search

vmware / vsphere-automation-sdk-python

Python samples, language bindings, and API reference documentation for vSphere, VMC, and NSX-T using the VMware REST API
MIT License
739 stars 308 forks source link

Demonstrate the Native Key Provider APIs #390

Closed karaatanassov closed 12 months ago

karaatanassov commented 1 year ago

This is a short demo of native key provider APIs in the Autpmation SDK. The demo includes how native key provider can be set as default for the system using pyvmomi.

Below is the output of the demo script: (Excluding initial print of vc url and user name)

Create Native Key Provider.
Native Key Provider summary: {provider : native_kms, type : NATIVE, health : ERROR}
Native Key Provider details: {health : ERROR, details : [LocalizableMessage(id='com.vmware.vim.vpxd.encryption.keyProviderNotBackedUp', default_message='Key provider native_kms requires backup.', args=[], params={'keyProviderId': LocalizationParam(s='native_kms', dt=None, i=None, d=None, l=None, format=None, precision=None)}, localized='Key provider native_kms requires backup.')], constraints : {tpm_required : False}, type : NATIVE, native_info : {key_id : 94920bac-5419-4026-b5d5-9239512d2cc9}}

Backup Native Key Provider
Backup completed ok
Native Key Provider summary: {provider : native_kms, type : NATIVE, health : OK}
Native Key Provider details: {health : OK, details : [], constraints : {tpm_required : False}, type : NATIVE, native_info : {key_id : 94920bac-5419-4026-b5d5-9239512d2cc9}}

Delete Native Key Provider
Restore Native Key Provider: {provider : native_kms, type : NATIVE, native_info : {key_id : 94920bac-5419-4026-b5d5-9239512d2cc9}, export_time : 2023-07-29 16:03:39.341000, constraints : None}
Native Key Provider summary: {provider : native_kms, type : NATIVE, health : OK}
Native Key Provider details: {health : OK, details : [], constraints : {tpm_required : False}, type : NATIVE, native_info : {key_id : 94920bac-5419-4026-b5d5-9239512d2cc9}}

Default Key Provider None
Updated default key provider to (vim.encryption.KeyProviderId) {
   dynamicType = <unset>,
   dynamicProperty = (vmodl.DynamicProperty) [],
   id = 'native_kms'
}
Restored default key provider to None
Delete Native Key Provider
Done.
vmwclabot commented 1 year ago

@karaatanassov, you must sign every commit in this pull request acknowledging our Developer Certificate of Origin before your changes are merged. This can be done by adding Signed-off-by: John Doe <john.doe@email.org> to the last line of each Git commit message. The e-mail address used to sign must match the e-mail address of the Git author. Click here to view the Developer Certificate of Origin agreement.