thalesgroup / thalesgroup.ciphertrust / 1.0.0 / module / cte_policy_save Manage policies as collection of rules that govern data access and encryption | "added in version" 1.0.0 of thalesgroup.ciphertrust" Authors: Anurag Jain, Developer Advocate Thales Groupthalesgroup.ciphertrust.cte_policy_save (1.0.0) — module
Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0
collections: - name: thalesgroup.ciphertrust version: 1.0.0
This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with CTE Policy API
name: description: Name of the CTE policy required: false type: str action: choices: - read - write - all_ops - key_op description: Actions applicable to the rule. Examples of actions are read, write, all_ops, and key_op. type: str effect: choices: - permit - deny - audit - applykey description: Effects applicable to the rule. Separate multiple effects by commas. type: str key_id: description: Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id. type: str op_type: choices: - create - patch - add_data_transfer_rule - add_ldt_rule - add_key_rule - add_security_rule - patch_data_transfer_rule - patch_ldt_rule - patch_key_rule - patch_security_rule - patch_idt_rule - remove_data_transfer_rule - remove_ldt_rule - remove_key_rule - remove_security_rule description: Operation to be performed required: true type: str key_type: choices: - name - id - slug - alias - uri - uuid - muid - key_id description: Precedence order of the rule in the parent policy type: str metadata: description: Restrict policy for modification type: dict idtRuleId: description: An identifier for the CTE IDT Key Rule. Can be an ID of type UUIDv4 or a URI type: str keyRuleId: description: An identifier for the CTE Key Rule. Can be an ID of type UUIDv4 or a URI type: str key_rules: description: Key rules to link with the policy elements: dict type: list ldtRuleId: description: An identifier for the CTE LDT Key Rule. Can be an ID of type UUIDv4 or a URI type: str localNode: description: - this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) - holds IP/FQDN of the server, username, password, and port required: true suboptions: password: description: admin password of CM required: true type: str server_ip: description: CM Server IP or FQDN required: true type: str server_port: default: 5432 description: Port on which CM server is listening required: true type: int server_private_ip: description: internal or private IP of the CM Server, if different from the server_ip required: true type: str user: description: admin username of CM required: true type: str verify: default: false description: if SSL verification is required required: true type: bool type: dict policy_id: description: - Identifier of the CTE Policy to be patched or rules to be patched or removed type: str never_deny: description: Whether to always allow operations in the policy. By default, it is disabled, that is, operations are not allowed. Supported for Standard, LDT, and Cloud_Object_Storage policies. For Learn Mode activations, never_deny is set to true, by default. type: bool current_key: description: Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid, and key_id. type: str description: description: Description of the CTE policy required: false type: str policy_type: choices: - Standard - LDT - IDT - CSI - Cloud_Object_Storage description: Type of the policy type: str user_set_id: description: ID of the resource set to link to the policy. Supported for Standard and LDT policies type: str current_keys: description: Properties of the current key type: dict dataTxRuleId: description: An identifier for the CTE Data-Transformation Rule. Can be an ID of type UUIDv4 or a URI type: str order_number: description: Precedence order of the rule in the parent policy type: int idt_key_rules: description: IDT rules to link with the policy elements: dict type: list ldt_key_rules: description: LDT rules to link with the policy. Supported for LDT policies. elements: dict type: list partial_match: description: Whether to allow partial match operations. By default, it is enabled. Supported for Standard and LDT policies. type: bool process_set_id: description: ID of the process set to link to the policy. type: str securityRuleId: description: An identifier for the CTE Security Rule. Can be an ID of type UUIDv4 or a URI type: str security_rules: description: Security rules to link with the policy. elements: dict type: list resource_set_id: description: ID of the resource set linked with the rule type: str current_key_type: choices: - name - id - slug - alias - uri - uuid - muid - key_id description: An identifier for the CTE IDT Key Rule. Can be an ID of type UUIDv4 or a URI type: str exclude_user_set: description: User set to exclude. Supported for Standard and LDT policies. type: bool is_exclusion_rule: description: Whether this is an exclusion rule. If enabled, no need to specify the transformation rule. type: bool transformation_key: description: Identifier of the key to link with the rule. Supported fields are name, id, slug, alias, uri, uuid, muid or key_id. type: str exclude_process_set: description: Process set to exclude. Supported for Standard and LDT policies. type: bool transformation_keys: description: Properties of the transformation key type: dict data_transform_rules: description: Data transformation rules to link with the policy elements: dict type: list exclude_resource_set: description: Resource set to exclude. Supported for Standard and LDT policies. type: bool force_restrict_update: description: To remove restriction of policy for modification type: bool transformation_key_type: choices: - name - id - slug - alias - uri - uuid - muid - key_id description: Specify the type of the key. Must be one of name, id, slug, alias, uri, uuid, muid or key_id. If not specified, the type of the key is inferred. type: str