Module netapp_ontap.resources.aws_kms
Copyright © 2023 NetApp Inc. All rights reserved.
This file has been automatically generated based on the ONTAP REST API documentation.
Overview
Amazon Web Services Key Management Services (AWS KMS) is a cloud key management service (KMS) that provides a secure store for secrets. This feature allows ONTAP to securely store its encryption keys using AWS KMS. In order to use AWS KMS with ONTAP, you must first create a Customer Master Key (CMK) in AWS KMS and provide an Access Key ID and Secret Access Key for a user that has appropriate access to the newly created CMK in the AWS KMS."
Examples
Enabling AWS KMS for an SVM
The following example shows how to enable AWS KMS at the SVM-scope. Note the return_records=true query parameter is used to obtain the newly created key manager configuration.
from netapp_ontap import HostConnection
from netapp_ontap.resources import AwsKms
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = AwsKms()
resource.svm = {"uuid": "f36ff553-e713-11ea-bd56-005056bb4222"}
resource.region = "us-east-1"
resource.key_id = "kmip-aws"
resource.access_key_id = "AK7ATC35ZXU6GKUDQURT"
resource.secret_access_key = "Ahrut-#ghty5-881Ht"
resource.post(hydrate=True)
print(resource)
AwsKms(
{
"key_id": "kmip-aws",
"svm": {"name": "vs0", "uuid": "f36ff553-e713-11ea-bd56-005056bb4222"},
"access_key_id": "AK7ATC35ZXU6GKUDQURT",
"_links": {
"self": {
"href": "/api/security/aws-kms/f72098a2-e908-11ea-bd56-005056bb4222"
}
},
"region": "us-east-1",
"uuid": "f72098a2-e908-11ea-bd56-005056bb4222",
}
)
Retrieving all AWS KMS configurations
The following example shows how to retrieve all AWS KMS configurations.
from netapp_ontap import HostConnection
from netapp_ontap.resources import AwsKms
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
print(list(AwsKms.get_collection(fields="*")))
[
AwsKms(
{
"scope": "svm",
"key_id": "kmip-aws",
"svm": {"name": "vs0", "uuid": "f36ff553-e713-11ea-bd56-005056bb4222"},
"default_domain": "amazonaws.com",
"access_key_id": "AK7ATC35ZXU6GKUDQURT",
"service": "KMS",
"_links": {
"self": {
"href": "/api/security/aws-kms/f72098a2-e908-11ea-bd56-005056bb4222"
}
},
"polling_period": 60,
"region": "us-east-1",
"timeout": 10,
"uuid": "f72098a2-e908-11ea-bd56-005056bb4222",
}
)
]
Retrieving a specific AWS KMS configuration
The following example shows how to retrieve information for a specific AWS KMS configuration.
from netapp_ontap import HostConnection
from netapp_ontap.resources import AwsKms
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = AwsKms(uuid="f72098a2-e908-11ea-bd56-005056bb4222")
resource.get(fields="*")
print(resource)
AwsKms(
{
"scope": "svm",
"key_id": "kmip-aws",
"svm": {"name": "vs0", "uuid": "f36ff553-e713-11ea-bd56-005056bb4222"},
"default_domain": "amazonaws.com",
"access_key_id": "AK7ATC35ZXU6GKUDQURT",
"service": "KMS",
"_links": {
"self": {
"href": "/api/security/aws-kms/f72098a2-e908-11ea-bd56-005056bb4222"
}
},
"polling_period": 60,
"region": "us-east-1",
"timeout": 10,
"uuid": "f72098a2-e908-11ea-bd56-005056bb4222",
}
)
Retrieving the advanced properties of an AWS configured for a specific SVM
These values are not retrieved by default with the 'fields=*' option.
The following example retrieves the advanced properties of a configured AWS for a specific SVM; there is an added computational cost in retrieving their values. The properties are not populated for either a collection GET or an instance GET unless they are explicitly requested using the fields
query parameter or GET for all advanced properties is enabled.
from netapp_ontap import HostConnection
from netapp_ontap.resources import AwsKms
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = AwsKms(uuid="7052c6c0-a503-11ec-a68f-005056ac75a0")
resource.get(fields="state,amazon_reachability,ekmip_reachability")
print(resource)
AwsKms(
{
"amazon_reachability": {"code": "0", "reachable": True, "message": ""},
"state": {"code": "0", "cluster_state": True, "message": ""},
"ekmip_reachability": [
{
"reachable": True,
"code": "0",
"node": {
"name": "node1",
"_links": {
"self": {
"href": "/api/cluster/nodes/817f544f-a98d-11ec-ae20-005056ac7c32"
}
},
"uuid": "817f544f-a98d-11ec-ae20-005056ac7c32",
},
"message": "",
},
{
"reachable": True,
"code": "0",
"node": {
"name": "node2",
"_links": {
"self": {
"href": "/api/cluster/nodes/84b3f5f3-a98d-11ec-9ff4-005056acfbfe"
}
},
"uuid": "84b3f5f3-a98d-11ec-9ff4-005056acfbfe",
},
"message": "",
},
],
"_links": {
"self": {
"href": "/api/security/aws-kms/d70efc34-aa13-11ec-a059-005056ac7c32"
}
},
"uuid": "d70efc34-aa13-11ec-a059-005056ac7c32",
}
)
Updating the "access_key_id" of a specific AWS KMS configuration
The following example shows how to update the "access_key_id" for a specific AWS KMS configuration.
from netapp_ontap import HostConnection
from netapp_ontap.resources import AwsKms
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = AwsKms(uuid="f72098a2-e908-11ea-bd56-005056bb4222")
resource.access_key_id = "AK7ATC35ZXU6GKUDQURT"
resource.secret_access_key = "Ahrut-#ghty5-881Ht"
resource.patch()
Updating a specific AWS KMS configuration to allow it to use a proxy.
The following example shows how to update a specific AWS KMS configuration to allow the AWS KMS instance to use a proxy.
from netapp_ontap import HostConnection
from netapp_ontap.resources import AwsKms
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = AwsKms(uuid="f72098a2-e908-11ea-bd56-005056bb4222")
resource.default_domain = "216.9"
resource.host = "172.20.216.9"
resource.port = 8000
resource.service = "10"
resource.verify_host = False
resource.verify_ip = False
resource.patch()
Deleting a specific AWS KMS configuration
The following example shows how to delete a specific AWS KMS configuration.
from netapp_ontap import HostConnection
from netapp_ontap.resources import AwsKms
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = AwsKms(uuid="f72098a2-e908-11ea-bd56-005056bb4222")
resource.delete()
Restoring keys from a KMIP server
The following example shows how to restore keys for a AWS KMS configuration.
from netapp_ontap import HostConnection
from netapp_ontap.resources import AwsKms
with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
resource = AwsKms(uuid="33820b57-ec90-11ea-875e-005056bbf3f0")
resource.restore()
Classes
class AwsKms (*args, **kwargs)
-
Allows interaction with AwsKms objects on the host
Initialize the instance of the resource.
Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:
MyResource(name='foo').name == 'foo'
Args
*args
- Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
- each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.
Ancestors
Static methods
def count_collection (*args, connection: HostConnection = None, **kwargs) -> int
-
Returns a count of all AwsKms resources that match the provided query
This calls GET on the object to determine the number of records. It is more efficient than calling get_collection() because it will not construct any objects. Query parameters can be passed in as kwargs to determine a count of objects that match some filtered criteria.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the count of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. These query parameters can affect the count. A return_records query param will be ignored.
Returns
On success, returns an integer count of the objects of this type. On failure, returns -1.
Raises
NetAppRestError
: If the API call returned a status code >= 400, or if there is no connection available to use either passed in or on the library. def delete_collection (*args, records: Iterable[_ForwardRef('AwsKms')] = None, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Deletes an AWS KMS configuration.
Related ONTAP commands
security key-manager external aws disable
Learn more
Delete all objects in a collection which match the given query.
All records on the host which match the query will be deleted.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to delete the collection of bars for a particular foo, the foo.name value should be passed.
records
- Can be provided in place of a query. If so, this list of objects will be deleted from the host.
body
- The body of the delete request. This could be a Resource instance or a dictionary object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be deleted.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def find (*args, connection: HostConnection = None, **kwargs) -> Resource
-
Retrieves all AWS KMS instances configured for all clusters and SVMs.
Related ONTAP commands
security key-manager external aws show
security key-manager external aws check
Learn more
Find an instance of an object on the host given a query.
The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found, None will be returned. If more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
Resource
object containing the details of the object or None if no matches were found.Raises
NetAppRestError
: If the API call returned more than 1 matching resource. def get_collection (*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> Iterable[Resource]
-
Retrieves all AWS KMS instances configured for all clusters and SVMs.
Related ONTAP commands
security key-manager external aws show
security key-manager external aws check
Learn more
Fetch a list of all objects of this type from the host.
This is a lazy fetch, making API calls only as necessary when the result of this call is iterated over. For instance, if max_records is set to 5, then iterating over the collection causes an API call to be sent to the server once for every 5 records. If the client stops iterating before getting to the 6th record, then no additional API calls are made.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. max_records
- The maximum number of records to return per call
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A list of
Resource
objectsRaises
NetAppRestError
: If there is no connection available to use either passed in or on the library. This would be not be raised when get_collection() is called, but rather when the result is iterated. def patch_collection (body: dict, *args, records: Iterable[_ForwardRef('AwsKms')] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Updates the AWS KMS configuration.
Optional properties
region
- AWS region of the AWS KMS.service
- AWS service type.default_domain
- AWS KMS default domain.port
- AWS KMS port.proxy_type
- Type of proxy (http, https, etc.), if proxy configuration is used.proxy_host
- Proxy hostname if proxy configuration is used.proxy_port
- Proxy port number if proxy configuration is used.proxy_username
- Proxy username if proxy configuration is used.proxy_password
- Proxy password if proxy configuration is used.polling_period
- Polling period in minutes.timeout
- AWS Connection timeout, in seconds.verify
- Set to true to verify the AWS KMS host.verify_host
- Set to true to verify the AWS KMS host's hostname.verify_ip
- Set to true to verify the AWS KMS host's IP address.host
- AWS KMS host's hostname.secret_access_key
- AWS secret access key for the access key ID provided.access-key-id
- AWS access key ID of the user with the appropriate access to AWS KMS.skip_verify
- Set to true to bypass verification of the user provided access_key_id and secret_access_key.encryption_context
- Additional layer of authentication and logging.
Related ONTAP commands
security key-manager external aws update-config
security key-manager external aws update-credentials
Learn more
Patch all objects in a collection which match the given query.
All records on the host which match the query will be patched with the provided body.
Args
body
- A dictionary of name/value pairs to set on all matching members of the collection. The body argument will be ignored if records is provided.
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to patch the collection of bars for a particular foo, the foo.name value should be passed.
records
- Can be provided in place of a query. If so, this list of objects will be patched on the host.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def post_collection (records: Iterable[_ForwardRef('AwsKms')], *args, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, connection: HostConnection = None, **kwargs) -> Union[List[AwsKms], NetAppResponse]
-
Configures the AWS KMS configuration for the specified SVM.
Required properties
svm.uuid
orsvm.name
- Existing SVM in which to create an AWS KMS.region
- AWS region of the AWS KMS.key_id
- AWS Key ID
Optional properties
access_key_id
- AWS access key ID of the user who has the appropriate access to AWS KMS.secret_access_key
- AWS secret access key for the access key ID provided.service
- AWS service type.default_domain
- AWS KMS default domain.port
- AWS KMS port.proxy_type
- Type of proxy (http, https, etc.), if proxy configuration is used.proxy_host
- Proxy hostname if proxy configuration is used.proxy_port
- Proxy port number if proxy configuration is used.proxy_username
- Proxy username if proxy configuration is used.proxy_password
- Proxy password if proxy configuration is used.polling_period
- Polling period in minutes.encryption_context
- Additional layer of authentication and logging.
Related ONTAP commands
security key-manager external aws enable
Learn more
Send this collection of objects to the host as a creation request.
Args
records
- A list of
Resource
objects to send to the server to be created. *args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to create a bar for a particular foo, the foo.name value should be passed.
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of each object. When hydrate is set to True, poll must also be set to True.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A list of
Resource
objects matching the provided type which have been created by the host and returned. This is not the same list that was provided, so to continue using the object, you should save this list. If poll is set to False, then aNetAppResponse
object is returned instead.Raises
NetAppRestError
: If the API call returned a status code >= 400
Methods
def delete (self, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Deletes an AWS KMS configuration.
Related ONTAP commands
security key-manager external aws disable
Learn more
Send a deletion request to the host for this object.
Args
body
- The body of the delete request. This could be a Resource instance or a dictionary object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def get (self, **kwargs) -> NetAppResponse
-
Retrieves the AWS KMS configuration for the SVM specified by the UUID.
Related ONTAP commands
security key-manager external aws show
security key-manager external aws check
Learn more
Fetch the details of the object from the host.
Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def patch (self, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Updates the AWS KMS configuration.
Optional properties
region
- AWS region of the AWS KMS.service
- AWS service type.default_domain
- AWS KMS default domain.port
- AWS KMS port.proxy_type
- Type of proxy (http, https, etc.), if proxy configuration is used.proxy_host
- Proxy hostname if proxy configuration is used.proxy_port
- Proxy port number if proxy configuration is used.proxy_username
- Proxy username if proxy configuration is used.proxy_password
- Proxy password if proxy configuration is used.polling_period
- Polling period in minutes.timeout
- AWS Connection timeout, in seconds.verify
- Set to true to verify the AWS KMS host.verify_host
- Set to true to verify the AWS KMS host's hostname.verify_ip
- Set to true to verify the AWS KMS host's IP address.host
- AWS KMS host's hostname.secret_access_key
- AWS secret access key for the access key ID provided.access-key-id
- AWS access key ID of the user with the appropriate access to AWS KMS.skip_verify
- Set to true to bypass verification of the user provided access_key_id and secret_access_key.encryption_context
- Additional layer of authentication and logging.
Related ONTAP commands
security key-manager external aws update-config
security key-manager external aws update-credentials
Learn more
Send the difference in the object's state to the host as a modification request.
Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def post (self, hydrate: bool = False, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Configures the AWS KMS configuration for the specified SVM.
Required properties
svm.uuid
orsvm.name
- Existing SVM in which to create an AWS KMS.region
- AWS region of the AWS KMS.key_id
- AWS Key ID
Optional properties
access_key_id
- AWS access key ID of the user who has the appropriate access to AWS KMS.secret_access_key
- AWS secret access key for the access key ID provided.service
- AWS service type.default_domain
- AWS KMS default domain.port
- AWS KMS port.proxy_type
- Type of proxy (http, https, etc.), if proxy configuration is used.proxy_host
- Proxy hostname if proxy configuration is used.proxy_port
- Proxy port number if proxy configuration is used.proxy_username
- Proxy username if proxy configuration is used.proxy_password
- Proxy password if proxy configuration is used.polling_period
- Polling period in minutes.encryption_context
- Additional layer of authentication and logging.
Related ONTAP commands
security key-manager external aws enable
Learn more
Send this object to the host as a creation request.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will normally be sent as query parameters to the host. If any of these pairs are parameters that are sent as formdata then only parameters of that type will be accepted and all others will be discarded.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def rekey_external (self, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Rekeys or re-versions the AWS KMS Key Encryption Key (KEK) for the given AWS KMS.
Related ONTAP commands
security key-manager external aws rekey-external
Perform a custom action on this resource which is not a simple CRUD action
Args
path
- The action verb for this request. This will be added as a postfix to the instance location of the resource.
body
- The body of the action request. This should be a Resource instance. The connection and URL will be determined based on the values from this object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def rekey_internal (self, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Rekeys SVM KEK for the given AWS KMS.
Related ONTAP commands
security key-manager external aws rekey-internal
Perform a custom action on this resource which is not a simple CRUD action
Args
path
- The action verb for this request. This will be added as a postfix to the instance location of the resource.
body
- The body of the action request. This should be a Resource instance. The connection and URL will be determined based on the values from this object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def restore (self, body: Union[Resource, dict] = None, poll: bool = True, poll_interval: Optional[int] = None, poll_timeout: Optional[int] = None, **kwargs) -> NetAppResponse
-
Restores the keys for an SVM from a configured AWS KMS.
Related ONTAP commands
security key-manager external AWS restore
Perform a custom action on this resource which is not a simple CRUD action
Args
path
- The action verb for this request. This will be added as a postfix to the instance location of the resource.
body
- The body of the action request. This should be a Resource instance. The connection and URL will be determined based on the values from this object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Inherited members
class AwsKmsSchema (*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)
-
The fields of the AwsKms object
Ancestors
- netapp_ontap.resource.ResourceSchema
- marshmallow.schema.Schema
- marshmallow.base.SchemaABC
Class variables
-
access_key_id: str GET POST PATCH
-
AWS Access Key ID of the user that has appropriate access to AWS KMS.
Example: AKIATCFKZXU6GKUDQUWN
-
amazon_reachability: AwsConnectivity GET
-
The amazon_reachability field of the aws_kms.
-
default_domain: str GET POST PATCH
-
AWS KMS default domain.
Example: domainName
-
ekmip_reachability: List[EkmipServerConnectivity] GET
-
The ekmip_reachability field of the aws_kms.
-
encryption_context: str GET POST PATCH
-
Additional layer of authentication and logging.
Example: aws:fsx:fs-id=fs-0785c8beceb895999
-
host: str GET POST PATCH
-
AWS KMS host's hostname.
Example: aws-host.host.com
-
key_id: str GET POST PATCH
-
AWS Key ID.
Example: kmip-aws
-
links: SelfLink GET
-
The links field of the aws_kms.
-
polling_period: Size GET POST PATCH
-
Polling period in minutes.
Example: 55
-
port: Size GET POST PATCH
-
AWS KMS port.
Example: 443
-
proxy_host: str GET POST PATCH
-
Proxy host.
Example: proxy.eng.com
-
proxy_password: str POST PATCH
-
Proxy password. Password is not audited.
Example: awskze-Jwjje2-WJJPer
-
proxy_port: Size GET POST PATCH
-
Proxy port.
Example: 1234
-
proxy_type: str GET POST PATCH
-
Proxy type.
Valid choices:
- http
- https
-
proxy_username: str GET POST PATCH
-
Proxy username.
Example: proxyuser
-
region: str GET POST PATCH
-
AWS region of the AWS KMS.
Example: us-east-1
-
scope: str GET
-
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".
Valid choices:
- svm
- cluster
-
secret_access_key: str POST PATCH
-
AWS Secret Access Key for the provided access key ID.
Example: tyb1kA/bSr5654LncZNwNcvAOR7hu1vPo0nPrtoG
-
service: str GET POST PATCH
-
AWS service type.
Example: dynamodb.*.amazonaws.com
-
skip_verify: bool GET POST PATCH
-
Set to true to bypass verification of the user provided access_key_id and secret_access_key. An error will be returned if 'skip_verify' is provided but 'access_key_id' is not.
Example: false
-
state: AwsKmsState GET
-
The state field of the aws_kms.
-
svm: Svm GET POST PATCH
-
The svm field of the aws_kms.
-
timeout: Size GET POST PATCH
-
AWS Connection timeout, in seconds.
Example: 20
-
uuid: str GET
-
A unique identifier for the AWS KMS.
Example: 1cd8a442-86d1-11e0-ae1c-123478563412
-
verify: bool GET POST PATCH
-
Set to true to verify the AWS KMS host.
Example: false
-
verify_host: bool GET POST PATCH
-
Set to true to verify the AWS KMS host's hostname.
Example: true
-
verify_ip: bool GET POST PATCH
-
Set to true to verify the AWS KMS host's IP address.
Example: false