com.vmware.vcenter.trusted_infrastructure package

Submodules

com.vmware.vcenter.trusted_infrastructure.attestation_client module

The com.vmware.vcenter.trusted_infrastructure.attestation_client module provides classes for configuring Attestation Services for Trusted vCenter.

class com.vmware.vcenter.trusted_infrastructure.attestation_client.Services(config)

Bases: vmware.vapi.bindings.stub.VapiInterface

The Services class contains information about the registered instances of the Attestation Service in vCenter. This class was added in vSphere API 7.0.0.

Parameters

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class CreateSpec(address=None, trusted_ca=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.CreateSpec class contains the data necessary for registering an Attestation Service instance to the environment. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.

  • trusted_ca (com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – The service’s TLS certificate chain. This attribute was added in vSphere API 7.0.0.

  • group (str) – The group specifies the Key Provider Service instances that can accept reports issued by this Attestation Service instance. This attribute was added in vSphere API 7.0.0.

  • trust_authority_cluster (str) – The cluster specifies the Trust Authority Cluster this Attestation Service belongs to. This attribute was added in vSphere API 7.0.0.

class FilterSpec(services=None, address=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.FilterSpec class contains the data necessary for identifying an Attestation Service instance. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • services (set of str or None) – A set of IDs by which to filter the services. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. If None, the services will not be filtered by ID.

  • address (list of com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress or None) – A set of address by which to filter. This attribute was added in vSphere API 7.0.0. If None, the services will not be filtered by address.

  • group (set of str or None) – The group specifies the Key Provider Service instances that can accept reports issued by this Attestation Service instance. This attribute was added in vSphere API 7.0.0. If None, the services will not be filtered by group.

  • trust_authority_cluster (set of str or None) – The cluster specifies the Trust Authority Cluster this Attestation Service belongs to. This attribute was added in vSphere API 7.0.0. If None, the services will not be filtered by trustAuthorityCluster.

class Info(address=None, trusted_ca=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.Info class contains all the stored information about a registered Attestation Service instance. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.

  • trusted_ca (com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – The service’s TLS certificate chain. This attribute was added in vSphere API 7.0.0.

  • group (str) – The group specifies the Key Provider Service instances that can accept reports issued by this Attestation Service instance. This attribute was added in vSphere API 7.0.0.

  • trust_authority_cluster (str) – The cluster specifies the Trust Authority Cluster this Attestation Service belongs to. This attribute was added in vSphere API 7.0.0.

RESOURCE_TYPE = 'com.vmware.vcenter.trusted_infrastructure.attestation.Service'

The resource type for the Attestation Service instances. This class attribute was added in vSphere API 7.0.0.

class Summary(service=None, address=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.Summary class contains basic information about a registered Attestation Service instance. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • service (str) – The service’s unique identifier. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service.

  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.

  • group (str) – The group specifies the Key Provider Service instances that can accept reports issued by this Attestation Service instance. This attribute was added in vSphere API 7.0.0.

  • trust_authority_cluster (str) – The cluster specifies the Trust Authority Cluster this Attestation Service instance belongs to. This attribute was added in vSphere API 7.0.0.

create(spec)

Registers a new Attestation Service instance in this vCenter. This method was added in vSphere API 7.0.0.

Parameters

spec (Services.CreateSpec) – The CreateSpec for the new service.

Return type

str

Returns

ID of the newly registered Attestation Service instance. The return value will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service.

Raise

com.vmware.vapi.std.errors_client.AlreadyExists if there is already a Attestation Service instance with the same Address.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the CreateSpec contains invalid data.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ManageTrustedHosts.

delete(service)

Removes a registered Attestation Service instance from this vCenter. This method was added in vSphere API 7.0.0.

Parameters

service (str) – the Attestation Service instance unique identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service.

Raise

com.vmware.vapi.std.errors_client.Error if an error occurred while deleting the service.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.NotFound if the Attestation Service instance is not found.

Raise

com.vmware.vapi.std.errors_client.ResourceBusy if the Attestation Service instance is used by a configuration on a cluster level.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ManageTrustedHosts.

get(service)

Returns the detailed information about a registered Attestation Service instance in this vCenter. This method was added in vSphere API 7.0.0.

Parameters

service (str) – the Attestation Service instance unique identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service.

Return type

Services.Info

Returns

Detailed information about the specified Attestation Service instance.

Raise

com.vmware.vapi.std.errors_client.Error if an error occurred while getting the data.

Raise

com.vmware.vapi.std.errors_client.NotFound if there is no registered Attestation Service instance with the specified ID.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

list(spec=None)

Returns detailed information about all registered Attestation Service instances in this vCenter. This method was added in vSphere API 7.0.0.

Parameters

spec (Services.FilterSpec or None) – Return only services matching the specified filters. If {\@term.unset} return all services.

Return type

list of Services.Summary

Returns

Detailed information about all registered Attestation Service instances in this vCenter.

Raise

com.vmware.vapi.std.errors_client.Error if an error occurred while getting the data.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

class com.vmware.vcenter.trusted_infrastructure.attestation_client.StubFactory(stub_config)

Bases: vmware.vapi.bindings.stub.StubFactoryBase

Initialize StubFactoryBase

Parameters

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance

com.vmware.vcenter.trusted_infrastructure.kms_client module

The com.vmware.vcenter.trusted_infrastructure.kms_client module provides classes for configuring Key Provider Services for Trusted vCenter.

class com.vmware.vcenter.trusted_infrastructure.kms_client.Services(config)

Bases: vmware.vapi.bindings.stub.VapiInterface

The Services class contains information about the registered instances of the Key Provider Service in vCenter. This class was added in vSphere API 7.0.0.

Parameters

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class CreateSpec(address=None, trusted_ca=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.CreateSpec class contains the data necessary for registering a Key Provider Service instance to the environment. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.

  • trusted_ca (com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – The service’s TLS certificate chain. This attribute was added in vSphere API 7.0.0.

  • group (str) – The group determines the Attestation Service instances this Key Provider service can accept reports from. This attribute was added in vSphere API 7.0.0.

  • trust_authority_cluster (str) – The cluster specifies the Trust Authority Cluster this Key Provider Service belongs to. This attribute was added in vSphere API 7.0.0.

class FilterSpec(services=None, address=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.FilterSpec class contains the data necessary for identifying a Key Provider Service instance. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • services (set of str or None) – A set of IDs by which to filter the services. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. If None, the services will not be filtered by ID.

  • address (list of com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress or None) – A set of address by which to filter. This attribute was added in vSphere API 7.0.0. If None, the services will not be filtered by address.

  • group (set of str or None) – The group determines the Attestation Service instances this Key Provider Service can accept reports from. This attribute was added in vSphere API 7.0.0. If None, the Services will not be filtered by group.

  • trust_authority_cluster (set of str or None) – The cluster specifies the Trust Authority Cluster this Key Provider Service belongs to. This attribute was added in vSphere API 7.0.0. If None, the Services will not be filtered by trustAuthorityCluster.

class Info(address=None, trusted_ca=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.Info class contains all the stored information about a registered Key Provider Service instance. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.

  • trusted_ca (com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – The service’s TLS certificate chain. This attribute was added in vSphere API 7.0.0.

  • group (str) – The group determines the Attestation Service instances this Key Provider Service can accept reports from. This attribute was added in vSphere API 7.0.0.

  • trust_authority_cluster (str) – The cluster specifies the Trust Authority Cluster this Key Provider Service belongs to. This attribute was added in vSphere API 7.0.0.

RESOURCE_TYPE = 'com.vmware.vcenter.trusted_infrastructure.kms.Service'

The resource type for the Key Provider Service instance. This class attribute was added in vSphere API 7.0.0.

class Summary(service=None, address=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.Summary class contains basic information about a registered Key Provider Service instance. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • service (str) – The service’s unique identifier. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service.

  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.

  • group (str) – The group determines the Attestation Service instances this Key Provider Service can accept reports from. This attribute was added in vSphere API 7.0.0.

  • trust_authority_cluster (str) – The cluster specifies the Trust Authority Cluster this Key Provider service belongs to. This attribute was added in vSphere API 7.0.0.

create(spec)

Registers a Key Provider Service instance in this vCenter. This method was added in vSphere API 7.0.0.

Parameters

spec (Services.CreateSpec) – The CreateSpec for the new service.

Return type

str

Returns

ID of the newly registered Key Provider Service instance. The return value will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service.

Raise

com.vmware.vapi.std.errors_client.AlreadyExists if there is already a Key Provider Service instance with the same Address.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the CreateSpec contains invalid data.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ManageTrustedHosts.

delete(service)

Removes a currently registered Key Provider Service instance from this vCenter. This method was added in vSphere API 7.0.0.

Parameters

service (str) – the Key Provider Service instance unique identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service.

Raise

com.vmware.vapi.std.errors_client.Error if an error occurred while deleting the service.

Raise

com.vmware.vapi.std.errors_client.NotFound if the Key Provider Service instance is not found.

Raise

com.vmware.vapi.std.errors_client.ResourceBusy if the Key Provider Service instance is used by a configuration on a cluster level.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ManageTrustedHosts.

get(service)

Returns the detailed information about a registered Key Provider Service instance in this vCenter. This method was added in vSphere API 7.0.0.

Parameters

service (str) – the Key Provider Service instance unique identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service.

Return type

Services.Info

Returns

Detailed information about the specified Key Provider Service instance.

Raise

com.vmware.vapi.std.errors_client.Error if an error occurred while getting the data.

Raise

com.vmware.vapi.std.errors_client.NotFound if there is no Key Provider Service instance with the specified ID.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

list(spec=None)

Returns basic information about all registered Key Provider Service instances in this vCenter. This method was added in vSphere API 7.0.0.

Parameters

spec (Services.FilterSpec or None) – Return only services matching the specified filters. If {\@term.unset} return all services.

Return type

list of Services.Summary

Returns

Basic information about all registered Key Provider Service instances in this vCenter.

Raise

com.vmware.vapi.std.errors_client.Error if an error occurred while getting the data.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

class com.vmware.vcenter.trusted_infrastructure.kms_client.StubFactory(stub_config)

Bases: vmware.vapi.bindings.stub.StubFactoryBase

Initialize StubFactoryBase

Parameters

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance

com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters_client module

The com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters_client module provides the Trust Authority Components.

class com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters_client.ConsumerPrincipals(config)

Bases: vmware.vapi.bindings.stub.VapiInterface

The ConsumerPrincipals class configures the token policies and STS trust necessary for the workload vCenter to query the trusted services for their status. This class was added in vSphere API 7.0.0.

Parameters

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class CreateSpec(certificates=None, issuer_alias=None, issuer=None, principal=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The ConsumerPrincipals.CreateSpec class contains the information necessary to establish trust between a workload vCenter and a Trust Authority Host. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • certificates (list of com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – The certificates used by the vCenter STS to sign tokens. This attribute was added in vSphere API 7.0.0.

  • issuer_alias (str) – A user-friendly alias of the service which created and signed the security token. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer.

  • issuer (str) – The service which created and signed the security token. This attribute was added in vSphere API 7.0.0.

  • principal (com.vmware.vcenter.trusted_infrastructure_client.StsPrincipal) – The principal used by the vCenter to retrieve tokens. This attribute was added in vSphere API 7.0.0.

class FilterSpec(id=None, principals=None, issuer=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The ConsumerPrincipals.FilterSpec class contains data which identifies a connection profile on the trusted vCenter. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • id (set of str or None) – The unqiue identifier of a connection profile. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: com.vmware.esx.authentication.clientprofile. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: com.vmware.esx.authentication.clientprofile. If None, no filtration will be performed by ID.

  • principals (list of com.vmware.vcenter.trusted_infrastructure_client.StsPrincipal or None) – The principal used by the vCenter to retrieve tokens. This attribute was added in vSphere API 7.0.0. If None, no filtration will be performed by principals.

  • issuer (set of str or None) – The service which created and signed the security token. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. If None, no filtration will be performed by issuer.

class Health(string)

Bases: vmware.vapi.bindings.enum.Enum

The ConsumerPrincipals.Health class defines the possible health states. This enumeration was added in vSphere API 7.0.0.

Note

This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.

Parameters

string (str) – String value for the Health instance.

ERROR = Health(string='ERROR')

Error. Not healthy. This class attribute was added in vSphere API 7.0.0.

NONE = Health(string='NONE')

None. No status available. This class attribute was added in vSphere API 7.0.0.

OK = Health(string='OK')

OK. Health is normal. This class attribute was added in vSphere API 7.0.0.

WARNING = Health(string='WARNING')

Warning. Health is normal, however there is an issue that requires attention. This class attribute was added in vSphere API 7.0.0.

class Info(id=None, principal=None, issuer_alias=None, issuer=None, certificates=None, health=None, message=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The ConsumerPrincipals.Info class contains the information necessary to establish trust between a workload vCenter and a Trust Authority Host. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • id (str) – The unqiue identifier of a connection profile. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.esx.authentication.clientprofile. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.esx.authentication.clientprofile.

  • principal (com.vmware.vcenter.trusted_infrastructure_client.StsPrincipal) – The principal used by the vCenter to retrieve tokens. Currently this is the vCenter solution user. This attribute was added in vSphere API 7.0.0.

  • issuer_alias (str) – A user-friendly alias of the service which created and signed the security token. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer.

  • issuer (str) – The service which created and signed the security token. This attribute was added in vSphere API 7.0.0.

  • certificates (list of com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – The certificates used by the vCenter STS to sign tokens. This attribute was added in vSphere API 7.0.0.

  • health (ConsumerPrincipals.Health) – The consistency of the profile across the hosts in the cluster. This attribute was added in vSphere API 7.0.0.

  • message (com.vmware.vapi.std_client.LocalizableMessage or None) – A localizable message describing the health of the profile. This attribute was added in vSphere API 7.0.0. If None, the certificates won’t be updated.

class Summary(id=None, principal=None, issuer_alias=None, issuer=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The ConsumerPrincipals.Summary class contains a summary of the information necessary to establish trust between a workload vCenter and a Trust Authority Host. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • id (str) – The unqiue identifier of a connection profile. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.esx.authentication.clientprofile. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.esx.authentication.clientprofile.

  • principal (com.vmware.vcenter.trusted_infrastructure_client.StsPrincipal) – The principal used by the vCenter to retrieve tokens. Currently this is the vCenter solution user. This attribute was added in vSphere API 7.0.0.

  • issuer_alias (str) – A user-friendly alias of the service which created and signed the security token. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.esx.authentication.trust.security-token-issuer.

  • issuer (str) – The service which created and signed the security token. This attribute was added in vSphere API 7.0.0.

create_task(cluster, spec)

Creates a profile with the specified connection information on all hosts from a Trust Authority Cluster. This method was added in vSphere API 7.0.0.

Parameters
  • cluster (str) – The ID of the Trust Authority Cluster to configure. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • spec (ConsumerPrincipals.CreateSpec) – The CreateSpec specifying the connection information.

Return type

class

vmware.vapi.stdlib.client.task.Task

Returns

Task instance

Raise

com.vmware.vapi.std.errors_client.AlreadyExists if a profile for the issuer already exists.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.NotFound if there is no such cluster.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

delete_task(cluster, profile)

Removes the read-only policy configured on ESX for a specific principal. This method was added in vSphere API 7.0.0.

Parameters
  • cluster (str) – The ID of the Trust Authority Cluster to configure. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • profile (str) – The ID of the connection profile to modify. The parameter must be an identifier for the resource type: com.vmware.esx.authentication.clientprofile.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.NotFound if there is no profile configured with that ID.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

get_task(cluster, profile)

Retrieve information for a specific profile. This method was added in vSphere API 7.0.0.

Parameters
  • cluster (str) – The ID of the Trust Authority Cluster on which the profile is configured. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • profile (str) – The ID of the profile. The parameter must be an identifier for the resource type: com.vmware.esx.authentication.clientprofile.

Return type

class

vmware.vapi.stdlib.client.task.Task

Returns

Task instance

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.NotFound if there is no profile configured with that ID.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

list_task(cluster, spec=None)

Lists all policies configured on a specific cluster. This method was added in vSphere API 7.0.0.

Parameters
  • cluster (str) – The ID of the Trust Authority Cluster on which the profile is configured. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • spec (ConsumerPrincipals.FilterSpec or None) – A FilterSpec specifying the profiles to be listed. If {\@term.unset} return all policies.

Return type

class

vmware.vapi.stdlib.client.task.Task

Returns

Task instance

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.NotFound if there is no profile configured with that ID.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

class com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters_client.StubFactory(stub_config)

Bases: vmware.vapi.bindings.stub.StubFactoryBase

Initialize StubFactoryBase

Parameters

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance

com.vmware.vcenter.trusted_infrastructure.trust_authority_hosts_client module

The com.vmware.vcenter.trusted_infrastructure.trust_authority_hosts_client module provides classes that provide information necessary to connect to the hosts running the Trust Authority Components.

class com.vmware.vcenter.trusted_infrastructure.trust_authority_hosts_client.Attestation(config)

Bases: vmware.vapi.bindings.stub.VapiInterface

The Attestation class contains information necessary to connect to the hosts running Attestation Service. This class was added in vSphere API 7.0.0.

Parameters

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class FilterSpec(hosts=None, clusters=None, address=None, groups=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Attestation.FilterSpec class contains the data necessary for identifying a Attestation Service. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • hosts (set of str or None) – A set of host IDs by which to filter the services. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: HostSystem. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: HostSystem. If None, the services will not be filtered by the hosts on which they run.

  • clusters (set of str or None) – A set of cluster IDs by which to filter the services. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: ClusterComputeResource. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: ClusterComputeResource. If None, the services will not be filtered by the clusters on which they run.

  • address (list of com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress or None) – The service’s address. This attribute was added in vSphere API 7.0.0. If None, the services will not be filtered by address.

  • groups (set of str or None) – The group IDs determines which Attestation Service instances this Attestation Service can communicate with. This attribute was added in vSphere API 7.0.0. If None, the services will not be filtered by groupId.

class Info(host=None, address=None, group=None, cluster=None, trusted_ca=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Attestation.Info class contains all the stored information about a Attestation Service. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • host (str) – The trusted ESX on which the service runs. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: HostSystem. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: HostSystem.

  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.

  • group (str) – The group ID determines which Attestation Service instances this Attestation Service can communicate with. This attribute was added in vSphere API 7.0.0.

  • cluster (str) – The opaque string identifier of the cluster in which the Attestation Service is part of. This attribute was added in vSphere API 7.0.0.

  • trusted_ca (com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – The service’s TLS certificate chain. This attribute was added in vSphere API 7.0.0.

class Summary(summary_type=None, host=None, address=None, group=None, cluster=None, trusted_ca=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Attestation.Summary class contains all the stored information about a Attestation Service. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
class SummaryType(string)

Bases: vmware.vapi.bindings.enum.Enum

The connection information could include the certificates or be a shorter summary. This enumeration was added in vSphere API 7.0.0.

Note

This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.

Parameters

string (str) – String value for the SummaryType instance.

BRIEF = SummaryType(string='BRIEF')

A brief summary, containing only the hostname for the Attestation Service. This class attribute was added in vSphere API 7.0.0.

FULL = SummaryType(string='FULL')

The full connection information, including certificates. This class attribute was added in vSphere API 7.0.0.

NORMAL = SummaryType(string='NORMAL')

A summary containing only the hostname, port, and the group ID which determines the Attestation Services this Attestation Service can communicate with. This class attribute was added in vSphere API 7.0.0.

get(host)

Returns the connection info about the Attestation Service running on the specified host. This method was added in vSphere API 7.0.0.

Parameters

host (str) – \@{link com.vmware.vcenter.Host} id. The parameter must be an identifier for the resource type: HostSystem.

Return type

Attestation.Info

Returns

The Attestation.Info instance which contains the information necessary to connect to the Attestation Service.

Raise

com.vmware.vapi.std.errors_client.Error if service’s TLS certificate chain is not valid.

Raise

com.vmware.vapi.std.errors_client.NotFound if host doesn’t match to any Host.

Raise

com.vmware.vapi.std.errors_client.ResourceInaccessible if connection to host failed.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

  • The resource HostSystem referenced by the parameter host requires System.View.

list(spec=None, projection=None)

Returns a list of the hosts running a Attestation Service matching the specified Attestation.FilterSpec. This method was added in vSphere API 7.0.0.

Parameters
  • spec (Attestation.FilterSpec or None) – Return details about Attestation Services matching the filter. If {\@term.unset} return all registered Attestation Services.

  • projection (Attestation.SummaryType or None) – The type of the returned summary - brief, normal, or full. If {\@term.unset} a normal projection will be used.

Return type

list of Attestation.Summary

Returns

List of Attestation.Summary of Attestation Services.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the response data will exceed the message limit.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

  • The resource HostSystem referenced by the attribute Attestation.FilterSpec.hosts requires System.View.

  • The resource ClusterComputeResource referenced by the attribute Attestation.FilterSpec.clusters requires System.View.

class com.vmware.vcenter.trusted_infrastructure.trust_authority_hosts_client.Kms(config)

Bases: vmware.vapi.bindings.stub.VapiInterface

The Kms class contains information necessary to connect to the hosts running Key Provider Service. This class was added in vSphere API 7.0.0.

Parameters

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class FilterSpec(hosts=None, clusters=None, address=None, groups=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Kms.FilterSpec class contains the data necessary for identifying a Key Provider Service. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • hosts (set of str or None) – A set of host IDs by which to filter the services. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: HostSystem. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: HostSystem. If None, the services will not be filtered by the hosts on which they run.

  • clusters (set of str or None) – A set of cluster IDs by which to filter the services. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: ClusterComputeResource. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: ClusterComputeResource. If None, the services will not be filtered by the clusters on which they run.

  • address (list of com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress or None) – The service’s address. This attribute was added in vSphere API 7.0.0. If None, the services will not be filtered by address.

  • groups (set of str or None) – The group determines reports issued by which Attestation Service instances this Key Provider Service can accept. This attribute was added in vSphere API 7.0.0. If None, the services will not be filtered by groupId.

class Info(host=None, address=None, group=None, cluster=None, trusted_ca=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Kms.Info class contains all the stored information about a Key Provider Service. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • host (str) – The trusted ESX on which the service runs. This attribute was added in vSphere API 7.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: HostSystem. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: HostSystem.

  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.

  • group (str) – The group ID determines which Attestation Service instances this Key Provider Service can communicate with. This attribute was added in vSphere API 7.0.0.

  • cluster (str) – The opaque string identifier of the cluster in which the Key Provider Service is part of. This attribute was added in vSphere API 7.0.0.

  • trusted_ca (com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – The service’s TLS certificate chain. This attribute was added in vSphere API 7.0.0.

class Summary(summary_type=None, host=None, address=None, group=None, cluster=None, trusted_ca=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Kms.Summary class contains all the stored information about a Key Provider Service. This class was added in vSphere API 7.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
class SummaryType(string)

Bases: vmware.vapi.bindings.enum.Enum

The connection information could include the certificates or be a shorter summary. This enumeration was added in vSphere API 7.0.0.

Note

This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.

Parameters

string (str) – String value for the SummaryType instance.

BRIEF = SummaryType(string='BRIEF')

A brief summary, containing only the hostname for the Key Provider Service. This class attribute was added in vSphere API 7.0.0.

FULL = SummaryType(string='FULL')

The full connection information, including certificates. This class attribute was added in vSphere API 7.0.0.

NORMAL = SummaryType(string='NORMAL')

A summary containing only the hostname, port, and the group which determines the Attestation Services this Key Provider Service can communicate with. This class attribute was added in vSphere API 7.0.0.

get(host)

Returns the connection info about the Key Provider Service running on the specified host. This method was added in vSphere API 7.0.0.

Parameters

host (str) – \@{link com.vmware.vcenter.Host} id. The parameter must be an identifier for the resource type: HostSystem.

Return type

Kms.Info

Returns

The Kms.Info instance which contains the information necessary to connect to the Key Provider Service.

Raise

com.vmware.vapi.std.errors_client.Error if service’s TLS certificate chain is not valid.

Raise

com.vmware.vapi.std.errors_client.NotFound if host doesn’t match to any Host.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.ResourceInaccessible if connection to host failed.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

  • The resource HostSystem referenced by the parameter host requires System.View.

list(spec=None, projection=None)

Returns a list of the hosts running a Key Provider Service matching the specified Kms.FilterSpec. This method was added in vSphere API 7.0.0.

Parameters
  • spec (Kms.FilterSpec or None) – Return details about Key Provider Services matching the filter. If {\@term.unset} return all registered Key Provider Services.

  • projection (Kms.SummaryType or None) – The type of the returned summary - brief, normal, or full. If {\@term.unset} a normal projection will be used.

Return type

list of Kms.Summary

Returns

List of Kms.Summary of Key Provider Services.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the response data will exceed the message limit.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

  • The resource HostSystem referenced by the attribute Kms.FilterSpec.hosts requires System.View.

  • The resource ClusterComputeResource referenced by the attribute Kms.FilterSpec.clusters requires System.View.

class com.vmware.vcenter.trusted_infrastructure.trust_authority_hosts_client.StubFactory(stub_config)

Bases: vmware.vapi.bindings.stub.StubFactoryBase

Initialize StubFactoryBase

Parameters

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance