VMware Cloud Community
jmedd
Enthusiast
Enthusiast

PUT API REST call does not update role membership of Business Group

vRA 7

Using the PUT REST call detailed here to update a Business Group: vRealize Automation 7.0

/api/tenants/{tenantId}/subtenants/{id}

I send Body text as detailed for a subtenant here, example below: vRealize Automation 7.0

{

    "id": "f8e0d99e-c567-4031-99cb-d8410c841ed7",

    "name": "BusinessGroup01",

    "description": "Business Group 01",

    "subtenantRoles": [ {

    "name": "Business Group Manager",

    "scopeRoleRef" : "CSP_SUBTENANT_MANAGER",

    "principalId": [

        {

        "domain": "vrademo.local",

        "name": "tenantadmin01"

        },

        {

        "domain": "vrademo.local",

        "name": "tenantmanager01"

        }

    ]

    },

    {

    "name": "Basic User",

        "scopeRoleRef": "CSP_CONSUMER",

        "principalId": [

        {

            "domain": "vrademo.local",

            "name": "tenantusers01"

        }

        ]

    } ,

    {

    "name": "Support User",

        "scopeRoleRef": "CSP_SUPPORT",

        "principalId": [

        {

            "domain": "vrademo.local",

            "name": "tenantsupportusers01"

        }

        ]

    } ],

    "extensionData": {

    "entries": [

        {

        "key": "iaas-machine-prefix",

        "value": {

            "type": "string",

            "value": "87e99513-cbea-4589-8678-c84c5907bdf2"

        }

        },

        {

        "key": "iaas-manager-emails",

        "value": {

            "type": "string",

            "value": "busgroupmgr01@vrademo.local"

        }

        }

    ]

    },

    "tenant": "Tenant01"

}

All items detailed in the JSON are updated successfully, except for anything in subtenantRoles which seems to be ignored. So neither Business Group Manager, nor Support Users, nor Users are updated.

If I send the same Body text (minus ID) to:

POST /api/tenants/{tenantId}/subtenants

then a Business Group is successfully created, including the subtenantRoles.

Anyone else experience this?

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
4 Replies
GrantOrchardVMw
Commander
Commander

Interestingly, post is a supported method to

/identity/api/tenants/{tenantId}/subtenants/{id}/roles

it appears that the roles have a different URI, and can't be updated directly through the subtenant.

Grant

Grant http://grantorchard.com
Reply
0 Kudos
jmedd
Enthusiast
Enthusiast

Thanks for the response. It looks like I might be able to do what I need to with a combination of:

Get the existing Principals per Role

GET /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals

Remove each one

DELETE /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals/{principalId}

Then add Principals to Roles based on the JSON details I already have for changing the whole Business Group with

POST /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals

so in effect, making a change to an existing Business Group.

However, while I can successfully retrieve existing Principals with the GET:

{

  "links": [],

  "content": [

    {

      "@type": "PrincipalData",

      "name": "Jonathan Medd",

      "principalId": {

        "domain": "vsphere.local",

        "name": "jmedd"

      },

      "principalType": "USER"

    }

  ],

  "metadata": {

    "size": 0,

    "totalElements": 1,

    "totalPages": 1,

    "number": 1,

    "offset": 0

  }

}

and also delete existing Principals. When I try the POST /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals

with body set to

{

  "domain": "vsphere.local",

  "name": "tuser"

}

which the documentation says should "Adds the provided principals to the identified business group (aka: subtenant) role."

I get:

{

  "errors": [

    {

      "code": 10104,

      "message": "Data serialization error.",

      "systemMessage": "Could not read message [acceptableTypes: [application/*+json;charset=UTF-8, application/json;charset=UTF-8]]",

      "moreInfoUrl": null

    }

  ]

}

which looks like the JSON is misformed - however I got it from vRealize Automation 7.0

Any ideas?

Blog: http://jonathanmedd.net | Twitter: @jonathanmedd
Reply
0 Kudos
A380_i686
Contributor
Contributor

I got the same error and landed here for tenantid/principals POST...

was solved by not enclosing the principal in [ ] within the json request

example

this works...

"principalId": { "domain": "X", "name": "X"} ,

instead of this (which was causing the error but i think really should work...)

"principalId": [

{ "domain": "X", "name": "X"}          ] ,

esiemiat
Contributor
Contributor

I know this is an old thread but I was wondering if you ever solved this. I get the same error when I try to POST to "/api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals" when formatting the JSON using.

{

    "principalId": {

          "domain":"{Domain}",

          "name":"{GroupName}"

     },

    "principalType": "SSO_GROUP"

}

and

{

     "domain":"{Domain}",

     "name":"{GroupName}"

}

Reply
0 Kudos