Module netapp_ontap.resources.key_manager_keys

Copyright © 2023 NetApp Inc. All rights reserved.

This file has been automatically generated based on the ONTAP REST API documentation.

Overview

Retrieves the key manager keys on the give node. The following operations are supported:

  • Get

Examples

Retrieving key manager key-id information for a node

The following example shows how to retrieve key-ids present on a node for a key manager.

from netapp_ontap import HostConnection
from netapp_ontap.resources import KeyManagerKeys

with HostConnection("<mgmt-ip>", username="admin", password="password", verify=False):
    resource = KeyManagerKeys(
        "f4f98a48-8a5c-c548-cd03-c6335f5803a8",
        "00000000-0000-0000-0000-000000000000",
        key_id="000000000000000002000000000005009ad4da8fea2cafe2bed803078b780ebe0000000000000c01",
    )
    resource.get()
    print(resource)

KeyManagerKeys(
    {
        "restored": False,
        "key_manager": "onboard",
        "_links": {
            "self": {
                "href": "/api/security/key-managers/f4f98a48-8a5c-c548-cd03-c6335f5803a8/keys/00000000-0000-0000-0000-000000000000/key-ids/000000000000000002000000000005009ad4da8fea2cafe2bed803078b780ebe0000000000000c01"
            }
        },
        "key_id": "000000000000000002000000000005009ad4da8fea2cafe2bed803078b780ebe0000000000000c01",
        "key_store": "onboard",
        "key_tag": "4d82cc07-f9e0-114e-55dc-82a224bea631",
        "node": {"uuid": "00000000-0000-0000-0000-000000000000"},
        "key_user": "datavs",
        "key_store_type": "okm",
        "key_type": "vek",
        "encryption_algorithm": "XTS-AES-256",
    }
)


Retrieving key manager key-id information of a specific key-type for a node

The following example shows how to retrieve key-ids of a specific key-type present on a node for a key manager. ```

The API:

GET /api/security/key-manager/{security_key_manager.uuid}/keys/{node.uuid}/key-ids

The call:

curl -X GET "https:///api/security/key-managers/7c179931-044b-11ed-b7cd-005056bbc535/keys/44dac31e-0449-11ed-b7cd-005056bbc535/key-ids?key_type=nse_ak&return_records=true&return_timeout=15" -H "accept: application/json"

The response:

{ "records": [ { "key_server": "10.225.89.34:5696", "key_id": "000000000000000002000000000001003d5c5f8c497e8e36aa80566e08749a3d0000000000000000", "key_type": "nse_ak" }, { "key_server": "10.225.89.34:5696", "key_id": "00000000000000000200000000000100c2dce9a3a15aeb8480db8d49c17d056c0000000000000000", "key_type": "nse_ak" } ], "num_records": 2 }

Classes

class KeyManagerKeys (*args, **kwargs)

Displays the keys stored in a key manager.

Initialize the instance of the resource.

Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:

MyResource(name='foo').name == 'foo'

Args

*args
Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.

Ancestors

Static methods

def count_collection (*args, connection: HostConnection = None, **kwargs) -> int

Returns a count of all KeyManagerKeys resources that match the provided query


This calls GET on the object to determine the number of records. It is more efficient than calling get_collection() because it will not construct any objects. Query parameters can be passed in as kwargs to determine a count of objects that match some filtered criteria.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the count of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host. These query parameters can affect the count. A return_records query param will be ignored.

Returns

On success, returns an integer count of the objects of this type. On failure, returns -1.

Raises

NetAppRestError: If the API call returned a status code >= 400, or if there is no connection available to use either passed in or on the library.

def find (*args, connection: HostConnection = None, **kwargs) -> Resource

Retrieves key manager configurations.

Required properties

  • security_key_manager.uuid - Key manager UUID.
  • node.uuid - Node UUID.
  • security key-manager key query

Learn more


Find an instance of an object on the host given a query.

The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found, None will be returned. If more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A Resource object containing the details of the object or None if no matches were found.

Raises

NetAppRestError: If the API call returned more than 1 matching resource.

def get_collection (*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> Iterable[Resource]

Retrieves key manager configurations.

Required properties

  • security_key_manager.uuid - Key manager UUID.
  • node.uuid - Node UUID.
  • security key-manager key query

Learn more


Fetch a list of all objects of this type from the host.

This is a lazy fetch, making API calls only as necessary when the result of this call is iterated over. For instance, if max_records is set to 5, then iterating over the collection causes an API call to be sent to the server once for every 5 records. If the client stops iterating before getting to the 6th record, then no additional API calls are made.

Args

*args
Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
The HostConnection object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context.
max_records
The maximum number of records to return per call
**kwargs
Any key/value pairs passed will be sent as query parameters to the host.

Returns

A list of Resource objects

Raises

NetAppRestError: If there is no connection available to use either passed in or on the library. This would be not be raised when get_collection() is called, but rather when the result is iterated.

Methods

def get (self, **kwargs) -> NetAppResponse

Retrieves the key management keys information for the specified key_id.

  • security key-manager key query -key-id <key_id>

Learn more


Fetch the details of the object from the host.

Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.

Returns

A NetAppResponse object containing the details of the HTTP response.

Raises

NetAppRestError: If the API call returned a status code >= 400

Inherited members

class KeyManagerKeysSchema (*, only: Union[Sequence[str], Set[str]] = None, exclude: Union[Sequence[str], Set[str]] = (), many: bool = False, context: Dict = None, load_only: Union[Sequence[str], Set[str]] = (), dump_only: Union[Sequence[str], Set[str]] = (), partial: Union[bool, Sequence[str], Set[str]] = False, unknown: str = None)

The fields of the KeyManagerKeys object

Ancestors

  • netapp_ontap.resource.ResourceSchema
  • marshmallow.schema.Schema
  • marshmallow.base.SchemaABC

Class variables

crn: str GET

Cloud resource name.

Example: CRN=v1:bluemix:public:containers-kubernetes

encryption_algorithm: str GET

Encryption algorithm for the key

Example: XTS-AES-256

key_id: str GET

Key identifier.

Example: 000000000000000002000000000001008963c9213194c59555c1bec8db3603c800000000

key_manager: str GET

Key manager key server managing the key. Indicates the external key server when external key manager is configured.

Example: keyserver1.local:5696

key_server: str GET

External key server for key management.

Example: keyserver1.com:5698

key_store: str GET

Security key manager configured for the given key manager UUID. Key manager keystore value can be onboard or external.

Valid choices:

  • onboard
  • external
key_store_type: str GET

Security key manager keystore type. Keystore type can be onboard, external, or supported cloud key manager.

Valid choices:

  • okm
  • kmip
  • akv
  • unset
  • gcp
  • aws
  • ikp
key_tag: str GET

Additional information associated with the key.

Example: key#

key_type: str GET

Encryption Key type.

Valid choices:

  • nse_ak
  • aek
  • vek
  • nek
  • svm_kek
key_user: str GET

SVM associated with the key.

Example: vs1

The links field of the key_manager_keys.

node: Node GET

The node field of the key_manager_keys.

policy: str GET

Key store policy.

Example: IBM_Key_Lore

restored: bool GET

Indicates whether the key is present locally on the node.

Example: true