vRA 7
Using the PUT REST call detailed here to update a Business Group: vRealize Automation 7.0
/api/tenants/{tenantId}/subtenants/{id}
I send Body text as detailed for a subtenant here, example below: vRealize Automation 7.0
{
"id": "f8e0d99e-c567-4031-99cb-d8410c841ed7",
"name": "BusinessGroup01",
"description": "Business Group 01",
"subtenantRoles": [ {
"name": "Business Group Manager",
"scopeRoleRef" : "CSP_SUBTENANT_MANAGER",
"principalId": [
{
"domain": "vrademo.local",
"name": "tenantadmin01"
},
{
"domain": "vrademo.local",
"name": "tenantmanager01"
}
]
},
{
"name": "Basic User",
"scopeRoleRef": "CSP_CONSUMER",
"principalId": [
{
"domain": "vrademo.local",
"name": "tenantusers01"
}
]
} ,
{
"name": "Support User",
"scopeRoleRef": "CSP_SUPPORT",
"principalId": [
{
"domain": "vrademo.local",
"name": "tenantsupportusers01"
}
]
} ],
"extensionData": {
"entries": [
{
"key": "iaas-machine-prefix",
"value": {
"type": "string",
"value": "87e99513-cbea-4589-8678-c84c5907bdf2"
}
},
{
"key": "iaas-manager-emails",
"value": {
"type": "string",
"value": "busgroupmgr01@vrademo.local"
}
}
]
},
"tenant": "Tenant01"
}
All items detailed in the JSON are updated successfully, except for anything in subtenantRoles which seems to be ignored. So neither Business Group Manager, nor Support Users, nor Users are updated.
If I send the same Body text (minus ID) to:
POST /api/tenants/{tenantId}/subtenants
then a Business Group is successfully created, including the subtenantRoles.
Anyone else experience this?
Interestingly, post is a supported method to
it appears that the roles have a different URI, and can't be updated directly through the subtenant.
Grant
Thanks for the response. It looks like I might be able to do what I need to with a combination of:
Get the existing Principals per Role
GET /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals
Remove each one
DELETE /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals/{principalId}
Then add Principals to Roles based on the JSON details I already have for changing the whole Business Group with
POST /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals
so in effect, making a change to an existing Business Group.
However, while I can successfully retrieve existing Principals with the GET:
{
"links": [],
"content": [
{
"@type": "PrincipalData",
"name": "Jonathan Medd",
"principalId": {
"domain": "vsphere.local",
"name": "jmedd"
},
"principalType": "USER"
}
],
"metadata": {
"size": 0,
"totalElements": 1,
"totalPages": 1,
"number": 1,
"offset": 0
}
}
and also delete existing Principals. When I try the POST /api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals
with body set to
{
"domain": "vsphere.local",
"name": "tuser"
}
which the documentation says should "Adds the provided principals to the identified business group (aka: subtenant) role."
I get:
{
"errors": [
{
"code": 10104,
"message": "Data serialization error.",
"systemMessage": "Could not read message [acceptableTypes: [application/*+json;charset=UTF-8, application/json;charset=UTF-8]]",
"moreInfoUrl": null
}
]
}
which looks like the JSON is misformed - however I got it from vRealize Automation 7.0
Any ideas?
I got the same error and landed here for tenantid/principals POST...
was solved by not enclosing the principal in [ ] within the json request
example
this works...
"principalId": { "domain": "X", "name": "X"} ,
instead of this (which was causing the error but i think really should work...)
"principalId": [
{ "domain": "X", "name": "X"} ] ,
I know this is an old thread but I was wondering if you ever solved this. I get the same error when I try to POST to "/api/tenants/{tenantId}/subtenants/{id}/roles/{scopeRoleRef}/principals" when formatting the JSON using.
"principalId": {
"domain":"{Domain}",
"name":"{GroupName}"
},
"principalType": "SSO_GROUP"
}
and
{
"domain":"{Domain}",
"name":"{GroupName}"
}