Try SpotterThis module will manage init bundles in Stackrox Central.
| "added in version" 1.0.0 of solacelost.home_infra"
Authors: James Harmison (@solacelost)
Install with ansible-galaxy collection install solacelost.home_infra:==0.2.0
collections:
- name: solacelost.home_infra
version: 0.2.0Stackrox Central requires that an init bundle be created in order to join a SecuredCluster. These init bundles can be revoked but not deleted and include secrets necessary to join a cluster to the Central services. This module will create, return content from, and revoke init bundles if run with C(state) == C(present), registered, and run with C(state) == C(absent) respectively.
# Ensure an init bundle exists and the helm values are saved.
- name: Create a named init bundle
solacelost.home_infra.stackrox_init_bundle:
name: my-bundle
url: https://central-stackrox.apps.mycluster.example.com
username: admin
password: '{{ central_admin_password }}'
path: /tmp/init-bundle-values.yml
# Ensure a named bundle is revoked.
- name: Revoke a named bundle
solacelost.home_infra.stackrox_init_bundle:
state: absent
name: my-bundle
url: https://central-stackrox.apps.mycluster.example.com
username: admin
password: '{{ central_admin_password }}'
id:
description:
- This is the ID of the cluster to revoke.
- Ignored if C(state) is not set or is set to C(present).
- One of C(name) and C(id) is required when C(state) == C(absent).
required: false
type: str
url:
description:
- The URL of the Stackrox Central services to create the init bundle on.
- Will read from the environment variable STACKROX_URL if not set.
required: false
type: str
name:
description:
- This is the name of the cluster init-bundle to use.
- If left unset, when C(state) is not set or set to C(present), one will be generated.
- If a name is automatically generated, operations will not be idempotent.
- One of C(name) and C(id) is required when C(state) == C(absent).
required: false
type: str
path:
description:
- A path to save the helm values file to, if one was returned by the server.
- Only valid for C(state) == C(present), ignored if no bundle is created.
required: false
type: str
state:
choices:
- absent
- present
default: present
description:
- Determines if an init bundle should exist or be revoked.
type: str
password:
description:
- The password to authenticate to the Stackrox Central services with.
- Will read from the environment variable STACKROX_PASSWORD if not set.
required: false
type: str
username:
description:
- The username to authenticate to the Stackrox Central services with.
- Will read from the environment variable STACKROX_USERNAME if not set.
required: false
type: str
affected_cluster_ids:
default: []
description:
- A list of the cluster IDs belonging to the init bundle.
- Must be provided if C(state) is C(absent) and the C(name) or C(id) identifies an
init bundle that has clusters belonging to it.
type: list
helm_values:
description: The init bundle helm values that were generated, if any
returned: changed and present
sample: "# This is a StackRox cluster init bundle.\n# This bundle can be used for\
\ setting up any number of StackRox secured clusters.\n# NOTE: This file contains\
\ secret data and needs to be handled and stored accordingly.\n#\n# name: \
\ \"stackrox-init-bundle\"\n# createdAt: 2022-08-29T18:56:49.814889274Z\n\
# expiresAt: 2023-08-29T18:57:00Z\n# id: b0c6c2ff-1452-4b2b-8462-3bdb128e82bc\n\
#\nadmissionControl:\n serviceTLS:\n cert: |\n -----BEGIN CERTIFICATE-----\n\
\ [snip]\n -----END CERTIFICATE-----\n key: |\n -----BEGIN EC\
\ PRIVATE KEY-----\n [snip]\n -----END EC PRIVATE KEY-----\nca:\n cert:\
\ |\n -----BEGIN CERTIFICATE-----\n [snip]\n -----END CERTIFICATE-----\n\
collector:\n serviceTLS:\n cert: |\n -----BEGIN CERTIFICATE-----\n \
\ [snip]\n -----END CERTIFICATE-----\n key: |\n -----BEGIN EC\
\ PRIVATE KEY-----\n [snip]\n -----END EC PRIVATE KEY-----\nsensor:\n\
\ serviceTLS:\n cert: |\n -----BEGIN CERTIFICATE-----\n [snip]\n\
\ -----END CERTIFICATE-----\n key: |\n -----BEGIN EC PRIVATE KEY-----\n\
\ [snip]\n -----END EC PRIVATE KEY-----\n"
type: str
id:
description: The ID of the bundle which as operated on
returned: always
sample: b0c6c2ff-1452-4b2b-8462-3bdb128e82bc
type: str
metadata:
contains:
createdAt:
description: The time the bundle was created
sample: '2022-08-29T18:56:49.814889+00:00'
type: str
createdBy:
contains:
attributes:
description: Attributes of the user/key.
elements: dict
sample:
- key: username
value: admin
- key: role
value: Admin
type: list
authProviderId:
description: The auth provider that the user/key belongs to
sample: 4df1b98c-24ed-4073-a9ad-356aec6bb62d
type: str
id:
description: The ID of the user/key that created the bundle
sample: admin
type: str
description: Information about the entity who created the bundle
type: complex
expiresAt:
description: The datetime that the init bundle will expire
sample: '2023-08-29T18:57:00+00:00'
type: str
id:
description: The id of the init bundle
sample: b0c6c2ff-1452-4b2b-8462-3bdb128e82bc
type: str
impactedClusters:
description: The clusters who are attached to the init bundle
elements: dict
sample:
- id: 7b9be824-3aab-4154-adc0-b1eadcba6e16
type: list
name:
description: the name of the bundle
sample: 38fCrwdN
type: str
description: The metadata that was returned about the bundle
returned: success
type: complex
result:
contains:
existed_before:
description: Whether the bundle existed before actions were taken (by ID or
name)
sample: true
type: bool
exists_now:
description: Whether the bundle exists now, at the ID returned above
sample: true
type: bool
saved_at:
description: The path where the helm values file for the bundle was saved, if
applicable
returned: present and changed
sample: /tmp/init-bundle-values.yml
type: str
description: The result of the operations attempted
returned: always
type: complex