thalesgroup.ciphertrust.cte_client_group module – Manage CTE client groups
Note
This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).
To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust
.
To use it in a playbook, specify: thalesgroup.ciphertrust.cte_client_group
.
New in thalesgroup.ciphertrust 1.0.0
Synopsis
This module lets administrator create r manage client groups so that group level policies can be applied to multiple clients
Parameters
Parameter |
Comments |
---|---|
Array of authorized binaries in the privilege-filename pair JSON format |
|
Identifier of the client within the group that needs to be acted upon |
|
List of Client identifier which are to be associated with clientgroup. This identifier can be the Name, ID (a UUIDv4), URI, or slug of the client |
|
Is FS Agent locked? Enables locking the configuration of the File System Agent on the client. This will prevent updates to any policies on the client. Default value is false. Choices:
|
|
Cluster type of the ClientGroup, valid values are NON-CLUSTER and HDFS. Choices:
|
|
Whether the File System communication is enabled Choices:
|
|
Description of the ClientGroup |
|
Whether to enable domain sharing for ClientGroup Choices:
|
|
Comma separated agent capabilities which are enabled. Currently only RESIGN for re-signing client settings can be enabled. |
|
List of GuardPaths to be created |
|
Parameters for creating a GuardPoint |
|
Identifier of the Client Group to be acted upon |
|
Whether the client should inherit attributes from the ClientGroup Choices:
|
|
this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port |
|
admin password of CM |
|
CM Server IP or FQDN |
|
Port on which CM server is listening Default: |
|
internal or private IP of the CM Server, if different from the server_ip |
|
admin username of CM |
|
if SSL verification is required Choices:
|
|
Name of the ClientGroup |
|
Operation to be performed Choices:
|
|
User supplied password if password_creation_method is MANUAL. The password MUST be minimum 8 characters and MUST contain one alphabet, one number, and one of the !@#$%^&*(){}[] special characters |
|
Password creation method, GENERATE or MANUAL Choices:
|
|
Mouse over a property in the schema to view its details Choices:
|
|
ID of the client group profile that is used to schedule custom configuration for logger, logging, and Quality of Service (QoS) |
|
Whether to re-sign the client settings Choices:
|
|
List of domains with which ClientGroup needs to be shared. |
|
Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files. Choices:
|
Examples
- name: "Create CTE Client Group"
thalesgroup.ciphertrust.cte_client_group:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: create
cluster_type: NON-CLUSTER
name: ClientGroup1
- name: "Add client to CTE client group"
thalesgroup.ciphertrust.cte_client_group:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: add_client
client_list:
- Client1
- Client2
inherit_attributes: true
- name: "Add guard point to CTE client group"
thalesgroup.ciphertrust.cte_client_group:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: add_guard_point
guard_paths:
- "/opt/path1/"
- "/opt/path2/"
guard_point_params:
guard_point_type: directory_auto
policy_id: TestPolicy
data_classification_enabled: false
data_lineage_enabled: false
early_access: true
preserve_sparse_regions: true