diff --git a/samples/vsphere/vcenter/certificatemanagement/README.md b/samples/vsphere/vcenter/certificatemanagement/README.md new file mode 100644 index 00000000..6fc4c880 --- /dev/null +++ b/samples/vsphere/vcenter/certificatemanagement/README.md @@ -0,0 +1,29 @@ +This directory contains samples for managing the MACHINE SSL certificate and the TRUSTED ROOT CHAINS + +The sample were tested against vSphere 7.0+ + +### TRUSTED ROOT CHAINS Create/List/Delete/Get operations +Sample | Description +----------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- +trusted_root_chains_create.py | Demonstrates creation of the trusted root chain in vCenter. +trusted_root_chains_list.py | Demonstrates listing of the aliases of the published trusted root chains in vCenter. +trusted_root_chains_delete.py | Demonstrates deletion of the trusted root chain corresponding to the provided alias. +trusted_root_chains_get.py | Demonstrates retrieval of the trusted root chain corresponding to the provided alias. + +### Tls certificate Renew/Get/Replace/Replace with VMCA operations +Sample | Description +----------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------- +replace_tls_certificate.py | Demonstrates replacement of the machine ssl certificate with a custom certificate signed by a third party CA. +renew_tls_certificate.py | Demonstrates renewal of the machine ssl certificate for the given duration of time. +get_tls_certificate.py | Demonstrates retrieval of the machine ssl certificate along with the X.509 certificate fields. +replace_tls_certificate_with_vmca_signed.py | Demonstrates replacement of the machine ssl certificate with a VMCA signed certificate. + +### VMCA ROOT replace operation +Sample | Description +----------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------- +replace_vmca_root.py | Demonstrates replacement of the VMCA root certificate and regeneration of all the other certificates. + +### Testbed Requirement: + - 1 vCenter Server on version 7.0+ + - The username being used to run the sample should have either the CertificateManagement.Manage or + the CertificateManagement.Administer privilege depending on the operation which is intended to be performed. diff --git a/samples/vsphere/vcenter/certificatemanagement/gencsr.py b/samples/vsphere/vcenter/certificatemanagement/gencsr.py new file mode 100644 index 00000000..105c5405 --- /dev/null +++ b/samples/vsphere/vcenter/certificatemanagement/gencsr.py @@ -0,0 +1,115 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2020. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__vcenter_version__ = '7.0+' + +import argparse + +from vmware.vapi.vsphere.client import create_vsphere_client +import requests +from com.vmware.vcenter.certificate_management.vcenter_client import TlsCsr +from samples.vsphere.common import (sample_cli, sample_util) + +""" +Description: Demonstrates the generation of the Certificate Signing request +for the MACHINE SSL certificate + +Sample Prerequisites: +- The user invoking the API should have the CertificateManagement.Administer or the +CertificateManagement.Manage privilege. +""" + +parser = sample_cli.build_arg_parser() + +parser.add_argument('--keysize', + help='Key size used to generate the private key.' + 'keysize will take 2048 bits if not modified') + +parser.add_argument('--commonname', + help='Common name of the certificate subject field.' + 'common name will take the Primary Network Identifier(PNID) if not modified.') + +parser.add_argument('--organization', + required=True, + help='Organization field in certificate subject.') + +parser.add_argument('--organizationunit', + required=True, + help='Organization unit field in certificate subject') + +parser.add_argument('--locality', + required=True, + help='Locality field in the certificate subject') + +parser.add_argument('--stateorprovince', + required=True, + help='State field in certificate subject') + +parser.add_argument('--country', + required=True, + help='Country field in the certificate subject') + +parser.add_argument('--emailaddress', + required=True, + help='Email field in Certificate extensions') + +parser.add_argument('--subjectaltname', + help='subjectaltname is list of Dns Names and Ip addresses') + +args = sample_util.process_cli_args(parser.parse_args()) + +session = requests.session() +session.verify = False if args.skipverification else True + +# Login to vCenter +vsphere_client = create_vsphere_client(server=args.server, + username=args.username, + password=args.password, + session=session) + +common_name = args.commonname +organization = args.organization +organization_unit = args.organizationunit +locality = args.locality +state_or_province = args.stateorprovince +country = args.country +email_address = args.emailaddress + +if args.keysize is None: + key_size = args.keysize +else: + key_size = int(args.keysize) + +if args.subjectaltname is None: + subject_alt_name = args.subjectaltname +else: + subject_alt_name = args.subjectaltname.split(',') + +""" +Create the spec for input to the API +""" +spec = TlsCsr.Spec(key_size=key_size, + common_name=common_name, + organization=organization, + organization_unit=organization_unit, + locality=locality, + state_or_province=state_or_province, + country=country, + email_address=email_address, + subject_alt_name=subject_alt_name) + +print('Generating the certificate signing request based on the information provided in the spec ') +print(vsphere_client.vcenter.certificate_management.vcenter.TlsCsr.create(spec)) diff --git a/samples/vsphere/vcenter/certificatemanagement/get_tls_certificate.py b/samples/vsphere/vcenter/certificatemanagement/get_tls_certificate.py new file mode 100644 index 00000000..22bd52c7 --- /dev/null +++ b/samples/vsphere/vcenter/certificatemanagement/get_tls_certificate.py @@ -0,0 +1,46 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2020. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__vcenter_version__ = '7.0+' + +import argparse +from samples.vsphere.common import (sample_cli, sample_util) +from vmware.vapi.vsphere.client import create_vsphere_client +import requests + +""" +Description: Demonstrates retrieval of the MACHINE SSL certificate from the vCenter +along with the decoded X.509 certificate fields + +Sample Prerequisites: +- The user invoking the API should have the System.Read privilege. +""" + +parser = sample_cli.build_arg_parser() + +args = sample_util.process_cli_args(parser.parse_args()) + +session = requests.session() +session.verify = False if args.skipverification else True + +# Login to vCenter +vsphere_client = create_vsphere_client(server=args.server, + username=args.username, + password=args.password, + session=session) + +print('Listing the MACHINE SSL certificate along with the decoded X.509 fields ') +print(vsphere_client.vcenter.certificate_management.vcenter.Tls.get()) diff --git a/samples/vsphere/vcenter/certificatemanagement/renew_tls_certificate.py b/samples/vsphere/vcenter/certificatemanagement/renew_tls_certificate.py new file mode 100644 index 00000000..aa3861e2 --- /dev/null +++ b/samples/vsphere/vcenter/certificatemanagement/renew_tls_certificate.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2020. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__vcenter_version__ = '7.0+' + +import argparse + +from vmware.vapi.vsphere.client import create_vsphere_client +import requests +from com.vmware.vcenter.certificate_management.vcenter_client import Tls +from samples.vsphere.common import (sample_cli, sample_util) + +""" +Description: Demonstrates the renewal of the MACHINE SSL certificate + +Sample Prerequisites: +- The user invoking the API should have the CertificateManagement.Administer privilege. +""" + +parser = sample_cli.build_arg_parser() + +parser.add_argument('--duration', + help='Duration of time specified in number of days for which the ' + 'MACHINE SSL certificate has to be renewed') + +args = sample_util.process_cli_args(parser.parse_args()) + +session = requests.session() +session.verify = False if args.skipverification else True + +# Login to vCenter +vsphere_client = create_vsphere_client(server=args.server, + username=args.username, + password=args.password, + session=session) + +if args.duration is None: + print('Renewing the MACHINE SSL certificate for the duration of ' + str(730) + ' days') + duration = args.duration +else: + print('Renewing the MACHINE SSL certificate for the specified duration of ' + args.duration + ' days') + duration = int(args.duration) + +vsphere_client.vcenter.certificate_management.vcenter.Tls.renew(duration) diff --git a/samples/vsphere/vcenter/certificatemanagement/replace_tls_certificate.py b/samples/vsphere/vcenter/certificatemanagement/replace_tls_certificate.py new file mode 100644 index 00000000..881f4bd2 --- /dev/null +++ b/samples/vsphere/vcenter/certificatemanagement/replace_tls_certificate.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2020. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__vcenter_version__ = '7.0+' + +import argparse + +from vmware.vapi.vsphere.client import create_vsphere_client +import requests +from com.vmware.vcenter.certificate_management.vcenter_client import Tls +from samples.vsphere.common import (sample_cli, sample_util) + +""" +Description: Demonstrates the replacement of the MACHINE SSL certificate with a custom +certificate signed by an external third party CA. + +Sample Prerequisites: +- The user invoking the API should have the CertificateManagement.Administer privilege. +""" + +parser = sample_cli.build_arg_parser() + +parser.add_argument('--cert', + required=True, + help='Leaf certificate for replace the MACHINE SSL certificate.') + +parser.add_argument('--key', + help='The private key.' + 'Not required if the gencsr api was used to generated the certificate signing request.') + +parser.add_argument('--rootcert', + help='The root certificate and the intermediate root certificates ' + 'required to establish the chain of trust.' + 'Not required if the certificates are already present in the vCenter.') + +args = sample_util.process_cli_args(parser.parse_args()) + +session = requests.session() +session.verify = False if args.skipverification else True + +# Login to vCenter +vsphere_client = create_vsphere_client(server=args.server, + username=args.username, + password=args.password, + session=session) + +cert = args.cert.encode(encoding='utf-8').decode('unicode_escape') + +if args.key is not None: + key = args.encode(encoding='utf-8').key.decode('unicode_escape') +else: + key = args.key + +if args.rootcert is not None: + root_cert = args.rootcert.encode(encoding='utf-8').decode('unicode_escape') +else: + root_cert = args.rootcert + +""" +Create the spec for input to the API +""" +spec = Tls.Spec(cert=cert, + key=key, + root_cert=root_cert) + + +print('The MACHINE SSL certificate will be replaced with the custom certificate ') +vsphere_client.vcenter.certificate_management.vcenter.Tls.set(spec) diff --git a/samples/vsphere/vcenter/certificatemanagement/replace_tls_certificate_with_vmca_signed.py b/samples/vsphere/vcenter/certificatemanagement/replace_tls_certificate_with_vmca_signed.py new file mode 100644 index 00000000..75553867 --- /dev/null +++ b/samples/vsphere/vcenter/certificatemanagement/replace_tls_certificate_with_vmca_signed.py @@ -0,0 +1,115 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2020. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__vcenter_version__ = '7.0+' + +import argparse + +from vmware.vapi.vsphere.client import create_vsphere_client +import requests +from com.vmware.vcenter.certificate_management.vcenter_client import Tls +from samples.vsphere.common import (sample_cli, sample_util) + +""" +Description: Demonstrates the replacement of the MACHINE SSL certificate with a +VMCA signed certificate. + +Sample Prerequisites: +- The user invoking the API should have the CertificateManagement.Administer privilege. +""" + +parser = sample_cli.build_arg_parser() + +parser.add_argument('--keysize', + help='Key size used to generate the key pair.' + 'keysize will take 2048 bits if not modified') + +parser.add_argument('--commonname', + help='Common name of the certificate subject field.' + 'Common name will take Primary Network Identifier(PNID) if not modified.') + +parser.add_argument('--organization', + required=True, + help='Organization field in certificate subject.') + +parser.add_argument('--organizationunit', + required=True, + help='Organization unit field in certificate subject') + +parser.add_argument('--locality', + required=True, + help='Locality field in the certificate subject') + +parser.add_argument('--stateorprovince', + required=True, + help='State field in certificate subject') + +parser.add_argument('--country', + required=True, + help='Country field in the certificate subject') + +parser.add_argument('--emailaddress', + required=True, + help='Email field in Certificate extensions') + +parser.add_argument('--subjectaltname', + help='subjectaltname is list of Dns Names and Ip addresses') + +args = sample_util.process_cli_args(parser.parse_args()) + +session = requests.session() +session.verify = False if args.skipverification else True + +# Login to vCenter +vsphere_client = create_vsphere_client(server=args.server, + username=args.username, + password=args.password, + session=session) + +common_name = args.commonname +organization = args.organization +organization_unit = args.organizationunit +locality = args.locality +state_or_province = args.stateorprovince +country = args.country +email_address = args.emailaddress + +if args.keysize is None: + keysize = args.keysize +else: + keysize = int(args.keysize) + +if args.subjectaltname is None: + subjectaltname = args.subjectaltname +else: + subjectaltname = args.subjectaltname.split(',') + +""" +Create the spec for input to the API +""" +spec = Tls.ReplaceSpec(key_size=keysize, + common_name=common_name, + organization=organization, + organization_unit=organization_unit, + locality=locality, + state_or_province=state_or_province, + country=country, + email_address=email_address, + subject_alt_name=subjectaltname) + + +print('Replacing the MACHINE SSL certificate with a new VMCA generated certificate') +vsphere_client.vcenter.certificate_management.vcenter.Tls.replace_vmca_signed(spec) diff --git a/samples/vsphere/vcenter/certificatemanagement/replace_vmca_root.py b/samples/vsphere/vcenter/certificatemanagement/replace_vmca_root.py new file mode 100644 index 00000000..bbec02cb --- /dev/null +++ b/samples/vsphere/vcenter/certificatemanagement/replace_vmca_root.py @@ -0,0 +1,107 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2020. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__vcenter_version__ = '7.0+' + +import argparse + +from vmware.vapi.vsphere.client import create_vsphere_client +import requests +from com.vmware.vcenter.certificate_management.vcenter_client import VmcaRoot +from samples.vsphere.common import (sample_cli, sample_util) + +""" +Description: Demonstrates the replacement of the VMCA ROOT certificate and +regeneration of all the other certificates on vCenter. + +Sample Prerequisites: +- The user invoking the API should have the CertificateManagement.Administer privilege. +""" + +parser = sample_cli.build_arg_parser() + +parser.add_argument('--keysize', + help='Key size used to generate the private key.' + 'keysize will take 2048 bits if not provided') + +parser.add_argument('--commonname', + help='Common name of the certificate subject field.' + 'Defaults to PNID (Primary Network Identifier).') + +parser.add_argument('--organization', + help='Organization field in certificate subject.') + +parser.add_argument('--organizationunit', + help='Organization unit field in certificate subject') + +parser.add_argument('--locality', + help='Locality field in the certificate subject') + +parser.add_argument('--stateorprovince', + help='State field in certificate subject') + +parser.add_argument('--country', + help='Country field in the certificate subject') + +parser.add_argument('--emailaddress', + help='Email field in Certificate extensions') + +parser.add_argument('--subjectaltname', + help='subjectaltname is list of Dns Names and Ip addresses') + +args = sample_util.process_cli_args(parser.parse_args()) + +session = requests.session() +session.verify = False if args.skipverification else True + +# Login to vCenter +vsphere_client = create_vsphere_client(server=args.server, + username=args.username, + password=args.password, + session=session) + +common_name = args.commonname +organization = args.organization +organization_unit = args.organizationunit +locality = args.locality +state_or_province = args.stateorprovince +country = args.country +email_address = args.emailaddress + +if args.keysize is None: + key_size = args.keysize +else: + key_size = int(args.keysize) +if args.subjectaltname is None: + subject_alt_name = args.subjectaltname +else: + subject_alt_name = args.subjectaltname.split(',') + +""" +Create the spec for input to the API +""" +spec = VmcaRoot.CreateSpec(key_size=key_size, + common_name=common_name, + organization=organization, + organization_unit=organization_unit, + locality=locality, + state_or_province=state_or_province, + country=country, + email_address=email_address, + subject_alt_name=subject_alt_name) + +print('Replacing the VMCA ROOT certificate and regenerating all other certificates') +vsphere_client.vcenter.certificate_management.vcenter.VmcaRoot.create(spec) diff --git a/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_create.py b/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_create.py new file mode 100644 index 00000000..f18035e3 --- /dev/null +++ b/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_create.py @@ -0,0 +1,62 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2020. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__vcenter_version__ = '7.0+' + +import argparse + +from vmware.vapi.vsphere.client import create_vsphere_client +import requests +from com.vmware.vcenter.certificate_management.vcenter_client import TrustedRootChains +from com.vmware.vcenter.certificate_management_client import X509CertChain +from samples.vsphere.common import (sample_cli, sample_util) + +""" +Description: Demonstrates the import of the TRUSTED ROOT CHAIN into vCenter + +Sample Prerequisites: +- The user invoking the API should have the CertificateManagement.Manage or the +CertificateManagement.Administer privilege +""" + +parser = sample_cli.build_arg_parser() + + +parser.add_argument('--certchain', + required=True, + help='The certificate chain to be imported into vCenter.') + +args = sample_util.process_cli_args(parser.parse_args()) + +session = requests.session() +session.verify = False if args.skipverification else True + +# Login to vCenter +vsphere_client = create_vsphere_client(server=args.server, + username=args.username, + password=args.password, + session=session) + +cert_chain = args.certchain.encode(encoding='utf-8').decode('unicode_escape').split(',') + +""" +Creation of the spec for input to the API +""" +x509_cert_chain = X509CertChain(cert_chain=cert_chain) +cert_chain = TrustedRootChains.CreateSpec(cert_chain=x509_cert_chain) + +print('The alias of the certificate chain successfully imported into vCenter listed below ') +print(vsphere_client.vcenter.certificate_management.vcenter.TrustedRootChains.create(cert_chain)) diff --git a/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_delete.py b/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_delete.py new file mode 100644 index 00000000..f731ca46 --- /dev/null +++ b/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_delete.py @@ -0,0 +1,54 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2020. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__vcenter_version__ = '7.0+' + +import argparse + +from vmware.vapi.vsphere.client import create_vsphere_client +import requests +from com.vmware.vcenter.certificate_management.vcenter_client import TrustedRootChains +from samples.vsphere.common import (sample_cli, sample_util) + +""" +Description: Demonstrates the deletion of the TRUSTED ROOT CHAIN corresponding to the provided alias + +Sample Prerequisites: +- The user invoking the API should have the CertificateManagement.Manage or the +CertificateManagement.Administer privilege +""" + +parser = sample_cli.build_arg_parser() + +parser.add_argument('--certalias', + required=True, + help='The alias for the certificate chain to be deleted from vCenter.') + +args = sample_util.process_cli_args(parser.parse_args()) + +session = requests.session() +session.verify = False if args.skipverification else True + +# Login to vCenter +vsphere_client = create_vsphere_client(server=args.server, + username=args.username, + password=args.password, + session=session) + +cert_alias = args.certalias + +print('Deleting the certificate chain corresponding to the alias ' + cert_alias) +vsphere_client.vcenter.certificate_management.vcenter.TrustedRootChains.delete(cert_alias) diff --git a/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_get.py b/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_get.py new file mode 100644 index 00000000..d2f0378b --- /dev/null +++ b/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_get.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2020. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__vcenter_version__ = '7.0+' + +import argparse + +from vmware.vapi.vsphere.client import create_vsphere_client +import requests +from com.vmware.vcenter.certificate_management.vcenter_client import TrustedRootChains +from samples.vsphere.common import (sample_cli, sample_util) + +""" +Description: Demonstrates the retrieval of the TRUSTED ROOT CHAIN corresponding to the provided alias + +Sample Prerequisites: +- The user invoking the API should have the System.Read privilege +""" + +parser = sample_cli.build_arg_parser() + +parser.add_argument('--certalias', + help='The alias of the certificate chain which is to be retrieved.' + 'All the published certificate chains will be retrieved if not provided') + +args = sample_util.process_cli_args(parser.parse_args()) + +session = requests.session() +session.verify = False if args.skipverification else True + +# Login to vCenter +vsphere_client = create_vsphere_client(server=args.server, + username=args.username, + password=args.password, + session=session) + +cert_alias = args.certalias + +if cert_alias is not None: + print('Retrieving the certificate chain corresponding to the alias ' + cert_alias) + print(vsphere_client.vcenter.certificate_management.vcenter.TrustedRootChains.get(cert_alias)) +else: + print('Retrieving the all the published certificate chains imported to vCenter') + cert_aliases = vsphere_client.vcenter.certificate_management.vcenter.TrustedRootChains.list() + for alias in cert_aliases: + print('Retrieving the certificate chain for the alias ' + alias.chain) + print(vsphere_client.vcenter.certificate_management.vcenter.TrustedRootChains.get(alias.chain)) diff --git a/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_list.py b/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_list.py new file mode 100644 index 00000000..ac7df7e3 --- /dev/null +++ b/samples/vsphere/vcenter/certificatemanagement/trusted_root_chains_list.py @@ -0,0 +1,49 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2020. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__vcenter_version__ = '7.0+' + +import argparse + +from vmware.vapi.vsphere.client import create_vsphere_client +import requests +from com.vmware.vcenter.certificate_management.vcenter_client import TrustedRootChains +from samples.vsphere.common import (sample_cli, sample_util) + +""" +Description: Demonstrates the listing of the aliases for the published TRUSTED ROOT CHAINS in vCenter. + +Sample Prerequisites: +- The user invoking the API should have the System.Read privilege +""" + +parser = sample_cli.build_arg_parser() + +args = sample_util.process_cli_args(parser.parse_args()) + +session = requests.session() +session.verify = False if args.skipverification else True + +# Login to vCenter +vsphere_client = create_vsphere_client(server=args.server, + username=args.username, + password=args.password, + session=session) + + +print('Retrieving all the certificate chain aliases published to vCenter') +cert_aliases = vsphere_client.vcenter.certificate_management.vcenter.TrustedRootChains.list() +print(cert_aliases) diff --git a/samples/vsphere/vcenter/namespace_management/supervisor_services/list_supervisor_services.py b/samples/vsphere/vcenter/namespace_management/supervisor_services/list_supervisor_services.py new file mode 100644 index 00000000..8fcf8093 --- /dev/null +++ b/samples/vsphere/vcenter/namespace_management/supervisor_services/list_supervisor_services.py @@ -0,0 +1,67 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2022. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__copyright__ = 'Copyright 2022 VMware, Inc. All rights reserved.' +__vcenter_version__ = '7.0.2+' + +from com.vmware.vcenter.namespace_management_client import SupervisorServices +from com.vmware.vcenter.namespace_management.supervisor_services_client import \ + Versions + +from samples.vsphere.common import sample_cli +from samples.vsphere.common import sample_util +from samples.vsphere.common.ssl_helper import get_unverified_session +from samples.vsphere.vcenter.hcl.utils import get_configuration + +separator = '-' * 40 + + +class ListSupervisorServices(object): + """ + Demonstrates looking up a list of Supervisor Services registered on vCenter. + """ + def __init__(self): + parser = sample_cli.build_arg_parser() + args = sample_util.process_cli_args(parser.parse_args()) + session = get_unverified_session() if args.skipverification else None + stub_config = get_configuration( + args.server, args.username, args.password, + session) + self.supervisor_services = SupervisorServices(stub_config) + self.versions = Versions(stub_config) + + def run(self): + """ + List Supervisor Services registered on vCenter Server. + """ + services = self.supervisor_services.list() + print('{0}\nList of Supervisor Services\n{0}'.format(separator)) + for s in services: + versions = self.versions.list(s.supervisor_service) + version_summary = ', '.join([v.version for v in versions]) + print('Service: {0}'.format(s.supervisor_service)) + print('Display Name: {0}'.format(s.display_name)) + print('Versions: {0}'.format(version_summary)) + print('State: {0}\n{1}'.format(s.state, separator)) + + +def main(): + list_cl = ListSupervisorServices() + list_cl.run() + + +if __name__ == '__main__': + main() diff --git a/samples/vsphere/vcenter/namespace_management/supervisor_services/list_supervisor_services_on_cluster.py b/samples/vsphere/vcenter/namespace_management/supervisor_services/list_supervisor_services_on_cluster.py new file mode 100644 index 00000000..dbb4c8ad --- /dev/null +++ b/samples/vsphere/vcenter/namespace_management/supervisor_services/list_supervisor_services_on_cluster.py @@ -0,0 +1,75 @@ +#!/usr/bin/env python + +""" +* ******************************************************* +* Copyright (c) VMware, Inc. 2022. All Rights Reserved. +* SPDX-License-Identifier: MIT +* ******************************************************* +* +* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, +* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED +* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, +* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. +""" + +__author__ = 'VMware, Inc.' +__copyright__ = 'Copyright 2022 VMware, Inc. All rights reserved.' +__vcenter_version__ = '7.0.2+' + +from com.vmware.vcenter.namespace_management.supervisor_services_client import \ + ClusterSupervisorServices, Versions + +from samples.vsphere.common import sample_cli +from samples.vsphere.common import sample_util +from samples.vsphere.common.ssl_helper import get_unverified_session +from samples.vsphere.vcenter.hcl.utils import get_configuration + +separator = '-' * 40 + + +class ListClusterSupervisorServices(object): + """ + Demonstrates looking up a list of Supervisor Services installed on a given + Supervisor Cluster. + """ + def __init__(self): + parser = sample_cli.build_arg_parser() + parser.add_argument('--cluster', + required=True, + help='The MoID of the Supervisor Cluster to query.') + + args = sample_util.process_cli_args(parser.parse_args()) + session = get_unverified_session() if args.skipverification else None + stub_config = get_configuration( + args.server, args.username, args.password, + session) + self.cluster_supervisor_services = ClusterSupervisorServices( + stub_config) + self.versions = Versions(stub_config) + self.cluster = args.cluster + + def run(self): + """ + List Supervisor Services registered on vCenter Server. + """ + services = self.cluster_supervisor_services.list(self.cluster) + print('{0}\nList of Cluster Supervisor Services\n{0}'.format(separator)) + for s in services: + info = self.versions.get(s.supervisor_service, s.current_version) + print('Service: {0}'.format(s.supervisor_service)) + print('Display Name: {0}'.format(info.display_name)) + print('Content Type: {0}'.format(info.content_type)) + print('Current Version: {0}'.format(s.current_version)) + print('Desired Version: {0}'.format(s.desired_version)) + print('Config Status: {0}\n{1}'.format(s.config_status, + separator)) + + +def main(): + list_cl = ListClusterSupervisorServices() + list_cl.run() + + +if __name__ == '__main__': + main()