thalesgroup.ciphertrust.dpg_policy_save module – Manage DPG execution behavior for REST URLs and associated encryption parameters

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.dpg_policy_save.

New in thalesgroup.ciphertrust 1.0.0

Synopsis 

This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with DPG policy API
Refer https://thalesdocs.com/ctp/con/dpg/latest/admin/index.html for API documentation

Parameters 

Parameter	Comments
api_url string	URL of the application server from which the request will received.
api_url_id string	API URL ID to be updated
description string	Description of the DPG policy
destination_url string	URL of the application server where the request will be served.
json_request_delete_tokens list / elements=dictionary	API tokens to be protected in a DELETE Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_request_get_tokens list / elements=dictionary	API tokens to be protected in a GET Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_request_patch_tokens list / elements=dictionary	API tokens to be protected in a PATCH Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_request_post_tokens list / elements=dictionary	API tokens to be protected in a POST Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_request_put_tokens list / elements=dictionary	API tokens to be protected in a PUT Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_response_delete_tokens list / elements=dictionary	API tokens to be protected in a DELETE Response
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_response_get_tokens list / elements=dictionary	API tokens to be protected in a GET Response
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_response_patch_tokens list / elements=dictionary	API tokens to be protected in a PATCH Response
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_response_post_tokens list / elements=dictionary	API tokens to be protected in a POST Response
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_response_put_tokens list / elements=dictionary	API tokens to be protected in a PUT Response
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
localNode dictionary / required	this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port
auth_domain_path string / required	user’s domain path
password string / required	admin password of CM
server_ip string / required	CM Server IP or FQDN
server_port integer / required	Port on which CM server is listening
server_private_ip string / required	internal or private IP of the CM Server, if different from the server_ip
user string / required	admin username of CM
verify boolean / required	if SSL verification is required Choices: `false` `true`
name string	Name of the DPG policy
op_type string / required	Operation to be performed Choices: `"create"` `"patch"` `"add-api-url"` `"update-api-url"` `"delete-api-url"`
policy_id string	Identifier of the DPG Policy to be patched
proxy_config list / elements=dictionary	List of API urls to be added to the proxy configuration
api_url string	URL of the application server from which the request will received.
destination_url string	URL of the application server where the request will be served.
json_request_delete_tokens list / elements=dictionary	API tokens to be protected in a DELETE Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_request_get_tokens list / elements=dictionary	API tokens to be protected in a GET Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_request_patch_tokens list / elements=dictionary	API tokens to be protected in a PATCH Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_request_post_tokens list / elements=dictionary	API tokens to be protected in a POST Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_request_put_tokens list / elements=dictionary	API tokens to be protected in a PUT Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_response_delete_tokens list / elements=dictionary	API tokens to be protected in a DELETE Response
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_response_get_tokens list / elements=dictionary	API tokens to be protected in a GET Response
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_response_patch_tokens list / elements=dictionary	API tokens to be protected in a PATCH Response
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_response_post_tokens list / elements=dictionary	API tokens to be protected in a POST Response
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
json_response_put_tokens list / elements=dictionary	API tokens to be protected in a PUT Response
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
url_request_delete_tokens list / elements=dictionary	API tokens to be protected in a DELETE Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
url_request_get_tokens list / elements=dictionary	API tokens to be protected in a GET Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
url_request_patch_tokens list / elements=dictionary	API tokens to be protected in a PATCH Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
url_request_post_tokens list / elements=dictionary	API tokens to be protected in a POST Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
url_request_put_tokens list / elements=dictionary	API tokens to be protected in a PUT Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
url_request_delete_tokens list / elements=dictionary	API tokens to be protected in a DELETE Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
url_request_get_tokens list / elements=dictionary	API tokens to be protected in a GET Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
url_request_patch_tokens list / elements=dictionary	API tokens to be protected in a PATCH Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
url_request_post_tokens list / elements=dictionary	API tokens to be protected in a POST Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated
url_request_put_tokens list / elements=dictionary	API tokens to be protected in a PUT Request
access_policy string	Access Policy to be associated
external_version_header string	Opetional external version header
name string	Name
operation string	API Operation
protection_policy string	Protection Policy to be associated

Examples 

- name: "Create DPG Policy"
  thalesgroup.ciphertrust.dpg_policy_save:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
        auth_domain_path:
    op_type: create
    name: DPGPolicyName
    proxy_config:
    - api_url: "/api/sample/resource/id"
      destination_url: "http://localhost:8080"
      json_request_post_tokens:
      - name: "creditCard.[*].CCNumber"
        operation: "protect"
        protection_policy: "CC_ProtectionPolicy"
      - name: "creditCard.[*].cvv"
        operation: "protect"
        protection_policy: "cvv_ProtectionPolicy"
      json_response_get_tokens:
      - name: "creditCard.[*].cvv"
        operation: "reveal"
        protection_policy: "cvv_ProtectionPolicy"
        access_policy: "cc_access_policy"
  register: _result

- name: "Patch DPG Policy"
  thalesgroup.ciphertrust.dpg_policy_save:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
        auth_domain_path:
    op_type: patch
    policy_id: <DPGPolicyID>
    description: "Updated via Ansible"

- name: "Add api_url to DPG Policy"
  thalesgroup.ciphertrust.dpg_policy_save:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
        auth_domain_path:
    op_type: add-api-url
    policy_id: <DPGPolicyID>
    api_url: "/api/v2/sample/resource/id"
    destination_url: "http://localhost:8080"
    json_request_post_tokens:
    - name: "creditCard.[*].cvv"
      operation: "protect"
      protection_policy: "cvv_ProtectionPolicy"

- name: "Update api_url in DPG Policy"
  thalesgroup.ciphertrust.dpg_policy_save:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
        auth_domain_path:
    op_type: update-api-url
    policy_id: <DPGPolicyID>
    api_url_id: <API_URL_ID>
    destination_url: "http://localhost:8081"

- name: "Delete api_url from DPG Policy"
  thalesgroup.ciphertrust.dpg_policy_save:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
        auth_domain_path:
    op_type: delete-api-url
    policy_id: <DPGPolicyID>
    api_url_id: <API_URL_ID>

- name: "Delete DPG Policy by ID"
  thalesgroup.ciphertrust.cm_resource_delete:
    key: <DPGPolicyID>
    resource_type: "dpg-policies"
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
        auth_domain_path:

Authors

Anurag Jain (@anugram)

thalesgroup.ciphertrust.dpg_policy_save module – Manage DPG execution behavior for REST URLs and associated encryption parameters

Synopsis

Parameters

Examples

Authors

Collection links

Synopsis 

Parameters 

Examples 