com.vmware.vcenter.crypto_manager package¶
Subpackages¶
Submodules¶
com.vmware.vcenter.crypto_manager.hosts_client module¶
The com.vmware.vcenter.crypto_manager.hosts_client
module provides classes
for managing key providers and cryptographic keys on hosts.
-
class
com.vmware.vcenter.crypto_manager.hosts_client.
StubFactory
(stub_config)¶ Bases:
vmware.vapi.bindings.stub.StubFactoryBase
Initialize StubFactoryBase
- Parameters
stub_config (
vmware.vapi.bindings.stub.StubConfiguration
) – Stub config instance
com.vmware.vcenter.crypto_manager.kms_client module¶
The com.vmware.vcenter.crypto_manager.kms_client
module provides classes
for managing key providers and cryptographic keys.
-
class
com.vmware.vcenter.crypto_manager.kms_client.
Providers
(config)¶ Bases:
vmware.vapi.bindings.stub.VapiInterface
The
Providers
class provides methods to create, retrieve, update, delete, export and import providers. This class was added in vSphere API 7.0.2.0.- Parameters
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
-
class
Constraints
(tpm_required=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.Constraints
class contains constraints on a provider. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
tpm_required (
bool
) – Determines if a provider is restricted to hosts with TPM 2.0 capability. This attribute was added in vSphere API 7.0.2.0.
-
class
ConstraintsSpec
(tpm_required=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.ConstraintsSpec
class contains constraints to be imposed on a provider. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
tpm_required (
bool
orNone
) – Determines if a provider is restricted to hosts with TPM 2.0 capability. This attribute was added in vSphere API 7.0.2.0. If None, the constraint does not apply to the provider.
-
class
CreateSpec
(provider=None, constraints=None, native_spec=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.CreateSpec
class contains attributes that describe the desired configuration for a new provider. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
provider (
str
) –Provider identifier.
A unique string provided by the client.. This attribute was added in vSphere API 7.0.2.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type:
com.vmware.vcenter.crypto_manager.kms.provider
. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
.constraints (
Providers.ConstraintsSpec
orNone
) – The constraints on the provider. This attribute was added in vSphere API 7.0.2.0. If None there are no constraints on the provider.native_spec (
Providers.NativeProviderCreateSpec
orNone
) – Native provider create spec. This attribute was added in vSphere API 7.0.2.0. This attribute is required when creating aProviders.Type.NATIVE
provider.
-
class
ExportResult
(type=None, location=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.ExportResult
class contains result ofProviders.export()
operation. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
type (
Providers.ExportType
) – Type of provider export result. This attribute was added in vSphere API 7.0.2.0.location (
Providers.Location
) – Location of the exported configuration. This attribute was added in vSphere API 7.0.2.0. This attribute is optional and it is only relevant when the value oftype
isProviders.ExportType.LOCATION
.
-
class
ExportSpec
(provider=None, password=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.ExportSpec
class contains attributes that are needed to export a provider. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
provider (
str
) – Provider identifier. This attribute was added in vSphere API 7.0.2.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
.password (
str
orNone
) – Password used to encrypt the exported configuration. This attribute was added in vSphere API 7.0.2.0. If None or empty, the configuration will not be encrypted.
-
class
ExportType
(string)¶ Bases:
vmware.vapi.bindings.enum.Enum
The
Providers.ExportType
class identifies the type of result that is returned when a provider is exported. This enumeration was added in vSphere API 7.0.2.0.Note
This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.
- Parameters
string (
str
) – String value for theExportType
instance.
-
LOCATION
= ExportType(string='LOCATION')¶ Result returned as a URL from which the provider configuration can be downloaded. This class attribute was added in vSphere API 7.0.2.0.
-
class
FilterSpec
(providers=None, health=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.FilterSpec
class contains attributes used to filter the results when listing providers. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
providers (
set
ofstr
orNone
) – Provider identifiers. This attribute was added in vSphere API 7.0.2.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
. If None or empty, the result will not be filtered by provider identifier.health (
set
ofProviders.Health
orNone
) – Provider health status. This attribute was added in vSphere API 7.0.2.0. If None or empty, the result will not be filtered by provider health status.
-
class
Health
(string)¶ Bases:
vmware.vapi.bindings.enum.Enum
The
Providers.Health
class describes the health status of a provider. This enumeration was added in vSphere API 7.0.2.0.Note
This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.
- Parameters
string (
str
) – String value for theHealth
instance.
-
ERROR
= Health(string='ERROR')¶ There is a critical issue that requires attention. This class attribute was added in vSphere API 7.0.2.0.
-
NONE
= Health(string='NONE')¶ No health status is available. This class attribute was added in vSphere API 7.0.2.0.
-
OK
= Health(string='OK')¶ Operating normally. This class attribute was added in vSphere API 7.0.2.0.
-
WARNING
= Health(string='WARNING')¶ Operating normally, but there is an issue that requires attention. This class attribute was added in vSphere API 7.0.2.0.
-
class
ImportResult
(provider=None, type=None, native_info=None, export_time=None, constraints=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.ImportResult
class contains result of theProviders.import_provider()
operation. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
provider (
str
) – Provider identifier. This attribute was added in vSphere API 7.0.2.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
.type (
Providers.Type
) – Provider type. This attribute was added in vSphere API 7.0.2.0.native_info (
Providers.NativeProviderInfo
) – Native provider information. This attribute was added in vSphere API 7.0.2.0. This attribute is optional and it is only relevant when the value oftype
isProviders.Type.NATIVE
.export_time (
datetime.datetime
) – Time when the provider was exported. This attribute was added in vSphere API 7.0.2.0.constraints (
Providers.Constraints
orNone
) – The constraints on the provider. This attribute was added in vSphere API 7.0.2.0. If None, there are no constraints on the provider.
-
class
ImportSpec
(config=None, password=None, constraints=None, dry_run=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.ImportSpec
class contains attributes that are needed to import a provider. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
config (
str
orNone
) – Configuration to import. This attribute was added in vSphere API 7.0.2.0. Currently this is required. Other import methods may be supported in the future.password (
str
orNone
) – Password to decrypt the configuration to import. This attribute was added in vSphere API 7.0.2.0. If None or empty, configuration to import must be unencrypted.constraints (
Providers.ConstraintsSpec
orNone
) – Constraints to impose on the imported provider. This attribute was added in vSphere API 7.0.2.0. If None, the imported provider constraints will match the exported provider constraints.dry_run (
bool
orNone
) – Whether to perform a trial import without actuallly creating a provider. This attribute was added in vSphere API 7.0.2.0. If None, a new provider will be created.
-
class
Info
(health=None, details=None, constraints=None, type=None, native_info=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.Info
class contains attributes that describe the details of a provider. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
health (
Providers.Health
) – Health status of the provider. This attribute was added in vSphere API 7.0.2.0.details (
list
ofcom.vmware.vapi.std_client.LocalizableMessage
) –Details regarding the health status of the provider.
When the provider
Providers.Health
is notProviders.Health.NONE
orProviders.Health.OK
, this attribute will provide actionable descriptions of the issues.. This attribute was added in vSphere API 7.0.2.0.constraints (
Providers.Constraints
orNone
) – The constraints on the provider. This attribute was added in vSphere API 7.0.2.0. If None, there are no constraints on the provider.type (
Providers.Type
) – Provider type. This attribute was added in vSphere API 7.0.2.0.native_info (
Providers.NativeProviderInfo
) – Native provider information. This attribute was added in vSphere API 7.0.2.0. This attribute is optional and it is only relevant when the value oftype
isProviders.Type.NATIVE
.
-
class
Location
(url=None, download_token=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.Location
class contains the location as well as a token required (as a header in the HTTP GET request) to download the configuration. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
url (
str
) – Provider configuration download URL. This attribute was added in vSphere API 7.0.2.0.download_token (
Providers.Token
) – Information about the token required in the HTTP GET request to download the provider configuration. This attribute was added in vSphere API 7.0.2.0.
-
class
NativeProviderCreateSpec
(key_id=None, key_derivation_key=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.NativeProviderCreateSpec
class contains attributes that describe the desired configuration for aProviders.Type.NATIVE
provider. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
key_id (
str
orNone
) –Key identifier for the provider.
The key identifier is required to be a 128-bit UUID represented as a hexadecimal string in “12345678-abcd-1234-cdef-123456789abc” format.. This attribute was added in vSphere API 7.0.2.0. If None, the key identifier will be generated automatically.
key_derivation_key (
str
orNone
) – Key used to derive data encryption keys. Base64 encoded. This attribute was added in vSphere API 7.0.2.0. If None, the key derivation key will be generated automatically.
-
class
NativeProviderInfo
(key_id=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.NativeProviderInfo
class contains attributes that describe details of a native provider. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
key_id (
str
) – Key identifier for the provider. This attribute was added in vSphere API 7.0.2.0.
-
class
NativeProviderUpdateSpec
(key_id=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.NativeProviderUpdateSpec
class contains attributes that describe the desired configuration forProviders.Type.NATIVE
provider. Exporting aProviders.Type.NATIVE
provider to create a new back-up is suggested after any update. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
key_id (
str
orNone
) –Key identifier for the provider.
The key identifier is required to be a 128-bit UUID represented as a hexadecimal string in “12345678-abcd-1234-cdef-123456789abc” format.. This attribute was added in vSphere API 7.0.2.0. If None, the key identifier will remain unchanged.
-
RESOURCE_TYPE
= 'com.vmware.vcenter.crypto_manager.kms.provider'¶ Resource type for a provider. This class attribute was added in vSphere API 7.0.2.0.
-
class
Summary
(provider=None, type=None, health=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.Summary
class contains attributes that describe a provider. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
provider (
str
) – Provider identifier. This attribute was added in vSphere API 7.0.2.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
.type (
Providers.Type
) – Provider type. This attribute was added in vSphere API 7.0.2.0.health (
Providers.Health
) – Health status of the provider. This attribute was added in vSphere API 7.0.2.0.
-
class
Token
(token=None, expiry=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.Token
class contains information about the token required to be passed in the HTTP header in the HTTP GET request to download the provider configuration. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
token (
str
) –A one-time, short-lived token required in “Authorization” field of the HTTP header of the request to the url.
After the token expires, any attempt to download the configuration with said token will fail.. This attribute was added in vSphere API 7.0.2.0.
expiry (
datetime.datetime
) – Expiry time of the token. This attribute was added in vSphere API 7.0.2.0.
-
class
Type
(string)¶ Bases:
vmware.vapi.bindings.enum.Enum
The
Providers.Type
class contains the types of providers. This enumeration was added in vSphere API 7.0.2.0.Note
This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.
- Parameters
string (
str
) – String value for theType
instance.
-
NATIVE
= Type(string='NATIVE')¶ Native provider. This class attribute was added in vSphere API 7.0.2.0.
-
class
UpdateSpec
(native_spec=None)¶ Bases:
vmware.vapi.bindings.struct.VapiStruct
The
Providers.UpdateSpec
class contains attributes that describe the new configuration for an existing provider. This class was added in vSphere API 7.0.2.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
native_spec (
Providers.NativeProviderUpdateSpec
orNone
) –New Configuration for
Providers.Type.NATIVE
provider.. This attribute was added in vSphere API 7.0.2.0. If None, provider configuration will remain unchanged.
-
create
(spec)¶ Add a new provider. This method was added in vSphere API 7.0.2.0.
- Parameters
spec (
Providers.CreateSpec
) – Provider information.- Raise
com.vmware.vapi.std.errors_client.AlreadyExists
if a provider with the same identifier already exists.- Raise
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
if the spec is invalid.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the caller is not authorized.- Raise
com.vmware.vapi.std.errors_client.Unsupported
if creating a provider of the type is not supported.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
Cryptographer.ManageKeyServers
.
-
delete
(provider)¶ Remove a provider. This method was added in vSphere API 7.0.2.0.
- Parameters
provider (
str
) – Identifier of the provider. The parameter must be an identifier for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
.- Raise
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
if the provider identifier is empty.- Raise
com.vmware.vapi.std.errors_client.NotFound
if the provider is not found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the caller is not authorized.- Raise
com.vmware.vapi.std.errors_client.Unsupported
if the provider’s type does not allow deletion.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
Cryptographer.ManageKeyServers
.
-
export
(spec)¶ Export provider configuration. This method was added in vSphere API 7.0.2.0.
- Parameters
spec (
Providers.ExportSpec
) – ExportSpec needed to export a provider.- Return type
- Returns
ExportResult.
- Raise
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
if the provider identifier is empty.- Raise
com.vmware.vapi.std.errors_client.NotFound
if the provider with the identifier is not found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the caller is not authorized.- Raise
com.vmware.vapi.std.errors_client.Unsupported
if the provider’s type does not allow export.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
Cryptographer.ManageKeyServers
.
-
get
(provider)¶ Return information about a provider. This method was added in vSphere API 7.0.2.0.
- Parameters
provider (
str
) – Identifier of the provider. The parameter must be an identifier for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
.- Return type
- Returns
Information of the provider.
- Raise
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
if the provider identifier is empty.- Raise
com.vmware.vapi.std.errors_client.NotFound
if the provider is not found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the caller is not authorized.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
Cryptographer.ReadKeyServersInfo
.
-
import_provider
(spec)¶ Import provider configuration. This method was added in vSphere API 7.0.2.0.
- Parameters
spec (
Providers.ImportSpec
) – ImportSpec needed to import a provider.- Return type
- Returns
importResult ImportResult.
- Raise
com.vmware.vapi.std.errors_client.AlreadyExists
if a provider with the same identifier already exists.- Raise
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
if the config or the password is invalid.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the caller is not authorized.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
Cryptographer.ManageKeyServers
.
-
list
(filter_spec=None)¶ Return a list of providers.
. This method was added in vSphere API 7.0.2.0.
- Parameters
filter_spec (
Providers.FilterSpec
orNone
) – Filter for the providers list. If None, the behavior is equivalent to aProviders.FilterSpec
with all attributes None.- Return type
- Returns
Summary of providers.
- Raise
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
if the spec is invalid.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the caller is not authorized.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
Cryptographer.ReadKeyServersInfo
.
-
update
(provider, spec)¶ Update an existing provider. This method was added in vSphere API 7.0.2.0.
- Parameters
provider (
str
) – Identifier of the provider. The parameter must be an identifier for the resource type:com.vmware.vcenter.crypto_manager.kms.provider
.spec (
Providers.UpdateSpec
) – Provider information.
- Raise
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
if the spec is invalid.- Raise
com.vmware.vapi.std.errors_client.NotFound
if the provider is not found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if the caller is not authorized.- Raise
com.vmware.vapi.std.errors_client.Unsupported
if the provider’s type does not allow updates.- Raise
com.vmware.vapi.std.errors_client.Unauthorized
if you do not have all of the privileges described as follows:Method execution requires
Cryptographer.ManageKeyServers
.
-
class
com.vmware.vcenter.crypto_manager.kms_client.
StubFactory
(stub_config)¶ Bases:
vmware.vapi.bindings.stub.StubFactoryBase
Initialize StubFactoryBase
- Parameters
stub_config (
vmware.vapi.bindings.stub.StubConfiguration
) – Stub config instance