Try SpotterManage CTE clients
| "added in version" 1.0.0 of thalesgroup.ciphertrust"
Authors: Anurag Jain, Developer Advocate Thales Group
Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0
collections:
- name: thalesgroup.ciphertrust
version: 1.0.0Create, manage, and perform operations on a CTE client
A client is a computer system where the data needs to be protected. A compatible CTE Agent software is installed on the client. The CTE Agent can protect data on the client or devices connected to it. A client can be associated with multiple GuardPoints for encryption of various paths.
- name: "Create CTE Client"
thalesgroup.ciphertrust.cte_client:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: create
name: "CTE-Client-Ans-001"
description: "Created via Ansible"
communication_enabled: false
client_type: FS
register: client
- name: "Add Guard Point to the CTE Client"
thalesgroup.ciphertrust.cte_client:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: add_guard_point
guard_paths:
- "/opt/path1/"
- "/opt/path2/"
guard_point_params:
guard_point_type: directory_auto
policy_id: TestPolicy
data_classification_enabled: false
data_lineage_enabled: false
early_access: true
preserve_sparse_regions: true
id: "{{ client['response']['id'] }}"
id:
description: CTE Client ID to be patched or updated
type: str
name:
description: Name to uniquely identify the client. This name will be visible on the
CipherTrust Manager. Also can be name of the CTE client to be unenrolled.
type: str
gp_id:
description: Guard Point ID to be patched or updated within a CTE client
type: str
paused:
description: Suspend/resume the rekey operation on an LDT GuardPoint. Set the value
to true to pause (suspend) the rekey. Set the value to false to resume rekey.
type: boolean
op_type:
choices:
- create
- patch
- add_guard_point
- unenroll
- delete
- delete_id
- auth_binaries
- ldt_pause
- patch_guard_point
- gp_unguard
- gp_enable_early_access
description: Operation to be performed
required: true
type: str
re_sign:
description: Whether to re-sign the client settings.
type: boolean
password:
description: Password for the client. Required when password_creation_method is MANUAL
type: str
localNode:
description:
- this holds the connection parameters required to communicate with an instance of
CipherTrust Manager (CM)
- holds IP/FQDN of the server, username, password, and port
required: true
suboptions:
password:
description: admin password of CM
required: true
type: str
server_ip:
description: CM Server IP or FQDN
required: true
type: str
server_port:
default: 5432
description: Port on which CM server is listening
required: true
type: int
server_private_ip:
description: internal or private IP of the CM Server, if different from the server_ip
required: true
type: str
user:
description: admin username of CM
required: true
type: str
verify:
default: false
description: if SSL verification is required
required: true
type: bool
type: dict
del_client:
description: Whether to mark the client for deletion from the CipherTrust Manager.
The default value is false
type: boolean
profile_id:
description: ID of the profile that contains logger, logging, and QOS configuration
type: str
client_type:
choices:
- CTE-U
- FS
description: Type of CTE Client. The default value is FS. Valid values are CTE-U and
FS.
type: str
description:
description: Description to identify the client.
type: str
guard_paths:
description: List of GuardPaths to be created.
elements: str
type: list
mfa_enabled:
description: Whether MFA is enabled
type: boolean
early_access:
description: Whether to enable early access on the GuardPoint
type: boolean
auth_binaries:
description: Array of authorized binaries in the privilege-filename pair JSON format.
type: str
client_locked:
description: Whether the CTE client is locked. The default value is false. Enable
this option to lock the configuration of the CTE Agent on the client. Set to true
to lock the configuration, set to false to unlock. Locking the Agent configuration
prevents updates to any policies on the client.
type: boolean
guard_enabled:
description: Whether the GuardPoint is enabled.
type: boolean
system_locked:
description: Whether the system is locked. The default value is false. Enable this
option to lock the important operating system files of the client. When enabled,
patches to the operating system of the client will fail due to the protection of
these files.
type: boolean
client_id_list:
description: IDs of the clients to be deleted. The IDs could be the name, ID (a UUIDv4),
URI, or slug of the clients.
elements: str
type: list
force_del_client:
description:
- Deletes the client forcefully from the CipherTrust Manager. Set the value to true.
- WARNING! Use the force_del_client option with caution. It does not wait for any
response from the CTE Agent before deleting the client's entry from the CipherTrust
Manager. This action is irreversible.
type: boolean
max_num_cache_log:
description: Maximum number of logs to cache
type: int
user_space_client:
description: TBD
type: str
client_mfa_enabled:
description: Whether MFA is enabled on the client
type: boolean
disable_capability:
description: Client capability to be disabled. Only EKP - Encryption Key Protection
can be disabled
type: str
dynamic_parameters:
description: Array of parameters to be updated after the client is registered. Specify
the parameters in the name-value pair JSON format strings. Make sure to specify
all the parameters even if you want to update one or more parameters.
type: str
guard_point_params:
description: Parameters for creating a GuardPoint.
type: dict
profile_identifier:
description: Identifier of the Client Profile to be associated with the client. If
not provided, the default profile will be linked.
type: str
shared_domain_list:
description: List of domains in which the client needs to be shared
elements: str
type: list
guard_point_id_list:
description: IDs of the GuardPoints to be dissociated from the client. The IDs can
be the name, ID (a UUIDv4), URI, or slug of the GuardPoints.
elements: str
type: list
max_space_cache_log:
description: Maximum space for the cached logs
type: int
data_lineage_enabled:
description: Whether data lineage (tracking) is enabled. Enabled only if data classification
is enabled. Supported for Standard and LDT policies
type: boolean
enabled_capabilities:
choices:
- LDT
- EKP
- ES
description: Client capabilities to be enabled. Separate values with comma.
type: str
registration_allowed:
description: Whether client's registration with the CipherTrust Manager is allowed.
The default value is false. Set to true to allow registration.
type: boolean
communication_enabled:
description: Whether communication with the client is enabled. The default value is
false. Can be set to true only if registration_allowed is true
type: boolean
enable_domain_sharing:
description: Whether domain sharing is enabled for the client.
type: boolean
password_creation_method:
choices:
- MANUAL
- GENERATE
description: Password creation method for the client. Valid values are MANUAL and
GENERATE. The default value is GENERATE.
type: str
client_auth_binaries_from:
description: ID of the ClientGroup from which client settings will be inherited.
type: str
data_classification_enabled:
description: Whether data classification (tagging) is enabled. Enabled by default
if the aligned policy contains ClassificationTags. Supported for Standard and LDT
policies.
type: boolean
network_share_credentials_id:
description: ID/Name of the credentials if the GuardPoint is applied to a network
share. Supported for only LDT policies.
type: str