Adding upstream version 7.7.0+dfsg.upstream/7.7.0+dfsg

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 75 insertions, 0 deletions

diff --git a/ansible_collections/cisco/ise/playbooks/certificate_management.yml b/ansible_collections/cisco/ise/playbooks/certificate_management.yml
new file mode 100644
index 000000000..90ebc1e67
--- /dev/null
+++ b/ansible_collections/cisco/ise/playbooks/certificate_management.yml
@@ -0,0 +1,75 @@
+---
+- hosts: ise_servers
+  gather_facts: false
+  name: Certificate management
+  tasks:
+    # - name: Import certificate into ISE node
+    #   cisco.ise.trusted_certificate_import:
+    #     ise_hostname: "{{ ise_hostname }}"
+    #     ise_username: "{{ ise_username }}"
+    #     ise_password: "{{ ise_password }}"
+    #     ise_verify: "{{ ise_verify }}"
+    #     data: "{{ lookup('file', item) }}"
+    #     description: Root CA public certificate
+    #     name: RootCert
+    #     allowBasicConstraintCAFalse: true
+    #     allowOutOfDateCert: false
+    #     allowSHA1Certificates: true
+    #     trustForCertificateBasedAdminAuth: true
+    #     trustForCiscoServicesAuth: true
+    #     trustForClientAuth: true
+    #     trustForIseAuth: true
+    #     validateCertificateExtensions: true
+    #   with_fileglob:
+    #     - "/Users/rcampos/Downloads/RootCACert.pem"
+
+    - name: Generate CSR
+      cisco.ise.csr_generate:
+        ise_hostname: "{{ ise_hostname }}"
+        ise_username: "{{ ise_username }}"
+        ise_password: "{{ ise_password }}"
+        ise_verify: "{{ ise_verify }}"
+        allowWildCardCert: true
+        subjectCommonName: ise.securitydemo.net
+        subjectOrgUnit: Sample OU
+        subjectOrg: Sample Org
+        subjectCity: San Francisco
+        subjectState: CA
+        subjectCountry: US
+        keyType: ECDSA
+        keyLength: 1024
+        digestType: SHA-256
+        usedFor: MULTI-USEw
+      register: result
+
+    - name: Set ID value to variable
+      ansible.builtin.set_fact:
+        csr_id: "{{ result['ise_response']['response'][0]['id']}}"
+      when: not ansible_check_mode
+
+    - name: Pause until the CSR has been signed by the CA
+      ansible.builtin.pause:
+    - name: Bind Signed Certificate
+      cisco.ise.bind_signed_certificate:
+        ise_hostname: "{{ ise_hostname }}"
+        ise_username: "{{ ise_username }}"
+        ise_password: "{{ ise_password }}"
+        ise_verify: "{{ ise_verify }}"
+        admin: true
+        allowExtendedValidity: true
+        allowOutOfDateCert: true
+        allowReplacementOfCertificates: true
+        allowReplacementOfPortalGroupTag: true
+        data: "{{ lookup('file', item) }}"
+        hostName: ise.securitydemo.net
+        name: My Signed Certificate
+        validateCertificateExtensions: true
+        id: "{{ csr_id }}"
+        eap: true
+        radius: true
+        pxgrid: true
+        ims: true
+        portal: true
+      with_fileglob:
+        - /Users/rcampos/Downloads/RootCACert.pem
+      when: not ansible_check_mode