thalesgroup.ciphertrust.interface_actions module – Perform operations on CipherTrust Manager interface

Note

This module is part of the thalesgroup.ciphertrust collection (version 1.0.0).

To install it, use: ansible-galaxy collection install thalesgroup.ciphertrust.

To use it in a playbook, specify: thalesgroup.ciphertrust.interface_actions.

New in thalesgroup.ciphertrust 1.0.0

Synopsis

  • This is a Thales CipherTrust Manager module for working with the CipherTrust Manager APIs, more specifically with interface actions API

Parameters

Parameter

Comments

certificate

string

The certificate and key data in PEM format or base64 encoded PKCS12 format. A chain chain of certs may be included - it must be in ascending order (server to root ca).

required if op_type is put_certificate

Default: "none"

cn

string

Common name

required if op_type is csr

Default: "none"

copy_from

string

Source interface name

required if op_type is use-certificate

Default: "none"

dns_names

list / elements=string

Subject Alternative Names (SAN) DNS names

Default: ["none"]

email_addresses

list / elements=string

Subject Alternative Names (SAN) Email addresses

Default: ["none"]

format

string

The format of the certificate data (PEM or PKCS12).

required if op_type is put_certificate

Default: "none"

generate

string

Create a new self-signed certificate

Default: "none"

interface_id

string / required

Identifier of the interface to be updated

ip_addresses

list / elements=string

Subject Alternative Names (SAN) IP addresses

Default: ["none"]

localNode

dictionary / required

this holds the connection parameters required to communicate with an instance of CipherTrust Manager (CM)

holds IP/FQDN of the server, username, password, and port

password

string / required

admin password of CM

server_ip

string / required

CM Server IP or FQDN

server_port

integer / required

Port on which CM server is listening

Default: 5432

server_private_ip

string / required

internal or private IP of the CM Server, if different from the server_ip

user

string / required

admin username of CM

verify

boolean / required

if SSL verification is required

Choices:

  • false ← (default)

  • true

names

list / elements=dictionary

Name fields like O, OU, L, ST, C

Default: []

op_type

string / required

Operation to be performed

Choices:

  • "put_certificate"

  • "enable"

  • "disable"

  • "restore-default-tls-ciphers"

  • "csr"

  • "auto-gen-server-cert"

  • "use-certificate"

password

string

Password to the encrypted key

Default: "none"

Examples

- name: "Add Cert to Interface"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: put_certificate
    interface_id: "interface_identifier"
    certificate: "cert_key_data"
    format: PEM

- name: "Enable Interface"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: enable
    interface_id: "interface_identifier"

- name: "Disable Interface"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: disable
    interface_id: "interface_identifier"

- name: "Restore default TLS Ciphers"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: restore-default-tls-ciphers
    interface_id: "interface_identifier"

- name: "Create CSR"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: csr
    interface_id: "interface_identifier"
    cn: "csr_cn"

- name: "Auto Generate Server Certificate"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: auto-gen-server-cert
    interface_id: "interface_identifier"

- name: "Use certificate"
  thalesgroup.ciphertrust.interface_actions:
    localNode:
        server_ip: "IP/FQDN of CipherTrust Manager"
        server_private_ip: "Private IP in case that is different from above"
        server_port: 5432
        user: "CipherTrust Manager Username"
        password: "CipherTrust Manager Password"
        verify: false
    op_type: use-certificate
    interface_id: "interface_identifier"
    copy_from: "Name_Source_Interface"

Authors

  • Anurag Jain, Developer Advocate Thales Group