Horizon recover plugin

Note

This module is part of the evertrust.horizon collection (version 1.5.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install evertrust.horizon.

To use it in a playbook, specify: evertrust.horizon.horizon_recover.

Synopsis

  • Performs an recovery against the Horizon API.

Note

This module has a corresponding action plugin.

Parameters

Parameter

Comments

ca_bundle

path

Path of a CA bundle used to validate the Horizon instance SSL certificate.

certificate_pem

string

The PEM encoded certificate to recover.

src

path

The path to the PEM encoded certificate to recover.

client_cert

path

Path of a client certificate.

Required if you use certificate based authentication

client_key

path

Path of a client certificate’s key.

Required if you use certificate based authentication

endpoint

string / required

Your Horizon instance base endpoint.

It must include the protocol (https://) and no trailing slash nor path.

password

string

Security password for the certificate.

Password policies will be applied to check validity.

Only required if the password generation mode is manual.

x_api_id

string

Horizon identifier

Required if you use credentials authentication

x_api_key

string

Horizon password

Required if you use credentials authentication

Notes

Note

  • Recovering a certificate requires permissions on the related profile.

  • Be sure to use the “Recover API” permission instead of “Recover”.

Examples

- name: Recover a certificate by its content
  evertrust.horizon.horizon_recover:
    endpoint: "https://<horizon-endpoint>"
    x_api_id: "<horizon-id>"
    x_api_key: "<horizon-password>"
    certificate_pem: "-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----"
    password: "examplePassword"

- name: Recover a certificate by a file
  evertrust.horizon.horizon_recover:
    endpoint: "https://<horizon-endpoint>"
    x_api_id: "<horizon-id>"
    x_api_key: "<horizon-password>"
    certificate_pem:
      src: pem/file/path
    password: "examplePassword"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

certificate

dictionary

The certificate that was generated for this request. This is only available after the request has been approved.

Returned: Always

_id

string

Horizon internal ID.

Returned: If specifically requested

certificate

string

The certificate’s PEM-encoded content.

Returned: If specifically requested

contactEmail

string

The certificate’s contact email. It will be used to send notifications about the certificate’s expiration and revocation.

Returned: If specifically requested

crlSynchronized

boolean

Whether the certificate’s revocation status is synchronized with a CRL.

Returned: If present and specifically requested

discoveredTrusted

boolean

If the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null.

Returned: If present and specifically requested

discoveryData

list / elements=dictionary

A list of metadata containing information on where the certificate was discovered.

Returned: Only if the certificate was discovered

hostnames

list / elements=string

The certificate’s host hostnames (netscan only).

Returned: If present

ip

string

The certificate’s host ip.

Returned: Always

operatingSystems

list / elements=string

The certificate’s host operating system (localscan only).

Returned: If present

paths

list / elements=string

The path to the certificate on the host machine (localscan only).

Returned: If present

sources

list / elements=string

Information on the type of discovery that discovered this certificate.

Returned: Always

tlsPorts

list / elements=dictionary

The ports on which the certificate is exposed for https connexion.

Returned: If present

port

integer

The number of the port.

Returned: Always

version

string

Protocol version used.

Returned: Always

usages

list / elements=string

The path of the configuration files that were used to find the certificates.

Returned: If present

discoveryInfo

list / elements=dictionary

A list of metadata containing information on how and when the certificate was discovered.

Returned: If present and specifically requested

campaign

string

The discovery campaign’s name.

Returned: Always

identifier

string

Identifier of the user that discovered this certificate.

Returned: If present

lastDiscoveryDate

integer

When this certificate was discovered for the last time.

Returned: Always

dn

string

The certificate’s Distinguished Name.

Returned: If specifically requested

extensions

list / elements=dictionary

The certificate’s extensions.

Returned: If present and specifically requested

key

string

The extension’s type.

Returned: Always

value

string

The extension’s value.

Returned: Always

grades

list / elements=dictionary

The certificate’s grades for the enabled grading policies.

Returned: If specifically requested

grade

string

The grade awarded by the grading policy.

Returned: always

name

string

The name of the grading policy.

Returned: always

holderId

string

The certificate’s holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder.

Returned: If specifically requested

issuer

string

The certificate’s issuer Distinguished Name.

Returned: If specifically requested

keyType

string

The certificate’s key type.

Returned: If specifically requested

labels

list / elements=dictionary

The certificate’s labels.

Returned: If present and specifically requested

key

string

The label’s name.

Returned: Always

value

string

The label’s value.

Returned: Always

metadata

list / elements=dictionary

The certificate’s technical metadata used internally.

Returned: If specifically requested

key

string

The metadata name.

Returned: Always

value

string

The metadata value

Returned: Always

module

string

The certificate’s module.

Returned: If specifically requested

notAfter

integer

The certificate’s expiration date in milliseconds since the epoch.

Returned: If specifically requested

notBefore

integer

The certificate’s start date in milliseconds since the epoch.

Returned: If specifically requested

owner

string

The certificate’s owner. This is a reference to a local identity identifier.

Returned: If specifically requested

profile

string

The certificate’s profile.

Returned: If present and specifically requested

publicKeyThumbprint

string

The certificate’s public key thumbprint.

Returned: If specifically requested

revocationDate

integer

The certificate’s revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked.

Returned: If present and specifically requested

revocationReason

string

The certificate’s revocation reason.

Returned: If specifically requested

revoked

boolean

Whether the certificate is revoked.

Returned: If present and specifically requested

selfSigned

boolean

Whether the certificate is self-signed.

Returned: If specifically requested

serial

string

The certificate’s serial number.

Returned: If present and specifically requested

signingAlgorithm

string

The certificate’s signing algorithm.

Returned: If specifically requested

subjectAlternateNames

list / elements=dictionary

The certificate’s Subject Alternate Names.

Returned: If specifically requested

sanType

string

The type of the SAN

Returned: Always

value

string

The value of the SAN

Returned: Always

team

string

The certificate’s team. This is a reference to a team identifier. It will be used to determine the certificate’s permissions and send notifications.

Returned: If specifically requested

thirdPartyData

list / elements=dictionary

The certificate’s information about synchronization with Horizon supported third parties.

Returned: If present and specifically requested

connector

string

The third party connector name on which this certificate is synchronized.

Returned: Always

fingerprint

string

The fingerprint of this certificate on the third party.

Returned: If present

id

string

The Id of this certificate on the third party.

Returned: Always

pushDate

integer

The date when the certificate was pushed to this third party.

Returned: If present

removeDate

integer

The date when the certificate was removed from this third party (in case of revocation).

Returned: If present

thumbprint

string

The certificate’s thumbprint.

Returned: If specifically requested

triggerResults

list / elements=dictionary

The result of the execution of triggers on this certificate.

Returned: If present and specifically requested.

detail

string

Contains details on this trigger’s execution.

Returned: If present

event

string

The event that triggered the trigger.

Returned: Always

lastExecutionDate

integer

The last time this trigger was executed for this certificate and this event.

Returned: Always

name

string

The name of the trigger that was executed.

Returned: Always

nextDelay

string

Time that will be waited between the next and the next+1 execution of this trigger.

Returned: If present

nextExecutionDate

integer

The next scheduled execution time for this trigger.

Returned: If present

retries

integer

The number of remaining tries before the trigger is abandoned.

Returned: If present

retryable

boolean

Is this trigger manually retryable.

Returned: Always

status

string

The status of the trigger after its execution.

Returned: Always

triggerType

string

The type of the trigger.

Returned: Always

chain

string

Certificate’s trust chain.

Returned: Always

key

string

Certificate’s private key.

Returned: If present

p12

string

Base64-encoded PKCS#12

Returned: If present

p12_password

string

PKCS#12 password

Returned: If present

Authors

  • Evertrust R&D (@EverTrust)