forked from Pack3tL0ss/clearpass-api-scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.yaml.example
More file actions
58 lines (51 loc) · 2.95 KB
/
config.yaml.example
File metadata and controls
58 lines (51 loc) · 2.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
%YAML 1.2
---
# CPPM Defaults:
# -- grant_type: client_credentials
# -- webserver: port: Not included in url if not provided (so 80 if url is http or 443 if url is https)
# -- username: nul (must provide value if grant_type: password)
# -- password: nul (must provide value if grant_type: password)
# -- fqdn should be fqdn of VIP or publisher. Cluster nodes will be querried and all nodes will have certs updated.
CPPM:
fqdn: cppm.arubalab.net
client_id: Full API Client
client_secret: ClearPass-API-Client-Secret-Goes-Here
certificates: # At least 1 certificate type is required. By default the script will update all defined types unless called with one or more command line flags --https-rsa --https-ecc --radius --radsec
https_rsa: # This represents the HTTPS(RSA) service in ClearPass > 6.10, or HTTPS in older versions
p12: https-rsa-cppm.arubalab.net.p12 # used as final portion of webserver full url, and as filename expected to exist in web_root (dir) if webserver is local
passphrase: reD@cted!!
#https_ecc:
# p12: https-ecc-cppm.arubalab.net.p12
# passphrase: reD@cted!!
#radius:
# p12: radius-cppm.arubalab.net.p12
# passphrase: reD@cted!!
#radsec:
# p12: radsec-cppm.arubalab.net.p12
# passphrase: reD@cted!!
webserver:
base_url: http://omv.arubalab.net # ip or fqdn cppm would use to access server hosting the cert (this system or external)
port: 8080
path: "certs"
local: false # if not provided the script will attempt to determine if this is the server hosting the cert files.
# setting local will bypass the check. local: true will result in webserver being started on this system
# to serve certificates to cppm. If set to false the server at base_url should be providing the webserver.
web_root: /export/FileDump/certificates/LetsEncrypt # Only applies if this script is also going to act as a temporary webserver to host the certificate.
# The above will result in "http://omv.arubalab.net:8080/certs/https-rsa-cppm.arubalab.net.p12" being used as the full path where CPPM can get the https_rsa cert. The actual cert files should exist in the web_root directory.
# -- // used in pol-elements-from-csv.py \\ --
in_file: in/adgroup2tunnel.csv
authz_src: "arubalabAD"
role_name_pfx: "VPN-"
enf_profile_pfx: "Assign Tunnel "
role_mapping_name: "ANYCONNECT_ROLE_MAPPING"
role_mapping_description: "MAP Tips Role (VPN TUNNEL) Based on AD Group Membership"
enf_policy_name: "ANYCONNECT_ENFOREMENT_POLICY"
enf_policy_description: "Return Radius Accept if user Authorized for selected Tunnel"
# -- service: PushBullet is only valid service currently
# -- Remove this section to disable Notification
# -- Notifications only occur if Update or error (not if no update required)
NOTIFY:
service: PushBullet
api_key: "pushbullet-api-key-goes-here"
# -- additional logging
debug: false