thalesgroup.ciphertrust.interface_actions module – Perform operations on CipherTrust Manager interface

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.2).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.interface_actions.

New in thalesgroup.ciphertrust 1.0.0

Synopsis

• This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with interface actions API

Parameters

Parameter	Comments
certificate string	The certificate and key data in PEM format or base64 encoded PKCS12 format. A chain chain of certs may be included - it must be in ascending order (server to root ca). required if op_type is put_certificate
cn string	Common name required if op_type is csr
copy_from string	Source interface name required if op_type is use-certificate
dns_names list / elements=string	Subject Alternative Names (SAN) DNS names
email_addresses list / elements=string	Subject Alternative Names (SAN) Email addresses
format string	The format of the certificate data (PEM or PKCS12). required if op_type is put_certificate Choices: "PEM" "PKCS12"
generate boolean	Create a new self-signed certificate Choices: false true
interface_id string / required	Identifier of the interface to be updated
ip_addresses list / elements=string	Subject Alternative Names (SAN) IP addresses
localNode dictionary / required	this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port
auth_domain_path string / required	user’s domain path
password string / required	admin password of CM
server_ip string / required	CM Server IP or FQDN
server_port integer / required	Port on which CM server is listening
server_private_ip string / required	internal or private IP of the CM Server, if different from the server_ip
user string / required	admin username of CM
verify boolean / required	if SSL verification is required Choices: false true
names list / elements=dictionary	Name fields are “O=organization, OU=organizational unit, L=location, ST=state/province, C=country”. Fields can be duplicated if present in different objects.
C string	Country, for example “US”
L string	Location, for example “Belcamp”
O string	Organization, for example “Thales Group”
OU string	Organizational Unit, for example “RnD”
ST string	State/province, for example “MD”
op_type string / required	Operation to be performed Choices: "put_certificate" "get_certificate" "enable" "disable" "restore-default-tls-ciphers" "csr" "auto-gen-server-cert" "use-certificate"
password string	Password to the encrypted key

Examples

- name: "Add Cert to Interface"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: put_certificate
    interface_id: "interface_identifier"
    certificate: "cert_key_data"
    format: PEM

- name: "Enable Interface"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: enable
    interface_id: "interface_identifier"

- name: "Disable Interface"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: disable
    interface_id: "interface_identifier"

- name: "Restore default TLS Ciphers"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: restore-default-tls-ciphers
    interface_id: "interface_identifier"

- name: "Create CSR"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: csr
    interface_id: "interface_identifier"
    cn: "csr_cn"

- name: "Auto Generate Server Certificate"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: auto-gen-server-cert
    interface_id: "interface_identifier"

- name: "Use certificate"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: use-certificate
    interface_id: "interface_identifier"
    copy_from: "Name_Source_Interface"

Authors

• Anurag Jain (@anugram)

Collection links

• Issue Tracker
• Homepage
• Repository (Sources)