thalesgroup.ciphertrust.cckm_gcp_workspace_cse module – CCKM module for GCP Workspace CSE

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.cckm_gcp_workspace_cse.

New in thalesgroup.ciphertrust 1.0.0

Synopsis

  • This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with CCKM for GCP Workspace CSE

Parameters

Parameter

Comments

authenticationAud

list / elements=string

List of supported audience for authentication JWT.

authorizationAud

list / elements=string

List of supported audience for authorization JWT.

cors

list / elements=string

List of CORS (Cross-Origin Resource Sharing) to support.

dryRun

boolean

Set true to skip persisting the issuer. All the same validation checks, auto-discovery, and connectivity checks will be performed, and the server will return the same status codes and response body. It can be used to test creating the issuer without modifying the server state. Default value is set to False.

Choices:

  • false

  • true

endpoint_id

string

ID of KACLS endpoint for Google Workspace CSE to be acted upon

endpoint_op_type

string

Operation to be performed on KACLS endpoint for Google Workspace CSE

Choices:

  • "rotate-key"

  • "disable"

  • "enable"

  • "archive"

  • "recover"

  • "wrapprivatekey"

endpoint_url_hostname

string

Endpoint base url hostname for KACLS endpoint.

iss

string

Issuer claim of IDP JWT, e.g. https://dev-abc.auth.com

issuer

list / elements=string

List of trusted issuer IDs to use with this endpoint. These are managed through the /GoogleWorkspaceCSE/issuers URL. If not specified, all the issuers will be trusted.

jwksURL

string

JWKS url for IDP, e.g. https://dev-abc.auth.com/.well-known/jwks.json

localNode

dictionary / required

this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM)

holds IP/FQDN of the server, username, password, and port

password

string / required

admin password of CM

server_ip

string / required

CM Server IP or FQDN

server_port

integer / required

Port on which CM server is listening

Default: 5432

server_private_ip

string / required

internal or private IP of the CM Server, if different from the server_ip

user

string / required

admin username of CM

verify

boolean / required

if SSL verification is required

Choices:

  • false ← (default)

  • true

meta

string

Additional information associated with the issuer.

name

string

Unique name for the KACLS issuer.

op_type

string / required

Operation to be performed

Choices:

  • "create_issuer"

  • "create_endpoint"

  • "update_endpoint"

  • "endpoint_op"

openidConfigurationURL

string

IDP configuration URL, e.g. https://dev-abc.auth.com/.well-known/openid-configuration

perimeter_id

string

The perimeter ID to encrypt with the key

private_key

string

PEM encoded PKCS#1 or PKCS#8 (unencrypted) RSA Private Key.

Examples

- name: "Create GCP Workspace CSE"
  thalesgroup.ciphertrust.cckm_gcp_workspace_cse:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: create

Authors

  • Anurag Jain, Developer Advocate Thales Group