com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms package

Subpackages

Submodules

com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.providers_client module

The com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.providers_client module provides the classes for configuring the Key Providers of a Trust Authority Cluster.

class com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.providers_client.ClientCertificate(config)

Bases: VapiInterface

The ClientCertificate interface provides methods to add and retrieve client certificate. This class was added in vSphere API 7.0.0.0.

Parameters:

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class Info(certificate=None)

Bases: VapiStruct

The ClientCertificate.Info class contains the client certificate used by the hosts in a cluster for authenticating with the Provider. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:

certificate (str) – Public certificate. This attribute was added in vSphere API 7.0.0.0.

class UpdateSpec(certificate=None, private_key=None)

Bases: VapiStruct

The ClientCertificate.UpdateSpec class contains attributes that describe the client certificate update for a Key Provider. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • certificate (str) – Public certificate used by every host in the cluster. This attribute was added in vSphere API 7.0.0.0.

  • private_key (str or None) – Private part of the certificate. This attribute was added in vSphere API 7.0.0.0. If None, the update request is for a public/private client certificate pair, not for a signed CSR.

create_task(cluster, provider)

Generate a new self signed client certificate. Existing client certificate is overwritten. The key server will use this certificate to validate the client connection. This method was added in vSphere API 7.0.0.0.

Parameters:
  • cluster (str) – Identifier of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • provider (str) – Identifier of the provider. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.Provider.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument If cluster or provider id are empty.

Raise:

com.vmware.vapi.std.errors_client.NotFound If the cluster or provider is not found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated If the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Error If any other error occurs.

get_task(cluster, provider)

Return the existing client certificate. This method was added in vSphere API 7.0.0.0.

Parameters:
  • cluster (str) – Identifier of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • provider (str) – Identifier of the provider. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.Provider.

Return type:

class:

vmware.vapi.stdlib.client.task.Task

Returns:

Task instance

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument If cluster or provider id are empty.

Raise:

com.vmware.vapi.std.errors_client.NotFound If the cluster or provider is not found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated If the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Error If any other error occurs.

update_task(cluster, provider, spec)

Update the client certificate.

The key server will use this certificate to validate the client connection. If a client certificate already exists, it will be replaced.

An optional private key can be specified if the certificate has already been provisioned.. This method was added in vSphere API 7.0.0.0.

Parameters:
  • cluster (str) – Identifier of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • provider (str) – Identifier of the provider. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.Provider.

  • spec (ClientCertificate.UpdateSpec) – The update spec.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument If the certificate or private key is invalid or cluster/provider id are empty.

Raise:

com.vmware.vapi.std.errors_client.NotFound If the cluster or provider is not found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated If the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Error If any other error occurs.

class com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.providers_client.Credential(config)

Bases: VapiInterface

The Credential interface provides methods to add a credential for external key management service(s). This class was added in vSphere API 7.0.0.0.

Parameters:

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

set_task(cluster, provider, credential)

Set the key server credential. This method was added in vSphere API 7.0.0.0.

Parameters:
  • cluster (str) – Identifier of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • provider (str) – Identifier of the provider. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.Provider.

  • credential (str) – KMIP KMS password or AWS access key.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument If cluster or provider id are empty.

Raise:

com.vmware.vapi.std.errors_client.NotFound If the provider or cluster is not found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated If the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Error If any other error occurs.

class com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.providers_client.CurrentPeerCertificates(config)

Bases: VapiInterface

Retrieves the list of TLS certificates used by peer key servers. Those are meant for review. Following approval these certificates should be added as trusted certificates in the TrustedPeerCertificates class. This class was added in vSphere API 7.0.0.0.

Parameters:

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class FilterSpec(server_names=None, trusted=None)

Bases: VapiStruct

The CurrentPeerCertificates.FilterSpec class contains attributes used to filter the results when listing remote server certificates. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • server_names (set of str or None) – Names that key server must have to match the filter (see CurrentPeerCertificates.Summary.server_name). This attribute was added in vSphere API 7.0.0.0. If None or empty, key servers with any name match the filter.

  • trusted (bool or None) – Trust status that server certificates must have to match the filter (see CurrentPeerCertificates.Summary.trusted). This attribute was added in vSphere API 7.0.0.0. If None, trusted and untrusted server certificates match the filter.

class Summary(server_name=None, certificate=None, error_messages=None, trusted=None)

Bases: VapiStruct

The CurrentPeerCertificates.Summary class contains a summary of the current key server certificates. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • server_name (str) – Name of the server. This attribute was added in vSphere API 7.0.0.0.

  • certificate (str or None) – Server certificate. This attribute was added in vSphere API 7.0.0.0. If None, the certificate cannot be retrieved from the remote system, and CurrentPeerCertificates.Summary.trusted is undefined. See CurrentPeerCertificates.Summary.error_messages for details.

  • error_messages (list of com.vmware.vapi.std_client.LocalizableMessage) –

    Server certificate retrieval errors.

    Specifies error details when retrieving the remote server certificate fails. This list will be empty when CurrentPeerCertificates.Summary.certificate is set.. This attribute was added in vSphere API 7.0.0.0.

  • trusted (bool) – whether server certificate is already trusted . This attribute was added in vSphere API 7.0.0.0.

list_task(cluster, provider, spec=None)

Return the remote server certificates.

Contacts the configured key servers and attempts to retrieve their certificates. These certificates might not yet be trusted.

If the returned certificates are to be considered trustworthy, then it must be added to the list of trusted server certificates by adding to the certificates returned by TrustedPeerCertificates.get() and invoking TrustedPeerCertificates.update() with the updated list of certificates.. This method was added in vSphere API 7.0.0.0.

Parameters:
  • cluster (str) – Identifier of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • provider (str) – Identifier of the provider. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.Provider.

  • spec (CurrentPeerCertificates.FilterSpec or None) – Filter spec. If None, the behavior is equivalent to a CurrentPeerCertificates.FilterSpec with all attributes None

Return type:

class:

vmware.vapi.stdlib.client.task.Task

Returns:

Task instance

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument If the cluster or provider id is empty.

Raise:

com.vmware.vapi.std.errors_client.NotFound If the cluster or provider is not found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated If the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Error For any other error.

class com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.providers_client.StubFactory(stub_config)

Bases: StubFactoryBase

Initialize StubFactoryBase

Parameters:

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance

class com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.providers_client.TrustedPeerCertificates(config)

Bases: VapiInterface

Provides management operations for the TLS certificates trusted for communication with peer key servers.

To obtain the currently used TLS certificates use the CurrentPeerCertificates class. This class was added in vSphere API 7.0.0.0.

Parameters:

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class Info(certificates=None)

Bases: VapiStruct

The TrustedPeerCertificates.Info class contains x509 certificate list. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:

certificates (list of str) – List of certificate strings, PEM format. This attribute was added in vSphere API 7.0.0.0.

class UpdateSpec(certificates=None)

Bases: VapiStruct

The TrustedPeerCertificates.UpdateSpec class contains attributes that describe the server certificate update for a Key Provider. This class was added in vSphere API 7.0.0.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:

certificates (list of str or None) – Public certificates of key server to trust. This attribute was added in vSphere API 7.0.0.0. If None, the trusted server certificates will not be updated.

get_task(cluster, provider)

Return the list of trusted server certificates. This method was added in vSphere API 7.0.0.0.

Parameters:
  • cluster (str) – Identifier of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • provider (str) – Identifier of the provider. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.Provider.

Return type:

class:

vmware.vapi.stdlib.client.task.Task

Returns:

Task instance

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument If cluster or provider id are empty.

Raise:

com.vmware.vapi.std.errors_client.NotFound If the cluster or provider is not found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated If the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Error If any other error occurs.

update_task(cluster, provider, spec)

Update trusted server certificate(s).

The client will use these certificates to validate the server connection. The existing list of trusted certificates will be overwritten.

The client will not trust the server connection until a server certificate has been set.. This method was added in vSphere API 7.0.0.0.

Parameters:
  • cluster (str) – Identifier of the cluster. The parameter must be an identifier for the resource type: ClusterComputeResource.

  • provider (str) – Identifier of the provider. The parameter must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.Provider.

  • spec (TrustedPeerCertificates.UpdateSpec) – The update spec

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument If one or more certificates are invalid or the cluster/provider Id is empty.

Raise:

com.vmware.vapi.std.errors_client.NotFound If the cluster or provider is not found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated If the caller is not authenticated.

Raise:

com.vmware.vapi.std.errors_client.Error If any other error occurs.