thalesgroup.ciphertrust.dpg_access_policy_save module – Manage DPG access policies governing data access

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.dpg_access_policy_save.

New in thalesgroup.ciphertrust 1.0.0

Synopsis

Parameters

Parameter

Comments

default_error_replacement_value

string

Value to be revealed if the type is ‘Error Replacement Value’

default_masking_format_id

string

Masking format used to reveal if the type is ‘Masked Value’

default_reveal_type

string

Value using which data should be revealed

Choices:

  • "Error Replacement Value"

  • "Masked Value"

  • "Ciphertext"

  • "Plaintext"

description

string

Description of the Access Policy

error_replacement_value

string

Value to be revealed if the type is ‘Error Replacement Value’

localNode

dictionary / required

this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM)

holds IP/FQDN of the server, username, password, and port

auth_domain_path

string / required

user’s domain path

password

string / required

admin password of CM

server_ip

string / required

CM Server IP or FQDN

server_port

integer / required

Port on which CM server is listening

server_private_ip

string / required

internal or private IP of the CM Server, if different from the server_ip

user

string / required

admin username of CM

verify

boolean / required

if SSL verification is required

Choices:

  • false

  • true

masking_format_id

string

Masking format used to reveal if the type is ‘Masked Value’

name

string

Access Policy Name

op_type

string / required

Operation to be performed

Choices:

  • "create"

  • "patch"

  • "add-user-set"

  • "update-user-set"

  • "delete-user-set"

policy_id

string

Identifier of the access policy to be patched

policy_user_set_id

string

Update or delete the user set in an Access Policy

reveal_type

string

Value using which data should be revealed

Choices:

  • "Error Replacement Value"

  • "Masked Value"

  • "Ciphertext"

  • "Plaintext"

user_set_id

string

User set to which the policy is applied.

user_set_policy

list / elements=dictionary

List of policies to be added to the access policy

error_replacement_value

string

Value to be revealed if the type is ‘Error Replacement Value’

masking_format_id

string

Masking format used to reveal if the type is ‘Masked Value’

reveal_type

string

Value using which data should be revealed

Choices:

  • "Error Replacement Value"

  • "Masked Value"

  • "Ciphertext"

  • "Plaintext"

user_set_id

string

User set to which the policy is applied.

Examples

- name: "Create Access Policy"
  thalesgroup.ciphertrust.dpg_access_policy_save:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
        auth_domain_path: domain
    op_type: create
    name: DemoAccessPolicy
    default_reveal_type: "Ciphertext"
    user_set_policy:
    - reveal_type: Plaintext
      user_set_id: <UserSetID>
    - reveal_type: Ciphertext
      user_set_id: <UserSetID>

- name: "Patch Access Policy"
  thalesgroup.ciphertrust.dpg_access_policy_save:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
        auth_domain_path: domain
    op_type: patch
    policy_id: <accessPolicyID>
    name: DemoAccessPolicyUPD
    description: "Updated via Ansible"
    default_reveal_type: Plaintext

- name: "Add UserSet to Access Policy"
  thalesgroup.ciphertrust.dpg_access_policy_save:
    op_type: add-user-set
    policy_id: <accessPolicyID>
    reveal_type: Plaintext
    user_set_id: <UserSetID>
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
        auth_domain_path: domain

- name: "Update UserSet in Access Policy"
  thalesgroup.ciphertrust.dpg_access_policy_save:
    op_type: update-user-set
    policy_id: <accessPolicyID>
    policy_user_set_id: <UserSetID>
    reveal_type: Plaintext
    localNode:
      server_ip: "IP/FQDN of CipherTrust Manager"
      server_private_ip: "Private IP in case that is different from above"
      server_port: 5432
      user: "CipherTrust Manager Username"
      password: "CipherTrust Manager Password"
      verify: false
      auth_domain_path: domain

- name: "Delete Access Policy"
  thalesgroup.ciphertrust.cm_resource_delete:
    key: <accessPolicyID>
    resource_type: "access-policies"
    localNode:
      server_ip: "IP/FQDN of CipherTrust Manager"
      server_private_ip: "Private IP in case that is different from above"
      server_port: 5432
      user: "CipherTrust Manager Username"
      password: "CipherTrust Manager Password"
      verify: false
      auth_domain_path: domain

Authors

  • Anurag Jain (@anugram)