Horizon revoke plugin
Note
This module is part of the evertrust.horizon collection (version 1.5.0).
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install evertrust.horizon
.
To use it in a playbook, specify: evertrust.horizon.horizon_revoke
.
Synopsis
Performs a revocation against the Horizon API.
Note
This module has a corresponding action plugin.
Parameters
Parameter |
Comments |
---|---|
Path of a CA bundle used to validate the Horizon instance SSL certificate. |
|
The ID of the certificate to revoke. |
|
The PEM encoded certificate to revoke. |
|
The path to the PEM encoded certificate to revoke. |
|
Path of a client certificate. Required if you use certificate based authentication |
|
Path of a client certificate’s key. Required if you use certificate based authentication |
|
Your Horizon instance base endpoint. It must include the protocol (https://) and no trailing slash nor path. |
|
The PEM encoded private key associated to the certificate. |
|
The path to the PEM encoded private key associated to the certificate. |
|
The reason for revoking the certificate. Choices:
|
|
Do not raise an exception when the certificate is already revoked. Choices:
|
|
Horizon identifier Required if you use credentials authentication |
|
Horizon password Required if you use credentials authentication |
Notes
Note
Revoking a certificate requires permissions on the related profile.
Examples
- name: Revoke a certificate by its content
evertrust.horizon.horizon_revoke:
endpoint: "https://<horizon-endpoint>"
x_api_id: "<horizon-id>"
x_api_key: "<horizon-password>"
certificate_pem: "-----BEGIN CERTIFICATE----- ... -----END CERTIFICATE-----"
skip_already_revoked: true
- name: Revoke a certificate by its file
evertrust.horizon.horizon_revoke:
endpoint: "https://<horizon-endpoint>"
x_api_id: "<horizon-id>"
x_api_key: "<horizon-password>"
certificate_pem:
src: path/to/pem
- name: Revoke a certificate with pop
evertrust.horizon.horizon_revoke:
endpoint: "https://<horizon-endpoint>"
certificate_pem:
src: path/to/pem
private_key:
src: path/to/key
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
The certificate that was revoked for this request. This is only available after the request has been approved. Returned: Always |
|
Horizon internal ID. Returned: If specifically requested |
|
The certificate’s PEM-encoded content. Returned: If specifically requested |
|
The certificate’s contact email. It will be used to send notifications about the certificate’s expiration and revocation. Returned: If specifically requested |
|
Whether the certificate’s revocation status is synchronized with a CRL. Returned: If present and specifically requested |
|
If the certificate was discovered and is found to be issued by an existing trusted CA, this field will be set to true. If the certificate was discovered and is not found to be issued by an existing trusted CA, this field will be set to false. If the certificate was not discovered, this field will be null. Returned: If present and specifically requested |
|
A list of metadata containing information on where the certificate was discovered. Returned: Only if the certificate was discovered |
|
The certificate’s host hostnames (netscan only). Returned: If present |
|
The certificate’s host ip. Returned: Always |
|
The certificate’s host operating system (localscan only). Returned: If present |
|
The path to the certificate on the host machine (localscan only). Returned: If present |
|
Information on the type of discovery that discovered this certificate. Returned: Always |
|
The ports on which the certificate is exposed for https connexion. Returned: If present |
|
The number of the port. Returned: Always |
|
Protocol version used. Returned: Always |
|
The path of the configuration files that were used to find the certificates. Returned: If present |
|
A list of metadata containing information on how and when the certificate was discovered. Returned: If present and specifically requested |
|
The discovery campaign’s name. Returned: Always |
|
Identifier of the user that discovered this certificate. Returned: If present |
|
When this certificate was discovered for the last time. Returned: Always |
|
The certificate’s Distinguished Name. Returned: If specifically requested |
|
The certificate’s extensions. Returned: If present and specifically requested |
|
The extension’s type. Returned: Always |
|
The extension’s value. Returned: Always |
|
The certificate’s grades for the enabled grading policies. Returned: If specifically requested |
|
The grade awarded by the grading policy. Returned: always |
|
The name of the grading policy. Returned: always |
|
The certificate’s holder ID. This is a computed field that is used to count how many similar certificates are in use simultaneously by the same holder. Returned: If specifically requested |
|
The certificate’s issuer Distinguished Name. Returned: If specifically requested |
|
The certificate’s key type. Returned: If specifically requested |
|
The certificate’s labels. Returned: If present and specifically requested |
|
The label’s name. Returned: Always |
|
The label’s value. Returned: Always |
|
The certificate’s technical metadata used internally. Returned: If specifically requested |
|
The metadata name. Returned: Always |
|
The metadata value Returned: Always |
|
The certificate’s module. Returned: If specifically requested |
|
The certificate’s expiration date in milliseconds since the epoch. Returned: If specifically requested |
|
The certificate’s start date in milliseconds since the epoch. Returned: If specifically requested |
|
The certificate’s owner. This is a reference to a local identity identifier. Returned: If specifically requested |
|
The certificate’s profile. Returned: If present and specifically requested |
|
The certificate’s public key thumbprint. Returned: If specifically requested |
|
The certificate’s revocation date in milliseconds since the epoch. This field is only present if the certificate is revoked. Returned: If present and specifically requested |
|
The certificate’s revocation reason. Returned: If specifically requested |
|
Whether the certificate is revoked. Returned: If present and specifically requested |
|
Whether the certificate is self-signed. Returned: If specifically requested |
|
The certificate’s serial number. Returned: If present and specifically requested |
|
The certificate’s signing algorithm. Returned: If specifically requested |
|
The certificate’s Subject Alternate Names. Returned: If specifically requested |
|
The type of the SAN Returned: Always |
|
The value of the SAN Returned: Always |
|
The certificate’s team. This is a reference to a team identifier. It will be used to determine the certificate’s permissions and send notifications. Returned: If specifically requested |
|
The certificate’s information about synchronization with Horizon supported third parties. Returned: If present and specifically requested |
|
The third party connector name on which this certificate is synchronized. Returned: Always |
|
The fingerprint of this certificate on the third party. Returned: If present |
|
The Id of this certificate on the third party. Returned: Always |
|
The date when the certificate was pushed to this third party. Returned: If present |
|
The date when the certificate was removed from this third party (in case of revocation). Returned: If present |
|
The certificate’s thumbprint. Returned: If specifically requested |
|
The result of the execution of triggers on this certificate. Returned: If present and specifically requested. |
|
Contains details on this trigger’s execution. Returned: If present |
|
The event that triggered the trigger. Returned: Always |
|
The last time this trigger was executed for this certificate and this event. Returned: Always |
|
The name of the trigger that was executed. Returned: Always |
|
Time that will be waited between the next and the next+1 execution of this trigger. Returned: If present |
|
The next scheduled execution time for this trigger. Returned: If present |
|
The number of remaining tries before the trigger is abandoned. Returned: If present |
|
Is this trigger manually retryable. Returned: Always |
|
The status of the trigger after its execution. Returned: Always |
|
The type of the trigger. Returned: Always |
|
Certificate’s trust chain. Returned: Always |