isam-ansible-roles / import_ca_certs / tasks / main.yml

[rfransix]

Hi, I've imported certs using import_ca_certs that I need to delete.

How do i edit a copy of import_ca_certs/tasks/main.yml to delete the certs i just imported?

Thank you. I see the delete function in the .py file.

[rfransix]

Any help, ideas on how to do this? Thank you.

[ram-ibm]

Create a delete_ca_certs role and leverage the right python function. You can clone import_ca_certs to provide a guidance.

[rfransix]

Yup. Tried that. The action is reject when set to ‘delete’

From: Ram Sreerangam [mailto:notifications@github.com] Sent: Wednesday, March 04, 2020 7:35 AM To: IBM-Security/isam-ansible-roles Cc: rfransix; Author Subject: Re: [IBM-Security/isam-ansible-roles] isam-ansible-roles / import_ca_certs / tasks / main.yml (#181)

Create a delete_ca_certs role and leverage the right python function. You can clone import_ca_certs to provide a guidance.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/IBM-Security/isam-ansible-roles/issues/181?email_source=notifications&email_token=AKFUPRHGPHRDN4R63HR63GLRFZKHTA5CNFSM4KYBHXNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENX3ZSA#issuecomment-594525384 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AKFUPRFAAM4TVKGSPYEE643RFZKHTANCNFSM4KYBHXNA . https://github.com/notifications/beacon/AKFUPRF4HPZZ36FEO7G2BVLRFZKHTA5CNFSM4KYBHXNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENX3ZSA.gif

[ram-ibm]

Please provide details of what your task looks like and the error.

[rfransix]

I get this message: “Error> invalid action was specified, method not found in module!” “name”:“ibmsecurity.isam.base.ssl_certificates.signer_certificate.delete_cert”

From: Ram Sreerangam [mailto:notifications@github.com] Sent: Wednesday, March 04, 2020 7:35 AM To: IBM-Security/isam-ansible-roles Cc: rfransix; Author Subject: Re: [IBM-Security/isam-ansible-roles] isam-ansible-roles / import_ca_certs / tasks / main.yml (#181)

Create a delete_ca_certs role and leverage the right python function. You can clone import_ca_certs to provide a guidance.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/IBM-Security/isam-ansible-roles/issues/181?email_source=notifications&email_token=AKFUPRHGPHRDN4R63HR63GLRFZKHTA5CNFSM4KYBHXNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENX3ZSA#issuecomment-594525384 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AKFUPRFAAM4TVKGSPYEE643RFZKHTANCNFSM4KYBHXNA . https://github.com/notifications/beacon/AKFUPRF4HPZZ36FEO7G2BVLRFZKHTA5CNFSM4KYBHXNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOENX3ZSA.gif

[ram-ibm]

Change the action to be ibmsecurity.isam.base.ssl_certificates.signer_certificate.delete.

Then make sure that isamapi has the following entries: kdb_id cert_id Something like this:

- name: Delete CA Certs into {{ delete_ca_certs_kdb_id }}
  isam:
    appliance: "{{ inventory_hostname }}"
    username:  "{{ username }}"
    password:  "{{ password }}"
    lmi_port:  "{{ lmi_port }}"
    log:       "{{ log_level }}"
    force:     "{{ force }}"
    action: ibmsecurity.isam.base.ssl_certificates.signer_certificate.delete
    isamapi:
      kdb_id : "{{ delete_ca_certs_kdb_id }}"
      cert_id   : "{{ delete_ca_certs_cert_id }}"
  when: delete_ca_certs_kdb_id is defined and delete_ca_certs_cert_id is defined
  notify:
  - Commit Changes

If you want the default/main.yml can have a default value for kdb_id if desired.

[rfransix]

Thanks. This did not work. Can you view an IBM support case? That way I can upload all the yml files.

From: Ram Sreerangam [mailto:notifications@github.com] Sent: Wednesday, March 04, 2020 5:19 PM To: IBM-Security/isam-ansible-roles Cc: rfransix; Author Subject: Re: [IBM-Security/isam-ansible-roles] isam-ansible-roles / import_ca_certs / tasks / main.yml (#181)

Change the action to be ibmsecurity.isam.base.ssl_certificates.signer_certificate.delete.

Then make sure that isamapi has the following entries: kdb_id cert_id Something like this:

• name: Delete CA Certs into {{ delete_ca_certs_kdb_id }} isam: appliance: "{{ inventory_hostname }}" username: "{{ username }}" password: "{{ password }}" lmi_port: "{{ lmi_port }}" log: "{{ log_level }}" force: "{{ force }}" action: ibmsecurity.isam.base.ssl_certificates.signer_certificate.delete isamapi: kdb_id : "{{ delete_ca_certs_kdb_id }}" cert_id : "{{ delete_ca_certs_cert_id }}" when: delete_ca_certs_kdb_id is defined and delete_ca_certs_cert_id is defined notify:
  • Commit Changes

If you want the default/main.yml can have a default value for kdb_id if desired.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/IBM-Security/isam-ansible-roles/issues/181?email_source=notifications&email_token=AKFUPRGLJU7TFUUVWARDQMLRF3OWJA5CNFSM4KYBHXNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEN25M6Y#issuecomment-594925179 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AKFUPRHPQLWVRZJYVCE2EZLRF3OWJANCNFSM4KYBHXNA . https://github.com/notifications/beacon/AKFUPRGWQVXBKKIXKW4FI53RF3OWJA5CNFSM4KYBHXNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEN25M6Y.gif

[rfransix]

Hi, can you read IBM cases, so I can upload the data.

From: Ram Sreerangam [mailto:notifications@github.com] Sent: Wednesday, March 04, 2020 5:19 PM To: IBM-Security/isam-ansible-roles Cc: rfransix; Author Subject: Re: [IBM-Security/isam-ansible-roles] isam-ansible-roles / import_ca_certs / tasks / main.yml (#181)

Change the action to be ibmsecurity.isam.base.ssl_certificates.signer_certificate.delete.

Then make sure that isamapi has the following entries: kdb_id cert_id Something like this:

• name: Delete CA Certs into {{ delete_ca_certs_kdb_id }} isam: appliance: "{{ inventory_hostname }}" username: "{{ username }}" password: "{{ password }}" lmi_port: "{{ lmi_port }}" log: "{{ log_level }}" force: "{{ force }}" action: ibmsecurity.isam.base.ssl_certificates.signer_certificate.delete isamapi: kdb_id : "{{ delete_ca_certs_kdb_id }}" cert_id : "{{ delete_ca_certs_cert_id }}" when: delete_ca_certs_kdb_id is defined and delete_ca_certs_cert_id is defined notify:
  • Commit Changes

If you want the default/main.yml can have a default value for kdb_id if desired.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/IBM-Security/isam-ansible-roles/issues/181?email_source=notifications&email_token=AKFUPRGLJU7TFUUVWARDQMLRF3OWJA5CNFSM4KYBHXNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEN25M6Y#issuecomment-594925179 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AKFUPRHPQLWVRZJYVCE2EZLRF3OWJANCNFSM4KYBHXNA . https://github.com/notifications/beacon/AKFUPRGWQVXBKKIXKW4FI53RF3OWJA5CNFSM4KYBHXNKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEN25M6Y.gif

[ram-ibm]

You can let IBM Support know to reach out to me when you update the case - in the meantime, let me see if I can create a role for you.

[ram-ibm]

I just pushed a new role - was not able to test right away. Update here if you continue to face issue. default/main.yml has notes on how to pass multiple cert_ids to delete at a time.