smallstep / smallstep.agent / 0.0.1 / module / collection Manage a Smallstep collection Authors: Joe Doss (@jdoss)smallstep.agent.collection (0.0.1) — module
Install with ansible-galaxy collection install smallstep.agent:==0.0.1
collections: - name: smallstep.agent version: 0.0.1
Manage a Smallstep collection
- name: Manage Smallstep Collection for AWS smallstep.agent.collection: slug: "aws-nginx-demo" name: "AWS NGINX Demo" admin_emails: - jdoss@smallstep.com device_type: aws_vm: accounts: - "123456789011" - "222233334444" disable_custom_sans: True api_token: "eyJUzI1NiI..."
- name: Manage Smallstep Collection for Azure smallstep.agent.collection: slug: "azure-nginx-demo" name: "Azure NGINX Demo" admin_emails: - jdoss@smallstep.com device_type: azure_vm: resource_groups: - my-resource-group - my-other-resource-group tenant_id: - 847cb745-de21-4622-9c05-f15b069c3f04 disable_custom_sans: True api_token: "eyJUzI1NiI..."
- name: Manage Smallstep Collection for GCP smallstep.agent.collection: slug: "gcp-nginx-demo" name: "GCP NGINX Demo" admin_emails: - jdoss@smallstep.com device_type: gcp_vm: project_ids: - prod - dev service_accounts: - production@prod.iam.gserviceaccount.com - development@dev.iam.gserviceaccount.com disable_custom_sans: True api_token: "eyJUzI1NiI..."
name: description: - The name of the collection. - Required. type: str slug: description: - The slug of the collection. - Required. type: str state: choices: - absent - present default: present description: - State of the instance. type: str api_host: description: The Smallstep host used when connecting. env: - name: SMALLSTEP_API_HOST type: str api_token: description: - The Smallstep API Token used when connecting. - Required. env: - name: SMALLSTEP_API_host type: str device_type: description: - The device type of the collection - Required. elements: dict required: true suboptions: aws_vm: elements: dict suboptions: accounts: description: - The list of AWS account IDs that are allowed to use this provisioner. - Required for AWS device type. elements: str required: true type: list disable_custom_sans: description: - By default custom SANs are valid, but if this option is set to true only the SANs available in the instance identity document will be valid. - These are the private IP and the DNS ip-..compute.internal. type: bool type: list azure_vm: suboptions: audience: default: https://management.azure.com/ description: - Defaults to https://management.azure.com/ but it can be changed if necessary. required: false type: str disable_custom_sans: description: - By default custom SANs are valid, but if this option is set to true only the SANs available in the instance identity document will be valid. - These are the private IP and the DNS ip-..compute.internal. required: false type: bool resource_groups: description: - The list of Azure resource group names that are allowed to use this provisioner. - Required for Azure device type. elements: str required: true type: list tenant_id: description: - The Azure account tenant ID for this provisioner. - This ID is the Directory ID available in the Azure Active Directory properties. - Required for Azure device type. required: true type: bool type: dict gcp_vm: suboptions: disable_custom_sans: description: - By default custom SANs are valid, but if this option is set to true only the SANs available in the instance identity document will be valid. - These are the private IP and the DNS entries of the device. required: false type: bool project_ids: description: - List of GCP Project IDs that are allowed to use this provisioner. - Required for GCP device type. elements: str required: true type: list service_accounts: description: - List of GCP service accounts that are allowed to use this provisioner. - Required for GCP device type. elements: str required: true type: list type: dict tpm: suboptions: attestor_intermediates: description: - The pem-encoded list of certificates used to verify the attestation certificates submitted by agents. Ignored if the team already has an attestation authority. - Required if the team does not already have an attestation authority. required: false type: str attestor_roots: description: - The pem-encoded list of intermediate certificates used to build a chain of trust to verify the attestation certificates submitted by agents. - Ignored if the team already has an attestation authority. required: false type: str force_cn: description: - Force one of the SANs to become the Common Name, if a Common Name is not provided. required: false type: bool require_eab: description: - Only ACME clients that have been preconfigured with valid EAB credentials will be able to create an account with this provisioner. required: false type: bool type: dict type: dict admin_emails: description: - Users that will have admin access to manage the agents authority, - Required. elements: str required: true type: list
smallstep_collection: contains: null description: Manage a Smallstep Collection returned: Always smallstep_collection: collection_slug: hotdog-production device_type: aws_vm: accounts: - '123456787908' disable_custom_sans: false display_name: Hotdog App production fingerprint: 6a57e47f8aee2ff162415f9d592ccf52ab3681c964c66c122aadd1287ff57112 response: deviceType: aws-vm deviceTypeConfiguration: accounts: - '123456787908' displayName: Hotdog App production slug: hotdog-production team: jdoss type: complex