thalesgroup.ciphertrust.interface_actions (1.0.0) — module

Perform operations on CipherTrust Manager interface

| "added in version" 1.0.0 of thalesgroup.ciphertrust"

Authors: Anurag Jain, Developer Advocate Thales Group

Install collection

Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0


Add to requirements.yml

  collections:
    - name: thalesgroup.ciphertrust
      version: 1.0.0

Description

This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with interface actions API

Usage examples

  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Add Cert to Interface"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: put_certificate
    interface_id: "interface_identifier"
    certificate: "cert_key_data"
    format: PEM
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Enable Interface"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: enable
    interface_id: "interface_identifier"
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Disable Interface"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: disable
    interface_id: "interface_identifier"
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Restore default TLS Ciphers"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: restore-default-tls-ciphers
    interface_id: "interface_identifier"
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Create CSR"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: csr
    interface_id: "interface_identifier"
    cn: "csr_cn"
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Auto Generate Server Certificate"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: auto-gen-server-cert
    interface_id: "interface_identifier"
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: "Use certificate"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: use-certificate
    interface_id: "interface_identifier"
    copy_from: "Name_Source_Interface"

Inputs

    
cn:
    default: none
    description:
    - Common name
    - required if op_type is csr
    required: false
    type: str

names:
    default: []
    description: Name fields like O, OU, L, ST, C
    elements: dict
    required: false
    type: list

format:
    default: none
    description:
    - The format of the certificate data (PEM or PKCS12).
    - required if op_type is put_certificate
    required: false
    type: str

op_type:
    choices:
    - put_certificate
    - enable
    - disable
    - restore-default-tls-ciphers
    - csr
    - auto-gen-server-cert
    - use-certificate
    description: Operation to be performed
    required: true
    type: str

generate:
    default: none
    description:
    - Create a new self-signed certificate
    required: false
    type: str

password:
    default: none
    description:
    - Password to the encrypted key
    required: false
    type: str

copy_from:
    default: none
    description:
    - Source interface name
    - required if op_type is use-certificate
    required: false
    type: str

dns_names:
    default: none
    description: Subject Alternative Names (SAN) DNS names
    elements: str
    required: false
    type: list

localNode:
    description:
    - this holds the connection parameters required to communicate with an instance of
      CipherTrust Manager (CM)
    - holds IP/FQDN of the server, username, password, and port
    required: true
    suboptions:
      password:
        description: admin password of CM
        required: true
        type: str
      server_ip:
        description: CM Server IP or FQDN
        required: true
        type: str
      server_port:
        default: 5432
        description: Port on which CM server is listening
        required: true
        type: int
      server_private_ip:
        description: internal or private IP of the CM Server, if different from the server_ip
        required: true
        type: str
      user:
        description: admin username of CM
        required: true
        type: str
      verify:
        default: false
        description: if SSL verification is required
        required: true
        type: bool
    type: dict

certificate:
    default: none
    description:
    - The certificate and key data in PEM format or base64 encoded PKCS12 format. A chain
      chain of certs may be included - it must be in ascending order (server to root ca).
    - required if op_type is put_certificate
    required: false
    type: str

interface_id:
    description:
    - Identifier of the interface to be updated
    required: true
    type: str

ip_addresses:
    default: none
    description: Subject Alternative Names (SAN) IP addresses
    elements: str
    required: false
    type: list

email_addresses:
    default: none
    description: Subject Alternative Names (SAN) Email addresses
    elements: str
    required: false
    type: list