Create Trust Authority Clusters Attestation TPM2 Endorsement Keys Task
Add a new TPM endorsement key on a cluster.
Request
URLURL
https://{api_host}/api/vcenter/trusted-infrastructure/trust-authority-clusters/{cluster}/attestation/tpm2/endorsement-keys?vmw-task=true
Path Parameters
Path Parameters
string
cluster
Required
The id of the cluster on which the operation will be executed. The parameter must be an identifier for the resource type: ClusterComputeResource.
Header Parameters
Header Parameters
string
vmware-api-session-id
Required
Required session ID, acquired from Create Session API under CIS product
vmware-api-session-id example
"b00db39f948d13ea1e59b4d6fce56389"
Request Body
Request Body
TrustedInfrastructureTrustAuthorityClustersAttestationTpm2EndorsementKeysCreateSpec of mimetype application/json
Required
The configuration.
{
"name": "string"
}
string
name
Required
A unique name for the TPM endorsement key. The unique name should be something that an administrator can use to easily identify the remote system. For example, the hostname, or hardware UUID.
When clients pass a value of this structure as a parameter, the field must be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.EndorsementKey. When operations return a value of this structure as a result, the field will be an identifier for the resource type: com.vmware.vcenter.trusted_infrastructure.trust_authority_clusters.attestation.tpm2.EndorsementKey.
string
certificate
Optional
TPM endorsement key certificate in PEM format. When a endorsement key certificate is provided, it will be verified against the CA certificate list. Endorsement key certificates that are not signed by one of the CA certificates will be rejected.
Using this format allows for failures to be caught during configuration rather than later during attestation.
If unset EndorsementKeys.CreateSpec.public-key must be set.
string
public_key
Optional
TPM public endorsement key in PEM format. If unset EndorsementKeys.CreateSpec.certificate must be set.
Authentication
This operation uses the following authentication methods.
Response
Response
Response BodyResponse Body
202 Accepted returns
string
of type application/json
An identifier for the task created by this API invocation will be returned. If the non-async version of the operation returns a value, this id can be used with the CIS Get Task operation to fetch that value. The normal description of this operation’s return value will follow if one exists.
Errors
400
com.vmware.vapi.std.errors.already_exists : if the endorsement key name exists. | com.vmware.vapi.std.errors.invalid_argument : if the configuration is invalid or cluster id is empty.
404
com.vmware.vapi.std.errors.not_found : if cluster doesn’t match to any cluster in the vCenter.
default
‘Default’ means this response is used for all HTTP codes that are not covered individually for this operation.
Code Samples
PowerCLI Client SDK Example
$TrustedInfrastructureTrustAuthorityClustersAttestationTpm2EndorsementKeysCreateSpec = Initialize-TrustedInfrastructureTrustAuthorityClustersAttestationTpm2EndorsementKeysCreateSpec -Name "MyName"
Invoke-CreateClusterTpm2EndorsementKeysAsync -Cluster "MyCluster" -TrustedInfrastructureTrustAuthorityClustersAttestationTpm2EndorsementKeysCreateSpec $TrustedInfrastructureTrustAuthorityClustersAttestationTpm2EndorsementKeysCreateSpec
PowerCLI Client SDK All Parameters Example
$TrustedInfrastructureTrustAuthorityClustersAttestationTpm2EndorsementKeysCreateSpec = Initialize-TrustedInfrastructureTrustAuthorityClustersAttestationTpm2EndorsementKeysCreateSpec -Name "MyName" -PublicKey "MyPublicKey" -Certificate "MyCertificate"
Invoke-CreateClusterTpm2EndorsementKeysAsync -Cluster "MyCluster" -TrustedInfrastructureTrustAuthorityClustersAttestationTpm2EndorsementKeysCreateSpec $TrustedInfrastructureTrustAuthorityClustersAttestationTpm2EndorsementKeysCreateSpec
cURL Command
curl -X POST -H "vmware-api-session-id: b00db39f948d13ea1e59b4d6fce56389" -H "Content-Type: application/json" -d '{"certificate":"string","name":"string","public_key":"string"}' https://{api_host}/api/vcenter/trusted-infrastructure/trust-authority-clusters/{cluster}/attestation/tpm2/endorsement-keys?vmw-task=true
Vendor Extensions
This operation contains the following vendor extensions defined in the spec:
x-vmw-doc-operation: create_task
Availability
Added in 7.0.0.0
