1
0
mirror of https://github.com/vmware/vsphere-automation-sdk-python.git synced 2024-11-29 20:09:58 -05:00
vsphere-automation-sdk-python/samples/vsphere/vcenter/certificatemanagement/replace_tls_certificate.py

82 lines
2.7 KiB
Python
Raw Normal View History

#!/usr/bin/env python
"""
* *******************************************************
* Copyright (c) VMware, Inc. 2020. All Rights Reserved.
* SPDX-License-Identifier: MIT
* *******************************************************
*
* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
"""
__author__ = 'VMware, Inc.'
__vcenter_version__ = '7.0+'
import argparse
from vmware.vapi.vsphere.client import create_vsphere_client
import requests
from com.vmware.vcenter.certificate_management.vcenter_client import Tls
from samples.vsphere.common import (sample_cli, sample_util)
"""
Description: Demonstrates the replacement of the MACHINE SSL certificate with a custom
certificate signed by an external third party CA.
Sample Prerequisites:
- The user invoking the API should have the CertificateManagement.Administer privilege.
"""
parser = sample_cli.build_arg_parser()
parser.add_argument('--cert',
required=True,
help='Leaf certificate for replace the MACHINE SSL certificate.')
parser.add_argument('--key',
help='The private key.'
'Not required if the gencsr api was used to generated the certificate signing request.')
parser.add_argument('--rootcert',
help='The root certificate and the intermediate root certificates '
'required to establish the chain of trust.'
'Not required if the certificates are already present in the vCenter.')
args = sample_util.process_cli_args(parser.parse_args())
session = requests.session()
session.verify = False if args.skipverification else True
# Login to vCenter
vsphere_client = create_vsphere_client(server=args.server,
username=args.username,
password=args.password,
session=session)
cert = args.cert.encode(encoding='utf-8').decode('unicode_escape')
if args.key is not None:
key = args.key.encode(encoding='utf-8').decode('unicode_escape')
else:
key = args.key
if args.rootcert is not None:
root_cert = args.rootcert.encode(encoding='utf-8').decode('unicode_escape')
else:
root_cert = args.rootcert
"""
Create the spec for input to the API
"""
spec = Tls.Spec(cert=cert,
key=key,
root_cert=root_cert)
print('The MACHINE SSL certificate will be replaced with the custom certificate ')
vsphere_client.vcenter.certificate_management.vcenter.Tls.set(spec)