com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation package
Subpackages
Submodules
com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2_client module
The
com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2_client
module provides classes to manage remote attestation configuration for TPM
trust.
- class com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2_client.CaCertificates(config)
Bases:
VapiInterface
The
CaCertificates
class provides methods to manage Trusted Platform Module (TPM) CA certificates.Endorsement Keys are typically packaged in a certificate that is signed by a certificate authority (CA). This class allows the CA certificate to be registered with the Attestation Service in order to validate TPM EK certificates when presented at attestation time.. This class was added in vSphere API 7.0.0.0.
- Parameters:
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
- class CreateSpec(name=None, cert_chain=None)
Bases:
VapiStruct
The
CaCertificates.CreateSpec
class contains information that describes a TPM CA certificate. This class was added in vSphere API 7.0.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters:
name (
str
) – A unique name for the TPM CA certificate. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type:com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.CaCertificate
. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type:com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.CaCertificate
.cert_chain (
com.vmware.vcenter.trusted_infrastructure_client.X509CertChain
orNone
) –The CA certificate chain.
Certificates may either be added one at a time, or as a chain. Adding the certificates as a chain allows the group to be managed as a whole. For example, an entire chain can be deleted in one
CaCertificates.delete()
operation.When certificates are added one at a time, the order must be root first, followed by any intermediates. The intermediates certificates must also be ordered in the direction from root to leaf.
Similarly, when added as a chain the list must be ordered in the direction from root to leaf.. This attribute was added in vSphere API 7.0.0.0. If None creation will fail.
- class Health(string)
Bases:
Enum
The
CaCertificates.Health
class is indicator for the consistency of the hosts status in the cluster. This enumeration was added in vSphere API 7.0.0.0.Note
This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.
- Parameters:
string (
str
) – String value for theHealth
instance.
- ERROR = Health(string='ERROR')
Not all hosts in the cluster are in consistent state. This class attribute was added in vSphere API 7.0.0.0.
- NONE = Health(string='NONE')
No status available. This class attribute was added in vSphere API 7.0.0.0.
- OK = Health(string='OK')
Each host in the cluster is in consistent state with the rest hosts in the cluster. This class attribute was added in vSphere API 7.0.0.0.
- WARNING = Health(string='WARNING')
Attestation is funtioning, however there is an issue that requires attention. This class attribute was added in vSphere API 7.0.0.0.
- class Info(cert_chain=None, health=None, details=None)
Bases:
VapiStruct
The
CaCertificates.Info
class contains information that describes a TPM CA certificate. This class was added in vSphere API 7.0.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters:
cert_chain (
com.vmware.vcenter.trusted_infrastructure_client.X509CertChain
) – The CA certificate chain. This attribute was added in vSphere API 7.0.0.0.health (
CaCertificates.Health
) – A health indicator which indicates whether each host in the cluster has the same CA certs. This attribute was added in vSphere API 7.0.0.0.details (
list
ofcom.vmware.vapi.std_client.LocalizableMessage
) –Details regarding the health.
When the
CaCertificates.Health
is notCaCertificates.Health.OK
orCaCertificates.Health.NONE
, this member will provide an actionable description of the issues present.. This attribute was added in vSphere API 7.0.0.0.
- RESOURCE_TYPE = 'com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.CaCertificate'
Resource type for TPM 2.0 CA certificates. This class attribute was added in vSphere API 7.0.0.0.
- class Summary(name=None, health=None)
Bases:
VapiStruct
The
CaCertificates.Summary
class contains information that summarizes a TPM CA certificate. This class was added in vSphere API 7.0.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters:
name (
str
) – A unique name for the TPM CA certificate. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type:com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.CaCertificate
. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type:com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.CaCertificate
.health (
CaCertificates.Health
) – A health indicator which indicates whether each host in the cluster has the same CA certs. This attribute was added in vSphere API 7.0.0.0.
- create_task(cluster, spec)
Add a new TPM CA certificate on a cluster. This method was added in vSphere API 7.0.0.0.
- Parameters:
cluster (
str
) – The id of the cluster on which the operation will be executed. The parameter must be an identifier for the resource type:ClusterComputeResource
.spec (
CaCertificates.CreateSpec
) – The new CA certificate details.
- Raise:
com.vmware.vapi.std.errors_client.AlreadyExists
if the certificate name exists.- Raise:
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise:
com.vmware.vapi.std.errors_client.InvalidArgument
if the configuration is invalid or the cluster id is empty.- Raise:
com.vmware.vapi.std.errors_client.NotFound
ifcluster
doesn’t match to any cluster in the vCenter.- Raise:
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.
- delete_task(cluster, name)
Remove a TPM CA certificate on a cluster. This method was added in vSphere API 7.0.0.0.
- Parameters:
cluster (
str
) – The id of the cluster on which the operation will be executed. The parameter must be an identifier for the resource type:ClusterComputeResource
.name (
str
) – The CA certificate name. The parameter must be an identifier for the resource type:com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.CaCertificate
.
- Raise:
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise:
com.vmware.vapi.std.errors_client.InvalidArgument
if the name is invalid or cluster id is empty.- Raise:
com.vmware.vapi.std.errors_client.NotFound
if thecluster
doesn’t match to any cluster in the vCenter or given name is not found.- Raise:
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.
- get_task(cluster, name)
Get the TPM CA certificate details on a cluster. This method was added in vSphere API 7.0.0.0.
- Parameters:
cluster (
str
) – The id of the cluster on which the operation will be executed. The parameter must be an identifier for the resource type:ClusterComputeResource
.name (
str
) – The CA certificate name. The parameter must be an identifier for the resource type:com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.CaCertificate
.
- Return type:
- class:
vmware.vapi.stdlib.client.task.Task
- Returns:
Task instance
- Raise:
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise:
com.vmware.vapi.std.errors_client.InvalidArgument
if the name is invalid or cluster id is empty.- Raise:
com.vmware.vapi.std.errors_client.NotFound
if the CA certificate is not found orcluster
doesn’t match to any cluster in the vCenter.- Raise:
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.
- list_task(cluster)
Return a list of configured TPM CA certificates on a cluster. This method was added in vSphere API 7.0.0.0.
- Parameters:
cluster (
str
) – The id of the cluster on which the operation will be executed. The parameter must be an identifier for the resource type:ClusterComputeResource
.- Return type:
- class:
vmware.vapi.stdlib.client.task.Task
- Returns:
Task instance
- Raise:
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise:
com.vmware.vapi.std.errors_client.InvalidArgument
if cluster id is empty.- Raise:
com.vmware.vapi.std.errors_client.NotFound
if thecluster
doesn’t match to any cluster in the vCenter or given name is not found.- Raise:
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.
- class com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2_client.EndorsementKeys(config)
Bases:
VapiInterface
The
EndorsementKeys
class provides methods to manage Trusted Platform Module (TPM) Endorsement Keys (EK) on a cluster level. This class was added in vSphere API 7.0.0.0.- Parameters:
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
- class CreateSpec(name=None, public_key=None, certificate=None)
Bases:
VapiStruct
The
EndorsementKeys.CreateSpec
class contains information that describes a TPM endorsement key.Only one of
EndorsementKeys.CreateSpec.public_key
orEndorsementKeys.CreateSpec.certificate
must be specified.. This class was added in vSphere API 7.0.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters:
name (
str
) –A unique name for the TPM endorsement key.
The unique name should be something that an administrator can use to easily identify the remote system. For example, the hostname, or hardware UUID.. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type:
com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.EndorsementKey
. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type:com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.EndorsementKey
.public_key (
str
orNone
) – TPM public endorsement key in PEM format. This attribute was added in vSphere API 7.0.0.0. If NoneEndorsementKeys.CreateSpec.certificate
must beset
.certificate (
str
orNone
) –TPM endorsement key certificate in PEM format.
When a endorsement key certificate is provided, it will be verified against the CA certificate list. Endorsement key certificates that are not signed by one of the CA certificates will be rejected.
Using this format allows for failures to be caught during configuration rather than later during attestation.. This attribute was added in vSphere API 7.0.0.0. If None
EndorsementKeys.CreateSpec.public_key
must beset
.
- class Health(string)
Bases:
Enum
The
EndorsementKeys.Health
class is indicator for the consistency of the hosts status in the cluster. This enumeration was added in vSphere API 7.0.0.0.Note
This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.
- Parameters:
string (
str
) – String value for theHealth
instance.
- ERROR = Health(string='ERROR')
Not all hosts in the cluster are in consistent state. This class attribute was added in vSphere API 7.0.0.0.
- NONE = Health(string='NONE')
No status available. This class attribute was added in vSphere API 7.0.0.0.
- OK = Health(string='OK')
Each host in the cluster is in consistent state with the rest hosts in the cluster. This class attribute was added in vSphere API 7.0.0.0.
- WARNING = Health(string='WARNING')
Attestation is functioning, however there is an issue that requires attention. This class attribute was added in vSphere API 7.0.0.0.
- class Info(public_key=None, health=None, details=None)
Bases:
VapiStruct
The
EndorsementKeys.Info
class contains information that describes a TPM endorsement key. This class was added in vSphere API 7.0.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters:
public_key (
str
) – TPM public endorsement key in PEM format. This attribute was added in vSphere API 7.0.0.0.health (
EndorsementKeys.Health
) – A health indicator which indicates whether each host in the cluster has the same endorsement key. This attribute was added in vSphere API 7.0.0.0.details (
list
ofcom.vmware.vapi.std_client.LocalizableMessage
) –Details regarding the health.
When the
EndorsementKeys.Health
is notEndorsementKeys.Health.OK
orEndorsementKeys.Health.NONE
, this member will provide an actionable description of the issues present.. This attribute was added in vSphere API 7.0.0.0.
- RESOURCE_TYPE = 'com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.EndorsementKey'
Resource type for TPM 2.0 endorsement keys. This class attribute was added in vSphere API 7.0.0.0.
- class Summary(name=None, health=None)
Bases:
VapiStruct
The
EndorsementKeys.Summary
class contains information that summarizes a TPM endorsement key. This class was added in vSphere API 7.0.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters:
name (
str
) – A unique name for the TPM endorsement key. This attribute was added in vSphere API 7.0.0.0. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type:com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.EndorsementKey
. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type:com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.EndorsementKey
.health (
EndorsementKeys.Health
) – A health indicator which indicates whether each host in the cluster has the same endorsement key. This attribute was added in vSphere API 7.0.0.0.
- create_task(cluster, spec)
Add a new TPM endorsement key on a cluster. This method was added in vSphere API 7.0.0.0.
- Parameters:
cluster (
str
) – The id of the cluster on which the operation will be executed. The parameter must be an identifier for the resource type:ClusterComputeResource
.spec (
EndorsementKeys.CreateSpec
) – The configuration.
- Raise:
com.vmware.vapi.std.errors_client.AlreadyExists
if the endorsement key name exists.- Raise:
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise:
com.vmware.vapi.std.errors_client.InvalidArgument
if the configuration is invalid or cluster id is empty.- Raise:
com.vmware.vapi.std.errors_client.NotFound
ifcluster
doesn’t match to any cluster in the vCenter.- Raise:
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.
- delete_task(cluster, name)
Remove a TPM endorsement key on a cluster. This method was added in vSphere API 7.0.0.0.
- Parameters:
cluster (
str
) – The id of the cluster on which the operation will be executed. The parameter must be an identifier for the resource type:ClusterComputeResource
.name (
str
) – The endorsement key name. The parameter must be an identifier for the resource type:com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.EndorsementKey
.
- Raise:
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise:
com.vmware.vapi.std.errors_client.InvalidArgument
if the name is invalid or cluster id is empty.- Raise:
com.vmware.vapi.std.errors_client.NotFound
if the name is not found orcluster
doesn’t match to any cluster in the vCenter.- Raise:
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.
- get_task(cluster, name)
Get the TPM endorsement key details on a cluster. This method was added in vSphere API 7.0.0.0.
- Parameters:
cluster (
str
) – The id of the cluster on which the operation will be executed. The parameter must be an identifier for the resource type:ClusterComputeResource
.name (
str
) – The endorsement key name. The parameter must be an identifier for the resource type:com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.EndorsementKey
.
- Return type:
- class:
vmware.vapi.stdlib.client.task.Task
- Returns:
Task instance
- Raise:
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise:
com.vmware.vapi.std.errors_client.InvalidArgument
if the name is invalid or cluster id is empty.- Raise:
com.vmware.vapi.std.errors_client.NotFound
if the endorsement key is not found orcluster
doesn’t match to any cluster in the vCenter.- Raise:
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.
- list_task(cluster)
Return a list of configured TPM endorsement keys in a cluster. This method was added in vSphere API 7.0.0.0.
- Parameters:
cluster (
str
) – The id of the cluster on which the operation will be executed. The parameter must be an identifier for the resource type:ClusterComputeResource
.- Return type:
- class:
vmware.vapi.stdlib.client.task.Task
- Returns:
Task instance
- Raise:
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise:
com.vmware.vapi.std.errors_client.InvalidArgument
if the cluster id is empty.- Raise:
com.vmware.vapi.std.errors_client.NotFound
if the cluster is not found.- Raise:
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.
- class com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2_client.Settings(config)
Bases:
VapiInterface
The
Settings
interface provides methods to get or update settings related to the TPM 2.0 attestation protocol behavior. This class was added in vSphere API 7.0.0.0.- Parameters:
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
- class Health(string)
Bases:
Enum
The
Settings.Health
class is indicator for the consistency of the hosts status in the cluster. This enumeration was added in vSphere API 7.0.0.0.Note
This class represents an enumerated type in the interface language definition. The class contains class attributes which represent the values in the current version of the enumerated type. Newer versions of the enumerated type may contain new values. To use new values of the enumerated type in communication with a server that supports the newer version of the API, you instantiate this class. See enumerated type description page.
- Parameters:
string (
str
) – String value for theHealth
instance.
- ERROR = Health(string='ERROR')
Not all hosts in the cluster are in consistent state. This class attribute was added in vSphere API 7.0.0.0.
- NONE = Health(string='NONE')
No status available. This class attribute was added in vSphere API 7.0.0.0.
- OK = Health(string='OK')
Each host in the cluster is in consistent state with the rest hosts in the cluster. This class attribute was added in vSphere API 7.0.0.0.
- WARNING = Health(string='WARNING')
Attestation is functioning, however there is an issue that requires attention. This class attribute was added in vSphere API 7.0.0.0.
- class Info(require_endorsement_keys=None, require_certificate_validation=None, health=None, details=None)
Bases:
VapiStruct
The
Settings.Info
class contains information that describes the TPM 2.0 protocol settings. This class was added in vSphere API 7.0.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters:
require_endorsement_keys (
bool
) –Require registered TPM endorsement keys.
During attestation, the attested host will always send its endorsement key to the Attestation Service. With this option is set, the Attestation Service will only proceed with attestation if the endorsement key has been added to the list of configured trusted endorsement keys.. This attribute was added in vSphere API 7.0.0.0.
require_certificate_validation (
bool
) –Require TPM endorsement key certificate validation.
During attestation, the attested host will send its endorsement key certificate if one is available. With this option set, the Attestation Service will validate the endorsement key certificate against the list of configured trusted TPM CA certificates. Only endorsement key certificates that are signed by a trusted TPM CA certificate will be able to successfully attest.. This attribute was added in vSphere API 7.0.0.0.
health (
Settings.Health
) – A health indicator which indicates whether each host in the cluster has the same attestation settings. This attribute was added in vSphere API 7.0.0.0.details (
list
ofcom.vmware.vapi.std_client.LocalizableMessage
) –Details regarding the health.
When the
Settings.Health
is notSettings.Health.OK
orSettings.Health.NONE
, this member will provide an actionable description of the issues present.. This attribute was added in vSphere API 7.0.0.0.
- class UpdateSpec(require_endorsement_keys=None, require_certificate_validation=None)
Bases:
VapiStruct
The
Settings.UpdateSpec
class contains information that describes changes to the TPM 2.0 protocol settings. This class was added in vSphere API 7.0.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters:
require_endorsement_keys (
bool
orNone
) – Require registered TPM endorsement keys. This attribute was added in vSphere API 7.0.0.0. If None the current state will remain unchanged.require_certificate_validation (
bool
orNone
) – Require TPM endorsement key certificate validation. This attribute was added in vSphere API 7.0.0.0. If None the current state will remain unchanged.
- get_task(cluster)
Return the TPM 2.0 protocol settings. This method was added in vSphere API 7.0.0.0.
- Parameters:
cluster (
str
) – The id of the cluster on which the operation will be executed. The parameter must be an identifier for the resource type:ClusterComputeResource
.- Return type:
- class:
vmware.vapi.stdlib.client.task.Task
- Returns:
Task instance
- Raise:
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise:
com.vmware.vapi.std.errors_client.InvalidArgument
if the cluster id is empty.- Raise:
com.vmware.vapi.std.errors_client.NotFound
ifcluster
doesn’t match to any cluster in the vCenter.- Raise:
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.
- update_task(cluster, spec)
Set the TPM 2.0 protocol settings. This method was added in vSphere API 7.0.0.0.
- Parameters:
cluster (
str
) – The id of the cluster on which the operation will be executed. The parameter must be an identifier for the resource type:ClusterComputeResource
.spec (
Settings.UpdateSpec
) – The settings.
- Raise:
com.vmware.vapi.std.errors_client.Error
if there is a generic error.- Raise:
com.vmware.vapi.std.errors_client.InvalidArgument
if the spec is invalid or cluster id is empty.- Raise:
com.vmware.vapi.std.errors_client.NotFound
ifcluster
doesn’t match to any cluster in the vCenter.- Raise:
com.vmware.vapi.std.errors_client.Unauthenticated
if the caller is not authenticated.
- class com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2_client.StubFactory(stub_config)
Bases:
StubFactoryBase
Initialize StubFactoryBase
- Parameters:
stub_config (
vmware.vapi.bindings.stub.StubConfiguration
) – Stub config instance