Try SpotterManage policies as collection of rules that govern data access and encryption
| "added in version" 1.0.0 of thalesgroup.ciphertrust"
Authors: Anurag Jain, Developer Advocate Thales Group
Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0
collections:
- name: thalesgroup.ciphertrust
version: 1.0.0This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with CTE Policy API
name:
description: Name of the CTE policy
required: false
type: str
action:
choices:
- read
- write
- all_ops
- key_op
description: Actions applicable to the rule. Examples of actions are read, write,
all_ops, and key_op.
type: str
effect:
choices:
- permit
- deny
- audit
- applykey
description: Effects applicable to the rule. Separate multiple effects by commas.
type: str
key_id:
description: Identifier of the key to link with the rule. Supported fields are name,
id, slug, alias, uri, uuid, muid, and key_id.
type: str
op_type:
choices:
- create
- patch
- add_data_transfer_rule
- add_ldt_rule
- add_key_rule
- add_security_rule
- patch_data_transfer_rule
- patch_ldt_rule
- patch_key_rule
- patch_security_rule
- patch_idt_rule
- remove_data_transfer_rule
- remove_ldt_rule
- remove_key_rule
- remove_security_rule
description: Operation to be performed
required: true
type: str
key_type:
choices:
- name
- id
- slug
- alias
- uri
- uuid
- muid
- key_id
description: Precedence order of the rule in the parent policy
type: str
metadata:
description: Restrict policy for modification
type: dict
idtRuleId:
description: An identifier for the CTE IDT Key Rule. Can be an ID of type UUIDv4 or
a URI
type: str
keyRuleId:
description: An identifier for the CTE Key Rule. Can be an ID of type UUIDv4 or a
URI
type: str
key_rules:
description: Key rules to link with the policy
elements: dict
type: list
ldtRuleId:
description: An identifier for the CTE LDT Key Rule. Can be an ID of type UUIDv4 or
a URI
type: str
localNode:
description:
- this holds the connection parameters required to communicate with an instance of
CipherTrust Manager (CM)
- holds IP/FQDN of the server, username, password, and port
required: true
suboptions:
password:
description: admin password of CM
required: true
type: str
server_ip:
description: CM Server IP or FQDN
required: true
type: str
server_port:
default: 5432
description: Port on which CM server is listening
required: true
type: int
server_private_ip:
description: internal or private IP of the CM Server, if different from the server_ip
required: true
type: str
user:
description: admin username of CM
required: true
type: str
verify:
default: false
description: if SSL verification is required
required: true
type: bool
type: dict
policy_id:
description:
- Identifier of the CTE Policy to be patched or rules to be patched or removed
type: str
never_deny:
description: Whether to always allow operations in the policy. By default, it is disabled,
that is, operations are not allowed. Supported for Standard, LDT, and Cloud_Object_Storage
policies. For Learn Mode activations, never_deny is set to true, by default.
type: bool
current_key:
description: Identifier of the key to link with the rule. Supported fields are name,
id, slug, alias, uri, uuid, muid, and key_id.
type: str
description:
description: Description of the CTE policy
required: false
type: str
policy_type:
choices:
- Standard
- LDT
- IDT
- CSI
- Cloud_Object_Storage
description: Type of the policy
type: str
user_set_id:
description: ID of the resource set to link to the policy. Supported for Standard
and LDT policies
type: str
current_keys:
description: Properties of the current key
type: dict
dataTxRuleId:
description: An identifier for the CTE Data-Transformation Rule. Can be an ID of type
UUIDv4 or a URI
type: str
order_number:
description: Precedence order of the rule in the parent policy
type: int
idt_key_rules:
description: IDT rules to link with the policy
elements: dict
type: list
ldt_key_rules:
description: LDT rules to link with the policy. Supported for LDT policies.
elements: dict
type: list
partial_match:
description: Whether to allow partial match operations. By default, it is enabled.
Supported for Standard and LDT policies.
type: bool
process_set_id:
description: ID of the process set to link to the policy.
type: str
securityRuleId:
description: An identifier for the CTE Security Rule. Can be an ID of type UUIDv4
or a URI
type: str
security_rules:
description: Security rules to link with the policy.
elements: dict
type: list
resource_set_id:
description: ID of the resource set linked with the rule
type: str
current_key_type:
choices:
- name
- id
- slug
- alias
- uri
- uuid
- muid
- key_id
description: An identifier for the CTE IDT Key Rule. Can be an ID of type UUIDv4 or
a URI
type: str
exclude_user_set:
description: User set to exclude. Supported for Standard and LDT policies.
type: bool
is_exclusion_rule:
description: Whether this is an exclusion rule. If enabled, no need to specify the
transformation rule.
type: bool
transformation_key:
description: Identifier of the key to link with the rule. Supported fields are name,
id, slug, alias, uri, uuid, muid or key_id.
type: str
exclude_process_set:
description: Process set to exclude. Supported for Standard and LDT policies.
type: bool
transformation_keys:
description: Properties of the transformation key
type: dict
data_transform_rules:
description: Data transformation rules to link with the policy
elements: dict
type: list
exclude_resource_set:
description: Resource set to exclude. Supported for Standard and LDT policies.
type: bool
force_restrict_update:
description: To remove restriction of policy for modification
type: bool
transformation_key_type:
choices:
- name
- id
- slug
- alias
- uri
- uuid
- muid
- key_id
description: Specify the type of the key. Must be one of name, id, slug, alias, uri,
uuid, muid or key_id. If not specified, the type of the key is inferred.
type: str