thalesgroup.ciphertrust.dpg_client_profile_save module – Manage DPG client profile

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.dpg_client_profile_save.

New in thalesgroup.ciphertrust 1.0.0

Synopsis

Parameters

Parameter

Comments

app_connector_type

string

App connector type for which the client profile is created

Choices:

  • "DPG"

  • "CADP For Java"

  • "CRDP"

ca_id

string

Local CA mapped with client profile

cert_duration

integer

Duration for which client credentials are valid

configurations

dictionary

Parameters required to initialize connector

auth_method_used

dictionary

used to define how and from where to validate the application user

scheme_name

string

the type of authentication scheme to be used to fetch the suer Options

Choices:

  • "Basic" ← (default)

  • "Bearer"

token_field

string

the json field which have the user information. Required when scheme_name is Bearer.

connection_idle_timeout

integer

The time a connection is allowed to be idle in the connection pool before it gets automatically closed

Default: 600000

connection_read_timeout

integer

Read timeout value for clients

Default: 7000

connection_retry_interval

integer

The amount of time to wait before trying to reconnect to a disabled server

Default: 600000

connection_timeout

integer

Connection timeout value for clients

Default: 60000

dial_keep_alive

integer

Specifies the interval (in seconds) between keep-alive probes for an active network connection.

dial_timeout

integer

Specifies the maximum duration (in seconds) the DPG server will wait for a connection with the Application Server to succeed

enable_performance_metrics

boolean

Flag used to enable clients to create a performance metrics

Default is true

Choices:

  • false

  • true

heartbeat_interval

integer

Frequency interval for sending heartbeat by connectors

Default: 300

heartbeat_timeout_count

integer

heartbeat timeout missed communication counts with CM for connectors to decide on cleanup profile cache

Default: -1

jwt_details

dictionary

Information about the the JWT validation

issuer

string

String that identifies the principal that issued the JWT

If empty, the iss (issuer) field in the JWT won’t be checked.

load_balancing_algorithm

string

Determines how the client selects a Key Manager from a load balancing group

Choices:

  • "round-robin" ← (default)

  • "random"

log_file_path

string

This value specifies the path where log file will be created

log_gmt

boolean

This value specifies if timestamp in logs should be formatted in GMT or not. Default disabled

Choices:

  • false

  • true

log_level

string

The level of logging to determine verbosity of clients logs

Choices:

  • "ERROR"

  • "WARN" ← (default)

  • "INFO"

  • "DEBUG"

log_rotation

string

Specifies how frequently the log file is rotated

Choices:

  • "None"

  • "Daily" ← (default)

  • "Weekly"

  • "Monthly"

  • "Size"

log_size_limit

string

Determines how the client selects a Key Manager from a load balancing group

Default: "100k"

log_type

string

Type of the log

Choices:

  • "Console" ← (default)

  • "File"

  • "Multi"

size_of_connection_pool

integer

The maximum number of connections that can persist in connection pool

Default: 300

symmetric_key_cache_enabled

boolean

Whether the symmetric key cache is enabled

Choices:

  • false

  • true ← (default)

symmetric_key_cache_expiry

integer

Time after which the symmetric key cache will expire

Default: 43200

tls_to_appserver

dictionary

TLS to app server configuration

tls_enabled

boolean

TLS enabled flag

Choices:

  • false

  • true

tls_skip_verify

boolean

skip verification flag

Choices:

  • false

  • true

csr_parameters

dictionary

Client certificate parameters to be updated

csr_city

string

City Name

csr_cn

string

Common Name

csr_country

string

Country Name

csr_email

string

Email

csr_org_name

string

Organization Name

csr_org_unit

string

Organizational Unit Name

csr_state

string

State Name

enable_client_autorenewal

string

Flag used to check client autorenewal is enabled or not

Default value is false

groups

list / elements=string

List of the groups in which client will be added during registration

heartbeat_threshold

integer

The Threshold by which client’s connectivity_status will be moved to Error if not heartbeat is received

jwt_verification_key

string

PEM encoded PKCS#1 or PKCS#8 Public key used to validate a JWT

lifetime

string

Validity of registration token

localNode

dictionary / required

this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM)

holds IP/FQDN of the server, username, password, and port

auth_domain_path

string / required

user’s domain path

password

string / required

admin password of CM

server_ip

string / required

CM Server IP or FQDN

server_port

integer / required

Port on which CM server is listening

server_private_ip

string / required

internal or private IP of the CM Server, if different from the server_ip

user

string / required

admin username of CM

verify

boolean / required

if SSL verification is required

Choices:

  • false

  • true

max_clients

integer

Number of clients that can register using a registration token

nae_iface_port

integer

Nae interface mapped with client profile

name

string

Unique name for the client profile.

op_type

string / required

Operation to be performed

Choices:

  • "create"

  • "patch"

policy_id

string

Policy mapped with client profile.

profile_id

string

Identifier of the client profile to be patched

Examples

- name: "Create DPG Client Profile"
  thalesgroup.ciphertrust.dpg_client_profile_save:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
        auth_domain_path:
    name: DPGClientProfile
    op_type: create
    app_connector_type: DPG
    lifetime: 30d
    cert_duration: 730
    max_clients: 200
    ca_id: <CA_UUID>
    nae_iface_port: 9005
    csr_parameters:
      csr_cn: admin
    policy_id: <DPGPolicyID>

- name: "Patch DPG Client Profile"
  thalesgroup.ciphertrust.dpg_client_profile_save:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
        auth_domain_path:
    op_type: patch
    profile_id: <DPGClientProfileID>
    lifetime: 180d

Authors

  • Anurag Jain (@anugram)