thalesgroup.ciphertrust.cte_client_group module – Manage CTE client groups

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.cte_client_group.

New in thalesgroup.ciphertrust 1.0.0

Synopsis

  • This module lets administrator create r manage client groups so that group level policies can be applied to multiple clients

Parameters

Parameter

Comments

auth_binaries

string

Array of authorized binaries in the privilege-filename pair JSON format

client_id

string

Identifier of the client within the group that needs to be acted upon

client_list

list / elements=string

List of Client identifier which are to be associated with clientgroup. This identifier can be the Name, ID (a UUIDv4), URI, or slug of the client

client_locked

boolean

Is FS Agent locked? Enables locking the configuration of the File System Agent on the client. This will prevent updates to any policies on the client. Default value is false.

Choices:

  • false ← (default)

  • true

cluster_type

string

Cluster type of the ClientGroup, valid values are NON-CLUSTER and HDFS.

Choices:

  • "NON-CLUSTER"

  • "HDFS"

communication_enabled

boolean

Whether the File System communication is enabled

Choices:

  • false

  • true

description

string

Description of the ClientGroup

enable_domain_sharing

boolean

Whether to enable domain sharing for ClientGroup

Choices:

  • false

  • true

enabled_capabilities

string

Comma separated agent capabilities which are enabled. Currently only RESIGN for re-signing client settings can be enabled.

guard_paths

list / elements=string

List of GuardPaths to be created

guard_point_params

dictionary

Parameters for creating a GuardPoint

id

string

Identifier of the Client Group to be acted upon

inherit_attributes

boolean

Whether the client should inherit attributes from the ClientGroup

Choices:

  • false

  • true

localNode

dictionary / required

this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM)

holds IP/FQDN of the server, username, password, and port

password

string / required

admin password of CM

server_ip

string / required

CM Server IP or FQDN

server_port

integer / required

Port on which CM server is listening

Default: 5432

server_private_ip

string / required

internal or private IP of the CM Server, if different from the server_ip

user

string / required

admin username of CM

verify

boolean / required

if SSL verification is required

Choices:

  • false ← (default)

  • true

name

string

Name of the ClientGroup

op_type

string / required

Operation to be performed

Choices:

  • "create"

  • "patch"

  • "add_client"

  • "add_guard_point"

  • "auth-binaries"

  • "remove_client"

  • "ldt_pause"

password

string

User supplied password if password_creation_method is MANUAL. The password MUST be minimum 8 characters and MUST contain one alphabet, one number, and one of the !@#$%^&*(){}[] special characters

password_creation_method

string

Password creation method, GENERATE or MANUAL

Choices:

  • "GENERATE"

  • "MANUAL"

paused

boolean

Mouse over a property in the schema to view its details

Choices:

  • false

  • true

profile_id

string

ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS)

re_sign

boolean

Whether to re-sign the client settings

Choices:

  • false

  • true

shared_domain_list

list / elements=string

List of domains with which ClientGroup needs to be shared.

system_locked

boolean

Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files.

Choices:

  • false

  • true

Examples

- name: "Create CTE Client Group"
  thalesgroup.ciphertrust.cte_client_group:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: create
    cluster_type: NON-CLUSTER
    name: ClientGroup1

- name: "Add client to CTE client group"
  thalesgroup.ciphertrust.cte_client_group:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: add_client
    client_list:
      - Client1
      - Client2
    inherit_attributes: true

- name: "Add guard point to CTE client group"
  thalesgroup.ciphertrust.cte_client_group:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: add_guard_point
    guard_paths:
      - "/opt/path1/"
      - "/opt/path2/"
    guard_point_params:
      guard_point_type: directory_auto
      policy_id: TestPolicy
      data_classification_enabled: false
      data_lineage_enabled: false
      early_access: true
      preserve_sparse_regions: true

Authors

  • Anurag Jain, Developer Advocate Thales Group