solacelost / solacelost.home_infra / 0.2.0 / module / stackrox_init_bundle This module will manage init bundles in Stackrox Central. | "added in version" 1.0.0 of solacelost.home_infra" Authors: James Harmison (@solacelost)solacelost.home_infra.stackrox_init_bundle (0.2.0) — module
Install with ansible-galaxy collection install solacelost.home_infra:==0.2.0
collections: - name: solacelost.home_infra version: 0.2.0
Stackrox Central requires that an init bundle be created in order to join a SecuredCluster. These init bundles can be revoked but not deleted and include secrets necessary to join a cluster to the Central services. This module will create, return content from, and revoke init bundles if run with C(state) == C(present), registered, and run with C(state) == C(absent) respectively.
# Ensure an init bundle exists and the helm values are saved. - name: Create a named init bundle solacelost.home_infra.stackrox_init_bundle: name: my-bundle url: https://central-stackrox.apps.mycluster.example.com username: admin password: '{{ central_admin_password }}' path: /tmp/init-bundle-values.yml
# Ensure a named bundle is revoked. - name: Revoke a named bundle solacelost.home_infra.stackrox_init_bundle: state: absent name: my-bundle url: https://central-stackrox.apps.mycluster.example.com username: admin password: '{{ central_admin_password }}'
id: description: - This is the ID of the cluster to revoke. - Ignored if C(state) is not set or is set to C(present). - One of C(name) and C(id) is required when C(state) == C(absent). required: false type: str url: description: - The URL of the Stackrox Central services to create the init bundle on. - Will read from the environment variable STACKROX_URL if not set. required: false type: str name: description: - This is the name of the cluster init-bundle to use. - If left unset, when C(state) is not set or set to C(present), one will be generated. - If a name is automatically generated, operations will not be idempotent. - One of C(name) and C(id) is required when C(state) == C(absent). required: false type: str path: description: - A path to save the helm values file to, if one was returned by the server. - Only valid for C(state) == C(present), ignored if no bundle is created. required: false type: str state: choices: - absent - present default: present description: - Determines if an init bundle should exist or be revoked. type: str password: description: - The password to authenticate to the Stackrox Central services with. - Will read from the environment variable STACKROX_PASSWORD if not set. required: false type: str username: description: - The username to authenticate to the Stackrox Central services with. - Will read from the environment variable STACKROX_USERNAME if not set. required: false type: str affected_cluster_ids: default: [] description: - A list of the cluster IDs belonging to the init bundle. - Must be provided if C(state) is C(absent) and the C(name) or C(id) identifies an init bundle that has clusters belonging to it. type: list
helm_values: description: The init bundle helm values that were generated, if any returned: changed and present sample: "# This is a StackRox cluster init bundle.\n# This bundle can be used for\ \ setting up any number of StackRox secured clusters.\n# NOTE: This file contains\ \ secret data and needs to be handled and stored accordingly.\n#\n# name: \ \ \"stackrox-init-bundle\"\n# createdAt: 2022-08-29T18:56:49.814889274Z\n\ # expiresAt: 2023-08-29T18:57:00Z\n# id: b0c6c2ff-1452-4b2b-8462-3bdb128e82bc\n\ #\nadmissionControl:\n serviceTLS:\n cert: |\n -----BEGIN CERTIFICATE-----\n\ \ [snip]\n -----END CERTIFICATE-----\n key: |\n -----BEGIN EC\ \ PRIVATE KEY-----\n [snip]\n -----END EC PRIVATE KEY-----\nca:\n cert:\ \ |\n -----BEGIN CERTIFICATE-----\n [snip]\n -----END CERTIFICATE-----\n\ collector:\n serviceTLS:\n cert: |\n -----BEGIN CERTIFICATE-----\n \ \ [snip]\n -----END CERTIFICATE-----\n key: |\n -----BEGIN EC\ \ PRIVATE KEY-----\n [snip]\n -----END EC PRIVATE KEY-----\nsensor:\n\ \ serviceTLS:\n cert: |\n -----BEGIN CERTIFICATE-----\n [snip]\n\ \ -----END CERTIFICATE-----\n key: |\n -----BEGIN EC PRIVATE KEY-----\n\ \ [snip]\n -----END EC PRIVATE KEY-----\n" type: str id: description: The ID of the bundle which as operated on returned: always sample: b0c6c2ff-1452-4b2b-8462-3bdb128e82bc type: str metadata: contains: createdAt: description: The time the bundle was created sample: '2022-08-29T18:56:49.814889+00:00' type: str createdBy: contains: attributes: description: Attributes of the user/key. elements: dict sample: - key: username value: admin - key: role value: Admin type: list authProviderId: description: The auth provider that the user/key belongs to sample: 4df1b98c-24ed-4073-a9ad-356aec6bb62d type: str id: description: The ID of the user/key that created the bundle sample: admin type: str description: Information about the entity who created the bundle type: complex expiresAt: description: The datetime that the init bundle will expire sample: '2023-08-29T18:57:00+00:00' type: str id: description: The id of the init bundle sample: b0c6c2ff-1452-4b2b-8462-3bdb128e82bc type: str impactedClusters: description: The clusters who are attached to the init bundle elements: dict sample: - id: 7b9be824-3aab-4154-adc0-b1eadcba6e16 type: list name: description: the name of the bundle sample: 38fCrwdN type: str description: The metadata that was returned about the bundle returned: success type: complex result: contains: existed_before: description: Whether the bundle existed before actions were taken (by ID or name) sample: true type: bool exists_now: description: Whether the bundle exists now, at the ID returned above sample: true type: bool saved_at: description: The path where the helm values file for the bundle was saved, if applicable returned: present and changed sample: /tmp/init-bundle-values.yml type: str description: The result of the operations attempted returned: always type: complex