com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms package¶
Subpackages¶
Submodules¶
com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.providers_client module¶
The
com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.kms.providers_client
module provides the classes for configuring the Key Providers of a Trust
Authority Cluster.
Bases:
vmware.vapi.bindings.stub.VapiInterface
The
ClientCertificate
interface provides methods to add and retrieve client certificate. This class was added in vSphere API 7.0.0.- Parameters
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
Bases:
vmware.vapi.bindings.struct.VapiStruct
The
ClientCertificate.Info
class contains the client certificate used by the hosts in a cluster for authenticating with the Provider. This class was added in vSphere API 7.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
certificate (
str
) – Public certificate. This attribute was added in vSphere API 7.0.0.
Bases:
vmware.vapi.bindings.struct.VapiStruct
The
ClientCertificate.UpdateSpec
class contains attributes that describe the client certificate update for a Key Provider. This class was added in vSphere API 7.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
certificate (
str
) – Public certificate used by every host in the cluster. This attribute was added in vSphere API 7.0.0.private_key (
str
orNone
) – Private part of the certificate. This attribute was added in vSphere API 7.0.0. If None, the update request is for a public/private client certificate pair, not for a signed CSR.
Generate a new self signed client certificate. Existing client certificate is overwritten. The key server will use this certificate to validate the client connection. This method was added in vSphere API 7.0.0.
- Parameters
cluster (
str
) – Identifier of the cluster. The parameter must be an identifier for the resource type:ClusterComputeResource
.provider (
str
) – Identifier of the provider. The parameter must be an identifier for the resource type:com.vmware.vcenter.trusted_platform.trusted_clusters.kms.Provider
.
- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
If cluster or provider id are empty.- Raise
com.vmware.vapi.std.errors_client.NotFound
If the cluster or provider is not found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
If the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Error
If any other error occurs.
Return the existing client certificate. This method was added in vSphere API 7.0.0.
- Parameters
cluster (
str
) – Identifier of the cluster. The parameter must be an identifier for the resource type:ClusterComputeResource
.provider (
str
) – Identifier of the provider. The parameter must be an identifier for the resource type:com.vmware.vcenter.trusted_platform.trusted_clusters.kms.Provider
.
- Return type
- class
vmware.vapi.stdlib.client.task.Task
- Returns
Task instance
- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
If cluster or provider id are empty.- Raise
com.vmware.vapi.std.errors_client.NotFound
If the cluster or provider is not found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
If the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Error
If any other error occurs.
Update the client certificate.
The key server will use this certificate to validate the client connection. If a client certificate already exists, it will be replaced.
An optional private key can be specified if the certificate has already been provisioned.. This method was added in vSphere API 7.0.0.
- Parameters
cluster (
str
) – Identifier of the cluster. The parameter must be an identifier for the resource type:ClusterComputeResource
.provider (
str
) – Identifier of the provider. The parameter must be an identifier for the resource type:com.vmware.vcenter.trusted_platform.trusted_clusters.kms.Provider
.spec (
ClientCertificate.UpdateSpec
) – The update spec.
- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
If the certificate or private key is invalid or cluster/provider id are empty.- Raise
com.vmware.vapi.std.errors_client.NotFound
If the cluster or provider is not found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
If the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Error
If any other error occurs.
Bases:
vmware.vapi.bindings.stub.VapiInterface
The
Credential
interface provides methods to add a credential for external key management service(s). This class was added in vSphere API 7.0.0.- Parameters
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
Set the key server credential. This method was added in vSphere API 7.0.0.
- Parameters
cluster (
str
) – Identifier of the cluster. The parameter must be an identifier for the resource type:ClusterComputeResource
.provider (
str
) – Identifier of the provider. The parameter must be an identifier for the resource type:com.vmware.vcenter.trusted_platform.trusted_clusters.kms.Provider
.credential (
str
) – KMIP KMS password or AWS access key.
- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
If cluster or provider id are empty.- Raise
com.vmware.vapi.std.errors_client.NotFound
If the provider or cluster is not found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
If the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Error
If any other error occurs.
Bases:
vmware.vapi.bindings.stub.VapiInterface
Retrieves the list of TLS certificates used by peer key servers. Those are meant for review. Following approval these certificates should be added as trusted certificates in the
TrustedPeerCertificates
class. This class was added in vSphere API 7.0.0.- Parameters
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
Bases:
vmware.vapi.bindings.struct.VapiStruct
The
CurrentPeerCertificates.FilterSpec
class contains attributes used to filter the results when listing remote server certificates. This class was added in vSphere API 7.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
server_names (
set
ofstr
orNone
) – Names that key server must have to match the filter (seeCurrentPeerCertificates.Summary.server_name
). This attribute was added in vSphere API 7.0.0. If None or empty, key servers with any name match the filter.trusted (
bool
orNone
) – Trust status that server certificates must have to match the filter (seeCurrentPeerCertificates.Summary.trusted
). This attribute was added in vSphere API 7.0.0. If None, trusted and untrusted server certificates match the filter.
Bases:
vmware.vapi.bindings.struct.VapiStruct
The
CurrentPeerCertificates.Summary
class contains a summary of the current key server certificates. This class was added in vSphere API 7.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
server_name (
str
) – Name of the server. This attribute was added in vSphere API 7.0.0.certificate (
str
orNone
) – Server certificate. This attribute was added in vSphere API 7.0.0. If None, the certificate cannot be retrieved from the remote system, andCurrentPeerCertificates.Summary.trusted
is undefined. SeeCurrentPeerCertificates.Summary.error_messages
for details.error_messages (
list
ofcom.vmware.vapi.std_client.LocalizableMessage
) –Server certificate retrieval errors.
Specifies error details when retrieving the remote server certificate fails. This list will be empty when
CurrentPeerCertificates.Summary.certificate
isset
.. This attribute was added in vSphere API 7.0.0.trusted (
bool
) – whether server certificate is already trusted . This attribute was added in vSphere API 7.0.0.
Return the remote server certificates.
Contacts the configured key servers and attempts to retrieve their certificates. These certificates might not yet be trusted.
If the returned certificates are to be considered trustworthy, then it must be added to the list of trusted server certificates by adding to the certificates returned by
TrustedPeerCertificates.get()
and invokingTrustedPeerCertificates.update()
with the updatedlist
of certificates.. This method was added in vSphere API 7.0.0.- Parameters
cluster (
str
) – Identifier of the cluster. The parameter must be an identifier for the resource type:ClusterComputeResource
.provider (
str
) – Identifier of the provider. The parameter must be an identifier for the resource type:com.vmware.vcenter.trusted_platform.trusted_clusters.kms.Provider
.spec (
CurrentPeerCertificates.FilterSpec
orNone
) – Filter spec. If None, the behavior is equivalent to aCurrentPeerCertificates.FilterSpec
with all attributes None
- Return type
- class
vmware.vapi.stdlib.client.task.Task
- Returns
Task instance
- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
If the cluster or provider id is empty.- Raise
com.vmware.vapi.std.errors_client.NotFound
If the cluster or provider is not found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
If the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Error
For any other error.
Bases:
vmware.vapi.bindings.stub.StubFactoryBase
Initialize StubFactoryBase
- Parameters
stub_config (
vmware.vapi.bindings.stub.StubConfiguration
) – Stub config instance
Bases:
vmware.vapi.bindings.stub.VapiInterface
Provides management operations for the TLS certificates trusted for communication with peer key servers.
To obtain the currently used TLS certificates use the
CurrentPeerCertificates
class. This class was added in vSphere API 7.0.0.- Parameters
config (
vmware.vapi.bindings.stub.StubConfiguration
) – Configuration to be used for creating the stub.
Bases:
vmware.vapi.bindings.struct.VapiStruct
The
TrustedPeerCertificates.Info
class contains x509 certificate list. This class was added in vSphere API 7.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
certificates (
list
ofstr
) – List of certificate strings, PEM format. This attribute was added in vSphere API 7.0.0.
Bases:
vmware.vapi.bindings.struct.VapiStruct
The
TrustedPeerCertificates.UpdateSpec
class contains attributes that describe the server certificate update for a Key Provider. This class was added in vSphere API 7.0.0.Tip
The arguments are used to initialize data attributes with the same names.
- Parameters
certificates (
list
ofstr
orNone
) – Public certificates of key server to trust. This attribute was added in vSphere API 7.0.0. If None, the trusted server certificates will not be updated.
Return the list of trusted server certificates. This method was added in vSphere API 7.0.0.
- Parameters
cluster (
str
) – Identifier of the cluster. The parameter must be an identifier for the resource type:ClusterComputeResource
.provider (
str
) – Identifier of the provider. The parameter must be an identifier for the resource type:com.vmware.vcenter.trusted_platform.trusted_clusters.kms.Provider
.
- Return type
- class
vmware.vapi.stdlib.client.task.Task
- Returns
Task instance
- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
If cluster or provider id are empty.- Raise
com.vmware.vapi.std.errors_client.NotFound
If the cluster or provider is not found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
If the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Error
If any other error occurs.
Update trusted server certificate(s).
The client will use these certificates to validate the server connection. The existing list of trusted certificates will be overwritten.
The client will not trust the server connection until a server certificate has been set.. This method was added in vSphere API 7.0.0.
- Parameters
cluster (
str
) – Identifier of the cluster. The parameter must be an identifier for the resource type:ClusterComputeResource
.provider (
str
) – Identifier of the provider. The parameter must be an identifier for the resource type:com.vmware.vcenter.trusted_platform.trusted_clusters.kms.Provider
.spec (
TrustedPeerCertificates.UpdateSpec
) – The update spec
- Raise
com.vmware.vapi.std.errors_client.InvalidArgument
If one or more certificates are invalid or the cluster/provider Id is empty.- Raise
com.vmware.vapi.std.errors_client.NotFound
If the cluster or provider is not found.- Raise
com.vmware.vapi.std.errors_client.Unauthenticated
If the caller is not authenticated.- Raise
com.vmware.vapi.std.errors_client.Error
If any other error occurs.