Try SpotterCCKM module for GCP Workspace CSE
| "added in version" 1.0.0 of thalesgroup.ciphertrust"
Authors: Anurag Jain, Developer Advocate Thales Group
Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0
collections:
- name: thalesgroup.ciphertrust
version: 1.0.0This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with CCKM for GCP Workspace CSE
- name: "Create GCP Workspace CSE"
thalesgroup.ciphertrust.cckm_gcp_workspace_cse:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: create
iss:
description: Issuer claim of IDP JWT, e.g. https://dev-abc.auth.com
type: str
cors:
description: List of CORS (Cross-Origin Resource Sharing) to support.
type: list
meta:
description: Additional information associated with the issuer.
type: str
name:
description: Unique name for the KACLS issuer.
type: str
dryRun:
description: Set true to skip persisting the issuer. All the same validation checks,
auto-discovery, and connectivity checks will be performed, and the server will return
the same status codes and response body. It can be used to test creating the issuer
without modifying the server state. Default value is set to False.
type: bool
issuer:
description: List of trusted issuer IDs to use with this endpoint. These are managed
through the /GoogleWorkspaceCSE/issuers URL. If not specified, all the issuers will
be trusted.
type: list
jwksURL:
description: JWKS url for IDP, e.g. https://dev-abc.auth.com/.well-known/jwks.json
type: str
op_type:
choices:
- create_issuer
- create_endpoint
- update_endpoint
- endpoint_op
description: Operation to be performed
required: true
type: str
localNode:
description:
- this holds the connection parameters required to communicate with an instance of
CipherTrust Manager (CM)
- holds IP/FQDN of the server, username, password, and port
required: true
suboptions:
password:
description: admin password of CM
required: true
type: str
server_ip:
description: CM Server IP or FQDN
required: true
type: str
server_port:
default: 5432
description: Port on which CM server is listening
required: true
type: int
server_private_ip:
description: internal or private IP of the CM Server, if different from the server_ip
required: true
type: str
user:
description: admin username of CM
required: true
type: str
verify:
default: false
description: if SSL verification is required
required: true
type: bool
type: dict
endpoint_id:
description: ID of KACLS endpoint for Google Workspace CSE to be acted upon
type: str
private_key:
description: PEM encoded PKCS#1 or PKCS#8 (unencrypted) RSA Private Key.
type: str
perimeter_id:
description: The perimeter ID to encrypt with the key
type: str
authorizationAud:
description: List of supported audience for authorization JWT.
type: list
endpoint_op_type:
choices:
- rotate-key
- disable
- enable
- archive
- recover
- wrapprivatekey
description: Operation to be performed on KACLS endpoint for Google Workspace CSE
type: str
authenticationAud:
description: List of supported audience for authentication JWT.
type: list
endpoint_url_hostname:
description: Endpoint base url hostname for KACLS endpoint.
type: str
openidConfigurationURL:
description: IDP configuration URL, e.g. https://dev-abc.auth.com/.well-known/openid-configuration
type: str