Merge pull request #312 from shwetapurohit/master

new samples for 7032 release

Author: shwetapurohit

samples/vsphere/vcenter/certificatemanagement/README.md

@@ -0,0 +1,29 @@
+This directory contains samples for managing the MACHINE SSL certificate and the TRUSTED ROOT CHAINS
+
+The sample were tested against vSphere 7.0+
+
+### TRUSTED ROOT CHAINS Create/List/Delete/Get operations
+Sample                                                                | Description
+----------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+trusted_root_chains_create.py                                         | Demonstrates creation of the trusted root chain in vCenter.
+trusted_root_chains_list.py                                           | Demonstrates listing of the aliases of the published trusted root chains in vCenter.
+trusted_root_chains_delete.py                                         | Demonstrates deletion of the trusted root chain corresponding to the provided alias.
+trusted_root_chains_get.py                                            | Demonstrates retrieval of the trusted root chain corresponding to the provided alias.
+
+### Tls certificate Renew/Get/Replace/Replace with VMCA operations
+Sample                                                                | Description
+----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------
+replace_tls_certificate.py                                            | Demonstrates replacement of the machine ssl certificate with a custom certificate signed by a third party CA.
+renew_tls_certificate.py                                              | Demonstrates renewal of the machine ssl certificate for the given duration of time.
+get_tls_certificate.py                                                | Demonstrates retrieval of the machine ssl certificate along with the X.509 certificate fields.
+replace_tls_certificate_with_vmca_signed.py                           | Demonstrates replacement of the machine ssl certificate with a VMCA signed certificate.
+
+### VMCA ROOT replace operation
+Sample                                                                | Description
+----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------
+replace_vmca_root.py                                                  | Demonstrates replacement of the VMCA root certificate and regeneration of all the other certificates.
+
+### Testbed Requirement:
+    - 1 vCenter Server on version 7.0+
+    - The username being used to run the sample should have either the CertificateManagement.Manage or
+      the CertificateManagement.Administer privilege depending on the operation which is intended to be performed.

samples/vsphere/vcenter/certificatemanagement/gencsr.py

@@ -0,0 +1,115 @@
+#!/usr/bin/env python
+
+"""
+* *******************************************************
+* Copyright (c) VMware, Inc. 2020. All Rights Reserved.
+* SPDX-License-Identifier: MIT
+* *******************************************************
+*
+* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
+* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
+* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
+* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
+"""
+
+__author__ = 'VMware, Inc.'
+__vcenter_version__ = '7.0+'
+
+import argparse
+
+from vmware.vapi.vsphere.client import create_vsphere_client
+import requests
+from com.vmware.vcenter.certificate_management.vcenter_client import TlsCsr
+from samples.vsphere.common import (sample_cli, sample_util)
+
+"""
+Description: Demonstrates the generation of the Certificate Signing request
+for the MACHINE SSL certificate
+
+Sample Prerequisites:
+- The user invoking the API should have the CertificateManagement.Administer or the
+CertificateManagement.Manage privilege.
+"""
+
+parser = sample_cli.build_arg_parser()
+
+parser.add_argument('--keysize',
+                    help='Key size used to generate the private key.'
+                         'keysize will take 2048 bits if not modified')
+
+parser.add_argument('--commonname',
+                    help='Common name of the certificate subject field.'
+                         'common name will take the Primary Network Identifier(PNID) if not modified.')
+
+parser.add_argument('--organization',
+                    required=True,
+                    help='Organization field in certificate subject.')
+
+parser.add_argument('--organizationunit',
+                    required=True,
+                    help='Organization unit field in certificate subject')
+
+parser.add_argument('--locality',
+                    required=True,
+                    help='Locality field in the certificate subject')
+
+parser.add_argument('--stateorprovince',
+                    required=True,
+                    help='State field in certificate subject')
+
+parser.add_argument('--country',
+                    required=True,
+                    help='Country field in the certificate subject')
+
+parser.add_argument('--emailaddress',
+                    required=True,
+                    help='Email field in Certificate extensions')
+
+parser.add_argument('--subjectaltname',
+                    help='subjectaltname is list of Dns Names and Ip addresses')
+
+args = sample_util.process_cli_args(parser.parse_args())
+
+session = requests.session()
+session.verify = False if args.skipverification else True
+
+# Login to vCenter
+vsphere_client = create_vsphere_client(server=args.server,
+                                       username=args.username,
+                                       password=args.password,
+                                       session=session)
+
+common_name = args.commonname
+organization = args.organization
+organization_unit = args.organizationunit
+locality = args.locality
+state_or_province = args.stateorprovince
+country = args.country
+email_address = args.emailaddress
+
+if args.keysize is None:
+    key_size = args.keysize
+else:
+    key_size = int(args.keysize)
+
+if args.subjectaltname is None:
+    subject_alt_name = args.subjectaltname
+else:
+    subject_alt_name = args.subjectaltname.split(',')
+
+"""
+Create the spec for input to the API
+"""
+spec = TlsCsr.Spec(key_size=key_size,
+                   common_name=common_name,
+                   organization=organization,
+                   organization_unit=organization_unit,
+                   locality=locality,
+                   state_or_province=state_or_province,
+                   country=country,
+                   email_address=email_address,
+                   subject_alt_name=subject_alt_name)
+
+print('Generating the certificate signing request based on the information provided in the spec ')
+print(vsphere_client.vcenter.certificate_management.vcenter.TlsCsr.create(spec))

samples/vsphere/vcenter/certificatemanagement/get_tls_certificate.py

@@ -0,0 +1,46 @@
+#!/usr/bin/env python
+
+"""
+* *******************************************************
+* Copyright (c) VMware, Inc. 2020. All Rights Reserved.
+* SPDX-License-Identifier: MIT
+* *******************************************************
+*
+* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
+* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
+* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
+* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
+"""
+
+__author__ = 'VMware, Inc.'
+__vcenter_version__ = '7.0+'
+
+import argparse
+from samples.vsphere.common import (sample_cli, sample_util)
+from vmware.vapi.vsphere.client import create_vsphere_client
+import requests
+
+"""
+Description: Demonstrates retrieval of the MACHINE SSL certificate from the vCenter
+along with the decoded X.509 certificate fields
+
+Sample Prerequisites:
+- The user invoking the API should have the System.Read privilege.
+"""
+
+parser = sample_cli.build_arg_parser()
+
+args = sample_util.process_cli_args(parser.parse_args())
+
+session = requests.session()
+session.verify = False if args.skipverification else True
+
+# Login to vCenter
+vsphere_client = create_vsphere_client(server=args.server,
+                                       username=args.username,
+                                       password=args.password,
+                                       session=session)
+
+print('Listing the MACHINE SSL certificate along with the decoded X.509 fields ')
+print(vsphere_client.vcenter.certificate_management.vcenter.Tls.get())

samples/vsphere/vcenter/certificatemanagement/renew_tls_certificate.py

@@ -0,0 +1,57 @@
+#!/usr/bin/env python
+
+"""
+* *******************************************************
+* Copyright (c) VMware, Inc. 2020. All Rights Reserved.
+* SPDX-License-Identifier: MIT
+* *******************************************************
+*
+* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
+* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
+* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
+* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
+"""
+
+__author__ = 'VMware, Inc.'
+__vcenter_version__ = '7.0+'
+
+import argparse
+
+from vmware.vapi.vsphere.client import create_vsphere_client
+import requests
+from com.vmware.vcenter.certificate_management.vcenter_client import Tls
+from samples.vsphere.common import (sample_cli, sample_util)
+
+"""
+Description: Demonstrates the renewal of the MACHINE SSL certificate
+
+Sample Prerequisites:
+- The user invoking the API should have the CertificateManagement.Administer privilege.
+"""
+
+parser = sample_cli.build_arg_parser()
+
+parser.add_argument('--duration',
+                    help='Duration of time specified in number of days for which the '
+                         'MACHINE SSL certificate has to be renewed')
+
+args = sample_util.process_cli_args(parser.parse_args())
+
+session = requests.session()
+session.verify = False if args.skipverification else True
+
+# Login to vCenter
+vsphere_client = create_vsphere_client(server=args.server,
+                                       username=args.username,
+                                       password=args.password,
+                                       session=session)
+
+if args.duration is None:
+    print('Renewing the MACHINE SSL certificate for the duration of ' + str(730) + ' days')
+    duration = args.duration
+else:
+    print('Renewing the MACHINE SSL certificate for the specified duration of ' + args.duration + ' days')
+    duration = int(args.duration)
+
+vsphere_client.vcenter.certificate_management.vcenter.Tls.renew(duration)

samples/vsphere/vcenter/certificatemanagement/replace_tls_certificate.py

@@ -0,0 +1,81 @@
+#!/usr/bin/env python
+
+"""
+* *******************************************************
+* Copyright (c) VMware, Inc. 2020. All Rights Reserved.
+* SPDX-License-Identifier: MIT
+* *******************************************************
+*
+* DISCLAIMER. THIS PROGRAM IS PROVIDED TO YOU "AS IS" WITHOUT
+* WARRANTIES OR CONDITIONS OF ANY KIND, WHETHER ORAL OR WRITTEN,
+* EXPRESS OR IMPLIED. THE AUTHOR SPECIFICALLY DISCLAIMS ANY IMPLIED
+* WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY,
+* NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE.
+"""
+
+__author__ = 'VMware, Inc.'
+__vcenter_version__ = '7.0+'
+
+import argparse
+
+from vmware.vapi.vsphere.client import create_vsphere_client
+import requests
+from com.vmware.vcenter.certificate_management.vcenter_client import Tls
+from samples.vsphere.common import (sample_cli, sample_util)
+
+"""
+Description: Demonstrates the replacement of the MACHINE SSL certificate with a custom
+certificate signed by an external third party CA.
+
+Sample Prerequisites:
+- The user invoking the API should have the CertificateManagement.Administer privilege.
+"""
+
+parser = sample_cli.build_arg_parser()
+
+parser.add_argument('--cert',
+                    required=True,
+                    help='Leaf certificate for replace the MACHINE SSL certificate.')
+
+parser.add_argument('--key',
+                    help='The private key.'
+                         'Not required if the gencsr api was used to generated the certificate signing request.')
+
+parser.add_argument('--rootcert',
+                    help='The root certificate and the intermediate root certificates '
+                         'required to establish the chain of trust.'
+                         'Not required if the certificates are already present in the vCenter.')
+
+args = sample_util.process_cli_args(parser.parse_args())
+
+session = requests.session()
+session.verify = False if args.skipverification else True
+
+# Login to vCenter
+vsphere_client = create_vsphere_client(server=args.server,
+                                       username=args.username,
+                                       password=args.password,
+                                       session=session)
+
+cert = args.cert.encode(encoding='utf-8').decode('unicode_escape')
+
+if args.key is not None:
+    key = args.encode(encoding='utf-8').key.decode('unicode_escape')
+else:
+    key = args.key
+
+if args.rootcert is not None:
+    root_cert = args.rootcert.encode(encoding='utf-8').decode('unicode_escape')
+else:
+    root_cert = args.rootcert
+
+"""
+Create the spec for input to the API
+"""
+spec = Tls.Spec(cert=cert,
+                key=key,
+                root_cert=root_cert)
+
+
+print('The MACHINE SSL certificate will be replaced with the custom certificate ')
+vsphere_client.vcenter.certificate_management.vcenter.Tls.set(spec)