Module netapp_ontap.resources.security_certificate

Copyright © 2022 NetApp Inc. All rights reserved.

Overview

This API displays security certificate information and manages the certificates in ONTAP.

Installing certificates in ONTAP

The security certificates GET request retrieves all of the certificates in the cluster.

Examples

Retrieving all certificates installed in the cluster with their common-names

from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityCertificate

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    print(list(SecurityCertificate.get_collection(fields="common_name")))

[
    SecurityCertificate(
        {
            "common_name": "vs0",
            "svm": {"name": "vs0"},
            "uuid": "dad2363b-8ac0-11e8-9058-005056b482fc",
            "_links": {
                "self": {
                    "href": "/api/security/certificates/dad2363b-8ac0-11e8-9058-005056b482fc"
                }
            },
        }
    ),
    SecurityCertificate(
        {
            "common_name": "ROOT",
            "uuid": "1941e048-8ac1-11e8-9058-005056b482fc",
            "_links": {
                "self": {
                    "href": "/api/security/certificates/1941e048-8ac1-11e8-9058-005056b482fc"
                }
            },
        }
    ),
    SecurityCertificate(
        {
            "common_name": "gshancluster-4",
            "uuid": "5a3a77a8-892d-11e8-b7da-005056b482fc",
            "_links": {
                "self": {
                    "href": "/api/security/certificates/5a3a77a8-892d-11e8-b7da-005056b482fc"
                }
            },
        }
    ),
]


Retrieving all certificates installed at cluster-scope with their common-names


from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityCertificate

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    print(
        list(SecurityCertificate.get_collection(scope="cluster", fields="common_name"))
    )

[
    SecurityCertificate(
        {
            "scope": "cluster",
            "common_name": "ROOT",
            "uuid": "1941e048-8ac1-11e8-9058-005056b482fc",
            "_links": {
                "self": {
                    "href": "/api/security/certificates/1941e048-8ac1-11e8-9058-005056b482fc"
                }
            },
        }
    ),
    SecurityCertificate(
        {
            "scope": "cluster",
            "common_name": "gshancluster-4",
            "uuid": "5a3a77a8-892d-11e8-b7da-005056b482fc",
            "_links": {
                "self": {
                    "href": "/api/security/certificates/5a3a77a8-892d-11e8-b7da-005056b482fc"
                }
            },
        }
    ),
]


Retrieving all certificates installed on a specific SVM with their common-names


from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityCertificate

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    print(
        list(
            SecurityCertificate.get_collection(
                fields="common_name", **{"svm.name": "vs0"}
            )
        )
    )

[
    SecurityCertificate(
        {
            "common_name": "vs0",
            "svm": {"name": "vs0"},
            "uuid": "dad2363b-8ac0-11e8-9058-005056b482fc",
            "_links": {
                "self": {
                    "href": "/api/security/certificates/dad2363b-8ac0-11e8-9058-005056b482fc"
                }
            },
        }
    )
]


Retrieving a certificate using its UUID for all fields


from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityCertificate

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = SecurityCertificate(uuid="dad2363b-8ac0-11e8-9058-005056b482fc")
    resource.get(fields="*")
    print(resource)

SecurityCertificate(
    {
        "hash_function": "sha256",
        "type": "server",
        "expiry_time": "2019-07-18T15:29:14-04:00",
        "scope": "svm",
        "common_name": "vs0",
        "svm": {"uuid": "d817293c-8ac0-11e8-9058-005056b482fc", "name": "vs0"},
        "uuid": "dad2363b-8ac0-11e8-9058-005056b482fc",
        "public_certificate": "-----BEGIN CERTIFICATE-----\nMIIDQjCCAiqgAwIBAgIIFUKNRc+Bz1YwDQYJKoZIhvcNAQELBQAwGzEMMAoGA1UE\nAxMDdnMwMQswCQYDVQQGEwJVUzAeFw0xODA3MTgxOTI5MTRaFw0xOTA3MTgxOTI5\nMTRaMBsxDDAKBgNVBAMTA3ZzMDELMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEB\nAQUAA4IBDwAwggEKAoIBAQCqFQb27th2ACOmJvWgLh1xRzobSb2ZTQfO561faXQ3\nIbiT+rnRWXetd/s2+iCv91d9LW0NOmP3MN2f3SFbyze3dl7WrnVbjLmYuI9MfOxs\nfmA+Bh6gpap5Yn2YddqoV6rfNGAuUveNLArNl8wODk/mpawpEQ93QSa1Zfg1gnoH\nRFrYqiSYT06X5g6RbUuEl4LTGXspz+plU46Za0i6QyxtvZ4bneibffXN3IigpqI6\nTGUV8R/J3Ps338VxVmSO9ZXBZmvbcJVoysYNICl/oi3fgPZlnBv0tbswqg4FoZO/\nWT+XHGhLep6cr/Aqg7u6C4RfqbCwzB/XFKDIqnmAQkDBAgMBAAGjgYkwgYYwDAYD\nVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFN/AnH8qLxocTtumNHIn\nEN4IFIDBMEoGA1UdIwRDMEGAFN/AnH8qLxocTtumNHInEN4IFIDBoR+kHTAbMQww\nCgYDVQQDEwN2czAxCzAJBgNVBAYTAlVTgggVQo1Fz4HPVjANBgkqhkiG9w0BAQsF\nAAOCAQEAa0pUEepdeQnd2Amwg8UFyxayb8eu3E6dlptvtyp+xtjhIC7Dh95CVXhy\nkJS3Tsu60PGR/b2vc3MZtAUpcL4ceD8XntKPQgBlqoB4bRogCe1TnlGswRXDX5TS\ngMVrRjaWTBF7ikT4UjR05rSxcDGplQRqjnOthqi+yPT+29+8a4Uu6J+3Kdrflj4p\n1nSWpuB9EyxtuCILNqXA2ncH7YKtoeNtChKCchhvPcoTy6Opma6UQn5UMxstkvGT\nVGaN5TlRWv0yiqPXIQblSqXi/uQsuRPcHDu7+KWRFn08USa6QVo2mDs9P7R9dd0K\n9QAsTjTOF9PlAKgNxGoOJl2y0+48AA==\n-----END CERTIFICATE-----\n",
        "ca": "vs0",
        "key_size": 2048,
        "serial_number": "15428D45CF81CF56",
        "_links": {
            "self": {
                "href": "/api/security/certificates/dad2363b-8ac0-11e8-9058-005056b482fc"
            }
        },
    }
)

Creating a certificate in a cluster

These certificates can be used to help administrators enable certificate-based authentication and to enable SSL-based communication to the cluster.

from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityCertificate

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = SecurityCertificate()
    resource.common_name = "TEST-SERVER"
    resource.type = "server"
    resource.post(hydrate=True)
    print(resource)

Installing a certificate in a cluster

These certificates can be used to help administrators enable certificate-based authentication and to enable-SSL based communication to the cluster.

from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityCertificate

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = SecurityCertificate()
    resource.type = "server_ca"
    resource.public_certificate = (
        "-----BEGIN CERTIFICATE-----"
        "MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG"
        "EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS"
        "b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES"
        "MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB"
        "IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld"
        "hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/"
        "mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi"
        "1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C"
        "XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl"
        "3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy"
        "NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV"
        "WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg"
        "xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix"
        "uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC"
        "AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI"
        "hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH"
        "6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg"
        "ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt"
        "ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV"
        "YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX"
        "feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro"
        "kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe"
        "2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz"
        "Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R"
        "cGzM7vRX+Bi6hG6H"
        "-----END CERTIFICATE-----"
    )
    resource.post(hydrate=True)
    print(resource)


Installing a certificate on a specific SVM


from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityCertificate

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = SecurityCertificate()
    resource.svm = {"name": "vs0"}
    resource.type = "server_ca"
    resource.public_certificate = (
        "-----BEGIN CERTIFICATE-----"
        "MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG"
        "EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS"
        "b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES"
        "MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB"
        "IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld"
        "hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/"
        "mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi"
        "1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C"
        "XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl"
        "3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy"
        "NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV"
        "WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg"
        "xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix"
        "uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC"
        "AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI"
        "hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH"
        "6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg"
        "ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt"
        "ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV"
        "YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX"
        "feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro"
        "kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe"
        "2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz"
        "Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R"
        "cGzM7vRX+Bi6hG6H"
        "-----END CERTIFICATE-----"
    )
    resource.post(hydrate=True)
    print(resource)


Deleting a certificate using its UUID


from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityCertificate

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = SecurityCertificate(uuid="dad2363b-8ac0-11e8-9058-005056b482fc")
    resource.delete(fields="*")

Signing a new certificate signing request using an existing CA certificate UUID

Once you have created a certificate of type "root_ca", you can use that certificate to act as a local Certificate Authority to sign new certificate signing requests. The following example signs a new certificate signing request using an existing CA certificate UUID. If successful, the API returns a signed certificate.

from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityCertificate

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = SecurityCertificate(uuid="253add53-8ac9-11e8-9058-005056b482fc")
    resource.sign(
        body={
            "signing_request": "-----BEGIN CERTIFICATE REQUEST-----\nMIICYTCCAUkCAQAwHDENMAsGA1UEAxMEVEVTVDELMAkGA1UEBhMCVVMwggEiMA0G\nCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiBCuVfbYHNdOO7vjRQja4JqL2cHqK\ndrlTj5hz9RVqFKZ7VPh8DSP9LoTbYWsvrTkbuD0Wi715MVQCsbkq/mHos+Y5lfqs\nNP5K92fc6EhBzBDYFgZGFntZYJjEG5MPerIUE7CfVy7o6sjWOlxeY33pjefObyvP\nBcJkBHg6SFJK/TDLvIYJkonLkJEOJoTI6++a3I/1bCMfUeuRtLU9ThWlna1kMMYK\n4T16/Bxgm4bha2U2jtosc0Wltnld/capc+eqRV07WVbMmEOTtop3cv0h3N0S6lbn\nFkd96DXzeGWbSHFHckeCZ9bOHhnVbfEa/efkPLx7ziMC8GtRHHlwbnK7AgMBAAGg\nADANBgkqhkiG9w0BAQsFAAOCAQEAf+rs1i5PHaOSI2HtTM+Hcv/p71yzgoLL+aeU\ntB0V4iuoXdqY8oQeWoPI92ci0K08JuSpu6D0DwCKlstfwuGkAA2b0Wr7ZDRonTUq\nmJ4j3O47MLysW4Db2LbGws/AuDsCIrBJDWHMpHaqsvRbpMx2xQ/V5oagUw5eGGpN\ne4fg/E2k9mGkpxwkUzT7w1RZirpND4xL+XTzpzeZqgalpXug4yjIXlI5hpRESZ9/\nAkGJSCWxI15IZdxxFVXlBcmm6WpJnnboqkcKeXz95GM6Re+oBy9tlgvwvlVd5s8uHX+bycFiZp09Wsm8Ev727MziZ+0II9nxwkDKsdPvam+KLI9hLQ==\n-----END CERTIFICATE REQUEST-----\n",
            "hash_function": "sha256",
        }
    )

SecurityCertificate(
    {
        "public_certificate": "-----BEGIN CERTIFICATE-----\nMIIDBzCCAe+gAwIBAgIIFUKQpcqeaUAwDQYJKoZIhvcNAQELBQAwHDENMAsGA1UE\nAxMEUkFDWDELMAkGA1UEBhMCVVMwHhcNMTgwNzE4MjAzMTA1WhcNMTkwNzE4MjAz\nMTA1WjAcMQ0wCwYDVQQDEwRURVNUMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcN\nAQEBBQADggEPADCCAQoCggEBAKIEK5V9tgc1047u+NFCNrgmovZweop2uVOPmHP1\nFWoUpntU+HwNI/0uhNthay+tORu4PRaLvXkxVAKxuSr+Yeiz5jmV+qw0/kr3Z9zo\nSEHMENgWBkYWe1lgmMQbkw96shQTsJ9XLujqyNY6XF5jfemN585vK88FwmQEeDpI\nUkr9MMu8hgmSicuQkQ4mhMjr75rcj/VsIx9R65G0tT1OFaWdrWQwxgrhPXr8HGCb\nhuFrZTaO2ixzRaW2eV39xqlz56pFXTtZVsyYQ5O2indy/SHc3RLqVucWR33oNfN4\nZZtIcUdyR4Jn1s4eGdVt8Rr95+Q8vHvOIwLwa1EceXBucrsCAwEAAaNNMEswCQYD\nVR0TBAIwADAdBgNVHQ4EFgQUJMPxjeW1G76TbbD2tXB8dwSpI3MwHwYDVR0jBBgw\nFoAUu5aH0mWR4cFoN9i7k96d2op3sPwwDQYJKoZIhvcNAQELBQADggEBAI5ai+Zi\nFQZUXRTqJCgHsgBThARneVWQYkYpyAXmTR7QeLf1d4ZHL33i4xWCqX3uvW7SFJLe\nZajT2AVmgiDbaWIHtDtvqz1BY78PSgUwPH/IyARTEOBeikp6KdwMPraehDIBMAcc\nANY58wXiTBbsl8UMD6tGecgnzw6sxlMmadGvrfJeJmgY4zert6NNvgtTPhcZQdLS\nE0fGzHS6+3ajCCfEEhPNPeR9D0e5Me81i9EsQGENrnJzTci8rzXPuF4bC3gghrK1\nI1+kmJQ1kLYVUcsntcrIiHmNvtPFJY6stjDgQKS9aDd/THhPpokPtZoCmE6PDxh6\nR+dO6C0hcDKHFzA=\n-----END CERTIFICATE-----\n"
    }
)

Generate a new Certificate Signing Request (CSR)

from netapp_ontap import HostConnection
from netapp_ontap.resources import SecurityConfig

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = SecurityConfig()
    resource.certificate_signing_request(
        body={
            "algorithm": "rsa",
            "extended_key_usage": ["serverauth"],
            "hash_function": "sha256",
            "key_usage": ["digitalsignature"],
            "security_strength": "112",
            "subject_alternatives": {
                "dns": ["*.example.com", "*.example1.com"],
                "email": ["abc@example.com", "abc@example1.com"],
                "ip": ["10.225.34.223", "10.225.34.224"],
                "uri": ["http://example.com", "http://example1.com"],
            },
            "subject_name": "C=US,O=NTAP,CN=test.domain.com",
        }
    )


Classes

class SecurityCertificate (*args, **kwargs)

Allows interaction with SecurityCertificate objects on the host

Initialize the instance of the resource.

Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:

MyResource(name='foo').name == 'foo'

Args

*args
Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.

Ancestors

Static methods

def count_collection(*args, connection: HostConnection = None, **kwargs) -> int

Fetch a count of all objects of this type from the host.

This calls GET on the object to determine the number of records. It is more efficient than calling get_collection() because it will not construct any objects. Query parameters can be passed in as kwargs to determine a count of objects that match some filtered criteria.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the count of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. These query parameters can affect the count. A return_records query param will be ignored.

Returns

On success, returns an integer count of the objects of this type. On failure, returns -1.

Raises

NetAppRestError: If the API call returned a status code >= 400, or if there is no connection available to use either passed in or on the library.

def delete_collection(*args, records: Iterable[_ForwardRef('SecurityCertificate')] = None, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Union[int, NoneType] = None, poll_timeout: Union[int, NoneType] = None, connection: HostConnection = None, **kwargs) -> NetAppResponse

Deletes a security certificate.

  • security certificate delete

Learn more


Delete all objects in a collection which match the given query.

All records on the host which match the query will be deleted.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to delete the collection of bars for a particular foo, the foo.name value should be passed.
records
Can be provided in place of a query. If so, this list of objects will be deleted from the host.
body
The body of the delete request. This could be a Resource instance or a dictionary object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be deleted.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def find(*args, connection: HostConnection = None, **kwargs) -> Resource

Retrieves security certificates.

  • security certificate show

Learn more


Find an instance of an object on the host given a query.

The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found, None will be returned. If more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A Resource object containing the details of the object or None if no matches were found.

Raises

NetAppRestError: If the API call returned more than 1 matching resource.

def get_collection(*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> Iterable[Resource]

Retrieves security certificates.

  • security certificate show

Learn more


Fetch a list of all objects of this type from the host.

This is a lazy fetch, making API calls only as necessary when the result of this call is iterated over. For instance, if max_records is set to 5, then iterating over the collection causes an API call to be sent to the server once for every 5 records. If the client stops iterating before getting to the 6th record, then no additional API calls are made.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
max_records
The maximum number of records to return per call
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A list of Resource objects

Raises

NetAppRestError: If there is no connection available to use either passed in or on the library. This would be not be raised when get_collection() is called, but rather when the result is iterated.

def post_collection(records: Iterable[_ForwardRef('SecurityCertificate')], *args, hydrate: bool = False, poll: bool = True, poll_interval: Union[int, NoneType] = None, poll_timeout: Union[int, NoneType] = None, connection: HostConnection = None, **kwargs) -> Union[List[SecurityCertificate], NetAppResponse]

Creates or installs a certificate.

Required properties

  • svm.uuid or svm.name - Existing SVM in which to create or install the certificate.
  • common_name - Common name of the certificate. Required when creating a certificate.
  • type - Type of certificate.
  • public_certificate - Public key certificate in PEM format. Required when installing a certificate.
  • private_key - Private key certificate in PEM format. Required when installing a CA-signed certificate.
  • expiry_time - Certificate expiration time. Specifying an expiration time is recommended when creating a certificate.
  • key_size - Key size of the certificate in bits. Specifying a strong key size is recommended when creating a certificate.
  • name - Unique certificate name per SVM. If one is not provided, it is automatically generated.

Default property values

If not specified in POST, the following default property values are assigned: * key_size - 2048 * expiry_time - P365DT * hash_function - sha256

  • security certificate create
  • security certificate install

Learn more


Send this collection of objects to the host as a creation request.

Args

records
A list of Resource objects to send to the server to be created.
*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to create a bar for a particular foo, the foo.name value should be passed.
hydrate
If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of each object. When hydrate is set to True, poll must also be set to True.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.

Returns

A list of Resource objects matching the provided
type which have been created by the host and returned. This is _not_
 
the same list that was provided, so to continue using the object, you
 

should save this list. If poll is set to False, then a NetAppResponse object is returned instead.

Raises

NetAppRestError: If the API call returned a status code >= 400

Methods

def delete(self, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Union[int, NoneType] = None, poll_timeout: Union[int, NoneType] = None, **kwargs) -> NetAppResponse

Deletes a security certificate.

  • security certificate delete

Learn more


Send a deletion request to the host for this object.

Args

body
The body of the delete request. This could be a Resource instance or a dictionary object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def get(self, **kwargs) -> NetAppResponse

Retrieves security certificates.

  • security certificate show

Learn more


Fetch the details of the object from the host.

Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def post(self, hydrate: bool = False, poll: bool = True, poll_interval: Union[int, NoneType] = None, poll_timeout: Union[int, NoneType] = None, **kwargs) -> NetAppResponse

Creates or installs a certificate.

Required properties

  • svm.uuid or svm.name - Existing SVM in which to create or install the certificate.
  • common_name - Common name of the certificate. Required when creating a certificate.
  • type - Type of certificate.
  • public_certificate - Public key certificate in PEM format. Required when installing a certificate.
  • private_key - Private key certificate in PEM format. Required when installing a CA-signed certificate.
  • expiry_time - Certificate expiration time. Specifying an expiration time is recommended when creating a certificate.
  • key_size - Key size of the certificate in bits. Specifying a strong key size is recommended when creating a certificate.
  • name - Unique certificate name per SVM. If one is not provided, it is automatically generated.

Default property values

If not specified in POST, the following default property values are assigned: * key_size - 2048 * expiry_time - P365DT * hash_function - sha256

  • security certificate create
  • security certificate install

Learn more


Send this object to the host as a creation request.

Args

hydrate
If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

def sign(self, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Union[int, NoneType] = None, poll_timeout: Union[int, NoneType] = None, **kwargs) -> NetAppResponse

Signs a certificate.

Required properties

  • signing_request - Certificate signing request to be signed by the given certificate authority.
  • expiry_time - Certificate expiration time. Specifying an expiration time for a signed certificate is recommended.
  • hash_function - Hashing function. Specifying a strong hashing function is recommended when signing a certificate.

Default property values

If not specified in POST, the following default property values are assigned: * expiry_time - P365DT * hash_function - sha256

  • security certificate sign This API is used to sign a certificate request using a pre-existing self-signed root certificate. The self-signed root certificate acts as a certificate authority within its scope and maintains the records of its signed certificates.
    The root certificate can be created for a given SVM or for the cluster using [POST security/certificates].

Perform a custom action on this resource which is not a simple CRUD action

Args

path
The action verb for this request. This will be added as a postfix to the instance location of the resource.
body
The body of the action request. This should be a Resource instance. The connection and URL will be determined based on the values from this object.
poll
If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

Inherited members

class SecurityCertificateSchema (*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

The fields of the SecurityCertificate object

Ancestors

  • netapp_ontap.resource.ResourceSchema
  • marshmallow.schema.Schema
  • marshmallow.base.SchemaABC

Class variables

authority_key_identifier GET

Provides the key identifier of the issuing CA certificate that signed the SSL certificate.

Example: 26:1F:C5:53:5B:D7:9E:E2:37:74:F4:F4:06:09:03:3D:EB:41:75:D7

ca GET

Certificate authority

common_name GET POST PATCH

FQDN or custom common name. Provide on POST when creating a self-signed certificate.

Example: test.domain.com

expiry_time GET POST PATCH

Certificate expiration time. Can be provided on POST if creating self-signed certificate. The expiration time range is between 1 day to 10 years.

hash_function GET POST PATCH

Hashing function. Can be provided on POST when creating a self-signed certificate. Hash functions md5 and sha1 are not allowed on POST.

Valid choices:

  • sha1
  • sha256
  • md5
  • sha224
  • sha384
  • sha512
intermediate_certificates GET POST PATCH

Chain of intermediate Certificates in PEM format. Only valid in POST when installing a certificate.

key_size GET POST PATCH

Key size of requested Certificate in bits. One of 512, 1024, 1536, 2048, 3072. Can be provided on POST if creating self-signed certificate. Key size of 512 is not allowed on POST.

The links field of the security_certificate.

name GET POST PATCH

Certificate name. If not provided in POST, a unique name specific to the SVM is automatically generated.

Example: cert1

private_key GET POST PATCH

Private key Certificate in PEM format. Only valid for create when installing a CA-signed certificate. This is not audited.

Example: -----BEGIN PRIVATE KEY----- MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAu1/a8f3G47cZ6pel Hd3aONMNkGJ8vSCH5QjicuDm92VtVwkAACEjIoZSLYlJvPD+odL+lFzVQSmkneW7 VCGqYQIDAQABAkAcfNpg6GCQxoneLOghvlUrRotNZGvqpUOEAvHK3X7AJhz5SU4V an36qvsAt5ghFMVM2iGvGaXbj0dAd+Jg64pxAiEA32Eh9mPtFSmZhTIUMeGcPmPk qIYCEuP8a/ZLmI9s4TsCIQDWvLQuvjSVfwPhi0TFAb5wqAET8X5LBFqtGX5QlUep EwIgFnqM02Gc4wtLoqa2d4qPkYu13+uUW9hLd4XSd6i/OS8CIQDT3elU+Rt+qIwW u0cFrVvNYSV3HNzDfS9N/IoxTagfewIgPvXADe5c2EWbhCUkhN+ZCf38AKewK9TW lQcDy4L+f14= -----END PRIVATE KEY-----

public_certificate GET POST PATCH

Public key Certificate in PEM format. If this is not provided in POST, a self-signed certificate is created.

Example: -----BEGIN CERTIFICATE----- MIIBuzCCAWWgAwIBAgIIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQAwHDENMAsGA1UE AxMEVEVTVDELMAkGA1UEBhMCVVMwHhcNMTgwNjA4MTgwOTAxWhcNMTkwNjA4MTgw OTAxWjAcMQ0wCwYDVQQDEwRURVNUMQswCQYDVQQGEwJVUzBcMA0GCSqGSIb3DQEB AQUAA0sAMEgCQQDaPvbqUJJFJ6NNTyK3Yb+ytSjJ9aa3yUmYTD9uMiP+6ycjxHWB e8u9z6yCHsW03ync+dnhE5c5z8wuDAY0fv15AgMBAAGjgYowgYcwDAYDVR0TBAUw AwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYEFMJ7Ev/o/3+YNzYh5XNlqqjnw4zm MEsGA1UdIwREMEKAFMJ7Ev/o/3+YNzYh5XNlqqjnw4zmoSCkHjAcMQ0wCwYDVQQD EwRURVNUMQswCQYDVQQGEwJVU4IIFTZBrqZwUUMwDQYJKoZIhvcNAQELBQADQQAv DovYeyGNnknjGI+TVNX6nDbyzf7zUPqnri0KuvObEeybrbPW45sgsnT5dyeE/32U 9Yr6lklnkBtVBDTmLnrC -----END CERTIFICATE-----

scope GET POST PATCH

The scope field of the security_certificate.

serial_number GET

Serial number of certificate.

subject_key_identifier GET

Provides the key identifier used to identify the public key in the SSL certificate.

Example: 26:1F:C5:53:5B:D7:9E:E2:37:74:F4:F4:06:09:03:3D:EB:41:75:D8

svm GET POST PATCH

The svm field of the security_certificate.

type GET POST PATCH

Type of Certificate. The following types are supported:

  • client - a certificate and its private key used by an SSL client in ONTAP.
  • server - a certificate and its private key used by an SSL server in ONTAP.
  • client_ca - a Certificate Authority certificate used by an SSL server in ONTAP to verify an SSL client certificate.
  • server_ca - a Certificate Authority certificate used by an SSL client in ONTAP to verify an SSL server certificate.
  • root_ca - a self-signed certificate used by ONTAP to sign other certificates by acting as a Certificate Authority.

Valid choices:

  • client
  • server
  • client_ca
  • server_ca
  • root_ca
uuid GET

Unique ID that identifies a certificate.