com.vmware.vcenter.namespace_management.supervisors package

Subpackages

Submodules

com.vmware.vcenter.namespace_management.supervisors.identity_client module

The com.vmware.vcenter.namespace_management.supervisors.identity_client module provides classes related to identity management for a Supervisor.

class com.vmware.vcenter.namespace_management.supervisors.identity_client.Providers(config)

Bases: VapiInterface

The Providers class provides methods to configure identity management on a Supervisor. This class was added in vSphere API 8.0.0.1.

Parameters:

config (vmware.vapi.bindings.stub.StubConfiguration) – Configuration to be used for creating the stub.

class CreateSpec(display_name=None, issuer_url=None, username_claim=None, groups_claim=None, client_id=None, client_secret=None, certificate_authority_data=None, additional_scopes=None, additional_authorize_parameters=None)

Bases: VapiStruct

The Providers.CreateSpec class is used to register a new upstream identity provider for use with a Supervisor. This class was added in vSphere API 8.0.0.1.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • display_name (str) – A name to be used for the given identity provider. This name will be displayed in the vCenter UI. This attribute was added in vSphere API 8.0.0.1.

  • issuer_url (str) – The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme. This attribute was added in vSphere API 8.0.0.1.

  • username_claim (str or None) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user. This attribute was added in vSphere API 8.0.0.1. If None, the upstream issuer URL will be concatenated with the ‘sub’ claim to generate the username to be used with Kubernetes.

  • groups_claim (str or None) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user. This attribute was added in vSphere API 8.0.0.1. If None, no groups will be used from the upstream identity provider.

  • client_id (str) – The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor. This attribute was added in vSphere API 8.0.0.1.

  • client_secret (str) – The OAuth 2.0 client secret to be used by the Supervisor when authenticating to the upstream identity provider. This attribute was added in vSphere API 8.0.0.1.

  • certificate_authority_data (str or None) – Certificate authority data to be used to establish HTTPS connections with the identity provider. This must be a PEM-encoded value. This attribute was added in vSphere API 8.0.0.1. If None, HTTPS connections with the upstream identity provider will rely on a default set of system trusted roots.

  • additional_scopes (list of str or None) – Additional scopes to be requested in tokens issued by this identity provider. This attribute was added in vSphere API 8.0.0.1. If None, no additional scopes will be requested.

  • additional_authorize_parameters ((dict of str and str) or None) – Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware’s Cloud Services Platform, if your organization ID is ‘long-form-org-id’, the ‘orgLink’ parameter can be set to “/csp/gateway/am/api/orgs/long-form-org-id” to allow users logging in to leverage that organization. This attribute was added in vSphere API 8.0.0.1. If None, no additional parameters will be sent to the upstream identity provider.

class Info(provider=None, display_name=None, issuer_url=None, username_claim=None, groups_claim=None, client_id=None, certificate_authority_data=None, additional_scopes=None, additional_authorize_parameters=None)

Bases: VapiStruct

The Providers.Info class provides details about an identity provider configured with a Supervisor. This class was added in vSphere API 8.0.0.1.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • provider (str) – The immutable identifier of an identity provider generated when an identity provider is registered for a Supervisor. This attribute was added in vSphere API 8.0.0.1. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.

  • display_name (str) – A name to be used for the given identity provider. This name will be displayed in the vCenter UI. This attribute was added in vSphere API 8.0.0.1.

  • issuer_url (str) –

    The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme. This attribute was added in vSphere API 8.0.0.1.

  • username_claim (str or None) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user. This attribute was added in vSphere API 8.0.0.1. If None, the upstream issuer URL will be concatenated with the ‘sub’ claim to generate the username to be used with Kubernetes.

  • groups_claim (str or None) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user. This attribute was added in vSphere API 8.0.0.1. If None, no groups will be used from the upstream identity provider.

  • client_id (str) – The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor. This attribute was added in vSphere API 8.0.0.1.

  • certificate_authority_data (str or None) – The certificate authority data holds the trusted roots to be used to establish HTTPS connections with the identity provider. This attribute was added in vSphere API 8.0.0.1. If None, HTTPS connections with the upstream identity provider will rely on a default set of system trusted roots.

  • additional_scopes (list of str or None) – Additional scopes to be requested in tokens issued by this identity provider. The ‘openid’ scope will always be requested. This attribute was added in vSphere API 8.0.0.1. If None, no additional scopes will be requested.

  • additional_authorize_parameters ((dict of str and str) or None) – Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware’s Cloud Services Platform, if your organization ID is ‘long-form-org-id’, the ‘orgLink’ parameter can be set to “/csp/gateway/am/api/orgs/long-form-org-id” to allow users logging in to leverage that organization. This attribute was added in vSphere API 8.0.0.1. If None, no additional parameters will be sent to the upstream identity provider.

class SetSpec(display_name=None, issuer_url=None, username_claim=None, groups_claim=None, client_id=None, client_secret=None, certificate_authority_data=None, additional_scopes=None, additional_authorize_parameters=None)

Bases: VapiStruct

The Providers.SetSpec class is used to fully replace the configuration of an upstream identity provider for use with a Supervisor. This class was added in vSphere API 8.0.0.1.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • display_name (str) – A name to be used for the given identity provider. This name will be displayed in the vCenter UI. This attribute was added in vSphere API 8.0.0.1.

  • issuer_url (str) –

    The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme. This attribute was added in vSphere API 8.0.0.1.

  • username_claim (str or None) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user. This attribute was added in vSphere API 8.0.0.1. If None, the upstream issuer URL will be concatenated with the ‘sub’ claim to generate the username to be used with Kubernetes.

  • groups_claim (str or None) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user. This attribute was added in vSphere API 8.0.0.1. If None, no groups will be used from the upstream identity provider.

  • client_id (str) – The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor. This attribute was added in vSphere API 8.0.0.1.

  • client_secret (str) – The OAuth 2.0 client secret to be used by the Supervisor when authenticating to the upstream identity provider. This attribute was added in vSphere API 8.0.0.1.

  • certificate_authority_data (str or None) – Certificate authority data to be used to establish HTTPS connections with the identity provider. This must be a PEM-encoded value. This attribute was added in vSphere API 8.0.0.1. If None, HTTPS connections with the upstream identity provider will rely on a default set of system trusted roots.

  • additional_scopes (list of str or None) – Additional scopes to be requested in tokens issued by this identity provider. This attribute was added in vSphere API 8.0.0.1. If None, no additional scopes will be requested.

  • additional_authorize_parameters ((dict of str and str) or None) – Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware’s Cloud Services Platform, if your organization ID is ‘long-form-org-id’, the ‘orgLink’ parameter can be set to “/csp/gateway/am/api/orgs/long-form-org-id” to allow users logging in to leverage that organization. This attribute was added in vSphere API 8.0.0.1. If None, no additional parameters will be sent to the upstream identity provider.

class Summary(provider=None, display_name=None)

Bases: VapiStruct

The Providers.Summary class provides an overview of an identity provider configured for the given Supervisor. This class was added in vSphere API 8.0.0.1.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • provider (str) – The immutable identifier of an identity provider generated when an identity provider is registered for a Supervisor. This attribute was added in vSphere API 8.0.0.1. When clients pass a value of this class as a parameter, the attribute must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider. When methods return a value of this class as a return value, the attribute will be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.

  • display_name (str) – A name to be used for the given identity provider. This name will be displayed in the vCenter UI. This attribute was added in vSphere API 8.0.0.1.

class UpdateSpec(display_name=None, issuer_url=None, username_claim=None, unset_username_claim=None, groups_claim=None, unset_groups_claim=None, client_id=None, client_secret=None, certificate_authority_data=None, unset_certificate_authority_data=None, additional_scopes=None, additional_authorize_parameters=None)

Bases: VapiStruct

The Providers.UpdateSpec class contains the specification required to update the configuration of an identity provider used with a Supervisor. This class was added in vSphere API 8.0.0.1.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:
  • display_name (str or None) – A name to be used for the given identity provider. This name will be displayed in the vCenter UI. This attribute was added in vSphere API 8.0.0.1. if None, the name will remained unchanged.

  • issuer_url (str or None) –

    The URL to the identity provider issuing tokens. The OIDC discovery URL will be derived from the issuer URL, according to RFC8414: https://issuerURL/.well-known/openid-configuration. This must use HTTPS as the scheme. This attribute was added in vSphere API 8.0.0.1. If None, the issuer URL will not be updated.

  • username_claim (str or None) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the username for the given user. This attribute was added in vSphere API 8.0.0.1. If None, the username claim will not be updated.

  • unset_username_claim (bool or None) – This represents the intent of the change to Providers.UpdateSpec.username_claim. If this field is set to true, the existing ‘usernameClaim’ value will be removed. If this field is set to false, the existing username claim will be changed to the value specified in Providers.UpdateSpec.username_claim, if any. This attribute was added in vSphere API 8.0.0.1. If None, the existing ‘usernameClaim’ value will be changed to the value specified in Providers.UpdateSpec.username_claim, if any.

  • groups_claim (str or None) – The claim from the upstream identity provider ID token or user info endpoint to inspect to obtain the groups for the given user. This attribute was added in vSphere API 8.0.0.1. If None, the groups claim will not be updated.

  • unset_groups_claim (bool or None) – This represents the intent of the change to Providers.UpdateSpec.groups_claim. If this field is set to true, the existing ‘groupsClaim’ value will be removed. If this field is set to false, the existing groups claim will be changed to the value specified in Providers.UpdateSpec.groups_claim, if any. This attribute was added in vSphere API 8.0.0.1. If None, the existing ‘groupsClaim’ value will be changed to the value specified in Providers.UpdateSpec.groups_claim, if any.

  • client_id (str or None) – The clientID is the OAuth 2.0 client ID registered in the upstream identity provider and used by the Supervisor. This attribute was added in vSphere API 8.0.0.1. If None, the client ID will not be updated.

  • client_secret (str or None) – The OAuth 2.0 client secret to be used by the Supervisor when authenticating to the upstream identity provider. This attribute was added in vSphere API 8.0.0.1. If None, the client secret will not be updated.

  • certificate_authority_data (str or None) – Certificate authority data to be used to establish HTTPS connections with the identity provider. This must be a PEM-encoded value. This attribute was added in vSphere API 8.0.0.1. If None, the certificate authority data will not be updated.

  • unset_certificate_authority_data (bool or None) – This represents the intent of the change to Providers.UpdateSpec.certificate_authority_data. If this field is set to true, the existing ‘certificateAuthorityData’ value will be removed. If this field is set to false, the existing certificate authority data will be changed to the value specified in Providers.UpdateSpec.certificate_authority_data, if any. This attribute was added in vSphere API 8.0.0.1. If None, the existing ‘certificateAuthorityData’ value will be changed to the value specified in Providers.UpdateSpec.certificate_authority_data, if any.

  • additional_scopes (list of str or None) – Additional scopes to be requested in tokens issued by this identity provider. This attribute was added in vSphere API 8.0.0.1. If None, the additional scopes will not be updated.

  • additional_authorize_parameters ((dict of str and str) or None) – Any additional parameters to be sent to the upstream identity provider during the authorize request in the OAuth2 authorization code flow. One use case is to pass in a default tenant ID if you have a multi-tenant identity provider. For instance, with VMware’s Cloud Services Platform, if your organization ID is ‘long-form-org-id’, the ‘orgLink’ parameter can be set to “/csp/gateway/am/api/orgs/long-form-org-id” to allow users logging in to leverage that organization. This attribute was added in vSphere API 8.0.0.1. If None, the additional parameters will not be updated.

create(supervisor, spec)

Create a new identity provider to be used with a Supervisor. Currently, only a single identity provider can be created. This method was added in vSphere API 8.0.0.1.

Parameters:
  • supervisor (str) – the Supervisor for which the identity provider is being registered. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.supervisor.Supervisor.

  • spec (Providers.CreateSpec) – the {#link CreateSpec} describing the identity provider to be registered.

Return type:

str

Returns:

a unique identifier for the identity provider that was registered. The return value will be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.

Raise:

com.vmware.vapi.std.errors_client.Error if the system reports an error while responding to the request.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument if the spec contains any errors.

Raise:

com.vmware.vapi.std.errors_client.Unsupported if the specified Supervisor does not exist, or if an identity provider is already configured.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the user cannot be authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the user is missing the Namespaces.Manage privilege on the Supervisor.

delete(supervisor, provider)

Remove an identity provider configured with a given Supervisor. This will result in users no longer being able to log in to either the Supervisor or any of its workload clusters with that identity provider. This method was added in vSphere API 8.0.0.1.

Parameters:
  • supervisor (str) – the identifier of the Supervisor which is associated with the identity provider being removed. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.supervisor.Supervisor.

  • provider (str) – the identifier for the identity provider that is to be deleted. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.

Raise:

com.vmware.vapi.std.errors_client.Error if the system reports an error while responding to the request.

Raise:

com.vmware.vapi.std.errors_client.NotFound if the given identity provider or Supervisor cannot be found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the user cannot be authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the user is missing the Namespaces.Manage privilege on the Supervisor.

get(supervisor, provider)

Returns information about an identity provider configured for a Supervisor. This method was added in vSphere API 8.0.0.1.

Parameters:
  • supervisor (str) – identifier for the Supervisor for which the identity provider is being read. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.supervisor.Supervisor.

  • provider (str) – identifier for the identity provider that is being read. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.

Return type:

Providers.Info

Returns:

An {#link Info} representing the requested identity provider.

Raise:

com.vmware.vapi.std.errors_client.NotFound if the given identity provider or Supervisor cannot be found.

Raise:

com.vmware.vapi.std.errors_client.Error if the system reports an error while responding to the request.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the user cannot be authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the user is missing the System.Read privilege on the Supervisor.

list(supervisor)

List the identity providers configured for a given Supervisor. This method was added in vSphere API 8.0.0.1.

Parameters:

supervisor (str) – the Supervisor for which identity providers are being listed. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.supervisor.Supervisor.

Return type:

list of Providers.Summary

Returns:

A list of {#link Summary} with details about the identity providers associated with a given Supervisor.

Raise:

com.vmware.vapi.std.errors_client.NotFound if the given Supervisor cannot be found.

Raise:

com.vmware.vapi.std.errors_client.Error if the system reports an error while responding to the request.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the user cannot be authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the user is missing the System.Read privilege on the Supervisor.

set(supervisor, provider, spec)

Update the entire configuration for an existing identity provider used with a Supervisor. This method was added in vSphere API 8.0.0.1.

Parameters:
  • supervisor (str) – the identifier for the Supervisor associated with the identity provider to be updated. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.supervisor.Supervisor.

  • provider (str) – the identifier for the identity provider that is to be updated. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.

  • spec (Providers.SetSpec) – the {#link SetSpec} to be applied to the identity provider configuration.

Raise:

com.vmware.vapi.std.errors_client.Error if the system reports an error while responding to the request.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument if the spec contains any errors.

Raise:

com.vmware.vapi.std.errors_client.NotFound if the given identity provider or Supervisor cannot be found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the user cannot be authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the user is missing the Namespaces.Manage privilege on the Supervisor.

update(supervisor, provider, spec)

Update an existing identity provider used with a Supervisor. This method was added in vSphere API 8.0.0.1.

Parameters:
  • supervisor (str) – the identifier for the Supervisor associated with the identity provider to be updated. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.supervisor.Supervisor.

  • provider (str) – the identifier for the identity provider that is to be updated. The parameter must be an identifier for the resource type: com.vmware.vcenter.namespace_management.identity.Provider.

  • spec (Providers.UpdateSpec) – the {#UpdateSpec} to be applied to the identity provider configuration.

Raise:

com.vmware.vapi.std.errors_client.Error if the system reports an error while responding to the request.

Raise:

com.vmware.vapi.std.errors_client.InvalidArgument if the spec contains any errors.

Raise:

com.vmware.vapi.std.errors_client.NotFound if the given identity provider or Supervisor cannot be found.

Raise:

com.vmware.vapi.std.errors_client.Unauthenticated if the user cannot be authenticated.

Raise:

com.vmware.vapi.std.errors_client.Unauthorized if the user is missing the Namespaces.Manage privilege on the Supervisor.

class com.vmware.vcenter.namespace_management.supervisors.identity_client.StubFactory(stub_config)

Bases: StubFactoryBase

Initialize StubFactoryBase

Parameters:

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance

com.vmware.vcenter.namespace_management.supervisors.networks_client module

The com.vmware.vcenter.namespace_management.supervisors.networks_client module provides classes for Supervisor network configuration.

class com.vmware.vcenter.namespace_management.supervisors.networks_client.NetworkSegment(networks=None)

Bases: VapiStruct

NetworkSegment class represents a layer 2 broadcast domain. This class was added in vSphere API 8.0.3.0.

Tip

The arguments are used to initialize data attributes with the same names.

Parameters:

networks (list of str) – List of Standard Port Groups or Distributed Virtual Port Groups or Opaque Network identifiers that are part of the same layer 2 broadcast domain. This attribute was added in vSphere API 8.0.3.0. When clients pass a value of this class as a parameter, the attribute must contain identifiers for the resource type: Network. When methods return a value of this class as a return value, the attribute will contain identifiers for the resource type: Network.

class com.vmware.vcenter.namespace_management.supervisors.networks_client.StubFactory(stub_config)

Bases: StubFactoryBase

Initialize StubFactoryBase

Parameters:

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance

com.vmware.vcenter.namespace_management.supervisors.recovery_client module

The com.vmware.vcenter.namespace_management.supervisors.recovery_client module provides classes for Supervisor recovery operations.

class com.vmware.vcenter.namespace_management.supervisors.recovery_client.StubFactory(stub_config)

Bases: StubFactoryBase

Initialize StubFactoryBase

Parameters:

stub_config (vmware.vapi.bindings.stub.StubConfiguration) – Stub config instance