4 Replies Latest reply on Sep 18, 2019 5:21 PM by esiemiat

    PUT API REST call does not update role membership of Business Group

    jmedd Enthusiast
    vExpert

      vRA 7

       

      Using the PUT REST call detailed here to update a Business Group: vRealize Automation 7.0

       

      /api/tenants/{tenantId}/subtenants/{id}

       

      I send Body text as detailed for a subtenant here, example below: vRealize Automation 7.0

       

      {

          "id": "f8e0d99e-c567-4031-99cb-d8410c841ed7",

          "name": "BusinessGroup01",

          "description": "Business Group 01",

          "subtenantRoles": [ {

          "name": "Business Group Manager",

          "scopeRoleRef" : "CSP_SUBTENANT_MANAGER",

          "principalId": [

              {

              "domain": "vrademo.local",

              "name": "tenantadmin01"

              },

              {

              "domain": "vrademo.local",

              "name": "tenantmanager01"

              }

          ]

          },

          {

          "name": "Basic User",

              "scopeRoleRef": "CSP_CONSUMER",

              "principalId": [

              {

                  "domain": "vrademo.local",

                  "name": "tenantusers01"

              }

              ]

          } ,

          {

          "name": "Support User",

              "scopeRoleRef": "CSP_SUPPORT",

              "principalId": [

              {

                  "domain": "vrademo.local",

                  "name": "tenantsupportusers01"

              }

              ]

          } ],

          "extensionData": {

          "entries": [

              {

              "key": "iaas-machine-prefix",

              "value": {

                  "type": "string",

                  "value": "87e99513-cbea-4589-8678-c84c5907bdf2"

              }

              },

              {

              "key": "iaas-manager-emails",

              "value": {

                  "type": "string",

                  "value": "busgroupmgr01@vrademo.local"

              }

              }

          ]

          },

          "tenant": "Tenant01"

      }

       

       

      All items detailed in the JSON are updated successfully, except for anything in subtenantRoles which seems to be ignored. So neither Business Group Manager, nor Support Users, nor Users are updated.

       

      If I send the same Body text (minus ID) to:

       

      POST /api/tenants/{tenantId}/subtenants

       

      then a Business Group is successfully created, including the subtenantRoles.

       

      Anyone else experience this?

        • 1. Re: PUT API REST call does not update role membership of Business Group
          GrantOrchardVMware Expert
          VMware Employees

          Interestingly, post is a supported method to

           

          /identity/api/tenants/{tenantId}/subtenants/{id}/roles

           

          it appears that the roles have a different URI, and can't be updated directly through the subtenant.

           

          Grant

          • 2. Re: PUT API REST call does not update role membership of Business Group
            jmedd Enthusiast
            vExpert

            Thanks for the response. It looks like I might be able to do what I need to with a combination of:

             

            Get the existing Principals per Role

             

            GET /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals

             

            Remove each one

             

            DELETE /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals/{principalId}

             

            Then add Principals to Roles based on the JSON details I already have for changing the whole Business Group with

             

            POST /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals

             

            so in effect, making a change to an existing Business Group.

             

            However, while I can successfully retrieve existing Principals with the GET:

             

            {

              "links": [],

              "content": [

                {

                  "@type": "PrincipalData",

                  "name": "Jonathan Medd",

                  "principalId": {

                    "domain": "vsphere.local",

                    "name": "jmedd"

                  },

                  "principalType": "USER"

                }

              ],

              "metadata": {

                "size": 0,

                "totalElements": 1,

                "totalPages": 1,

                "number": 1,

                "offset": 0

              }

            }

             

            and also delete existing Principals. When I try the POST /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals

             

            with body set to

             

            {

              "domain": "vsphere.local",

              "name": "tuser"

            }

            which the documentation says should "Adds the provided principals to the identified business group (aka: subtenant) role."

             

            I get:

             

            {

              "errors": [

                {

                  "code": 10104,

                  "message": "Data serialization error.",

                  "systemMessage": "Could not read message [acceptableTypes: [application/*+json;charset=UTF-8, application/json;charset=UTF-8]]",

                  "moreInfoUrl": null

                }

              ]

            }

             

            which looks like the JSON is misformed - however I got it from vRealize Automation 7.0

             

            Any ideas?

            • 3. Re: PUT API REST call does not update role membership of Business Group
              A380_i686 Novice

              I got the same error and landed here for tenantid/principals POST...

              was solved by not enclosing the principal in [ ] within the json request

               

              example

              this works...

              "principalId": { "domain": "X", "name": "X"} ,

               

              instead of this (which was causing the error but i think really should work...)

              "principalId": [

              { "domain": "X", "name": "X"}          ] ,

              • 4. Re: PUT API REST call does not update role membership of Business Group
                esiemiat Novice

                I know this is an old thread but I was wondering if you ever solved this. I get the same error when I try to POST to "/api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals" when formatting the JSON using.

                 

                {

                 

                    "principalId": {

                          "domain":"{Domain}",

                          "name":"{GroupName}"

                     },

                    "principalType": "SSO_GROUP"

                }

                 

                and

                 

                {

                     "domain":"{Domain}",

                     "name":"{GroupName}"

                }