thalesgroup.ciphertrust.cte_csi_storage_group (1.0.0) — module

Manage CTE CSI Storage Group

| "added in version" 1.0.0 of thalesgroup.ciphertrust"

Authors: Anurag Jain, Developer Advocate Thales Group

Install collection

Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0


Add to requirements.yml

  collections:
    - name: thalesgroup.ciphertrust
      version: 1.0.0

Description

Define and manage CipherTrust Transparent Encryption (CTE) Container Storage Interface (CSI) and also add guard policies and clients to the same.

This will allow administrator to apply data protection/reveal based on the client or the guard points.

Usage examples

  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Create CSI Storage Group"
  thalesgroup.ciphertrust.cte_csi_storage_group:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: create
    name: AnsibleCSI_SG_1
    k8s_namespace: AnsibleK8s_NS_1
    k8s_storage_class: AnsibleK8s_SC_1
    description: "Test CSIStorageGroup"
    client_profile: DefaultClientProfile
  register: csi_sg
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Edit CSI Storage Group"
  thalesgroup.ciphertrust.cte_csi_storage_group:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: create
    id: "{{ csi_sg['response']['id'] }}"
    description: "Test CSIStorageGroup Updated"
    client_profile: DefaultClientProfile
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Add clients to the CSI Storage Group"
  thalesgroup.ciphertrust.cte_csi_storage_group:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: add_client
    id: "{{ csi_sg['response']['id'] }}"
    client_list:
      - Client1
      - Client2
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Add guarpolicy to the CSI Storage Group"
  thalesgroup.ciphertrust.cte_csi_storage_group:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: add_guard_point
    id: "{{ csi_sg['response']['id'] }}"
    policy_list:
      - CSI_Policy_1
      - CSI_Policy_2

Inputs

    
id:
    description:
    - Identifier of the CTE CSI Storage Group to be patched
    type: str

name:
    description:
    - Name to uniquely identify the CSI storage group. This name will be visible on the
      CipherTrust Manager
    type: str

gp_id:
    description:
    - Identifier of the guard point added to the CSI Group
    type: str

op_type:
    choices:
    - create
    - patch
    - add_client
    - remove_client
    - add_guard_point
    - patch_guard_point
    - remove_guard_point
    description: Operation to be performed
    required: true
    type: str

client_id:
    description:
    - Identifier of the client added added to the CSI Group
    type: str

localNode:
    description:
    - this holds the connection parameters required to communicate with an instance of
      CipherTrust Manager (CM)
    - holds IP/FQDN of the server, username, password, and port
    required: true
    suboptions:
      password:
        description: admin password of CM
        required: true
        type: str
      server_ip:
        description: CM Server IP or FQDN
        required: true
        type: str
      server_port:
        default: 5432
        description: Port on which CM server is listening
        required: true
        type: int
      server_private_ip:
        description: internal or private IP of the CM Server, if different from the server_ip
        required: true
        type: str
      user:
        description: admin username of CM
        required: true
        type: str
      verify:
        default: false
        description: if SSL verification is required
        required: true
        type: bool
    type: dict

client_list:
    description: List of identifiers of clients to be associated with the client group.
      This identifier can be the name or UUID.
    type: list

description:
    description:
    - Optional description for the storage group
    type: str

policy_list:
    description: List of CSI policy identifiers to be associated with the storage group.
      This identifier can be the name or UUID.
    type: list

guard_enabled:
    description: Enable or disable the GuardPolicy. Set to true to enable, false to disable.
    type: boolean

k8s_namespace:
    description:
    - Name of the K8s namespace
    type: str

client_profile:
    description:
    - Optional Client Profile for the storage group. If not provided, the default profile
      will be used
    type: str

k8s_storage_class:
    description:
    - Name of the K8s StorageClass
    type: str