Module netapp_ontap.resources.iscsi_credentials
Copyright © 2019 NetApp Inc. All rights reserved.
Overview
An iSCSI credentials object defines authentication credentials to be used between an initiator and ONTAP. It identifies an authentication type, user names, and passwords that must be used to authenticate a specific initiator.
The iSCSI credentials REST API allows you to create, update, delete, and discover iSCSI credentials.
How iSCSI authentication works
An iSCSI credentials object defines the authentication credentials to be used between an initiator and ONTAP. While establishing an iSCSI connection, the initiator sends a login request to ONTAP to begin an iSCSI session. ONTAP then either permits or denies the login request, or determines that a login is not required.
For an initiator, you can specify an authentication type, user names and passwords, and a whitelist of optional network addresses from which the initiator is allowed to connect.iSCSI authentication methods
- Challenge-Handshake Authentication Protocol (CHAP) - The initiator logs in using a CHAP user name and password. There are two types of CHAP user names and passwords:
- Inbound - ONTAP authenticates the initiator. Inbound settings are required if you are using CHAP authentication.
- Outbound - These are optional credentials to enable the initiator to authenticate ONTAP. You can use credentials only if inbound credentials are also being used.
- deny - The initiator is denied access to ONTAP.
- none - ONTAP does not require authentication for the initiator. The CHAP inbound/outbound password can be any valid string or an even number of valid hexidecimal digits preceded by '0X' or '0x'.
Initiator address list
The initiator address list is a way to specify valid IP addresses from which the initiator is allowed to connect. If the list is specified and the source address of an iSCSI connection is not in the list, the connection is rejected. Initiator addresses can be specified in either IPv4 or IPv6 format and in one of two forms:
- Range
{
"start": "192.168.0.0",
"end": "192.168.0.255"
}
- Mask
{
"address": "192.168.0.0",
"netmask": "24"
}
Initiator "default"
The default iSCSI authentication definition is created when the iSCSI service is created. An iSCSI credentials object with default as the initiator name identifies the default authentication for an SVM. The default credentials are used for any initiator that does not have specific iSCSI credentials. The default iSCSI authentication method is none, but can be changed to deny or CHAP. The default credentials object does not support an initiator address list.
Examples
Creating iSCSI credentials requiring no authentication
# The API:
POST /api/protocols/san/iscsi/credentials
# The call:
curl -X POST 'https://<mgmt-ip>/api/protocols/san/iscsi/credentials' -H 'accept: application/hal+json' -d '{ "svm": { "name": "svm1" }, "initiator": "iqn.1992-08.com.netapp:initiator1", "authentication_type": "none" }'
Creating iSCSI credentials using CHAP inbound authentication
# The API:
POST /api/protocols/san/iscsi/credentials
# The call:
curl -X POST 'https://<mgmt-ip>/api/protocols/san/iscsi/credentials' -H 'accept: application/hal+json' -d '{ "svm": { "name": "svm1" }, "initiator": "iqn.1992-08.com.netapp:initiator2", "authentication_type": "CHAP", "chap": { "inbound": { "user": "user1", "password": "password1" } } }'
Retrieving all properties of all iSCSI credentials
The fields
query parameter is used to request all iSCSI credentials properties.
Passwords are not included in the GET output.
# The API:
GET /api/protocols/san/iscsi/credentials
# The call:
curl -X GET 'https://<mgmt-ip>/api/protocols/san/iscsi/credentials?fields=*' -H 'accept: application/hal+json'
# The response:
{
"records": [
{
"svm": {
"uuid": "19d04b8e-94d7-11e8-8370-005056b48fd2",
"name": "svm1",
"_links": {
"self": {
"href": "/api/svm/svms/19d04b8e-94d7-11e8-8370-005056b48fd2"
}
}
},
"initiator": "default",
"authentication_type": "none",
"_links": {
"self": {
"href": "/api/protocols/san/iscsi/credentials/19d04b8e-94d7-11e8-8370-005056b48fd2/default"
}
}
},
{
"svm": {
"uuid": "19d04b8e-94d7-11e8-8370-005056b48fd2",
"name": "svm1",
"_links": {
"self": {
"href": "/api/svm/svms/19d04b8e-94d7-11e8-8370-005056b48fd2"
}
}
},
"initiator": "iqn.1992-08.com.netapp:initiator1",
"authentication_type": "none",
"_links": {
"self": {
"href": "/api/protocols/san/iscsi/credentials/19d04b8e-94d7-11e8-8370-005056b48fd2/iqn.1992-08.com.netapp:initiator1"
}
}
},
{
"svm": {
"uuid": "19d04b8e-94d7-11e8-8370-005056b48fd2",
"name": "svm1",
"_links": {
"self": {
"href": "/api/svm/svms/19d04b8e-94d7-11e8-8370-005056b48fd2"
}
}
},
"initiator": "iqn.1992-08.com.netapp:initiator2",
"authentication_type": "chap",
"chap": {
"inbound": {
"user": "user1"
}
},
"_links": {
"self": {
"href": "/api/protocols/san/iscsi/credentials/19d04b8e-94d7-11e8-8370-005056b48fd2/iqn.1992-08.com.netapp:initiator2"
}
}
},
{
"svm": {
"uuid": "25f617cf-94d7-11e8-8370-005056b48fd2",
"name": "svm2",
"_links": {
"self": {
"href": "/api/svm/svms/25f617cf-94d7-11e8-8370-005056b48fd2"
}
}
},
"initiator": "default",
"authentication_type": "none",
"_links": {
"self": {
"href": "/api/protocols/san/iscsi/credentials/25f617cf-94d7-11e8-8370-005056b48fd2/default"
}
}
},
{
"svm": {
"uuid": "25f617cf-94d7-11e8-8370-005056b48fd2",
"name": "svm2",
"_links": {
"self": {
"href": "/api/svm/svms/25f617cf-94d7-11e8-8370-005056b48fd2"
}
}
},
"initiator": "iqn.1992-08.com.netapp:initiator2",
"authentication_type": "none",
"_links": {
"self": {
"href": "/api/protocols/san/iscsi/credentials/25f617cf-94d7-11e8-8370-005056b48fd2/iqn.1992-08.com.netapp:initiator2"
}
}
},
{
"svm": {
"uuid": "25f617cf-94d7-11e8-8370-005056b48fd2",
"name": "svm2",
"_links": {
"self": {
"href": "/api/svm/svms/25f617cf-94d7-11e8-8370-005056b48fd2"
}
}
},
"initiator": "iqn.1992-08.com.netapp:initiator3",
"authentication_type": "deny",
"_links": {
"self": {
"href": "/api/protocols/san/iscsi/credentials/25f617cf-94d7-11e8-8370-005056b48fd2/iqn.1992-08.com.netapp:initiator3"
}
}
}
],
"num_records": 6,
"_links": {
"self": {
"href": "/api/protocols/san/iscsi/credentials?fields=*"
}
}
}
Retrieving specific iSCSI credentials
# The API:
GET /api/protocols/san/iscsi/credentials/{svm.uuid}/{initiator}
# The call:
curl -X GET 'https://<mgmt-ip>/api/protocols/san/iscsi/credentials/25f617cf-94d7-11e8-8370-005056b48fd2/iqn.1992-08.com.netapp:initiator2' -H 'accept: application/hal+json'
# The response:
{
"svm": {
"uuid": "25f617cf-94d7-11e8-8370-005056b48fd2",
"name": "svm2",
"_links": {
"self": {
"href": "/api/svm/svms/25f617cf-94d7-11e8-8370-005056b48fd2"
}
}
},
"initiator": "iqn.1992-08.com.netapp:initiator2",
"authentication_type": "chap",
"chap": {
"inbound": {
"user": "user1"
}
},
"_links": {
"self": {
"href": "/api/protocols/san/iscsi/credentials/25f617cf-94d7-11e8-8370-005056b48fd2/iqn.1992-08.com.netapp:initiator2"
}
}
}
Updating the authentication type of iSCSI credentials
# The API:
PATCH /api/protocols/san/iscsi/credentials/{svm.uuid}/{initiator}
# The call:
curl -X PATCH 'https://<mgmt-ip>/api/protocols/san/iscsi/credentials/25f617cf-94d7-11e8-8370-005056b48fd2/iqn.1992-08.com.netapp:initiator2' -H 'accept: application/hal+json' -d '{ "authentication_type": "chap", "chap": { "inbound": { "user": "user1", "password": "password1" } } }'
Updating the initiator address list of iSCSI credentials
# The API:
PATCH /api/protocols/san/iscsi/credentials/{svm.uuid}/{initiator}
# The call:
curl -X PATCH 'https://<mgmt-ip>/api/protocols/san/iscsi/credentials/25f617cf-94d7-11e8-8370-005056b48fd2/iqn.1992-08.com.netapp:initiator2' -H 'accept: application/hal+json' -d '{ "initiator_address": { "ranges": [ { "start": "192.168.0.0", "end": "192.168.255.255" } ] } }'
Deleting iSCSI credentials
# The API:
DELETE /api/protocols/san/iscsi/credentials/{svm.uuid}/{initiator}
# The call:
curl -X DELETE 'https://<mgmt-ip>/api/protocols/san/iscsi/credentials/25f617cf-94d7-11e8-8370-005056b48fd2/iqn.1992-08.com.netapp:initiator2' -H 'accept: application/hal+json'
Classes
class IscsiCredentials (*args, **kwargs)
-
Allows interaction with IscsiCredentials objects on the host
Initialize the instance of the resource.
Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:
MyResource(name='foo').name == 'foo'
Args
*args
- Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
- each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.
Ancestors
Static methods
def delete_collection(*args, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Deletes specified iSCSI credentials.
Related ONTAP commands
vserver iscsi security delete
Learn more
Delete all objects in a collection which match the given query.
All records on the host which match the query will be deleted.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to delete the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def find(*args, connection: HostConnection = None, **kwargs) -> Resource
-
Retrieves iSCSI credentials.
Related ONTAP commands
vserver iscsi security show
Learn more
Find an instance of an object on the host given a query.
The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found or if more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
Resource
object containing the details of the object.Raises
NetAppRestError
: If the API call did not return exactly 1 matching resource. def get_collection(*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> typing.Iterable
-
Retrieves iSCSI credentials.
Related ONTAP commands
vserver iscsi security show
Learn more
Fetch a list of all objects of this type from the host.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. max_records
- The maximum number of records to return per call
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A list of
Resource
objectsRaises
NetAppRestError
: If there is no connection available to use either passed in or on the library. def patch_collection(body: dict, *args, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Updates specified iSCSI credentials.
Related ONTAP commands
vserver iscsi security add-initiator-address-ranges
vserver iscsi security default
vserver iscsi security modify
vserver iscsi security remove-initiator-address-ranges
Learn more
Patch all objects in a collection which match the given query.
All records on the host which match the query will be patched with the provided body.
Args
body
- A dictionary of name/value pairs to set on all matching members of the collection.
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to patch the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Methods
def delete(self, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Deletes specified iSCSI credentials.
Related ONTAP commands
vserver iscsi security delete
Learn more
Send a deletion request to the host for this object.
Args
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def get(self, **kwargs) -> NetAppResponse
-
Retrieves specified iSCSI credentials.
Related ONTAP commands
vserver iscsi security show
Learn more
Fetch the details of the object from the host.
Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def patch(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Updates specified iSCSI credentials.
Related ONTAP commands
vserver iscsi security add-initiator-address-ranges
vserver iscsi security default
vserver iscsi security modify
vserver iscsi security remove-initiator-address-ranges
Learn more
Send the difference in the object's state to the host as a modification request.
Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def post(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Creates iSCSI credentials.
Required properties
svm.uuid
orsvm.name
- Existing SVM in which to create the iSCSI credentials.initiator
- Initiator for which the iSCSI credentials are to be created.authentication_type
- Type of authentication to use for the credentials.
Recommended optional properties
chap.inbound.user
- In-bound CHAP authentication user name.chap.inbound.password
- In-bound CHAP authentication password.chap.outbound.user
- Out-bound CHAP authentication user name.chap.outbound.password
- Out-bound CHAP authentication password.
Related ONTAP commands
vserver iscsi security create
Learn more
Send this object to the host as a creation request.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Inherited members
class IscsiCredentialsSchema (only=None, exclude=(), many=False, context=None, load_only=(), dump_only=(), partial=False, unknown=None)
-
The fields of the IscsiCredentials object
Ancestors
- netapp_ontap.resource.ResourceSchema
- marshmallow.schema.Schema
- marshmallow.schema.BaseSchema
- marshmallow.base.SchemaABC
Class variables
var authentication_type
-
The iSCSI authentication type. Required in POST and optional in PATCH.
Valid choices:
- chap
- none
- deny
var chap
-
The chap field of the iscsi_credentials.
var initiator
-
The iSCSI initiator to which the credentials apply. Required in POST.
Example: iqn.1998-01.com.corp.iscsi:name1
var initiator_address
-
The initiator_address field of the iscsi_credentials.
var links
-
The links field of the iscsi_credentials.
var opts
var svm
-
The svm field of the iscsi_credentials.