-
Notifications
You must be signed in to change notification settings - Fork 312
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: shweta purohit <[email protected]>
- Loading branch information
1 parent
8f4e4b0
commit 51d9015
Showing
13 changed files
with
917 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
This directory contains samples for managing the MACHINE SSL certificate and the TRUSTED ROOT CHAINS | ||
|
||
The sample were tested against vSphere 7.0+ | ||
|
||
### TRUSTED ROOT CHAINS Create/List/Delete/Get operations | ||
Sample | Description | ||
----------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ||
trusted_root_chains_create.py | Demonstrates creation of the trusted root chain in vCenter. | ||
trusted_root_chains_list.py | Demonstrates listing of the aliases of the published trusted root chains in vCenter. | ||
trusted_root_chains_delete.py | Demonstrates deletion of the trusted root chain corresponding to the provided alias. | ||
trusted_root_chains_get.py | Demonstrates retrieval of the trusted root chain corresponding to the provided alias. | ||
|
||
### Tls certificate Renew/Get/Replace/Replace with VMCA operations | ||
Sample | Description | ||
----------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------- | ||
replace_tls_certificate.py | Demonstrates replacement of the machine ssl certificate with a custom certificate signed by a third party CA. | ||
renew_tls_certificate.py | Demonstrates renewal of the machine ssl certificate for the given duration of time. | ||
get_tls_certificate.py | Demonstrates retrieval of the machine ssl certificate along with the X.509 certificate fields. | ||
replace_tls_certificate_with_vmca_signed.py | Demonstrates replacement of the machine ssl certificate with a VMCA signed certificate. | ||
|
||
### VMCA ROOT replace operation | ||
Sample | Description | ||
----------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------- | ||
replace_vmca_root.py | Demonstrates replacement of the VMCA root certificate and regeneration of all the other certificates. | ||
|
||
### Testbed Requirement: | ||
- 1 vCenter Server on version 7.0+ | ||
- The username being used to run the sample should have either the CertificateManagement.Manage or | ||
the CertificateManagement.Administer privilege depending on the operation which is intended to be performed. |
115 changes: 115 additions & 0 deletions
115
samples/vsphere/vcenter/certificatemanagement/gencsr.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,115 @@ | ||
#!/usr/bin/env python | ||
|
||
""" | ||
* ******************************************************* | ||
* Copyright (c) VMware, Inc. 2020. All Rights Reserved. | ||
* SPDX-License-Identifier: MIT | ||
* ******************************************************* | ||
* | ||
* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, | ||
* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED | ||
* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, | ||
* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. | ||
""" | ||
|
||
__author__ = 'VMware, Inc.' | ||
__vcenter_version__ = '7.0+' | ||
|
||
import argparse | ||
|
||
from vmware.vapi.vsphere.client import create_vsphere_client | ||
import requests | ||
from com.vmware.vcenter.certificate_management.vcenter_client import TlsCsr | ||
from samples.vsphere.common import (sample_cli, sample_util) | ||
|
||
""" | ||
Description: Demonstrates the generation of the Certificate Signing request | ||
for the MACHINE SSL certificate | ||
Sample Prerequisites: | ||
- The user invoking the API should have the CertificateManagement.Administer or the | ||
CertificateManagement.Manage privilege. | ||
""" | ||
|
||
parser = sample_cli.build_arg_parser() | ||
|
||
parser.add_argument('--keysize', | ||
help='Key size used to generate the private key.' | ||
'keysize will take 2048 bits if not modified') | ||
|
||
parser.add_argument('--commonname', | ||
help='Common name of the certificate subject field.' | ||
'common name will take the Primary Network Identifier(PNID) if not modified.') | ||
|
||
parser.add_argument('--organization', | ||
required=True, | ||
help='Organization field in certificate subject.') | ||
|
||
parser.add_argument('--organizationunit', | ||
required=True, | ||
help='Organization unit field in certificate subject') | ||
|
||
parser.add_argument('--locality', | ||
required=True, | ||
help='Locality field in the certificate subject') | ||
|
||
parser.add_argument('--stateorprovince', | ||
required=True, | ||
help='State field in certificate subject') | ||
|
||
parser.add_argument('--country', | ||
required=True, | ||
help='Country field in the certificate subject') | ||
|
||
parser.add_argument('--emailaddress', | ||
required=True, | ||
help='Email field in Certificate extensions') | ||
|
||
parser.add_argument('--subjectaltname', | ||
help='subjectaltname is list of Dns Names and Ip addresses') | ||
|
||
args = sample_util.process_cli_args(parser.parse_args()) | ||
|
||
session = requests.session() | ||
session.verify = False if args.skipverification else True | ||
|
||
# Login to vCenter | ||
vsphere_client = create_vsphere_client(server=args.server, | ||
username=args.username, | ||
password=args.password, | ||
session=session) | ||
|
||
common_name = args.commonname | ||
organization = args.organization | ||
organization_unit = args.organizationunit | ||
locality = args.locality | ||
state_or_province = args.stateorprovince | ||
country = args.country | ||
email_address = args.emailaddress | ||
|
||
if args.keysize is None: | ||
key_size = args.keysize | ||
else: | ||
key_size = int(args.keysize) | ||
|
||
if args.subjectaltname is None: | ||
subject_alt_name = args.subjectaltname | ||
else: | ||
subject_alt_name = args.subjectaltname.split(',') | ||
|
||
""" | ||
Create the spec for input to the API | ||
""" | ||
spec = TlsCsr.Spec(key_size=key_size, | ||
common_name=common_name, | ||
organization=organization, | ||
organization_unit=organization_unit, | ||
locality=locality, | ||
state_or_province=state_or_province, | ||
country=country, | ||
email_address=email_address, | ||
subject_alt_name=subject_alt_name) | ||
|
||
print('Generating the certificate signing request based on the information provided in the spec ') | ||
print(vsphere_client.vcenter.certificate_management.vcenter.TlsCsr.create(spec)) |
46 changes: 46 additions & 0 deletions
46
samples/vsphere/vcenter/certificatemanagement/get_tls_certificate.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
#!/usr/bin/env python | ||
|
||
""" | ||
* ******************************************************* | ||
* Copyright (c) VMware, Inc. 2020. All Rights Reserved. | ||
* SPDX-License-Identifier: MIT | ||
* ******************************************************* | ||
* | ||
* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, | ||
* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED | ||
* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, | ||
* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. | ||
""" | ||
|
||
__author__ = 'VMware, Inc.' | ||
__vcenter_version__ = '7.0+' | ||
|
||
import argparse | ||
from samples.vsphere.common import (sample_cli, sample_util) | ||
from vmware.vapi.vsphere.client import create_vsphere_client | ||
import requests | ||
|
||
""" | ||
Description: Demonstrates retrieval of the MACHINE SSL certificate from the vCenter | ||
along with the decoded X.509 certificate fields | ||
Sample Prerequisites: | ||
- The user invoking the API should have the System.Read privilege. | ||
""" | ||
|
||
parser = sample_cli.build_arg_parser() | ||
|
||
args = sample_util.process_cli_args(parser.parse_args()) | ||
|
||
session = requests.session() | ||
session.verify = False if args.skipverification else True | ||
|
||
# Login to vCenter | ||
vsphere_client = create_vsphere_client(server=args.server, | ||
username=args.username, | ||
password=args.password, | ||
session=session) | ||
|
||
print('Listing the MACHINE SSL certificate along with the decoded X.509 fields ') | ||
print(vsphere_client.vcenter.certificate_management.vcenter.Tls.get()) |
57 changes: 57 additions & 0 deletions
57
samples/vsphere/vcenter/certificatemanagement/renew_tls_certificate.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
#!/usr/bin/env python | ||
|
||
""" | ||
* ******************************************************* | ||
* Copyright (c) VMware, Inc. 2020. All Rights Reserved. | ||
* SPDX-License-Identifier: MIT | ||
* ******************************************************* | ||
* | ||
* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, | ||
* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED | ||
* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, | ||
* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. | ||
""" | ||
|
||
__author__ = 'VMware, Inc.' | ||
__vcenter_version__ = '7.0+' | ||
|
||
import argparse | ||
|
||
from vmware.vapi.vsphere.client import create_vsphere_client | ||
import requests | ||
from com.vmware.vcenter.certificate_management.vcenter_client import Tls | ||
from samples.vsphere.common import (sample_cli, sample_util) | ||
|
||
""" | ||
Description: Demonstrates the renewal of the MACHINE SSL certificate | ||
Sample Prerequisites: | ||
- The user invoking the API should have the CertificateManagement.Administer privilege. | ||
""" | ||
|
||
parser = sample_cli.build_arg_parser() | ||
|
||
parser.add_argument('--duration', | ||
help='Duration of time specified in number of days for which the ' | ||
'MACHINE SSL certificate has to be renewed') | ||
|
||
args = sample_util.process_cli_args(parser.parse_args()) | ||
|
||
session = requests.session() | ||
session.verify = False if args.skipverification else True | ||
|
||
# Login to vCenter | ||
vsphere_client = create_vsphere_client(server=args.server, | ||
username=args.username, | ||
password=args.password, | ||
session=session) | ||
|
||
if args.duration is None: | ||
print('Renewing the MACHINE SSL certificate for the duration of ' + str(730) + ' days') | ||
duration = args.duration | ||
else: | ||
print('Renewing the MACHINE SSL certificate for the specified duration of ' + args.duration + ' days') | ||
duration = int(args.duration) | ||
|
||
vsphere_client.vcenter.certificate_management.vcenter.Tls.renew(duration) |
81 changes: 81 additions & 0 deletions
81
samples/vsphere/vcenter/certificatemanagement/replace_tls_certificate.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
#!/usr/bin/env python | ||
|
||
""" | ||
* ******************************************************* | ||
* Copyright (c) VMware, Inc. 2020. All Rights Reserved. | ||
* SPDX-License-Identifier: MIT | ||
* ******************************************************* | ||
* | ||
* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT | ||
* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN, | ||
* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED | ||
* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, | ||
* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE. | ||
""" | ||
|
||
__author__ = 'VMware, Inc.' | ||
__vcenter_version__ = '7.0+' | ||
|
||
import argparse | ||
|
||
from vmware.vapi.vsphere.client import create_vsphere_client | ||
import requests | ||
from com.vmware.vcenter.certificate_management.vcenter_client import Tls | ||
from samples.vsphere.common import (sample_cli, sample_util) | ||
|
||
""" | ||
Description: Demonstrates the replacement of the MACHINE SSL certificate with a custom | ||
certificate signed by an external third party CA. | ||
Sample Prerequisites: | ||
- The user invoking the API should have the CertificateManagement.Administer privilege. | ||
""" | ||
|
||
parser = sample_cli.build_arg_parser() | ||
|
||
parser.add_argument('--cert', | ||
required=True, | ||
help='Leaf certificate for replace the MACHINE SSL certificate.') | ||
|
||
parser.add_argument('--key', | ||
help='The private key.' | ||
'Not required if the gencsr api was used to generated the certificate signing request.') | ||
|
||
parser.add_argument('--rootcert', | ||
help='The root certificate and the intermediate root certificates ' | ||
'required to establish the chain of trust.' | ||
'Not required if the certificates are already present in the vCenter.') | ||
|
||
args = sample_util.process_cli_args(parser.parse_args()) | ||
|
||
session = requests.session() | ||
session.verify = False if args.skipverification else True | ||
|
||
# Login to vCenter | ||
vsphere_client = create_vsphere_client(server=args.server, | ||
username=args.username, | ||
password=args.password, | ||
session=session) | ||
|
||
cert = args.cert.encode(encoding='utf-8').decode('unicode_escape') | ||
|
||
if args.key is not None: | ||
key = args.encode(encoding='utf-8').key.decode('unicode_escape') | ||
else: | ||
key = args.key | ||
|
||
if args.rootcert is not None: | ||
root_cert = args.rootcert.encode(encoding='utf-8').decode('unicode_escape') | ||
else: | ||
root_cert = args.rootcert | ||
|
||
""" | ||
Create the spec for input to the API | ||
""" | ||
spec = Tls.Spec(cert=cert, | ||
key=key, | ||
root_cert=root_cert) | ||
|
||
|
||
print('The MACHINE SSL certificate will be replaced with the custom certificate ') | ||
vsphere_client.vcenter.certificate_management.vcenter.Tls.set(spec) |
Oops, something went wrong.