I am using vRA Rest API to build a custom application. I am trying to find an API which allows me to add a role to a custom group.
The screen shot shows where in the vRA GUI this can be done.
Any suggestions would be appreciated.
1. First get the principalId of the custom group:
curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/tenants/dev/groups/custadmin'
{
"groupType": "CUSTOM",
"netbios": null,
"name": "custadmin",
"fqdn": null,
"domain": "dev",
"description": "",
"principalId": {
"domain": "dev",
"name": "custadmin"
},
"emailAddress": null
}
2. Optional: query current roles assigned (it is a Catalog Admin at the moment):
curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/tenants/dev/principals/custadmin@dev/roles'
{
"links": [],
"content": [
{
"@type": "TenantRole",
"id": "CATALOG_SERVICE_CATALOG_ADMIN",
"name": "Catalog Administrator",
"description": "Creates and manages service categories and catalog items for the tenant.",
"assignedPermissions": [
{
"id": "GUI_MY_TENANT_MANAGEMENT",
"name": "My Tenant Administration User Interface",
"description": "Access my tenant administration GUI.",
"prereqAdminPermissions": null
},
{
"id": "CATALOG_AUTHOR_TENANT",
"name": "Catalog Tenant-level Author",
"description": "Create, update and publish services, catalog items and actions shared across a Tenant.",
"prereqAdminPermissions": null
}
]
}
],
"metadata": {
"size": 20,
"totalElements": 1,
"totalPages": 1,
"number": 1,
"offset": 0
}
}
3. Then add the desired role:
curl -s -k -X PUT --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/tenants/dev/principals/custadmin@dev/roles/COMPOSITION_SERVICE_APPLICATION_ARCHITECT'
4. Verify (see point 2)
5. Extra: list of roles:
curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/roles?page=1&limit=50'
1. First get the principalId of the custom group:
curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/tenants/dev/groups/custadmin'
{
"groupType": "CUSTOM",
"netbios": null,
"name": "custadmin",
"fqdn": null,
"domain": "dev",
"description": "",
"principalId": {
"domain": "dev",
"name": "custadmin"
},
"emailAddress": null
}
2. Optional: query current roles assigned (it is a Catalog Admin at the moment):
curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/tenants/dev/principals/custadmin@dev/roles'
{
"links": [],
"content": [
{
"@type": "TenantRole",
"id": "CATALOG_SERVICE_CATALOG_ADMIN",
"name": "Catalog Administrator",
"description": "Creates and manages service categories and catalog items for the tenant.",
"assignedPermissions": [
{
"id": "GUI_MY_TENANT_MANAGEMENT",
"name": "My Tenant Administration User Interface",
"description": "Access my tenant administration GUI.",
"prereqAdminPermissions": null
},
{
"id": "CATALOG_AUTHOR_TENANT",
"name": "Catalog Tenant-level Author",
"description": "Create, update and publish services, catalog items and actions shared across a Tenant.",
"prereqAdminPermissions": null
}
]
}
],
"metadata": {
"size": 20,
"totalElements": 1,
"totalPages": 1,
"number": 1,
"offset": 0
}
}
3. Then add the desired role:
curl -s -k -X PUT --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/tenants/dev/principals/custadmin@dev/roles/COMPOSITION_SERVICE_APPLICATION_ARCHITECT'
4. Verify (see point 2)
5. Extra: list of roles:
curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/roles?page=1&limit=50'
Hi Xian, thanks so much for the detailed advice. We are going to look at this later in the week and will confirm if it works.