thalesgroup / thalesgroup.ciphertrust / 1.0.0 / module / cte_csi_storage_group Manage CTE CSI Storage Group | "added in version" 1.0.0 of thalesgroup.ciphertrust" Authors: Anurag Jain, Developer Advocate Thales Groupthalesgroup.ciphertrust.cte_csi_storage_group (1.0.0) — module
Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0
collections: - name: thalesgroup.ciphertrust version: 1.0.0
Define and manage CipherTrust Transparent Encryption (CTE) Container Storage Interface (CSI) and also add guard policies and clients to the same.
This will allow administrator to apply data protection/reveal based on the client or the guard points.
- name: "Create CSI Storage Group" thalesgroup.ciphertrust.cte_csi_storage_group: localNode: server_ip: "IP/FQDN of CipherTrust Manager" server_private_ip: "Private IP in case that is different from above" server_port: 5432 user: "CipherTrust Manager Username" password: "CipherTrust Manager Password" verify: false op_type: create name: AnsibleCSI_SG_1 k8s_namespace: AnsibleK8s_NS_1 k8s_storage_class: AnsibleK8s_SC_1 description: "Test CSIStorageGroup" client_profile: DefaultClientProfile register: csi_sg
- name: "Edit CSI Storage Group" thalesgroup.ciphertrust.cte_csi_storage_group: localNode: server_ip: "IP/FQDN of CipherTrust Manager" server_private_ip: "Private IP in case that is different from above" server_port: 5432 user: "CipherTrust Manager Username" password: "CipherTrust Manager Password" verify: false op_type: create id: "{{ csi_sg['response']['id'] }}" description: "Test CSIStorageGroup Updated" client_profile: DefaultClientProfile
- name: "Add clients to the CSI Storage Group" thalesgroup.ciphertrust.cte_csi_storage_group: localNode: server_ip: "IP/FQDN of CipherTrust Manager" server_private_ip: "Private IP in case that is different from above" server_port: 5432 user: "CipherTrust Manager Username" password: "CipherTrust Manager Password" verify: false op_type: add_client id: "{{ csi_sg['response']['id'] }}" client_list: - Client1 - Client2
- name: "Add guarpolicy to the CSI Storage Group" thalesgroup.ciphertrust.cte_csi_storage_group: localNode: server_ip: "IP/FQDN of CipherTrust Manager" server_private_ip: "Private IP in case that is different from above" server_port: 5432 user: "CipherTrust Manager Username" password: "CipherTrust Manager Password" verify: false op_type: add_guard_point id: "{{ csi_sg['response']['id'] }}" policy_list: - CSI_Policy_1 - CSI_Policy_2
id: description: - Identifier of the CTE CSI Storage Group to be patched type: str name: description: - Name to uniquely identify the CSI storage group. This name will be visible on the CipherTrust Manager type: str gp_id: description: - Identifier of the guard point added to the CSI Group type: str op_type: choices: - create - patch - add_client - remove_client - add_guard_point - patch_guard_point - remove_guard_point description: Operation to be performed required: true type: str client_id: description: - Identifier of the client added added to the CSI Group type: str localNode: description: - this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) - holds IP/FQDN of the server, username, password, and port required: true suboptions: password: description: admin password of CM required: true type: str server_ip: description: CM Server IP or FQDN required: true type: str server_port: default: 5432 description: Port on which CM server is listening required: true type: int server_private_ip: description: internal or private IP of the CM Server, if different from the server_ip required: true type: str user: description: admin username of CM required: true type: str verify: default: false description: if SSL verification is required required: true type: bool type: dict client_list: description: List of identifiers of clients to be associated with the client group. This identifier can be the name or UUID. type: list description: description: - Optional description for the storage group type: str policy_list: description: List of CSI policy identifiers to be associated with the storage group. This identifier can be the name or UUID. type: list guard_enabled: description: Enable or disable the GuardPolicy. Set to true to enable, false to disable. type: boolean k8s_namespace: description: - Name of the K8s namespace type: str client_profile: description: - Optional Client Profile for the storage group. If not provided, the default profile will be used type: str k8s_storage_class: description: - Name of the K8s StorageClass type: str