thalesgroup.ciphertrust.cte_signature_set module – Create and manage CTE Signature Sets

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.cte_signature_set.

New in thalesgroup.ciphertrust 1.0.0

Synopsis

  • Create and edit CTE signature set or add, edit, or remove a signature to or from the signature set

Parameters

Parameter

Comments

client_id

string

ID of the client where the signing request is to be sent

description

string

Description of the signature set

id

string

Identifier of the CTE SignatureSet to be patched

localNode

dictionary / required

this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM)

holds IP/FQDN of the server, username, password, and port

password

string / required

admin password of CM

server_ip

string / required

CM Server IP or FQDN

server_port

integer / required

Port on which CM server is listening

Default: 5432

server_private_ip

string / required

internal or private IP of the CM Server, if different from the server_ip

user

string / required

admin username of CM

verify

boolean / required

if SSL verification is required

Choices:

  • false ← (default)

  • true

name

string

Name of the signature set

op_type

string / required

Operation to be performed

Choices:

  • "create"

  • "patch"

  • "add_signature"

  • "get_signature"

  • "delete_signature"

  • "sign_app"

  • "query_sign_app"

  • "cancel_sign_app"

signature_id

string

Identifier of the Signature within the CTE SignatureSet to be patched

signatures

list / elements=dictionary

Name of the signature set

source_list

list / elements=string

Path of the directory or file to be signed. If a directory is specified, all files in the directory and its subdirectories are signed.

Examples

- name: "Create CTE Signature Set"
  thalesgroup.ciphertrust.cte_signature_set:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: create
    name: TestSignSet
    source_list:
      - "/usr/bin"
        "/usr/sbin"
  register: signature_set

- name: "Add signature to a Signature Set"
  thalesgroup.ciphertrust.cte_signature_set:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: add_signature
    id: "{{ signature_set['response']['id'] }}"
    source_list:
      - "/usr/bin"
  register: signature

- name: "Remove a signature from a Signature Set"
  thalesgroup.ciphertrust.cte_signature_set:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: delete_signature
    id: "{{ signature_set['response']['id'] }}"
    signature_id: "{{ signature['response']['id'] }}"

- name: "Sends a signature signing request to the client"
  thalesgroup.ciphertrust.cte_signature_set:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: sign_app
    id: "{{ signature_set['response']['id'] }}"
    client_id: Client1

Authors

  • Anurag Jain, Developer Advocate Thales Group