Skip to content

Commit

Permalink
Merge pull request #3553 from dougm/kms
Browse files Browse the repository at this point in the history 
govc: add kms commands
  • Loading branch information
@dougm
dougm authored Sep 20, 2024
2 parents 219a6ba + ccf449e commit 828cac6
Show file tree
Hide file tree
Showing 12 changed files with 774 additions and 49 deletions.
2 changes: 1 addition & 1 deletion crypto/manager_kmip.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ func (m ManagerKmip) SetDefaultKmsClusterId(
return nil
}

func (m ManagerKmip) RegisterKmipCluster(
func (m ManagerKmip) RegisterKmsCluster(
ctx context.Context,
providerID string,
managementType types.KmipClusterInfoKmsManagementType) error {
Expand Down
75 changes: 36 additions & 39 deletions crypto/manager_kmip_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ func TestCryptoManagerKmip(t *testing.T) {

providerID := uuid.NewString()

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID,
types.KmipClusterInfoKmsManagementTypeUnknown))
Expand All @@ -53,7 +53,7 @@ func TestCryptoManagerKmip(t *testing.T) {
assert.NoError(t, err)
assert.True(t, isValid)

err = m.RegisterKmipCluster(
err = m.RegisterKmsCluster(
ctx,
providerID,
types.KmipClusterInfoKmsManagementTypeUnknown)
Expand All @@ -73,7 +73,7 @@ func TestCryptoManagerKmip(t *testing.T) {
assert.EqualError(t, err, "invalid cluster ID")
assert.Nil(t, status)

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID,
types.KmipClusterInfoKmsManagementTypeUnknown))
Expand All @@ -96,7 +96,7 @@ func TestCryptoManagerKmip(t *testing.T) {
assert.EqualError(t, err, "ServerFaultCode: Invalid cluster ID")
assert.True(t, fault.Is(err, &types.RuntimeFault{}))

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID,
types.KmipClusterInfoKmsManagementTypeUnknown))
Expand Down Expand Up @@ -124,7 +124,7 @@ func TestCryptoManagerKmip(t *testing.T) {
assert.NoError(t, err)
assert.False(t, ok)

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID,
types.KmipClusterInfoKmsManagementTypeUnknown))
Expand All @@ -144,15 +144,15 @@ func TestCryptoManagerKmip(t *testing.T) {
provider2ID := uuid.NewString()
provider3ID := uuid.NewString()

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider1ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider2ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider3ID,
types.KmipClusterInfoKmsManagementTypeNativeProvider))
Expand Down Expand Up @@ -230,14 +230,11 @@ func TestCryptoManagerKmip(t *testing.T) {
},
}

err = m.RegisterKmipServer(ctx, serverSpec)
assert.EqualError(t, err, "ServerFaultCode: Invalid cluster ID")
assert.True(t, fault.Is(err, &types.RuntimeFault{}))

assert.NoError(t, m.RegisterKmipCluster(
err = m.RegisterKmsCluster(
ctx,
providerID,
types.KmipClusterInfoKmsManagementTypeUnknown))
types.KmipClusterInfoKmsManagementTypeVCenter)
assert.True(t, fault.Is(err, &types.InvalidArgument{}))

assert.NoError(t, m.RegisterKmipServer(ctx, serverSpec))

Expand All @@ -263,7 +260,7 @@ func TestCryptoManagerKmip(t *testing.T) {
assert.EqualError(t, err, "invalid cluster ID")
assert.Nil(t, status)

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID,
types.KmipClusterInfoKmsManagementTypeUnknown))
Expand Down Expand Up @@ -308,15 +305,15 @@ func TestCryptoManagerKmip(t *testing.T) {
provider2serverName3 := uuid.NewString()
provider3serverName1 := uuid.NewString()

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider1ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider2ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider3ID,
types.KmipClusterInfoKmsManagementTypeNativeProvider))
Expand Down Expand Up @@ -454,7 +451,7 @@ func TestCryptoManagerKmip(t *testing.T) {
providerID := uuid.NewString()
serverName := uuid.NewString()

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID,
types.KmipClusterInfoKmsManagementTypeUnknown))
Expand Down Expand Up @@ -524,7 +521,7 @@ func TestCryptoManagerKmip(t *testing.T) {
assert.EqualError(t, err, "ServerFaultCode: Invalid cluster ID")
assert.True(t, fault.Is(err, &types.RuntimeFault{}))

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID,
types.KmipClusterInfoKmsManagementTypeUnknown))
Expand Down Expand Up @@ -562,7 +559,7 @@ func TestCryptoManagerKmip(t *testing.T) {
providerID := uuid.NewString()
serverName := uuid.NewString()

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID,
types.KmipClusterInfoKmsManagementTypeUnknown))
Expand Down Expand Up @@ -608,15 +605,15 @@ func TestCryptoManagerKmip(t *testing.T) {
provider2serverName3 := uuid.NewString()
provider3serverName1 := uuid.NewString()

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider1ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider2ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider3ID,
types.KmipClusterInfoKmsManagementTypeNativeProvider))
Expand Down Expand Up @@ -723,15 +720,15 @@ func TestCryptoManagerKmip(t *testing.T) {
provider2ID := uuid.NewString()
provider3ID := uuid.NewString()

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider1ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider2ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider3ID,
types.KmipClusterInfoKmsManagementTypeNativeProvider))
Expand All @@ -758,15 +755,15 @@ func TestCryptoManagerKmip(t *testing.T) {
provider2ID := uuid.NewString()
provider3ID := uuid.NewString()

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider1ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider2ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider3ID,
types.KmipClusterInfoKmsManagementTypeNativeProvider))
Expand Down Expand Up @@ -803,15 +800,15 @@ func TestCryptoManagerKmip(t *testing.T) {
provider2ID := uuid.NewString()
provider3ID := uuid.NewString()

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider1ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider2ID,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
provider3ID,
types.KmipClusterInfoKmsManagementTypeNativeProvider))
Expand Down Expand Up @@ -851,7 +848,7 @@ func TestCryptoManagerKmip(t *testing.T) {
providerID1 := uuid.NewString()
providerID2 := uuid.NewString()

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID1,
types.KmipClusterInfoKmsManagementTypeNativeProvider))
Expand All @@ -869,7 +866,7 @@ func TestCryptoManagerKmip(t *testing.T) {
assert.True(t, fault.Is(err, &types.RuntimeFault{}))
assert.Empty(t, keyID)

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID2,
types.KmipClusterInfoKmsManagementTypeUnknown))
Expand Down Expand Up @@ -899,15 +896,15 @@ func TestCryptoManagerKmip(t *testing.T) {
assert.NoError(t, err)
assert.Len(t, keys, 0)

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID1,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID2,
types.KmipClusterInfoKmsManagementTypeUnknown))
assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID3,
types.KmipClusterInfoKmsManagementTypeNativeProvider))
Expand Down Expand Up @@ -979,7 +976,7 @@ func TestCryptoManagerKmip(t *testing.T) {

providerID := uuid.NewString()

assert.NoError(t, m.RegisterKmipCluster(
assert.NoError(t, m.RegisterKmsCluster(
ctx,
providerID,
types.KmipClusterInfoKmsManagementTypeUnknown))
Expand Down
92 changes: 92 additions & 0 deletions govc/USAGE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,11 @@ but appear via `govc $cmd -h`:
- [import.ovf](#importovf)
- [import.spec](#importspec)
- [import.vmdk](#importvmdk)
- [kms.add](#kmsadd)
- [kms.default](#kmsdefault)
- [kms.ls](#kmsls)
- [kms.rm](#kmsrm)
- [kms.trust](#kmstrust)
- [library.checkin](#librarycheckin)
- [library.checkout](#librarycheckout)
- [library.clone](#libraryclone)
Expand Down Expand Up @@ -3582,6 +3587,93 @@ Options:
-pool= Resource pool [GOVC_RESOURCE_POOL]
```

## kms.add

```
Usage: govc kms.add [OPTIONS] NAME
Add KMS cluster.
Server name and address are required, port defaults to 5696.
Examples:
govc kms.add -n my-server -a kms.example.com my-kp
Options:
-a= Server address
-n= Server name
-p=5696 Server port
```

## kms.default

```
Usage: govc kms.default [OPTIONS] NAME
Set default KMS cluster.
Examples:
govc kms.default my-kp
govc kms.default - # clear default
govc kms.default -e /dc/host/cluster my-kp
govc kms.default -e /dc/host/cluster my-kp - # clear default
Options:
-e= Set entity default KMS cluster (cluster or host folder)
```

## kms.ls

```
Usage: govc kms.ls [OPTIONS] NAME
Display KMS info.
Examples:
govc kms.ls
govc kms.ls -json
govc kms.ls - # default provider
govc kms.ls ProviderName
govc kms.ls -json ProviderName
Options:
```

## kms.rm

```
Usage: govc kms.rm [OPTIONS] NAME
Remove KMS server or cluster.
Examples:
govc kms.rm my-kp
govc kms.rm -s my-server my-kp
Options:
-s= Server name
```

## kms.trust

```
Usage: govc kms.trust [OPTIONS] NAME
Establish trust between KMS and vCenter.
Examples:
# "Make vCenter Trust KMS"
govc kms.trust -server-cert "$(govc about.cert -show)" my-kp
# "Make KMS Trust vCenter" -> "KMS certificate and private key"
govc kms.trust -client-cert "$(cat crt.pem) -client-key "$(cat key.pem) my-kp
# "Download the vCenter certificate and upload it to the KMS"
govc about.cert -show > vcenter-cert.pem
Options:
```

## library.checkin

```
Expand Down
Loading

0 comments on commit 828cac6

Please sign in to comment.