thalesgroup.ciphertrust.cte_client module – Manage CTE clients
Note
This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).
To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust
.
To use it in a playbook, specify: thalesgroup.ciphertrust.cte_client
.
New in thalesgroup.ciphertrust 1.0.0
Synopsis
Create, manage, and perform operations on a CTE client
A client is a computer system where the data needs to be protected. A compatible CTE Agent software is installed on the client. The CTE Agent can protect data on the client or devices connected to it. A client can be associated with multiple GuardPoints for encryption of various paths.
Parameters
Parameter |
Comments |
---|---|
Array of authorized binaries in the privilege-filename pair JSON format. |
|
ID of the ClientGroup from which client settings will be inherited. |
|
IDs of the clients to be deleted. The IDs could be the name, ID (a UUIDv4), URI, or slug of the clients. |
|
Whether the CTE client is locked. The default value is false. Enable this option to lock the configuration of the CTE Agent on the client. Set to true to lock the configuration, set to false to unlock. Locking the Agent configuration prevents updates to any policies on the client. Choices:
|
|
Whether MFA is enabled on the client Choices:
|
|
Type of CTE Client. The default value is FS. Valid values are CTE-U and FS. Choices:
|
|
Whether communication with the client is enabled. The default value is false. Can be set to true only if registration_allowed is true Choices:
|
|
Whether data classification (tagging) is enabled. Enabled by default if the aligned policy contains ClassificationTags. Supported for Standard and LDT policies. Choices:
|
|
Whether data lineage (tracking) is enabled. Enabled only if data classification is enabled. Supported for Standard and LDT policies Choices:
|
|
Whether to mark the client for deletion from the CipherTrust Manager. The default value is false Choices:
|
|
Description to identify the client. |
|
Client capability to be disabled. Only EKP - Encryption Key Protection can be disabled |
|
Array of parameters to be updated after the client is registered. Specify the parameters in the name-value pair JSON format strings. Make sure to specify all the parameters even if you want to update one or more parameters. |
|
Whether to enable early access on the GuardPoint Choices:
|
|
Whether domain sharing is enabled for the client. Choices:
|
|
Client capabilities to be enabled. Separate values with comma. Choices:
|
|
Deletes the client forcefully from the CipherTrust Manager. Set the value to true. WARNING! Use the force_del_client option with caution. It does not wait for any response from the CTE Agent before deleting the client’s entry from the CipherTrust Manager. This action is irreversible. Choices:
|
|
Guard Point ID to be patched or updated within a CTE client |
|
Whether the GuardPoint is enabled. Choices:
|
|
List of GuardPaths to be created. |
|
IDs of the GuardPoints to be dissociated from the client. The IDs can be the name, ID (a UUIDv4), URI, or slug of the GuardPoints. |
|
Parameters for creating a GuardPoint. |
|
CTE Client ID to be patched or updated |
|
this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM) holds IP/FQDN of the server, username, password, and port |
|
admin password of CM |
|
CM Server IP or FQDN |
|
Port on which CM server is listening Default: |
|
internal or private IP of the CM Server, if different from the server_ip |
|
admin username of CM |
|
if SSL verification is required Choices:
|
|
Maximum number of logs to cache |
|
Maximum space for the cached logs |
|
Whether MFA is enabled Choices:
|
|
Name to uniquely identify the client. This name will be visible on the CipherTrust Manager. Also can be name of the CTE client to be unenrolled. |
|
ID/Name of the credentials if the GuardPoint is applied to a network share. Supported for only LDT policies. |
|
Operation to be performed Choices:
|
|
Password for the client. Required when password_creation_method is MANUAL |
|
Password creation method for the client. Valid values are MANUAL and GENERATE. The default value is GENERATE. Choices:
|
|
Suspend/resume the rekey operation on an LDT GuardPoint. Set the value to true to pause (suspend) the rekey. Set the value to false to resume rekey. Choices:
|
|
ID of the profile that contains logger, logging, and QOS configuration |
|
Identifier of the Client Profile to be associated with the client. If not provided, the default profile will be linked. |
|
Whether to re-sign the client settings. Choices:
|
|
Whether client’s registration with the CipherTrust Manager is allowed. The default value is false. Set to true to allow registration. Choices:
|
|
List of domains in which the client needs to be shared |
|
Whether the system is locked. The default value is false. Enable this option to lock the important operating system files of the client. When enabled, patches to the operating system of the client will fail due to the protection of these files. Choices:
|
|
TBD |
Examples
- name: "Create CTE Client"
thalesgroup.ciphertrust.cte_client:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: create
name: "CTE-Client-Ans-001"
description: "Created via Ansible"
communication_enabled: false
client_type: FS
register: client
- name: "Add Guard Point to the CTE Client"
thalesgroup.ciphertrust.cte_client:
localNode:
server_ip: "IP/FQDN of CipherTrust Manager"
server_private_ip: "Private IP in case that is different from above"
server_port: 5432
user: "CipherTrust Manager Username"
password: "CipherTrust Manager Password"
verify: false
op_type: add_guard_point
guard_paths:
- "/opt/path1/"
- "/opt/path2/"
guard_point_params:
guard_point_type: directory_auto
policy_id: TestPolicy
data_classification_enabled: false
data_lineage_enabled: false
early_access: true
preserve_sparse_regions: true
id: "{{ client['response']['id'] }}"