Skip to content

Commit

Permalink
new samples for 7032 release
Browse files Browse the repository at this point in the history
Signed-off-by: shweta purohit <[email protected]>
  • Loading branch information
shwetapurohit committed Apr 28, 2022
1 parent 8f4e4b0 commit 51d9015
Show file tree
Hide file tree
Showing 13 changed files with 917 additions and 0 deletions.
29 changes: 29 additions & 0 deletions samples/vsphere/vcenter/certificatemanagement/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
This directory contains samples for managing the MACHINE SSL certificate and the TRUSTED ROOT CHAINS

The sample were tested against vSphere 7.0+

### TRUSTED ROOT CHAINS Create/List/Delete/Get operations
Sample | Description
----------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
trusted_root_chains_create.py | Demonstrates creation of the trusted root chain in vCenter.
trusted_root_chains_list.py | Demonstrates listing of the aliases of the published trusted root chains in vCenter.
trusted_root_chains_delete.py | Demonstrates deletion of the trusted root chain corresponding to the provided alias.
trusted_root_chains_get.py | Demonstrates retrieval of the trusted root chain corresponding to the provided alias.

### Tls certificate Renew/Get/Replace/Replace with VMCA operations
Sample | Description
----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------
replace_tls_certificate.py | Demonstrates replacement of the machine ssl certificate with a custom certificate signed by a third party CA.
renew_tls_certificate.py | Demonstrates renewal of the machine ssl certificate for the given duration of time.
get_tls_certificate.py | Demonstrates retrieval of the machine ssl certificate along with the X.509 certificate fields.
replace_tls_certificate_with_vmca_signed.py | Demonstrates replacement of the machine ssl certificate with a VMCA signed certificate.

### VMCA ROOT replace operation
Sample | Description
----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------
replace_vmca_root.py | Demonstrates replacement of the VMCA root certificate and regeneration of all the other certificates.

### Testbed Requirement:
- 1 vCenter Server on version 7.0+
- The username being used to run the sample should have either the CertificateManagement.Manage or
the CertificateManagement.Administer privilege depending on the operation which is intended to be performed.
115 changes: 115 additions & 0 deletions samples/vsphere/vcenter/certificatemanagement/gencsr.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
#!/usr/bin/env python

"""
* *******************************************************
* Copyright (c) VMware, Inc. 2020. All Rights Reserved.
* SPDX-License-Identifier: MIT
* *******************************************************
*
* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
"""

__author__ = 'VMware, Inc.'
__vcenter_version__ = '7.0+'

import argparse

from vmware.vapi.vsphere.client import create_vsphere_client
import requests
from com.vmware.vcenter.certificate_management.vcenter_client import TlsCsr
from samples.vsphere.common import (sample_cli, sample_util)

"""
Description: Demonstrates the generation of the Certificate Signing request
for the MACHINE SSL certificate
Sample Prerequisites:
- The user invoking the API should have the CertificateManagement.Administer or the
CertificateManagement.Manage privilege.
"""

parser = sample_cli.build_arg_parser()

parser.add_argument('--keysize',
help='Key size used to generate the private key.'
'keysize will take 2048 bits if not modified')

parser.add_argument('--commonname',
help='Common name of the certificate subject field.'
'common name will take the Primary Network Identifier(PNID) if not modified.')

parser.add_argument('--organization',
required=True,
help='Organization field in certificate subject.')

parser.add_argument('--organizationunit',
required=True,
help='Organization unit field in certificate subject')

parser.add_argument('--locality',
required=True,
help='Locality field in the certificate subject')

parser.add_argument('--stateorprovince',
required=True,
help='State field in certificate subject')

parser.add_argument('--country',
required=True,
help='Country field in the certificate subject')

parser.add_argument('--emailaddress',
required=True,
help='Email field in Certificate extensions')

parser.add_argument('--subjectaltname',
help='subjectaltname is list of Dns Names and Ip addresses')

args = sample_util.process_cli_args(parser.parse_args())

session = requests.session()
session.verify = False if args.skipverification else True

# Login to vCenter
vsphere_client = create_vsphere_client(server=args.server,
username=args.username,
password=args.password,
session=session)

common_name = args.commonname
organization = args.organization
organization_unit = args.organizationunit
locality = args.locality
state_or_province = args.stateorprovince
country = args.country
email_address = args.emailaddress

if args.keysize is None:
key_size = args.keysize
else:
key_size = int(args.keysize)

if args.subjectaltname is None:
subject_alt_name = args.subjectaltname
else:
subject_alt_name = args.subjectaltname.split(',')

"""
Create the spec for input to the API
"""
spec = TlsCsr.Spec(key_size=key_size,
common_name=common_name,
organization=organization,
organization_unit=organization_unit,
locality=locality,
state_or_province=state_or_province,
country=country,
email_address=email_address,
subject_alt_name=subject_alt_name)

print('Generating the certificate signing request based on the information provided in the spec ')
print(vsphere_client.vcenter.certificate_management.vcenter.TlsCsr.create(spec))
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
#!/usr/bin/env python

"""
* *******************************************************
* Copyright (c) VMware, Inc. 2020. All Rights Reserved.
* SPDX-License-Identifier: MIT
* *******************************************************
*
* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
"""

__author__ = 'VMware, Inc.'
__vcenter_version__ = '7.0+'

import argparse
from samples.vsphere.common import (sample_cli, sample_util)
from vmware.vapi.vsphere.client import create_vsphere_client
import requests

"""
Description: Demonstrates retrieval of the MACHINE SSL certificate from the vCenter
along with the decoded X.509 certificate fields
Sample Prerequisites:
- The user invoking the API should have the System.Read privilege.
"""

parser = sample_cli.build_arg_parser()

args = sample_util.process_cli_args(parser.parse_args())

session = requests.session()
session.verify = False if args.skipverification else True

# Login to vCenter
vsphere_client = create_vsphere_client(server=args.server,
username=args.username,
password=args.password,
session=session)

print('Listing the MACHINE SSL certificate along with the decoded X.509 fields ')
print(vsphere_client.vcenter.certificate_management.vcenter.Tls.get())
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
#!/usr/bin/env python

"""
* *******************************************************
* Copyright (c) VMware, Inc. 2020. All Rights Reserved.
* SPDX-License-Identifier: MIT
* *******************************************************
*
* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
"""

__author__ = 'VMware, Inc.'
__vcenter_version__ = '7.0+'

import argparse

from vmware.vapi.vsphere.client import create_vsphere_client
import requests
from com.vmware.vcenter.certificate_management.vcenter_client import Tls
from samples.vsphere.common import (sample_cli, sample_util)

"""
Description: Demonstrates the renewal of the MACHINE SSL certificate
Sample Prerequisites:
- The user invoking the API should have the CertificateManagement.Administer privilege.
"""

parser = sample_cli.build_arg_parser()

parser.add_argument('--duration',
help='Duration of time specified in number of days for which the '
'MACHINE SSL certificate has to be renewed')

args = sample_util.process_cli_args(parser.parse_args())

session = requests.session()
session.verify = False if args.skipverification else True

# Login to vCenter
vsphere_client = create_vsphere_client(server=args.server,
username=args.username,
password=args.password,
session=session)

if args.duration is None:
print('Renewing the MACHINE SSL certificate for the duration of ' + str(730) + ' days')
duration = args.duration
else:
print('Renewing the MACHINE SSL certificate for the specified duration of ' + args.duration + ' days')
duration = int(args.duration)

vsphere_client.vcenter.certificate_management.vcenter.Tls.renew(duration)
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
#!/usr/bin/env python

"""
* *******************************************************
* Copyright (c) VMware, Inc. 2020. All Rights Reserved.
* SPDX-License-Identifier: MIT
* *******************************************************
*
* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
"""

__author__ = 'VMware, Inc.'
__vcenter_version__ = '7.0+'

import argparse

from vmware.vapi.vsphere.client import create_vsphere_client
import requests
from com.vmware.vcenter.certificate_management.vcenter_client import Tls
from samples.vsphere.common import (sample_cli, sample_util)

"""
Description: Demonstrates the replacement of the MACHINE SSL certificate with a custom
certificate signed by an external third party CA.
Sample Prerequisites:
- The user invoking the API should have the CertificateManagement.Administer privilege.
"""

parser = sample_cli.build_arg_parser()

parser.add_argument('--cert',
required=True,
help='Leaf certificate for replace the MACHINE SSL certificate.')

parser.add_argument('--key',
help='The private key.'
'Not required if the gencsr api was used to generated the certificate signing request.')

parser.add_argument('--rootcert',
help='The root certificate and the intermediate root certificates '
'required to establish the chain of trust.'
'Not required if the certificates are already present in the vCenter.')

args = sample_util.process_cli_args(parser.parse_args())

session = requests.session()
session.verify = False if args.skipverification else True

# Login to vCenter
vsphere_client = create_vsphere_client(server=args.server,
username=args.username,
password=args.password,
session=session)

cert = args.cert.encode(encoding='utf-8').decode('unicode_escape')

if args.key is not None:
key = args.encode(encoding='utf-8').key.decode('unicode_escape')
else:
key = args.key

if args.rootcert is not None:
root_cert = args.rootcert.encode(encoding='utf-8').decode('unicode_escape')
else:
root_cert = args.rootcert

"""
Create the spec for input to the API
"""
spec = Tls.Spec(cert=cert,
key=key,
root_cert=root_cert)


print('The MACHINE SSL certificate will be replaced with the custom certificate ')
vsphere_client.vcenter.certificate_management.vcenter.Tls.set(spec)
Loading

0 comments on commit 51d9015

Please sign in to comment.