Try SpotterManage CTE client groups
| "added in version" 1.0.0 of thalesgroup.ciphertrust"
Authors: Anurag Jain, Developer Advocate Thales Group
Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0
collections:
- name: thalesgroup.ciphertrust
version: 1.0.0This module lets administrator create r manage client groups so that group level policies can be applied to multiple clients
- name: "Create CTE Client Group"
thalesgroup.ciphertrust.cte_client_group:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: create
cluster_type: NON-CLUSTER
name: ClientGroup1
- name: "Add client to CTE client group"
thalesgroup.ciphertrust.cte_client_group:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: add_client
client_list:
- Client1
- Client2
inherit_attributes: true
- name: "Add guard point to CTE client group"
thalesgroup.ciphertrust.cte_client_group:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: add_guard_point
guard_paths:
- "/opt/path1/"
- "/opt/path2/"
guard_point_params:
guard_point_type: directory_auto
policy_id: TestPolicy
data_classification_enabled: false
data_lineage_enabled: false
early_access: true
preserve_sparse_regions: true
id:
description: Identifier of the Client Group to be acted upon
type: str
name:
description: Name of the ClientGroup
type: str
paused:
description: Mouse over a property in the schema to view its details
type: bool
op_type:
choices:
- create
- patch
- add_client
- add_guard_point
- auth-binaries
- remove_client
- ldt_pause
description: Operation to be performed
required: true
type: str
re_sign:
description: Whether to re-sign the client settings
type: bool
password:
description: User supplied password if password_creation_method is MANUAL. The password
MUST be minimum 8 characters and MUST contain one alphabet, one number, and one
of the !@#$%^&*(){}[] special characters
type: str
client_id:
description: Identifier of the client within the group that needs to be acted upon
type: str
localNode:
description:
- this holds the connection parameters required to communicate with an instance of
CipherTrust Manager (CM)
- holds IP/FQDN of the server, username, password, and port
required: true
suboptions:
password:
description: admin password of CM
required: true
type: str
server_ip:
description: CM Server IP or FQDN
required: true
type: str
server_port:
default: 5432
description: Port on which CM server is listening
required: true
type: int
server_private_ip:
description: internal or private IP of the CM Server, if different from the server_ip
required: true
type: str
user:
description: admin username of CM
required: true
type: str
verify:
default: false
description: if SSL verification is required
required: true
type: bool
type: dict
profile_id:
description: ID of the client group profile that is used to schedule custom configuration
for logger, logging, and Quality of Service (QoS)
type: str
client_list:
description: List of Client identifier which are to be associated with clientgroup.
This identifier can be the Name, ID (a UUIDv4), URI, or slug of the client
type: list
description:
description: Description of the ClientGroup
type: str
guard_paths:
description: List of GuardPaths to be created
type: list
cluster_type:
choices:
- NON-CLUSTER
- HDFS
description: Cluster type of the ClientGroup, valid values are NON-CLUSTER and HDFS.
type: str
auth_binaries:
description: Array of authorized binaries in the privilege-filename pair JSON format
type: str
client_locked:
default: false
description: Is FS Agent locked? Enables locking the configuration of the File System
Agent on the client. This will prevent updates to any policies on the client. Default
value is false.
type: bool
system_locked:
description: Whether the system is locked. The default value is false. Enable this
option to lock the important operating system files of the client. When enabled,
patches to the operating system of the client will fail due to the protection of
these files.
type: bool
guard_point_params:
description: Parameters for creating a GuardPoint
type: dict
inherit_attributes:
description: Whether the client should inherit attributes from the ClientGroup
type: bool
shared_domain_list:
description: List of domains with which ClientGroup needs to be shared.
type: list
enabled_capabilities:
description: Comma separated agent capabilities which are enabled. Currently only
RESIGN for re-signing client settings can be enabled.
type: str
communication_enabled:
description: Whether the File System communication is enabled
type: bool
enable_domain_sharing:
description: Whether to enable domain sharing for ClientGroup
type: bool
password_creation_method:
choices:
- GENERATE
- MANUAL
description: Password creation method, GENERATE or MANUAL
type: str