com.vmware.vcenter.trusted_infrastructure.trusted_clusters package

Submodules

com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation_client module

The com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation_client module provides classes for configuring Attestation Services for Trusted Clusters.

class com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation_client.Services(config)

Bases: vmware.vapi.bindings.stub.VapiInterface

The Services class manages the Attestation Service instances a Trusted Cluster is configured to use. This class was added in vSphere API 7.0.0.0.

Parameters

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class CreateSpec(type=None, service=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.CreateSpec class contains the data necessary for configuring a registered Attestation Service instance with a cluster in the environment. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • type (Services.CreateSpec.SourceType) – Source of truth for the configuration of the Attestation Service. This attribute was added in vSphere API 7.0.0.0.

  • service (str) – The service’s unique ID. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. This attribute is optional and it is only relevant when the value of type is Services.CreateSpec.SourceType.SERVICE.

  • trust_authority_cluster (str) – The attestation cluster’s unique ID. This attribute was added in vSphere API 7.0.0.0. This attribute is optional and it is only relevant when the value of type is Services.CreateSpec.SourceType.CLUSTER.

class SourceType(string)

Bases: vmware.vapi.bindings.enum.Enum

The Services.CreateSpec.SourceType class specifies the source of truth the Attestation Service will use for its configuration. This enumeration was added in vSphere API 7.0.0.0.

Note

This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.

Parameters

string (str) – String value for the SourceType instance.

CLUSTER = SourceType(string='CLUSTER')

The Attestation Service will be configured based on an ID of a whole attestation cluster. This class attribute was added in vSphere API 7.0.0.0.

SERVICE = SourceType(string='SERVICE')

The Attestation Service will be configured based on an ID of an specific Attestation Service. This class attribute was added in vSphere API 7.0.0.0.

class FilterSpec(services=None, address=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.FilterSpec class contains the data necessary for identifying a Attestation service instance. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • services (set of str or None) – A set of IDs by which to filter the services. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. If None, the services will not be filtered by ID.

  • address (list of com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress or None) – The service’s address. This attribute was added in vSphere API 7.0.0.0. If None, the services will not be filtered by address.

  • group (set of str or None) – The group specifies the Key Provider Service instances can accept reports issued by this Attestation Service instance. This attribute was added in vSphere API 7.0.0.0. If None, the services will not be filtered by group.

  • trust_authority_cluster (set of str or None) – The cluster specifies the Trust Authority Cluster this Attestation Service instance belongs to. This attribute was added in vSphere API 7.0.0.0. If None, the services will not be filtered by trustAuthorityCluster.

class Info(address=None, trusted_ca=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.Info class contains all the stored information about a registered Attestation Service instance that is configured for a cluster. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.0.

  • trusted_ca (com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – The service’s TLS certificate chain. This attribute was added in vSphere API 7.0.0.0.

  • group (str) – The group determines the Key Provider Service instances can accept reports issued by this Attestation Service instance. This attribute was added in vSphere API 7.0.0.0.

  • trust_authority_cluster (str) – The cluster specifies the Trust Authority Cluster this Attestation Service belongs to. This attribute was added in vSphere API 7.0.0.0.

class Summary(service=None, address=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.Summary class contains basic information about a registered Attestation Service instance that is configured for a cluster. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • service (str) – The service’s unique identifier. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service.

  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.0.

  • group (str) – The group specifies the Key Provider Service instances can accept reports issued by this Attestation Service instance. This attribute was added in vSphere API 7.0.0.0.

  • trust_authority_cluster (str) – The cluster specifies the Trust Authority Cluster this Attestation Service belongs to. This attribute was added in vSphere API 7.0.0.0.

create_task(cluster, spec)

Configures the cluster to use a the given registered Attestation Service. This method was added in vSphere API 7.0.0.0.

Parameters
  • cluster (str) – The ID of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • spec (Services.CreateSpec) – Describes the registered instance of the Attestation Service

Return type

class

vmware.vapi.stdlib.client.task.Task

Returns

Task instance

Raise

com.vmware.vapi.std.errors_client.AlreadyExists if the Attestation Service is already configured for this cluster

Raise

com.vmware.vapi.std.errors_client.Error for any other error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the CreateSpec is not valid.

Raise

com.vmware.vapi.std.errors_client.NotFound if the cluster ID is not valid.

Raise

com.vmware.vapi.std.errors_client.UnableToAllocateResource if all the hosts in the cluster do not have VMware vSphere Trust Authority enabled license.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

delete_task(cluster, service)

Removes the Attestation Service instance from the configuration of the given cluster. This method was added in vSphere API 7.0.0.0.

Parameters
  • cluster (str) – the unique ID of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • service (str) – the registered Attestation Service instance unique identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.NotFound if the Attestation Service instance or the cluster are not found.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

get(cluster, service)

Returns detailed information about the given registered Attestation Service instance that is configured for the given cluster. This method was added in vSphere API 7.0.0.0.

Parameters
  • cluster (str) – The ID of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • service (str) – The ID of the service. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service.

Return type

Services.Info

Returns

Detailed information about the specified Attestation Service configured for the given cluster.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.NotFound if the cluster or the service ID is invalid.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

  • The resource ClusterComputeResource referenced by the parameter cluster requires System.View.

list(cluster, spec=None)

Returns the basic information about all configured Attestation Service instances used by this cluster. This method was added in vSphere API 7.0.0.0.

Parameters
  • cluster (str) – The ID of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • spec (Services.FilterSpec or None) – Only return services matching the filters. If {\@term.unset} return all services.

Return type

list of Services.Summary

Returns

Basic information about all configured Attestation Service instances used by this cluster.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.NotFound if the cluster ID is invalid.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

  • The resource ClusterComputeResource referenced by the parameter cluster requires System.View.

class com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation_client.ServicesAppliedConfig(config)

Bases: vmware.vapi.bindings.stub.VapiInterface

The ServicesAppliedConfig class provides information about the aggregate health of the applied Attestation Service configuration on the Trusted Clusters. The desired state of the Attestation Service is stored within vCenter, while the applied configuration is stored on the hosts in the cluster. The ServicesAppliedConfig class is available for all clusters, not only Trusted Clusters. In such cases empty desired state is assumed, e.g. when an applied Attestation Service configuration is found outside of a Trusted Cluster it is considered an ServicesAppliedConfig.Health.ERROR. The ServicesAppliedConfig class is able to put the applied Attestation Service configuration into a consistent state when individual host configurations have diverged from the desired state. This class was added in vSphere API 7.0.1.0.

Parameters

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class FilterSpec(health=None, address=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The ServicesAppliedConfig.FilterSpec class specifies the matching criteria to be applied when filtering out ServicesAppliedConfig.Summary structures from the collection returned by the list method. Only ServicesAppliedConfig.Summary structures containing the values specified in this structure will be returned from the list method. If multiple members of the filter spec are set, all of them must match for a result to be filtered out and returned. This class was added in vSphere API 7.0.1.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • health (set of ServicesAppliedConfig.Health or None) – The health of the applied Attestation Service configuration. This attribute was added in vSphere API 7.0.1.0. If None, no filtration will be performed by health.

  • address (list of com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress or None) – The network address of the Attestation Service configured for use in the Trusted Cluster. This attribute was added in vSphere API 7.0.1.0. If None, no filtration will be performed by network address.

class Health(string)

Bases: vmware.vapi.bindings.enum.Enum

The ServicesAppliedConfig.Health class is an indicator for the consistency of the applied Attestation Service configuration in a cluster with respect to the desired state. This enumeration was added in vSphere API 7.0.1.0.

Note

This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.

Parameters

string (str) – String value for the Health instance.

ERROR = Health(string='ERROR')

The applied Attestation Service configuration has diverged from the desired state. This class attribute was added in vSphere API 7.0.1.0.

NONE = Health(string='NONE')

The consistency of the applied configuration is unknown. This class attribute was added in vSphere API 7.0.1.0.

OK = Health(string='OK')

The applied Attestation Service configuration is consistent with the desired state. This class attribute was added in vSphere API 7.0.1.0.

class Info(health=None, address=None, service=None, groups=None, trustedc_as=None, details=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The ServicesAppliedConfig.Info class contains detailed information about an applied Attestation Service configuration in a Trusted cluster. This class was added in vSphere API 7.0.1.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • health (ServicesAppliedConfig.Health) – A health value which indicates whether the configuration applied to the cluster differs from the desired state. This attribute was added in vSphere API 7.0.1.0.

  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The network address of the Attestation Service configured for use in the Trusted Cluster. This attribute was added in vSphere API 7.0.1.0.

  • service (str or None) – The unique identifier of an Attestation Service configuration from the desired state. This attribute was added in vSphere API 7.0.1.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. If None, this Attestation Service is not registered within this vCenter and thus the applied configuration is not present in the desired state.

  • groups (set of str) – The set of distinct groups found on the hosts in the cluster which differ from the desired state. This attribute was added in vSphere API 7.0.1.0.

  • trustedc_as (list of com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – A list of distinct trusted CA chains found on the hosts in the cluster which differ from the desired state. This attribute was added in vSphere API 7.0.1.0.

  • details (list of com.vmware.vapi.std_client.LocalizableMessage) – Details regarding the health. When the ServicesAppliedConfig.Health is not ServicesAppliedConfig.Health.OK, this member will provide a detailed description of the issues present. This attribute was added in vSphere API 7.0.1.0.

class Summary(health=None, address=None, service=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The ServicesAppliedConfig.Summary class contains basic information about the aggregated health status for a service. This class was added in vSphere API 7.0.1.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • health (ServicesAppliedConfig.Health) – The health value indicates whether the configuration applied to the cluster differs from the desired state. This attribute was added in vSphere API 7.0.1.0.

  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The network address of the Attestation Service configured for use in the Trusted Cluster. This attribute was added in vSphere API 7.0.1.0.

  • service (str or None) – The unique identifier of an Attestation Service configuration from the desired state. This attribute was added in vSphere API 7.0.1.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.attestation.Service. If None, this Attestation Service is not registered within this vCenter and thus the applied configuration is not present in the desired state.

delete_task(cluster)

Delete the Attestation Service configuration that has been applied to the given cluster. This method has no affect on the desired state, it only removes applied Attestation Service configuration from any Trusted Hosts within the given cluster. This method was added in vSphere API 7.0.1.0.

Parameters

cluster (str) – The ID of the cluster against which the operation will be executed. The parameter must be an identifier for the resource type: ClusterComputeResource.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the cluster ID is empty.

Raise

com.vmware.vapi.std.errors_client.NotFound if no cluster corresponding to the given ID is found within this vCenter.

Raise

com.vmware.vapi.std.errors_client.ResourceBusy if there are ongoing mutating operations.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

get_task(cluster, address)

Returns detailed information about the health of the specified Attestation Service configuration applied to the cluster with respect to the desired state. This method was added in vSphere API 7.0.1.0.

Parameters
Return type

class

vmware.vapi.stdlib.client.task.Task

Returns

Task instance

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the cluster ID is empty.

Raise

com.vmware.vapi.std.errors_client.NotFound if no cluster corresponding to the given ID is found within this vCenter or if no service corresponding to the given address is found.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

list_task(cluster, spec=None)

Returns basic information about the health of all Attestation Service configurations applied to the cluster with respect to the desired state. This method was added in vSphere API 7.0.1.0.

Parameters
  • cluster (str) – The ID of the cluster against which the operation will be executed. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • spec (ServicesAppliedConfig.FilterSpec or None) – The specification for the subset of results desired to be returned. If {\@term.unset} all results are returned.

Return type

class

vmware.vapi.stdlib.client.task.Task

Returns

Task instance

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the cluster ID is empty.

Raise

com.vmware.vapi.std.errors_client.NotFound if no cluster corresponding to the given ID is found within this vCenter.

Raise

com.vmware.vapi.std.errors_client.ResourceBusy if there are ongoing mutating operations.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

update_task(cluster)

Update the applied Attestation Service configuration on the given Trusted Cluster to be consistent with the desired state. This method has no affect on the desired state, apart from it being used as a reference point for the remediation. This method was added in vSphere API 7.0.1.0.

Parameters

cluster (str) – The ID of the Trusted Cluster against which the operation will be executed. The parameter must be an identifier for the resource type: ClusterComputeResource.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the cluster ID is empty

Raise

com.vmware.vapi.std.errors_client.NotFound if no cluster corresponding to the given ID is found within this vCenter.

Raise

com.vmware.vapi.std.errors_client.ResourceBusy if there are ongoing mutating operations.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

class com.vmware.vcenter.trusted_infrastructure.trusted_clusters.attestation_client.StubFactory(stub_config)

Bases: vmware.vapi.bindings.stub.StubFactoryBase

Initialize StubFactoryBase

Parameters

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance

com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms_client module

The com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms_client module provides classes for configuring Key Provider Services for Trusted Clusters.

class com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms_client.Services(config)

Bases: vmware.vapi.bindings.stub.VapiInterface

The Services class manages the Key Provider Service instances a Trusted Cluster is configured to use. This class was added in vSphere API 7.0.0.0.

Parameters

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class CreateSpec(type=None, service=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.CreateSpec class contains the data necessary for configuring a registered Key Provider Service instance with a cluster in the environment. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • type (Services.CreateSpec.SourceType) – Source of truth for the configuration of the Key Provider Service. This attribute was added in vSphere API 7.0.0.0.

  • service (str) – The service’s unique ID. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. This attribute is optional and it is only relevant when the value of type is Services.CreateSpec.SourceType.SERVICE.

  • trust_authority_cluster (str) – The attestation cluster’s unique ID. This attribute was added in vSphere API 7.0.0.0. This attribute is optional and it is only relevant when the value of type is Services.CreateSpec.SourceType.CLUSTER.

class SourceType(string)

Bases: vmware.vapi.bindings.enum.Enum

The Services.CreateSpec.SourceType class specifies source of truth the Key Provider Service will use for its configuration. This enumeration was added in vSphere API 7.0.0.0.

Note

This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.

Parameters

string (str) – String value for the SourceType instance.

CLUSTER = SourceType(string='CLUSTER')

The Key Provider Service will be configured based on an ID of a whole attestation cluster. This class attribute was added in vSphere API 7.0.0.0.

SERVICE = SourceType(string='SERVICE')

The Key Provider Service will be configured based on an ID of an specific Key Provider Service. This class attribute was added in vSphere API 7.0.0.0.

class FilterSpec(services=None, address=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.FilterSpec class contains the data necessary for identifying a Key Provider service instance. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • services (set of str or None) – A set of IDs by which to filter the services. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. If None, the services will not be filtered by ID.

  • address (list of com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress or None) – The service’s address. This attribute was added in vSphere API 7.0.0.0. If None, the services will not be filtered by address.

  • group (set of str or None) – The group determines the Attestation Service instances this Key Provider Service can accept reports from. This attribute was added in vSphere API 7.0.0.0. If None, the services will not be filtered by group.

  • trust_authority_cluster (set of str or None) – The cluster specifies the Trust Authority Cluster this Key Provider Service instance belongs to. This attribute was added in vSphere API 7.0.0.0. If None, the services will not be filtered by trustAuthorityCluster.

class Info(address=None, trusted_ca=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.Info class contains all the stored information about a registered Key Provider Service instance that is configured for a cluster. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.0.

  • trusted_ca (com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – The service’s TLS certificate chain. This attribute was added in vSphere API 7.0.0.0.

  • group (str) – The group determines the Attestation Service instances this Key Provider Service can accept reports from. This attribute was added in vSphere API 7.0.0.0.

  • trust_authority_cluster (str) – The cluster specifies the Trust Authority Cluster this Key Provider Service belongs to. This attribute was added in vSphere API 7.0.0.0.

class Summary(service=None, address=None, group=None, trust_authority_cluster=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The Services.Summary class contains basic information about a registered Key Provider Service instance that is configured for a cluster. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • service (str) – The service’s unique identifier. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service.

  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The service’s address. This attribute was added in vSphere API 7.0.0.0.

  • group (str) – The group determines the Attestation Service instances this Key Provider Service can accept reports from. This attribute was added in vSphere API 7.0.0.0.

  • trust_authority_cluster (str) – The cluster specifies the Trust Authority Cluster this Key Provider Service belongs to. This attribute was added in vSphere API 7.0.0.0.

create_task(cluster, spec)

Configures the cluster to use a the given registered Key Provider Service. This method was added in vSphere API 7.0.0.0.

Parameters
  • cluster (str) – The ID of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • spec (Services.CreateSpec) – Describes the registered instance of the Key Provider Service

Return type

class

vmware.vapi.stdlib.client.task.Task

Returns

Task instance

Raise

com.vmware.vapi.std.errors_client.AlreadyExists if the Key Provider Service is already configured for this cluster

Raise

com.vmware.vapi.std.errors_client.Error for any other error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the CreateSpec is not valid.

Raise

com.vmware.vapi.std.errors_client.NotFound if the cluster ID is not valid.

Raise

com.vmware.vapi.std.errors_client.UnableToAllocateResource if all the hosts in the cluster do not have VMware vSphere Trust Authority enabled license.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

delete_task(cluster, service)

Removes the Key Provider Service instance from the configuration of the given cluster. This method was added in vSphere API 7.0.0.0.

Parameters
  • cluster (str) – the unique ID of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • service (str) – the registered Key Provider Service instance unique identifier. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.NotFound if the Key Provider Service instance or the cluster are not found.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

get(cluster, service)

Returns detailed information about the given Key Provider Service instance used by the given cluster. This method was added in vSphere API 7.0.0.0.

Parameters
  • cluster (str) – The ID of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • service (str) – The ID of the service. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service.

Return type

Services.Info

Returns

Detailed information about the given Key Provider Service instance used by the given cluster.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.NotFound if the cluster or the service ID is invalid.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

  • The resource ClusterComputeResource referenced by the parameter cluster requires System.View.

list(cluster, spec=None)

Returns basic information about all configured Key Provider Service instances used by this cluster. This method was added in vSphere API 7.0.0.0.

Parameters
  • cluster (str) – The ID of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • spec (Services.FilterSpec or None) – Only return services matching the filters. If {\@term.unset} return all services.

Return type

list of Services.Summary

Returns

basic information about all configured Key Provider Service instances used by this cluster

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.NotFound if the cluster ID is invalid.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the user can not be authenticated.

Raise

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires TrustedAdmin.ReadTrustedHosts.

  • The resource ClusterComputeResource referenced by the parameter cluster requires System.View.

class com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms_client.ServicesAppliedConfig(config)

Bases: vmware.vapi.bindings.stub.VapiInterface

The ServicesAppliedConfig class provides information about the aggregate health of the applied Key Provider Service configuration on the Trusted Clusters. The desired state of the Key Provider Service is stored within vCenter, while the applied configuration is stored on the hosts in the cluster. The ServicesAppliedConfig class is available for all clusters, not only Trusted Clusters. In such cases empty desired state is assumed, e.g. when an applied Key Provider Service configuration is found outside of a Trusted Cluster it is considered an ServicesAppliedConfig.Health.ERROR. The ServicesAppliedConfig class is able to put the applied Key Provider Service configuration into a consistent state when individual host configurations have diverged from the desired state. This class was added in vSphere API 7.0.1.0.

Parameters

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class FilterSpec(health=None, address=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The ServicesAppliedConfig.FilterSpec class specifies the matching criteria to be applied when filtering out ServicesAppliedConfig.Summary structures from the collection returned by the list method. Only ServicesAppliedConfig.Summary structures containing the values specified in this structure will be returned from the list method. If multiple members of the filter spec are set, all of them must match for a result to be filtered out and returned. This class was added in vSphere API 7.0.1.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • health (set of ServicesAppliedConfig.Health or None) – The health of the applied Key Provider Service configuration. This attribute was added in vSphere API 7.0.1.0. If None, no filtration will be performed by health.

  • address (list of com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress or None) – The network address of the Key Provider Service configured for use in the Trusted Cluster. This attribute was added in vSphere API 7.0.1.0. If None, no filtration will be performed by network address.

class Health(string)

Bases: vmware.vapi.bindings.enum.Enum

The ServicesAppliedConfig.Health class is an indicator for the consistency of the applied Key Provider Service configuration in a cluster with respect to the desired state. This enumeration was added in vSphere API 7.0.1.0.

Note

This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.

Parameters

string (str) – String value for the Health instance.

ERROR = Health(string='ERROR')

The applied Key Provider Service configuration has diverged from the desired state. This class attribute was added in vSphere API 7.0.1.0.

NONE = Health(string='NONE')

The consistency of the applied configuration is unknown. This class attribute was added in vSphere API 7.0.1.0.

OK = Health(string='OK')

The applied Key Provider Service configuration is consistent with the desired state. This class attribute was added in vSphere API 7.0.1.0.

class Info(health=None, address=None, service=None, groups=None, trustedc_as=None, details=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The ServicesAppliedConfig.Info class contains detailed information about an applied Key Provider Service configuration in a Trusted cluster. This class was added in vSphere API 7.0.1.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • health (ServicesAppliedConfig.Health) – A health value which indicates whether the configuration applied to the cluster differs from the desired state. This attribute was added in vSphere API 7.0.1.0.

  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The network address of the Key Provider Service configured for use in the Trusted Cluster. This attribute was added in vSphere API 7.0.1.0.

  • service (str or None) – The unique identifier of a Key Provider Service configuration from the desired state. This attribute was added in vSphere API 7.0.1.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. If None, this Key Provider Service is not registered within this vCenter and thus the applied configuration is not present in the desired state.

  • groups (set of str) – The set of distinct groups found on the hosts in the cluster which differ from the desired state. This attribute was added in vSphere API 7.0.1.0.

  • trustedc_as (list of com.vmware.vcenter.trusted_infrastructure_client.X509CertChain) – A list of distinct trusted CA chains found on the hosts in the cluster which differ from the desired state. This attribute was added in vSphere API 7.0.1.0.

  • details (list of com.vmware.vapi.std_client.LocalizableMessage) – Details regarding the health. When the ServicesAppliedConfig.Health is not ServicesAppliedConfig.Health.OK, this member will provide a detailed description of the issues present. This attribute was added in vSphere API 7.0.1.0.

class Summary(health=None, address=None, service=None)

Bases: vmware.vapi.bindings.struct.VapiStruct

The ServicesAppliedConfig.Summary class contains basic information about the aggregated health status for a service. This class was added in vSphere API 7.0.1.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters
  • health (ServicesAppliedConfig.Health) – The health value indicates whether the configuration applied to the cluster differs from the desired state. This attribute was added in vSphere API 7.0.1.0.

  • address (com.vmware.vcenter.trusted_infrastructure_client.NetworkAddress) – The network address of the Key Provider Service configured for use in the Trusted Cluster. This attribute was added in vSphere API 7.0.1.0.

  • service (str or None) – The unique identifier of a Key Provider Service configuration from the desired state. This attribute was added in vSphere API 7.0.1.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.kms.Service. If None, this Key Provider Service is not registered within this vCenter and thus the applied configuration is not present in the desired state.

delete_task(cluster)

Delete the Key Provider Service configuration that has been applied to the given cluster. This method has no affect on the desired state, it only removes applied Key Provider Service configuration from any Trusted Hosts within the given cluster. This method was added in vSphere API 7.0.1.0.

Parameters

cluster (str) – The ID of the cluster against which the operation will be executed. The parameter must be an identifier for the resource type: ClusterComputeResource.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the cluster ID is empty.

Raise

com.vmware.vapi.std.errors_client.NotFound if no cluster corresponding to the given ID is found within this vCenter.

Raise

com.vmware.vapi.std.errors_client.ResourceBusy if there are ongoing mutating operations.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

get_task(cluster, address)

Returns detailed information about the health of the specified Key Provider Service configuration applied to the cluster with respect to the desired state. This method was added in vSphere API 7.0.1.0.

Parameters
Return type

class

vmware.vapi.stdlib.client.task.Task

Returns

Task instance

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the cluster ID is empty.

Raise

com.vmware.vapi.std.errors_client.NotFound if no cluster corresponding to the given ID is found within this vCenter or if no service corresponding to the given address is found.

Raise

com.vmware.vapi.std.errors_client.ResourceBusy if there are ongoing mutating operations.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

list_task(cluster, spec=None)

Returns basic information about the health of all Key Provider Service configurations applied to the cluster with respect to the desired state. This method was added in vSphere API 7.0.1.0.

Parameters
  • cluster (str) – The ID of the cluster against which the operation will be executed. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • spec (ServicesAppliedConfig.FilterSpec or None) – The specification for the subset of results desired to be returned. If {\@term.unset} all results are returned.

Return type

class

vmware.vapi.stdlib.client.task.Task

Returns

Task instance

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the cluster ID is empty.

Raise

com.vmware.vapi.std.errors_client.NotFound if no cluster corresponding to the given ID is found within this vCenter.

Raise

com.vmware.vapi.std.errors_client.ResourceBusy if there are ongoing mutating operations.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

update_task(cluster)

Update the applied Key Provider Service configuration on the given Trusted Cluster to be consistent with the desired state. This method has no affect on the desired state, apart from it being used as a reference point for the remediation. This method was added in vSphere API 7.0.1.0.

Parameters

cluster (str) – The ID of the Trusted Cluster against which the operation will be executed. The parameter must be an identifier for the resource type: ClusterComputeResource.

Raise

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise

com.vmware.vapi.std.errors_client.InvalidArgument if the cluster ID is empty

Raise

com.vmware.vapi.std.errors_client.NotFound if no cluster corresponding to the given ID is found within this vCenter.

Raise

com.vmware.vapi.std.errors_client.ResourceBusy if there are ongoing mutating operations.

Raise

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

class com.vmware.vcenter.trusted_infrastructure.trusted_clusters.kms_client.StubFactory(stub_config)

Bases: vmware.vapi.bindings.stub.StubFactoryBase

Initialize StubFactoryBase

Parameters

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance