thalesgroup.ciphertrust.domain_save module – Create or manage domains

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.domain_save.

New in thalesgroup.ciphertrust 1.0.0

Synopsis

  • This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with domains management API

Parameters

Parameter

Comments

admins

list / elements=string / required

List of administrators for the domain

Default: ["none"]

allow_user_management

boolean

To allow user creation and management in the domain, set it to true

Choices:

  • false ← (default)

  • true

connection_id

string

HSM connection ID pertaining to the domain KEK

Default: "none"

domain_kek_label

string

Label of the target domain KEK

Default: "none"

hsm_connection_id

string

The ID of the HSM connection. Required for HSM-anchored domains.

Default: "none"

hsm_kek_label

string

Optional name field for the domain KEK for an HSM-anchored domain. If not provided, a random UUID is assigned for KEK label.

Default: "none"

interface_id

string

Identifier of the domain to be patched

localNode

dictionary / required

this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM)

holds IP/FQDN of the server, username, password, and port

password

string / required

admin password of CM

server_ip

string / required

CM Server IP or FQDN

server_port

integer / required

Port on which CM server is listening

Default: 5432

server_private_ip

string / required

internal or private IP of the CM Server, if different from the server_ip

user

string / required

admin username of CM

verify

boolean / required

if SSL verification is required

Choices:

  • false ← (default)

  • true

meta

dictionary

Optional end-user or service data stored with the domain.

name

string / required

The name of the domain

Default: "none"

op_type

string / required

Operation to be performed

Choices:

  • "create"

  • "patch"

parent_ca_id

string

This optional parameter is the ID or URI of the parent domain’s CA. This CA is used for signing the default CA of a newly created sub-domain. The oldest CA in the parent domain is used if this value is not supplied.

Default: "none"

Examples

- name: "Create Domain"
  thalesgroup.ciphertrust.domain_save:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: create
    admins:
      - local|4d1c26ab-8730-4d44-af5c-9a8641d0266d
      - local|c7cf4efc-df81-4446-a30e-2dd5badf44b4
    name: AnsibleDomain
    parent_ca_id: a5e0fa8a-a7f7-434c-ade8-f84de040269a

- name: "Patch Domain"
  thalesgroup.ciphertrust.domain_save:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: patch
    domain_id: "ID_STRING"
    connection_id: "ID_STRING"

Authors

  • Anurag Jain, Developer Advocate Thales Group