_name:
      description:
      - The certificate authority name to use for TLS enrollment requests.
      sample: tlsca
      type: str
  description:
  - The certificate authority.
  returned: when I(state) is C(present)
  type: dict