fabiog1901.cockroachdb.cc_cmek_info module – Get CMEK-related information for a cluster.
Note
This module is part of the fabiog1901.cockroachdb collection (version 1.0.0).
To install it, use: ansible-galaxy collection install fabiog1901.cockroachdb.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: fabiog1901.cockroachdb.cc_cmek_info.
New in fabiog1901.cockroachdb 1.0.0
Synopsis
Get CMEK-related information for a cluster.
A Cockroach Cloud Service Account API Key is required.
Export the key as environment variable ‘CC_KEY’ or pass it on module invokation
Requirements
The below requirements are needed on the host that executes this module.
cockroachdb-cloud-client
Parameters
Parameter |
Comments |
|---|---|
Define details for the API client |
|
The API version to use Default: |
|
The Service Account API key This value is log redacted By default it reads the env variable ‘CC_KEY’ |
|
the hostname of the API server Default: |
|
the path to the API endpoint Default: |
|
the port number, as a string, for the API server Default: |
|
http or https Choices:
|
|
whether the client should verify the server cert Choices:
|
|
The UUID or name of the cluster. |
Examples
- name: Get CMEK-related information for a cluster
fabiog1901.cockroachdb.cc_cmek_info:
cluster_id: my-dev-cluster1
api_client:
api_version: '2022-09-20'
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
CMEKClusterInfo contains the status of CMEK across an entire cluster, including within each one its regions. Returned: success |
|
CMEKRegionInfo contains the status of CMEK within a region. This includes current and past key specifications used within the region, as well as the status of those specifications Returned: always |
|
CMEKKeyInfo contains the status of a customer-provided key alongside the specification. Returned: always |
|
Returned: always |
|
CMEKKeySpecification contains all the details necessary to use a customer-provided encryption key. This involves the type/location of the key and the principal to authenticate as when accessing it. Returned: always |
|
Returned: always |
|
CMEKKeyType enumerates types of customer-managed keys. UNKNOWN_KEY_TYPE: UNKNOWN should never be used; if it is used, it indicates a bug. Allowed: AWS_KMS┃GCP_CLOUD_KMS Returned: always |
|
Returned: always |
|
CMEKStatus describes the current status of CMEK for an entire CRDB cluster or a CMEK key within a region. UNKNOWN_STATUS: UNKNOWN should never be used; if it is used, it indicates a bug. DISABLED: DISABLED corresponds to the state of a cluster or region-level key when CMEK has finished being disabled. By default, CMEK will be disabled for new clusters. DISABLING: DISABLING corresponds to the state of a cluster or region-level key when CMEK is in the process of being disabled. DISABLE_FAILED: DISABLE_FAILED corresponds to the state of a cluster or region-level key when CMEK has failed to be disabled. ENABLED: ENABLED corresponds to the state of a cluster or region-level key when CMEK is enabled. ENABLING: ENABLING corresponds to the state of a cluster or region-level key when CMEK is in the process of being enabled. ENABLE_FAILED: ENABLE_FAILED corresponds to the state of a cluster or region-level key when CMEK has failed to be enabled. ROTATING: ROTATING corresponds to the state of a cluster or region when the a new spec is in the process of being enabled while an existing spec is being disabled. ROTATE_FAILED: ROTATE_FAILED corresponds to the state of a cluster or region if there was a failure to update from one CMEK spec to another. REVOKED: REVOKED corresponds to the state of a cluster or region-level key when the customer has revoked CockroachLab’s permissions for their key. REVOKING: REVOKING corresponds to the state of a cluster or region-level key when CMEK is in the process of being revoked. REVOKE_FAILED: REVOKE_FAILED corresponds to the state of a cluster or region-level key when CMEK has failed to be revoked. Allowed: DISABLED┃DISABLING┃DISABLE_FAILED┃ENABLED┃ENABLING┃ENABLE_FAILED┃ROTATING┃ROTATE_FAILED┃REVOKED┃REVOKING┃REVOKE_FAILED Returned: always |
|
Returned: always |
|
Returned: always |
|
Returned: success |
|
CMEKStatus describes the current status of CMEK for an entire CRDB cluster or a CMEK key within a region. UNKNOWN_STATUS: UNKNOWN should never be used; if it is used, it indicates a bug. DISABLED: DISABLED corresponds to the state of a cluster or region-level key when CMEK has finished being disabled. By default, CMEK will be disabled for new clusters. DISABLING: DISABLING corresponds to the state of a cluster or region-level key when CMEK is in the process of being disabled. DISABLE_FAILED: DISABLE_FAILED corresponds to the state of a cluster or region-level key when CMEK has failed to be disabled. ENABLED: ENABLED corresponds to the state of a cluster or region-level key when CMEK is enabled. ENABLING: ENABLING corresponds to the state of a cluster or region-level key when CMEK is in the process of being enabled. ENABLE_FAILED: ENABLE_FAILED corresponds to the state of a cluster or region-level key when CMEK has failed to be enabled. ROTATING: ROTATING corresponds to the state of a cluster or region when the a new spec is in the process of being enabled while an existing spec is being disabled. ROTATE_FAILED: ROTATE_FAILED corresponds to the state of a cluster or region if there was a failure to update from one CMEK spec to another. REVOKED: REVOKED corresponds to the state of a cluster or region-level key when the customer has revoked CockroachLab’s permissions for their key. REVOKING: REVOKING corresponds to the state of a cluster or region-level key when CMEK is in the process of being revoked. REVOKE_FAILED: REVOKE_FAILED corresponds to the state of a cluster or region-level key when CMEK has failed to be revoked. Allowed: DISABLED┃DISABLING┃DISABLE_FAILED┃ENABLED┃ENABLING┃ENABLE_FAILED┃ROTATING┃ROTATE_FAILED┃REVOKED┃REVOKING┃REVOKE_FAILED Returned: always |
|
CMEKStatus describes the current status of CMEK for an entire CRDB cluster or a CMEK key within a region. UNKNOWN_STATUS: UNKNOWN should never be used; if it is used, it indicates a bug. DISABLED: DISABLED corresponds to the state of a cluster or region-level key when CMEK has finished being disabled. By default, CMEK will be disabled for new clusters. DISABLING: DISABLING corresponds to the state of a cluster or region-level key when CMEK is in the process of being disabled. DISABLE_FAILED: DISABLE_FAILED corresponds to the state of a cluster or region-level key when CMEK has failed to be disabled. ENABLED: ENABLED corresponds to the state of a cluster or region-level key when CMEK is enabled. ENABLING: ENABLING corresponds to the state of a cluster or region-level key when CMEK is in the process of being enabled. ENABLE_FAILED: ENABLE_FAILED corresponds to the state of a cluster or region-level key when CMEK has failed to be enabled. ROTATING: ROTATING corresponds to the state of a cluster or region when the a new spec is in the process of being enabled while an existing spec is being disabled. ROTATE_FAILED: ROTATE_FAILED corresponds to the state of a cluster or region if there was a failure to update from one CMEK spec to another. REVOKED: REVOKED corresponds to the state of a cluster or region-level key when the customer has revoked CockroachLab’s permissions for their key. REVOKING: REVOKING corresponds to the state of a cluster or region-level key when CMEK is in the process of being revoked. REVOKE_FAILED: REVOKE_FAILED corresponds to the state of a cluster or region-level key when CMEK has failed to be revoked. Allowed: DISABLED┃DISABLING┃DISABLE_FAILED┃ENABLED┃ENABLING┃ENABLE_FAILED┃ROTATING┃ROTATE_FAILED┃REVOKED┃REVOKING┃REVOKE_FAILED Returned: always |
Authors
Cockroach Labs