Try SpotterCreate and manage users in CipherTrust Manager
| "added in version" 1.0.0 of thalesgroup.ciphertrust"
Authors: Anurag Jain, Developer Advocate Thales Group
Install with ansible-galaxy collection install thalesgroup.ciphertrust:==1.0.0
collections:
- name: thalesgroup.ciphertrust
version: 1.0.0This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with user management API
name:
description: Full name of the user.
required: false
type: str
email:
description: E-mail of the user
required: false
type: str
op_type:
choices:
- create
- patch
- changepw
- patch_self
description: Operation to be performed
required: true
type: str
user_id:
description: The user_id is the ID of an existing root domain user. This field is
used only when adding an existing root domain user to a different domain.
required: false
type: str
password:
description:
- The password used to secure the users account. Allowed passwords are defined by
the password policy.
- Password is optional when "certificate_subject_dn" is set and "user_certificate"
is in allowed_auth_methods.In all other cases, password is required
- It is not included in user resource responses.
required: false
type: str
username:
description:
- The login name of the user. This is the identifier used to login.
- This attribute is required to create a user, but is omitted when getting or listing
user resources. It cannot be updated.
- This attribute may also be used (instead of the user_id) when adding an existing
root domain user to a different domain.
- Mandatory for create operation
type: str
localNode:
description:
- this holds the connection parameters required to communicate with an instance of
CipherTrust Manager (CM)
- holds IP/FQDN of the server, username, password, and port
required: true
suboptions:
password:
description: admin password of CM
required: true
type: str
server_ip:
description: CM Server IP or FQDN
required: true
type: str
server_port:
default: 5432
description: Port on which CM server is listening
required: true
type: int
server_private_ip:
description: internal or private IP of the CM Server, if different from the server_ip
required: true
type: str
user:
description: admin username of CM
required: true
type: str
verify:
default: false
description: if SSL verification is required
required: true
type: bool
type: dict
cm_user_id:
description: CM user ID of the user that needs to be patched. Only required if the
op_type is patch
type: str
connection:
default: null
description: This attribute is required to create a user, but is not included in user
resource responses. Can be the name of a connection or "local_account" for a local
user, defaults to "local_account".
required: false
type: str
auth_domain:
description:
- The domain where user needs to be authenticated. This is the domain where user is
created. Defaults to the root domain.
- required only for changew op_type, not mandatory though
type: str
login_flags:
description: Flags for controlling user's login behavior.
required: false
suboptions:
prevent_ui_login:
description:
- If true, user is not allowed to login from Web UI.
- Default - false
required: false
type: bool
type: dict
app_metadata:
default: null
description: A schema-less object, which can be used by applications to store information
about the resource. app_metadata is typically used by applications to store information
which the end-users are not themselves allowed to change, like group membership
or security roles.
required: false
type: dict
new_password:
description:
- the new password
- mandatory for changepw op_type
type: str
user_metadata:
default: null
description: A schema-less object, which can be used by applications to store information
about the resource. user_metadata is typically used by applications to store information
about the resource which the end-users are allowed to modify, such as user preferences.
required: false
type: dict
is_domain_user:
description: This flag can be used to create the user in a non-root domain where user
management is allowed.
required: false
type: bool
enable_cert_auth:
description:
- Deprecated
- Use allowed_auth_methods instead.
- If both enable_cert_auth and allowed_auth_methods are provided in the request, enable_cert_auth
is ignored.
- Enable certificate based authentication flag. If set to true, the user will be able
to login using certificate.
required: false
type: bool
failed_logins_count:
description: Set it to 0 to unlock a locked user account.
required: false
type: int
allowed_auth_methods:
description:
- List of login authentication methods allowed to the user.
- Default value - ["password"] i.e. Password Authentication is allowed by default.
- Setting it to empty, i.e [], means no authentication method is allowed to the user.
- If both enable_cert_auth and allowed_auth_methods are provided in the request, enable_cert_auth
is ignored.
type: list
certificate_subject_dn:
description: The Distinguished Name of the user in certificate
required: false
type: str
password_change_required:
description: Password change required flag. If set to true, user will be required
to change their password on next successful login.
required: false
type: bool