thalesgroup / thalesgroup.ciphertrust / 1.0.0 / module / interface_save Create or update an interface or service CipherTrust Manager is hosting | "added in version" 1.0.0 of thalesgroup.ciphertrust" Authors: Anurag Jain, Developer Advocate Thales Groupthalesgroup.ciphertrust.interface_save (1.0.0) — module
Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0
collections: - name: thalesgroup.ciphertrust version: 1.0.0
This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with interface management API
- name: "Create Interface" thalesgroup.ciphertrust.interface_save: localNode: server_ip: "IP/FQDN of CipherTrust Manager" server_private_ip: "Private IP in case that is different from above" server_port: 5432 user: "CipherTrust Manager Username" password: "CipherTrust Manager Password" verify: false op_type: create port: 9005 auto_registration: false interface_type: nae mode: no-tls-pw-opt network_interface: all
meta: default: none description: Meta information related to interface required: false suboptions: nae: description: Meta information related to NAE interface required: false suboptions: mask_system_groups: description: Flag for masking system groups in NAE requests required: false type: bool type: dict mode: choices: - no-tls-pw-opt - no-tls-pw-req - unauth-tls-pw-opt - tls-cert-opt-pw-opt - tls-pw-opt - tls-pw-req - tls-cert-pw-opt - tls-cert-and-pw default: no-tls-pw-opt description: - The interface mode can be one of no-tls-pw-opt, no-tls-pw-req, unauth-tls-pw-opt, tls-cert-opt-pw-opt, tls-pw-opt, tls-pw-req, tls-cert-pw-opt, or tls-cert-and-pw. Default mode is no-tls-pw-opt. required: false type: str name: default: none description: The name of the interface. Not valid for interface_type nae. required: false type: str port: description: - The new interface will listen on the specified port. The port number should not be negative, 0 or the one already in-use. required: true type: int op_type: choices: - create - patch description: Operation to be performed required: true type: str localNode: description: - this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) - holds IP/FQDN of the server, username, password, and port required: true suboptions: password: description: admin password of CM required: true type: str server_ip: description: CM Server IP or FQDN required: true type: str server_port: default: 5432 description: Port on which CM server is listening required: true type: int server_private_ip: description: internal or private IP of the CM Server, if different from the server_ip required: true type: str user: description: admin username of CM required: true type: str verify: default: false description: if SSL verification is required required: true type: bool type: dict tls_ciphers: default: null description: TLS Ciphers contain the list of cipher suites available in the system for the respective interfaces (KMIP, NAE & WEB) for TLS handshake. required: false suboptions: cipher_suite: default: none description: TLS cipher suite name. required: true type: str enabled: default: null description: TLS cipher suite enabled flag. If set to true, cipher suite will be available for TLS handshake. required: true type: bool type: dict trusted_cas: default: null description: - Collection of local and external CA IDs to trust for client authentication. See section "Certificate Authority" for more details. required: false suboptions: external: default: none description: A list of External CA IDs elements: str required: false type: list local: default: none description: A list of Local CA IDs elements: str required: false type: list type: dict interface_id: description: - Identifier of the interface to be patched required: false type: str custom_uid_v2: default: null description: This flag specifies which version of custom uid feature is to be used for KMIP interface. If it is set to true, new implementation i.e. Custom uid version 2 will be used. required: false type: bool auto_gen_ca_id: default: none description: - Auto-generate a new server certificate on server startup using the identifier (URI) of a Local CA resource if the current server certificate is issued by a different Local CA. - This is especially useful when a new node joins the cluster. In this case, the existing data of the joining node is overwritten by the data in the cluster. A new server certificate is generated on the joining node using the existing Local CA of the cluster. - Auto-generation of the server certificate can be disabled by setting auto_gen_ca_id to an empty string ("") to allow full control over the server certificate. required: false type: str interface_type: choices: - web - kmip - nae - snmp default: nae description: This parameter is used to identify the type of interface, what service to run on the interface. required: false type: str cert_user_field: choices: - CN - SN - E - E_ND - UID - OU default: none description: - Specifies how the user name is extracted from the client certificate. required: false type: str custom_uid_size: default: null description: This flag is used to define the custom uid size of managed object over the KMIP interface. required: false type: int auto_registration: default: null description: - Set auto registration to allow auto registration of KMIP clients. required: false type: bool network_interface: default: none description: Defines what ethernet adapter the interface should listen to, use "all" for all. required: false type: str default_connection: default: none description: The default connection may be "local_account" for local authentication or the LDAP domain for LDAP authentication. This value is applied when the username does not embed the connection name (e.g. "jdoe" effectively becomes "local_account|jdoe"). This value only applies to NAE only and is ignored if set for web and KMIP interfaces. required: false type: str registration_token: default: none description: Registration token in case auto registration is true. required: false type: str maximum_tls_version: choices: - tls_1_0 - tls_1_1 - tls_1_2 - tls_1_3 default: none description: Maximum TLS version to be configured for NAE or KMIP interface, default is latest maximum supported protocol. required: false type: str minimum_tls_version: choices: - tls_1_0 - tls_1_1 - tls_1_2 - tls_1_3 default: tls_1_2 description: Minimum TLS version to be configured for NAE or KMIP interface, default is v1.2 (tls_1_2). required: false type: str kmip_enable_hard_delete: choices: - 0 - 1 default: 0 description: - Enables hard delete of keys on KMIP Destroy operation, that is both meta-data and material will be removed from CipherTrust Manager for the key being deleted. - By default, only key material is removed and meta-data is preserved with the updated key state. - This setting applies only to KMIP interface. - Should be set to 1 for enabling the feature or 0 for returning to default behavior. required: false type: int local_auto_gen_attributes: default: null description: Local CSR parameters for interface's certificate. These are for the local node itself, and they do not affect other nodes in the cluster. This gives user a convenient way to supply custom fields for automatic interface certification generation. Without them, the system defaults are used. required: false suboptions: cn: default: none description: Common name required: true type: str dns_names: default: none description: Subject Alternative Names (SAN) DNS names elements: str required: false type: list email_addresses: default: none description: Subject Alternative Names (SAN) Email addresses elements: str required: false type: list ip_addresses: default: none description: Subject Alternative Names (SAN) IP addresses elements: str required: false type: list names: default: [] description: Name fields like O, OU, L, ST, C elements: dict required: false type: list uid: default: none description: User ID required: false type: str type: dict