external_certificate_authority – Manage an external Hyperledger Fabric certificate authority

Synopsis

Import or remove an external Hyperledger Fabric certificate authority by using the IBM Blockchain Platform.

This module works with the IBM Blockchain Platform managed service running in IBM Cloud, or the IBM Blockchain Platform software running in a Red Hat OpenShift or Kubernetes cluster.

Parameters

api_endpoint (required)

The URL for the IBM Blockchain Platform console.

Type: str

api_authtype (required)

ibmcloud - Authenticate to the IBM Blockchain Platform console using IBM Cloud authentication. You must provide a valid API key using api_key.

basic - Authenticate to the IBM Blockchain Platform console using basic authentication. You must provide both a valid API key using api_key and API secret using api_secret.

Type: str

api_key (required)

The API key for the IBM Blockchain Platform console.

Type: str

api_secret

The API secret for the IBM Blockchain Platform console.

Only required when api_authtype is basic.

Type: str

api_timeout

The timeout, in seconds, to use when interacting with the IBM Blockchain Platform console.

Type: int

Default value: 60

api_token_endpoint

The IBM Cloud IAM token endpoint to use when using IBM Cloud authentication.

Only required when api_authtype is ibmcloud, and you are using IBM internal staging servers for testing.

Type: str

Default value: https://iam.cloud.ibm.com/identity/token

state

absent - A certificate authority matching the specified name will be stopped and removed.

present - Asserts that a certificate authority matching the specified name and configuration exists. If no certificate authority matches the specified name, a certificate authority will be created. If a certificate authority matches the specified name but the configuration does not match, then the certificate authority will be updated, if it can be. If it cannot be updated, it will be removed and re-created with the specified configuration.

Type: str

Default value: present

name

The name of the external certificate authority.

Only required when state is absent.

Type: str

certificate_authority

The definition of the external certificate authority

Only required when state is present.

Type: dict

name

The name of the certificate authority.

Type: str

api_url

The URL for the API of the certificate authority.

Type: str

operations_url

The URL for the operations service of the certificate authority.

Type: str

ca_url

The URL for the API of the certificate authority.

Type: str

ca_name

The certificate authority name to use for enrollment requests.

Type: str

tlsca_name

The certificate authority name to use for TLS enrollment requests.

Type: str

location

The location of the certificate authority.

Type: str

pem

The TLS certificate chain for the certificate authority.

The TLS certificate chain is returned as a base64 encoded PEM.

Type: str

tls_cert

The TLS certificate chain for the certificate authority.

The TLS certificate chain is returned as a base64 encoded PEM.

Type: str

Examples

- name: Import the certificate authority
  ibm.blockchain_platform.external_certificate_authority:
    status: present
    api_endpoint: https://ibp-console.example.org:32000
    api_authtype: basic
    api_key: xxxxxxxx
    api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    certificate_authority: "{{ lookup('file', 'Org1 CA.json') }}"

- name: Remove the imported certificate authority
  ibm.blockchain_platform.external_certificate_authority:
    state: absent
    api_endpoint: https://ibp-console.example.org:32000
    api_authtype: basic
    api_key: xxxxxxxx
    api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    name: Org1 CA

Return Values

certificate_authority

The certificate authority.

Returned: when state is present

Type: dict

name

The name of the certificate authority.

Type: str

Sample: Org1 CA

api_url

The URL for the API of the certificate authority.

Type: str

Sample: https://org1ca-api.example.org:32000

operations_url

The URL for the operations service of the certificate authority.

Type: str

Sample: https://org1ca-operations.example.org:32000

ca_url

The URL for the API of the certificate authority.

Type: str

Sample: https://org1ca-api.example.org:32000

ca_name

The certificate authority name to use for enrollment requests.

Type: str

Sample: ca

tlsca_name

The certificate authority name to use for TLS enrollment requests.

Type: str

Sample: tlsca

location

The location of the certificate authority.

Type: str

Sample: ibmcloud

pem

The TLS certificate chain for the certificate authority.

The TLS certificate chain is returned as a base64 encoded PEM.

Type: str

Sample: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...

tls_cert

The TLS certificate chain for the certificate authority.

The TLS certificate chain is returned as a base64 encoded PEM.

Type: str

Sample: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...