VMware Cloud Community
pezh0re
Enthusiast
Enthusiast
‎01-07-2015 10:02 AM
Jump to solution

Running a workflow object with given credentials

I'm working on a Windows provisioning workflow in vCO. In the interest of security, users have a domain admin level user and their normal user account that has been granted VMware/vCenter privileges. The normal account cannot perform any domain activities (creating security groups/adding computers to the domain), and the domain admin account cannot access vCenter.

I'd like a single workflow that will prep AD for a new server add (requires domain admin privs), then deploy a template/sysprep (requiring vCenter privs), and lastly joining the domain (Domain Admin privs again).

I know that I can use the "Run As" functionality for a single workflow, but is it possible to prompt the user for their admin credentials, then in a single workflow call the required AD workflows, followed by running the vCenter workflows, and lastly the AD workflows again with their domain admin creds?

Thanks!

Reply
0 Kudos
1 Solution

Accepted Solutions
cdecanini_
VMware Employee
VMware Employee
‎01-07-2015 03:21 PM
Jump to solution

Within a workflow you can use the Change Credential palette item (found under basic) to run the next operations with a different user.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter

View solution in original post

Reply
0 Kudos
2 Replies
cdecanini_
VMware Employee
VMware Employee
‎01-07-2015 03:21 PM
Jump to solution

Within a workflow you can use the Change Credential palette item (found under basic) to run the next operations with a different user.

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vCenter Orchestrator tips and tutorials - @vCOTeam on Twitter
Reply
0 Kudos
jonathanvh
Enthusiast
Enthusiast
‎01-08-2015 02:18 AM
Jump to solution

I use this code to start a WF with different credentials in a current running WF

'wf' is a variable of type 'Workflow'

var prop = new Properties();


var token = new WorkflowToken();


//Execute workflow


try {


  token = wf.execute(prop,username,password);


} catch (NullPointerException) {


  Output = "Incorrect username/password";


  System.log (Output);


  throw Output;


}






//Wait for workflow completion


var complete = false;


while(complete == false){


  if(token != null && (token.state != "running" && token.state != "waiting")){


  var outputProp = token.getOutputParameters();


  run = outputProp.get("run");


  //System.log (run);


  complete = true;


  }


}


if (run == null)


{


  if (token.logEvents[0].shortDescription == "Workflow has failed")


  {


  throw token.logEvents[0].longDescription;


  }


}
Reply