VMware Cloud Community
pacharya46
Contributor
Contributor

Copying custom properties of one VM to Another - Decrypting an encrypted property

As solution I need to copy the custom properties of one VM to another VM.  I would like to know how can retrieve encrypted custom proerty and decrypt it
Reply
0 Kudos
13 Replies
pacharya46
Contributor
Contributor

Any help here is much appreciated
Reply
0 Kudos
daphnissov
Immortal
Immortal

Not sure what you're asking about. Are you talking about an existing deployment with a VM containing custom properties you wish to copy to another running deployment? Something else?

Reply
0 Kudos
pacharya46
Contributor
Contributor

As we provide solution to backup and restore of VM, would like to copy the vm properties of source to destination vm, which is created as part backup of source VM while restore operation to create a new VMware, which is the destination vm hope it is clear

To make it more simple want copy the VM properties of one VM to another VM. Challenge is copying the encrypted properties

Reply
0 Kudos
daphnissov
Immortal
Immortal

Yeah, I still don't understand what you're saying. It sounds like you want to be able to backup then restore a VM that results from a vRA deployment and you think you need to backup then restore custom properties. If that's what you want to do, that isn't necessary as long as you restore the VM with the same VCUUID and morefID. The mapping must be the same.

Reply
0 Kudos
pacharya46
Contributor
Contributor

To avoid confusion. let me keep it simple. I want to fetch encrypted properties of VM and also encrypted custom properties of blueprint.

Reply
0 Kudos
eoinbyrne
Expert
Expert

Hi

This KB describes how it can be done externally - VMware Knowledge Base - using tools built into the IaaS server libraries

Yaniv Norman then has this blog post - https://www.parsingwings.com/2016/08/13/encrypted-vra-custom-properties-fun-with-vro-part-i/  - where he shows how to leverage those libraries in PowerShell

You should be able to use these to do the following

Create PowerShell script as Yaniv shows on the IaaS box

Setup the IaaS node as a PowerShellHost in vRO

Now vRO can call PowerShell to get encypted property values back in plaintext

-HTH

Reply
0 Kudos
pacharya46
Contributor
Contributor

Thanks for detailed information. One of the challenge I am facing is the reading of encrypted custom property from BluePrint and always gives value as Null(Empty) is ConstantValue type is of SecureString Literal.

var bpProperties = blueprint.getProperties(); // getting custom property from BluePrint

for each(var key in bpProperties.keys) {

    var prop = bpProperties.get(key);

    if(prop.facets.encrypted.value.value){

         encryptedValue = prop.facets.defaultValue.value.value; // this code will always provide empty value

    }

}

Reply
0 Kudos
eoinbyrne
Expert
Expert

Are you sure the encrypted value is stored on the Blueprint? As in, if you go into the portal and open the Designer the encrypted property is specified on the Custom Properties tab of the VM definition? I ask as the encrypted custom property could be coming from a Property Group or some part of the property source chain which IaaS uses when creating VMs

i.e., Custom properties can be specified in any of the following places

Reservations

Business Group

Blueprint

Property Groups

Request

I can't recall exactly what the precedence order for processing these is but IaaS take an approach which amounts to "overlay with no clobber" when handling your VM request after submission.

Anyway, if the value is null on the Blueprint but is present on the created VM then it's possible that the property you're looking for is inherited from one the sources above?

Reply
0 Kudos
BPK2
Enthusiast
Enthusiast

Once try like below.

var bpProperties = blueprint.getProperties();

for each(var prop in bpProperties) {

    var key= prop.key;

    if(key.facets.encrypted.value.value){

         encryptedValue = key.facets.defaultValue.value.value;

    }

}

Reply
0 Kudos
pacharya46
Contributor
Contributor

var key= prop.key; is giving as undefined.

Reply
0 Kudos
BPK2
Enthusiast
Enthusiast

var bpProperties = blueprint.getProperties();

for each(var prop in bpProperties) {

    var key= prop.keys;

    if(key.facets.encrypted.value.value){

         encryptedValue = key.facets.defaultValue.value.value;

    }

}

Reply
0 Kudos
pacharya46
Contributor
Contributor

No luck still failing with below error

TypeError: Cannot read property "facets" from undefined, Also tried with method 'getFacets()' instead of 'facets' still the same issue

However I could get the defaultValue with below approach. However value will be empty as it is SecureString type

for each(var key in bpProperties.keys) {

    var prop = bpProperties.get(key);

    var ecryptValue = prop.getFacets().get('defaultValue').value ; // this will return 'vCACCAFESecureStringLiteral'

     System.log(ecryptValue)

   // Here is logging of ecryptValue

//  [vCACCAFESecureStringLiteral]-[class com.vmware.vcac.platform.content.literals.SecureStringLiteral] -- VALUE : SecureString[********]

      ecryptValue.value ;// will return empty string

   

}

Reply
0 Kudos
pacharya46
Contributor
Contributor

After making few changes I could read the encrypted property value. Thanks everyone for your help and support

Reply
0 Kudos