API bindings for VMware Cloud on AWS 1.7 release

Signed-off-by: Tianhao He <het@vmware.com>

lib/vapi-client-bindings/index.html

@@ -1 +1 @@
-<a href='vapi_client_bindings-1.5.0-py2.py3-none-any.whl'>vapi_client_bindings-1.5.0-py2.py3-none-any.whl</a><br />
+<a href='vapi_client_bindings-3.0.0-py2.py3-none-any.whl'>vapi_client_bindings-3.0.0-py2.py3-none-any.whl</a><br />

lib/vapi-common-client/index.html

@@ -1 +1 @@
-<a href='vapi_common_client-2.10.2-py2.py3-none-any.whl'>vapi_common_client-2.10.2-py2.py3-none-any.whl</a><br />
+<a href='vapi_common_client-2.12.0-py2.py3-none-any.whl'>vapi_common_client-2.12.0-py2.py3-none-any.whl</a><br />

lib/vapi-runtime/index.html

@@ -1 +1 @@
-<a href='vapi_runtime-2.10.2-py2.py3-none-any.whl'>vapi_runtime-2.10.2-py2.py3-none-any.whl</a><br />
+<a href='vapi_runtime-2.12.0-py2.py3-none-any.whl'>vapi_runtime-2.12.0-py2.py3-none-any.whl</a><br />

requirements.txt

@@ -2,7 +2,7 @@ lxml >= 4.3.0
 pyVmomi >= 6.7
 suds ; python_version < '3'
 suds-jurko ; python_version >= '3.0'
-vapi-client-bindings == 1.5.0
+vapi-client-bindings == 3.0.0
 vmc-client-bindings
 nsx-python-sdk
 nsx-policy-python-sdk

samples/vsphere/oauth/__init__.py

@@ -0,0 +1,25 @@
+"""
+* *******************************************************
+* Copyright VMware, Inc. 2019. All Rights Reserved.
+* SPDX-License-Identifier: MIT
+* *******************************************************
+*
+* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
+* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
+* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
+* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
+"""
+
+__author__ = 'VMware, Inc.'
+
+# Required to distribute different parts of this
+# package as multiple distribution
+try:
+    import pkg_resources
+
+    pkg_resources.declare_namespace(__name__)
+except ImportError:
+    from pkgutil import extend_path
+
+    __path__ = extend_path(__path__, __name__)  # @ReservedAssignment

samples/vsphere/oauth/exchange_access_id_token_for_saml.py

@@ -0,0 +1,98 @@
+"""
+* *******************************************************
+* Copyright VMware, Inc. 2019. All Rights Reserved.
+* SPDX-License-Identifier: MIT
+* *******************************************************
+*
+* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
+* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
+* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
+* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
+"""
+
+__author__ = 'VMware, Inc.'
+__vcenter_version__ = '6.8.7+'
+
+import argparse
+import base64
+import requests
+from com.vmware.vcenter.tokenservice_client import TokenExchange
+from lxml import etree
+from vmware.vapi.lib.connect import get_requests_connector
+from vmware.vapi.security.oauth import create_oauth_security_context
+from vmware.vapi.stdlib.client.factories import StubConfigurationFactory
+from vmware.vapi.vsphere.client import create_vsphere_client
+
+from samples.vsphere.common.ssl_helper import get_unverified_session
+
+'''
+This sample demonstrates obtaining saml token from access(subject) and id(actor) tokens
+The SAML token is then used to connect to VCenter and list all the VM Details
+
+Pre-requisites:
+- a VCenter
+- access/subject token
+- id/actor token
+
+To run the sample,
+$ python exchange_access_id_token_for_saml_token.py --vc <VC> --subject_token <Subject Token> --actor_token <Actor Token> --skipverification
+'''
+
+HTTP_ENDPOINT = "https://{}/api"
+UTF8 = 'utf-8'
+
+parser = argparse.ArgumentParser(description='arguments for obtaining SAML token from access(subject) and id(actor) tokens')
+
+parser.add_argument('--vc', dest='vcenter_server',
+                help='VCenter hostname or IP')
+parser.add_argument('--subject_token', dest='subject_token',
+                help='Subject/Access token')
+parser.add_argument('--actor_token', dest='actor_token',
+                help='Actor/ID token')
+parser.add_argument('--skipverification',
+                action='store_true',
+                help='Skip Server Certificate Verification')
+
+args = parser.parse_args()
+
+session = requests.session()
+if args.skipverification:
+    session = get_unverified_session()
+
+stub_config = StubConfigurationFactory.new_std_configuration(
+                get_requests_connector(
+                    session=session,
+                    url=HTTP_ENDPOINT.format(args.vcenter_server)
+                )
+            )
+
+# create oauth security context for authentication
+oauth_security_context = create_oauth_security_context(args.subject_token)
+stub_config.connector.set_security_context(oauth_security_context)
+
+token_exchange = TokenExchange(stub_config)
+exchange_spec = token_exchange.ExchangeSpec(
+    grant_type=token_exchange.TOKEN_EXCHANGE_GRANT,
+    subject_token_type=token_exchange.ACCESS_TOKEN_TYPE,
+    actor_token_type=token_exchange.ID_TOKEN_TYPE,
+    requested_token_type=token_exchange.SAML2_TOKEN_TYPE,
+    actor_token=args.actor_token, subject_token=args.subject_token)
+response = token_exchange.exchange(exchange_spec)
+saml_token = response.access_token
+
+# convert saml token to saml assertion
+samlAssertion = etree.tostring(
+    etree.XML(base64.decodebytes(
+        bytes(saml_token, UTF8)
+    ))
+).decode(UTF8)
+
+# create vsphere client to connect to VC and list VM Details
+client = create_vsphere_client(server=args.vcenter_server, bearer_token=samlAssertion, session=session)
+vms = client.vcenter.VM.list()
+
+print("VM List\n", "-" * 50)
+for vm in vms:
+    print(vm.name)
+print("-" * 50)

samples/vsphere/oauth/list_external_identity_providers.py

@@ -0,0 +1,62 @@
+"""
+* *******************************************************
+* Copyright VMware, Inc. 2019. All Rights Reserved.
+* SPDX-License-Identifier: MIT
+* *******************************************************
+*
+* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
+* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
+* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
+* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
+"""
+
+__author__ = 'VMware, Inc.'
+__vcenter_version__ = '6.8.7+'
+
+import argparse
+import requests
+from com.vmware.vcenter.identity_client import Providers
+from vmware.vapi.stdlib.client.factories import StubConfigurationFactory
+from samples.vsphere.common.ssl_helper import get_unverified_session
+from vmware.vapi.lib.connect import get_requests_connector
+
+'''
+This sample lists all the external Identity Providers for the given VCenter
+
+Pre-requisites:
+- a VCenter
+
+To run the sample,
+$ python list_external_identity_providers.py --vc <VC> --skipverification
+'''
+
+HTTP_ENDPOINT = "https://{}/api"
+
+parser = argparse.ArgumentParser(description='arguments for listing external Identity Providers')
+
+parser.add_argument('--vc', dest='vcenter_server',
+                help='VCenter hostname or IP')
+parser.add_argument('--skipverification',
+                action='store_true',
+                help='Skip Server Certificate Verification')
+
+args = parser.parse_args()
+
+session = requests.session()
+if args.skipverification:
+    session = get_unverified_session()
+
+stub_config = StubConfigurationFactory.new_std_configuration(get_requests_connector(session=session, url=HTTP_ENDPOINT.format(args.vcenter_server)))
+
+# use the identity client to list the providers
+id_client = Providers(stub_config)
+providers = id_client.list()
+print("Total providers: {}\n".format(len(providers)))
+print("-" * 100)
+
+# print summary of the providers
+for p in providers:
+    print("Auth Endpoint: {}\n".format(p.oauth2.auth_endpoint))
+    print("Token Endpoint: {}\n".format(p.oauth2.token_endpoint))
+    print("-" * 100)

samples/vsphere/vcenter/converge/converge_sample.py

@@ -0,0 +1,106 @@
+#!/usr/bin/env python
+"""
+* *******************************************************
+* Copyright (c) VMware, Inc. 2019. All Rights Reserved.
+* SPDX-License-Identifier: MIT
+* *******************************************************
+*
+* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
+* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
+* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
+* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
+"""
+
+__author__ = 'VMware, Inc.'
+
+import os
+import requests
+
+from com.vmware.vcenter.system_config_client import DeploymentType
+
+from samples.vsphere.common import sample_cli, sample_util
+from samples.vsphere.common.ssl_helper import get_unverified_session
+
+from vmware.vapi.core import ApplicationContext
+from vmware.vapi.lib.constants import SHOW_UNRELEASED_APIS
+from vmware.vapi.lib.connect import get_connector, get_requests_connector
+from vmware.vapi.stdlib.client.factories import StubConfigurationFactory
+from vmware.vapi.security.client.security_context_filter import \
+    LegacySecurityContextFilter, ApiProviderFilter
+from vmware.vapi.security.user_password import \
+    create_user_password_security_context
+
+
+class SampleConverge(object):
+    """
+     Sample demonstrating vCenter External to Embedded Convergence operation
+     Sample Prerequisites:
+     vCenter on linux platform with external Platform Services Controller
+     """
+    def __init__(self):
+        parser = sample_cli.build_arg_parser()
+        parser.add_argument(
+            '-a', '--sso_admin_username', action='store', required=True,
+            default='Sample_PSC_username',
+            help='Platform Services Controller admin username')
+        parser.add_argument(
+            '-w', '--sso_admin_password', action='store', required=True,
+            default='Sample_PSC_Admin_Password',
+            help='Platform Services Controller admin password')
+
+        args = sample_util.process_cli_args(parser.parse_args())
+        self.username = args.username
+        self.password = args.password
+        self.sso_admin_username = args.sso_admin_username
+        self.sso_admin_password = args.sso_admin_password
+        self.server = args.server
+        self.skipverification = args.skipverification
+
+    def run(self):
+        """
+         Converges the external PSC into the Management Node without shutting
+         down the Platform Services Controller.
+         """
+        session = get_unverified_session() if self.skipverification else None
+
+        sec_ctx = create_user_password_security_context(
+                    self.username, self.password)
+        # TODO The following line to be deleted when API is changed to
+        #  @Release type. As of now this is only for testing
+        app_ctx = ApplicationContext({SHOW_UNRELEASED_APIS: "True"})
+
+        connector = get_requests_connector(
+                session=session,
+                msg_protocol='json',
+                url='https://{0}:5480/api'.format(self.server),
+                provider_filter_chain=[
+                    LegacySecurityContextFilter(
+                        security_context=sec_ctx)])
+        connector.set_application_context(app_ctx)
+        stub_config = StubConfigurationFactory.new_std_configuration(connector)
+        deployment_type = DeploymentType(stub_config)
+        """
+         Running convergence task precheck.
+         Remove the line ", only_precheck = True" to perform convergence.
+         """
+        convergence_task = deployment_type.convert_to_vcsa_embedded_task(
+            DeploymentType.ConvergenceSpec(DeploymentType.PscInfo(
+                sso_admin_username=self.sso_admin_username,
+                sso_admin_password=self.sso_admin_password),
+                only_precheck=True))
+
+        print('Converge operation started with task ID: \n{0}'.format(
+            convergence_task.get_task_id()))
+
+
+def main():
+    """
+     Entry point for the sample client
+    """
+    converge = SampleConverge()
+    converge.run()
+
+
+if __name__ == '__main__':
+    main()

samples/vsphere/vcenter/converge/decommission_sample.py

@@ -0,0 +1,110 @@
+#!/usr/bin/env python
+"""
+* *******************************************************
+* Copyright (c) VMware, Inc. 2019. All Rights Reserved.
+* SPDX-License-Identifier: MIT
+* *******************************************************
+*
+* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
+* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
+* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
+* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
+"""
+
+__author__ = 'VMware, Inc.'
+
+import requests
+
+
+from com.vmware.vcenter.topology_client import Pscs
+
+from samples.vsphere.common import sample_cli, sample_util
+from samples.vsphere.common.ssl_helper import get_unverified_session
+
+from vmware.vapi.lib.connect import get_connector, get_requests_connector
+from vmware.vapi.stdlib.client.factories import StubConfigurationFactory
+
+from vmware.vapi.security.user_password import \
+    create_user_password_security_context
+from vmware.vapi.core import ApplicationContext
+from vmware.vapi.lib.constants import SHOW_UNRELEASED_APIS
+
+
+class SampleDecommission(object):
+    """
+     Demonstrates Decommission operation for external PSC
+     Sample Prerequisites:
+     Embedded vCenter on linux platform with replication to Platform Services
+     Controller to be decommissioned
+     """
+    def __init__(self):
+        parser = sample_cli.build_arg_parser()
+        parser.add_argument(
+            '-psc_h', '--psc_host_name', action='store',
+            default='Sample_PSC_hostname',
+            help='Platform Services Controller FQDN / IP as per configuration')
+        parser.add_argument(
+            '-a', '--sso_admin_username', action='store',
+            default='Sample_PSC_username',
+            help='Platform Services Controller admin username')
+        parser.add_argument(
+            '-w', '--sso_admin_password', action='store',
+            default='Sample_PSC_Admin_Password',
+            help='Platform Services Controller admin password')
+
+        args = sample_util.process_cli_args(parser.parse_args())
+        self.psc_hostname = args.psc_host_name
+        self.username = args.username
+        self.password = args.password
+        self.sso_admin_username = args.sso_admin_username
+        self.sso_admin_password = args.sso_admin_password
+        self.server = args.server
+        self.skipverification = args.skipverification
+
+    def run(self):
+        """
+         Decommissions a PSC node from a Management Node
+         """
+        session = get_unverified_session() if self.skipverification else None
+
+        sec_ctx = create_user_password_security_context(
+                    self.username, self.password)
+        # TODO The following line to be deleted when API is changed to
+        #  @Release type. As of now this is only for testing
+        app_ctx = ApplicationContext({SHOW_UNRELEASED_APIS: "True"})
+
+        connector = get_requests_connector(
+            session=session,
+            msg_protocol='json',
+            url='https://{0}:5480/api'.format(self.server))
+        connector.set_security_context(sec_ctx)
+        connector.set_application_context(app_ctx)
+        stub_config = StubConfigurationFactory.new_std_configuration(connector)
+        pscs_obj = Pscs(stub_config)
+        """
+         Running decommission task precheck.
+         Remove the line ", only_precheck = True" to perform decommission.
+         """
+        decommission_task = pscs_obj.decommission_task(
+            self.psc_hostname,
+            Pscs.DecommissionSpec(
+            sso_admin_username=self.sso_admin_username,
+            sso_admin_password=self.sso_admin_password),
+            only_precheck=True)
+
+        print(
+            'Decommission operation started with task ID: \n%s',
+            decommission_task.get_task_id())
+
+
+def main():
+    """
+     Entry point for the sample client
+     """
+    decommision_obj = SampleDecommission()
+    decommision_obj.run()
+
+
+if __name__ == '__main__':
+    main()