com.vmware.vcenter.crypto_manager package

Subpackages

Submodules

com.vmware.vcenter.crypto_manager.hosts_client module

The com.vmware.vcenter.crypto_manager.hosts_client module provides classes for managing key providers and cryptographic keys on hosts.

class com.vmware.vcenter.crypto_manager.hosts_client.StubFactory(stub_config)

Bases: StubFactoryBase

Initialize StubFactoryBase

Parameters:

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance

com.vmware.vcenter.crypto_manager.kms_client module

The com.vmware.vcenter.crypto_manager.kms_client module provides classes for managing key providers and cryptographic keys.

class com.vmware.vcenter.crypto_manager.kms_client.Providers(config)

Bases: VapiInterface

The Providers class provides methods to create, retrieve, update, delete, export and import providers. This class was added in vSphere API 7.0.2.0.

Parameters:

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class Constraints(tpm_required=None)

Bases: VapiStruct

The Providers.Constraints class contains constraints on a provider. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:

tpm_required (bool) – Determines if a provider is restricted to hosts with TPM 2.0 capability. This attribute was added in vSphere API 7.0.2.0.

class ConstraintsSpec(tpm_required=None)

Bases: VapiStruct

The Providers.ConstraintsSpec class contains constraints to be imposed on a provider. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:

tpm_required (bool or None) – Determines if a provider is restricted to hosts with TPM 2.0 capability. This attribute was added in vSphere API 7.0.2.0. If None, the constraint does not apply to the provider.

class CreateSpec(provider=None, constraints=None, native_spec=None)

Bases: VapiStruct

The Providers.CreateSpec class contains attributes that describe the desired configuration for a new provider. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • provider (str) –

    Provider identifier.

    A unique string provided by the client.. This attribute was added in vSphere API 7.0.2.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.crypto_manager.kms.provider. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.crypto_manager.kms.provider.

  • constraints (Providers.ConstraintsSpec or None) – The constraints on the provider. This attribute was added in vSphere API 7.0.2.0. If None there are no constraints on the provider.

  • native_spec (Providers.NativeProviderCreateSpec or None) – Native provider create spec. This attribute was added in vSphere API 7.0.2.0. This attribute is required when creating a Providers.Type.NATIVE provider.

class ExportResult(type=None, location=None)

Bases: VapiStruct

The Providers.ExportResult class contains result of Providers.export() operation. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • type (Providers.ExportType) – Type of provider export result. This attribute was added in vSphere API 7.0.2.0.

  • location (Providers.Location) – Location of the exported configuration. This attribute was added in vSphere API 7.0.2.0. This attribute is optional and it is only relevant when the value of type is Providers.ExportType.LOCATION.

class ExportSpec(provider=None, password=None)

Bases: VapiStruct

The Providers.ExportSpec class contains attributes that are needed to export a provider. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • provider (str) – Provider identifier. This attribute was added in vSphere API 7.0.2.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.crypto_manager.kms.provider. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.crypto_manager.kms.provider.

  • password (str or None) – Password used to encrypt the exported configuration. This attribute was added in vSphere API 7.0.2.0. If None or empty, the configuration will not be encrypted.

class ExportType(string)

Bases: Enum

The Providers.ExportType class identifies the type of result that is returned when a provider is exported. This enumeration was added in vSphere API 7.0.2.0.

Note

This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.

Parameters:

string (str) – String value for the ExportType instance.

LOCATION = ExportType(string='LOCATION')

Result returned as a URL from which the provider configuration can be downloaded. This class attribute was added in vSphere API 7.0.2.0.

class FilterSpec(providers=None, health=None)

Bases: VapiStruct

The Providers.FilterSpec class contains attributes used to filter the results when listing providers. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • providers (set of str or None) – Provider identifiers. This attribute was added in vSphere API 7.0.2.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: com.vmware.vcenter.crypto_manager.kms.provider. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: com.vmware.vcenter.crypto_manager.kms.provider. If None or empty, the result will not be filtered by provider identifier.

  • health (set of Providers.Health or None) – Provider health status. This attribute was added in vSphere API 7.0.2.0. If None or empty, the result will not be filtered by provider health status.

class Health(string)

Bases: Enum

The Providers.Health class describes the health status of a provider. This enumeration was added in vSphere API 7.0.2.0.

Note

This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.

Parameters:

string (str) – String value for the Health instance.

ERROR = Health(string='ERROR')

There is a critical issue that requires attention. This class attribute was added in vSphere API 7.0.2.0.

NONE = Health(string='NONE')

No health status is available. This class attribute was added in vSphere API 7.0.2.0.

OK = Health(string='OK')

Operating normally. This class attribute was added in vSphere API 7.0.2.0.

WARNING = Health(string='WARNING')

Operating normally, but there is an issue that requires attention. This class attribute was added in vSphere API 7.0.2.0.

class ImportResult(provider=None, type=None, native_info=None, export_time=None, constraints=None)

Bases: VapiStruct

The Providers.ImportResult class contains result of the Providers.import_provider() operation. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • provider (str) – Provider identifier. This attribute was added in vSphere API 7.0.2.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.crypto_manager.kms.provider. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.crypto_manager.kms.provider.

  • type (Providers.Type) – Provider type. This attribute was added in vSphere API 7.0.2.0.

  • native_info (Providers.NativeProviderInfo) – Native provider information. This attribute was added in vSphere API 7.0.2.0. This attribute is optional and it is only relevant when the value of type is Providers.Type.NATIVE.

  • export_time (datetime.datetime) – Time when the provider was exported. This attribute was added in vSphere API 7.0.2.0.

  • constraints (Providers.Constraints or None) – The constraints on the provider. This attribute was added in vSphere API 7.0.2.0. If None, there are no constraints on the provider.

class ImportSpec(config=None, password=None, constraints=None, dry_run=None)

Bases: VapiStruct

The Providers.ImportSpec class contains attributes that are needed to import a provider. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • config (str or None) – Configuration to import. This attribute was added in vSphere API 7.0.2.0. Currently this is required. Other import methods may be supported in the future.

  • password (str or None) – Password to decrypt the configuration to import. This attribute was added in vSphere API 7.0.2.0. If None or empty, configuration to import must be unencrypted.

  • constraints (Providers.ConstraintsSpec or None) – Constraints to impose on the imported provider. This attribute was added in vSphere API 7.0.2.0. If None, the imported provider constraints will match the exported provider constraints.

  • dry_run (bool or None) – Whether to perform a trial import without actuallly creating a provider. This attribute was added in vSphere API 7.0.2.0. If None, a new provider will be created.

class Info(health=None, details=None, constraints=None, type=None, native_info=None)

Bases: VapiStruct

The Providers.Info class contains attributes that describe the details of a provider. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • health (Providers.Health) – Health status of the provider. This attribute was added in vSphere API 7.0.2.0.

  • details (list of com.vmware.vapi.std_client.LocalizableMessage) –

    Details regarding the health status of the provider.

    When the provider Providers.Health is not Providers.Health.NONE or Providers.Health.OK, this attribute will provide actionable descriptions of the issues.. This attribute was added in vSphere API 7.0.2.0.

  • constraints (Providers.Constraints or None) – The constraints on the provider. This attribute was added in vSphere API 7.0.2.0. If None, there are no constraints on the provider.

  • type (Providers.Type) – Provider type. This attribute was added in vSphere API 7.0.2.0.

  • native_info (Providers.NativeProviderInfo) – Native provider information. This attribute was added in vSphere API 7.0.2.0. This attribute is optional and it is only relevant when the value of type is Providers.Type.NATIVE.

class Location(url=None, download_token=None)

Bases: VapiStruct

The Providers.Location class contains the location as well as a token required (as a header in the HTTP GET request) to download the configuration. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • url (str) – Provider configuration download URL. This attribute was added in vSphere API 7.0.2.0.

  • download_token (Providers.Token) – Information about the token required in the HTTP GET request to download the provider configuration. This attribute was added in vSphere API 7.0.2.0.

class NativeProviderCreateSpec(key_id=None, key_derivation_key=None)

Bases: VapiStruct

The Providers.NativeProviderCreateSpec class contains attributes that describe the desired configuration for a Providers.Type.NATIVE provider. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • key_id (str or None) –

    Key identifier for the provider.

    The key identifier is required to be a 128-bit UUID represented as a hexadecimal string in “12345678-abcd-1234-cdef-123456789abc” format.. This attribute was added in vSphere API 7.0.2.0. If None, the key identifier will be generated automatically.

  • key_derivation_key (str or None) – Key used to derive data encryption keys. Base64 encoded. This attribute was added in vSphere API 7.0.2.0. If None, the key derivation key will be generated automatically.

class NativeProviderInfo(key_id=None)

Bases: VapiStruct

The Providers.NativeProviderInfo class contains attributes that describe details of a native provider. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:

key_id (str) – Key identifier for the provider. This attribute was added in vSphere API 7.0.2.0.

class NativeProviderUpdateSpec(key_id=None)

Bases: VapiStruct

The Providers.NativeProviderUpdateSpec class contains attributes that describe the desired configuration for Providers.Type.NATIVE provider. Exporting a Providers.Type.NATIVE provider to create a new back-up is suggested after any update. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:

key_id (str or None) –

Key identifier for the provider.

The key identifier is required to be a 128-bit UUID represented as a hexadecimal string in “12345678-abcd-1234-cdef-123456789abc” format.. This attribute was added in vSphere API 7.0.2.0. If None, the key identifier will remain unchanged.

RESOURCE_TYPE = 'com.vmware.vcenter.crypto_manager.kms.provider'

Resource type for a provider. This class attribute was added in vSphere API 7.0.2.0.

class Summary(provider=None, type=None, health=None)

Bases: VapiStruct

The Providers.Summary class contains attributes that describe a provider. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • provider (str) – Provider identifier. This attribute was added in vSphere API 7.0.2.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.crypto_manager.kms.provider. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.crypto_manager.kms.provider.

  • type (Providers.Type) – Provider type. This attribute was added in vSphere API 7.0.2.0.

  • health (Providers.Health) – Health status of the provider. This attribute was added in vSphere API 7.0.2.0.

class Token(token=None, expiry=None)

Bases: VapiStruct

The Providers.Token class contains information about the token required to be passed in the HTTP header in the HTTP GET request to download the provider configuration. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • token (str) –

    A one-time, short-lived token required in “Authorization” field of the HTTP header of the request to the url.

    After the token expires, any attempt to download the configuration with said token will fail.. This attribute was added in vSphere API 7.0.2.0.

  • expiry (datetime.datetime) – Expiry time of the token. This attribute was added in vSphere API 7.0.2.0.

class Type(string)

Bases: Enum

The Providers.Type class contains the types of providers. This enumeration was added in vSphere API 7.0.2.0.

Note

This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.

Parameters:

string (str) – String value for the Type instance.

NATIVE = Type(string='NATIVE')

Native provider. This class attribute was added in vSphere API 7.0.2.0.

class UpdateSpec(native_spec=None)

Bases: VapiStruct

The Providers.UpdateSpec class contains attributes that describe the new configuration for an existing provider. This class was added in vSphere API 7.0.2.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:

native_spec (Providers.NativeProviderUpdateSpec or None) –

New Configuration for Providers.Type.NATIVE provider.

. This attribute was added in vSphere API 7.0.2.0. If None, provider configuration will remain unchanged.

create(spec)

Add a new provider. This method was added in vSphere API 7.0.2.0.

Parameters:

spec (Providers.CreateSpec) – Provider information.

Raise:

com.vmware.vapi.std.errors_client.AlreadyExists if a provider with the same identifier already exists.

Raise:

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument if the spec is invalid.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the caller is not authorized.

Raise:

com.vmware.vapi.std.errors_client.Unsupported if creating a provider of the type is not supported.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires Cryptographer.ManageKeyServers.

delete(provider)

Remove a provider. This method was added in vSphere API 7.0.2.0.

Parameters:

provider (str) – Identifier of the provider. The parameter must be an identifier for the resource type: com.vmware.vcenter.crypto_manager.kms.provider.

Raise:

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument if the provider identifier is empty.

Raise:

com.vmware.vapi.std.errors_client.NotFound if the provider is not found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the caller is not authorized.

Raise:

com.vmware.vapi.std.errors_client.Unsupported if the provider’s type does not allow deletion.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires Cryptographer.ManageKeyServers.

export(spec)

Export provider configuration. This method was added in vSphere API 7.0.2.0.

Parameters:

spec (Providers.ExportSpec) – ExportSpec needed to export a provider.

Return type:

Providers.ExportResult

Returns:

ExportResult.

Raise:

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument if the provider identifier is empty.

Raise:

com.vmware.vapi.std.errors_client.NotFound if the provider with the identifier is not found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the caller is not authorized.

Raise:

com.vmware.vapi.std.errors_client.Unsupported if the provider’s type does not allow export.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires Cryptographer.ManageKeyServers.

get(provider)

Return information about a provider. This method was added in vSphere API 7.0.2.0.

Parameters:

provider (str) – Identifier of the provider. The parameter must be an identifier for the resource type: com.vmware.vcenter.crypto_manager.kms.provider.

Return type:

Providers.Info

Returns:

Information of the provider.

Raise:

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument if the provider identifier is empty.

Raise:

com.vmware.vapi.std.errors_client.NotFound if the provider is not found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the caller is not authorized.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires Cryptographer.ReadKeyServersInfo.

import_provider(spec)

Import provider configuration. This method was added in vSphere API 7.0.2.0.

Parameters:

spec (Providers.ImportSpec) – ImportSpec needed to import a provider.

Return type:

Providers.ImportResult

Returns:

importResult ImportResult.

Raise:

com.vmware.vapi.std.errors_client.AlreadyExists if a provider with the same identifier already exists.

Raise:

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument if the config or the password is invalid.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the caller is not authorized.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires Cryptographer.ManageKeyServers.

list(filter_spec=None)

Return a list of providers.

. This method was added in vSphere API 7.0.2.0.

Parameters:

filter_spec (Providers.FilterSpec or None) – Filter for the providers list. If None, the behavior is equivalent to a Providers.FilterSpec with all attributes None.

Return type:

list of Providers.Summary

Returns:

Summary of providers.

Raise:

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument if the spec is invalid.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the caller is not authorized.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires Cryptographer.ReadKeyServersInfo.

update(provider, spec)

Update an existing provider. This method was added in vSphere API 7.0.2.0.

Parameters:
  • provider (str) – Identifier of the provider. The parameter must be an identifier for the resource type: com.vmware.vcenter.crypto_manager.kms.provider.

  • spec (Providers.UpdateSpec) – Provider information.

Raise:

com.vmware.vapi.std.errors_client.Error if there is a generic error.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument if the spec is invalid.

Raise:

com.vmware.vapi.std.errors_client.NotFound if the provider is not found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the caller is not authorized.

Raise:

com.vmware.vapi.std.errors_client.Unsupported if the provider’s type does not allow updates.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if you do not have all of the privileges described as follows:

  • Method execution requires Cryptographer.ManageKeyServers.

class com.vmware.vcenter.crypto_manager.kms_client.StubFactory(stub_config)

Bases: StubFactoryBase

Initialize StubFactoryBase

Parameters:

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance