Try Spotterget list of ocsp responder trusted common names
Authors: Ricardo Gomez-Ulmke (@rjgu)
preview | supported by community
Install with ansible-galaxy collection install solace.pubsub_plus:==1.12.2
collections:
- name: solace.pubsub_plus
version: 1.12.2Get a list of OCSP responder Trusted Common Name objects configured on a Certificate Authority object.
Implements the config and monitor API.
Retrieves all objects that match the criteria defined in the 'where' clause and returns the fields defined in the 'select' parameter.
Supports standalone brokers only.
# Copyright (c) 2022, Solace Corporation, Ricardo Gomez-Ulmke, <ricardo.gomez-ulmke@solace.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-
name: "solace_client_cert_authority.doc-example"
hosts: all
gather_facts: no
any_errors_fatal: true
collections:
- solace.pubsub_plus
module_defaults:
solace.pubsub_plus.solace_gather_facts:
host: "{{ sempv2_host }}"
port: "{{ sempv2_port }}"
secure_connection: "{{ sempv2_is_secure_connection }}"
username: "{{ sempv2_username }}"
password: "{{ sempv2_password }}"
timeout: "{{ sempv2_timeout }}"
solace_cloud_api_token: "{{ SOLACE_CLOUD_API_TOKEN if broker_type=='solace_cloud' else omit }}"
solace_cloud_service_id: "{{ solace_cloud_service_id | default(omit) }}"
solace.pubsub_plus.solace_client_cert_authority:
host: "{{ sempv2_host }}"
port: "{{ sempv2_port }}"
secure_connection: "{{ sempv2_is_secure_connection }}"
username: "{{ sempv2_username }}"
password: "{{ sempv2_password }}"
timeout: "{{ sempv2_timeout }}"
solace_cloud_api_token: "{{ SOLACE_CLOUD_API_TOKEN if broker_type=='solace_cloud' else omit }}"
solace_cloud_service_id: "{{ solace_cloud_service_id | default(omit) }}"
solace.pubsub_plus.solace_get_client_cert_authorities:
host: "{{ sempv2_host }}"
port: "{{ sempv2_port }}"
secure_connection: "{{ sempv2_is_secure_connection }}"
username: "{{ sempv2_username }}"
password: "{{ sempv2_password }}"
timeout: "{{ sempv2_timeout }}"
solace_cloud_api_token: "{{ SOLACE_CLOUD_API_TOKEN if broker_type=='solace_cloud' else omit }}"
solace_cloud_service_id: "{{ solace_cloud_service_id | default(omit) }}"
solace.pubsub_plus.solace_client_cert_authority_ocsp_trusted_cn:
host: "{{ sempv2_host }}"
port: "{{ sempv2_port }}"
secure_connection: "{{ sempv2_is_secure_connection }}"
username: "{{ sempv2_username }}"
password: "{{ sempv2_password }}"
timeout: "{{ sempv2_timeout }}"
solace.pubsub_plus.solace_get_client_cert_authority_ocsp_trusted_cns:
host: "{{ sempv2_host }}"
port: "{{ sempv2_port }}"
secure_connection: "{{ sempv2_is_secure_connection }}"
username: "{{ sempv2_username }}"
password: "{{ sempv2_password }}"
timeout: "{{ sempv2_timeout }}"
tasks:
- name: gather facts
solace_gather_facts:
# no_log: true
- set_fact:
is_solace_cloud: "{{ ansible_facts.solace.isSolaceCloud }}"
sempv2_version: "{{ ansible_facts.solace.about.api.sempVersion }}"
working_dir: "{{ WORKING_DIR }}"
cert_file: "{{ WORKING_DIR }}/cert.pem"
- name: end play if incorrect sempV2 version
meta: end_play
when: sempv2_version|float < 2.19
- name: "main: generate certificate"
command: >
openssl req
-x509
-newkey
rsa:4096
-keyout {{ working_dir }}/key.pem
-out {{ cert_file }}
-days 365
-nodes
-subj "/C=UK/ST=London/L=London/O=Solace/OU=Org/CN=www.example.com"
- name: create cert authority
solace_client_cert_authority:
name: asc_test
settings:
certContent: "{{ lookup('file', cert_file) }}"
revocationCheckEnabled: false
state: present
- name: get config of cert authority
solace_get_client_cert_authorities:
query_params:
where:
- "certAuthorityName==asc_test"
- name: get monitor of cert authority
solace_get_client_cert_authorities:
api: monitor
query_params:
where:
- "certAuthorityName==asc_test"
# set an OCSP trusted name
# note: not available in Solace Cloud API
- name: set trusted name
block:
- name: add trusted name
solace_client_cert_authority_ocsp_trusted_cn:
name: "*.domain.com"
client_cert_authority_name: asc_test
state: present
- name: get list of trusted names
solace_get_client_cert_authority_ocsp_trusted_cns:
client_cert_authority_name: asc_test
- name: remove trusted name
solace_client_cert_authority_ocsp_trusted_cn:
name: "*.domain.com"
client_cert_authority_name: asc_test
state: absent
when: not is_solace_cloud
- name: remove cert authority
solace_client_cert_authority:
name: asc_test
state: absent
api:
choices:
- config
- monitor
default: config
description: The API the query should run against.
required: false
type: str
host:
default: localhost
description: Hostname of Solace Broker.
required: false
type: str
port:
default: 8080
description: Management port of Solace Broker.
required: false
type: int
timeout:
default: 10
description: Connection timeout in seconds for the http request.
required: false
type: int
password:
default: admin
description: Administrator password for Solace Broker.
required: false
type: str
username:
default: admin
description: Administrator username for Solace Broker.
required: false
type: str
x_broker:
description: Custom HTTP header with the broker virtual router id, if using a SEMPv2
Proxy/agent infrastructure.
required: false
type: str
page_count:
default: 100
description: 'The number of results to be fetched from broker in single call. Note:
always returns the entire result set by following the cursor.'
required: false
type: int
query_params:
default: {}
description: The query parameters.
required: false
suboptions:
select:
default: []
description: Include in the response only selected attributes of the object, or
exclude from the response selected attributes of the object. See the documentation
for the select parameter.
elements: str
type: list
where:
default: []
description:
- Include in the response only objects where certain conditions are true. See
the the documentation for the where parameter.
- 'Note: URL encoded automatically, you can safely use ''/, <, <=, >, >=, != ..
'''
elements: str
type: list
type: dict
reverse_proxy:
description: 'Use a reverse proxy / api gateway. Note: B(Experimental. Not permitted
for Solace Cloud API).'
required: false
suboptions:
headers:
description: 'Additional headers to add to the http call. Example: ''apiKey: {my-api-key}''.'
required: false
suboptions:
x-asc-module:
default: false
description: Flag for the module to add the header 'x-asc-module:{module-name}'
to the http call with it's module name.
required: false
type: bool
x-asc-module-op:
default: false
description: Flag for the module to add the header 'x-asc-module-op:{module
operation}' to the http call with the module's operation.
required: false
type: bool
type: dict
query_params:
description: 'Additional query paramters to add to the URL. Example: ''apiCode:
{my-api-code}''.'
required: false
type: dict
semp_base_path:
description: 'Base path prepended to all SEMP calls. Example: ''my/base/path''.
Resulting URL will be: http(s)://{host}:{port}/{semp_base_path}/{module-semp-call-path}'
required: false
type: str
use_basic_auth:
default: false
description: Flag to use basic authentication in the http(s) call or not. Uses
'username'/'password'.
required: false
type: bool
type: dict
validate_certs:
default: true
description: Flag to switch validation of client certificates on/off when using a
secure connection.
required: false
type: bool
secure_connection:
default: false
description: If true, use https rather than http.
required: false
type: bool
client_cert_authority_name:
description: The name of the Certificate Authority. Maps to 'certAuthorityName' in
the Sempv2 API.
required: true
type: str
msg:
description: The response from the HTTP call in case of error.
returned: error
type: dict
rc:
description: Return code. rc=0 on success, rc=1 on error.
returned: always
sample:
error:
rc: 1
success:
rc: 0
type: int
result_list:
description: The list of objects found containing requested fields. Payload depends
on API called.
elements: dict
returned: success
type: list
result_list_count:
description: Number of items in result_list.
returned: success
type: int