VMware Cloud Community
qc4vmware
Virtuoso
Virtuoso
‎09-02-2016 02:44 PM

vRA 6.2.4 create a IaaS user? Trying to deploy with a service account but can't reassign the asset.

I am using vRA 6.2.4 and we are trying to use a service account to execute the deployment so that the items in question do not appear in the catalog when the user logs in.  We are using another front end to manage the requests.  This works fine for users which have previously been the owner of an IaaS asset.  It seems like an IaaS user must not be created until that point.  I need a way of creating this so that I can reassign the system once it has been deployed.  Is there a way of creating the user via the api?  I'm using the reconfigure action on the catalog resource to accomplish this but it requires a userID which like I said does not exist.  I've got a bit of chicken and the egg going on right now.  If there is a better way to accomplish what I am trying to do I am open to modifying the procedure.  If I have to I can switch to deploying it on behalf of the user which I know works but I can't hide the items in the catalog (at least I don't think I can).

Here are some releveant snippets.  item is the catalogResource

var operations = item.getOperations();

for each (var op in operations) {

  System.log(op.name + "::" + op.id);

  if (op.name.toUpperCase() === "RECONFIGURE") {

  var reconfigOp = op;

  break;

  }

}

var inputs = new Properties();

inputs.put("provider-operationId", "Infrastructure.Machine.Action.Reconfigure");

inputs.put("provider-Cafe.Shim.VirtualMachine.Owner", newOwnerId);

actionResult = System.getModule("com.vmware.library.vcaccafe.request").requestResourceAction(reconfigOp,inputs)



In the above code newOwnerId is set by the code in this action:


var modelName = 'ManagementModelEntities.svc';

var entitySetName = 'Users';

var headers = null;

var userID = "";

//Create properties for prefix entity

var properties = {UserName:userName};

//Read a list of entities

var entities = vCACEntityManager.readModelEntitiesByCustomFilter(host.id, modelName, entitySetName, properties, headers);

if (entities.length > 0)

  userID = entities[0].getProperties().get("UserID")

else

  System.debug("Could not find user with username : " + userName);

System.debug("userID : " + userID);

return userID;

0 Kudos
2 Replies
eoinbyrne
Expert
Expert
‎09-03-2016 03:06 AM

Hi,

I normally get the same thing done using this property and have had no issues so far with the 6.x releases

provider-Cafe.Shim.VirtualMachine.AssignToUser


The user has to be recognizable to vRA though and so must be a member of a Business group (and therefore also a Provisioning Group within IaaS)

In your case it sounds like you want to add the new user before you request the machine? If you look at adding the username to the membership of some business group that should be enough unless IaaS needs some time to replicate the new user id?

I'm not 100% sure of the difference in action between the property above and the one you mentioned below - perhaps one relates to the request for the machine & the other relates to the attributes of the final vCACVM?

Lastly, @SeanKohler has this post which looks to be in the same area you're in, might be helpful

Ownership changes - Machine Resource Items and Custom Resource Items Owner

Anyway, HTH and please post the resolution if you get one

-Eoin

qc4vmware
Virtuoso
Virtuoso
‎09-03-2016 11:42 AM

So shortly after posting this I created a workflow to go ahead and create the IaaS user with the entity manager and that seems to be working.  I haven't tried with the provider-Cafe.Shim.VirtualMachine.AssignToUser.  Even though we've been using vRA (lightly) for the past 2-3 years I am still somewhat of a novice with automating it and I have only very light knowledge of the api's.  I'll take a look at Sean's post.  I think I may have already commented on it in fact as it sounds familiar.  I think back when I was first tackling some of this stuff and then I got distracted from these tasks until the suddenly became a priority for me.  At any rate manually creating the IaaS user seems to work but if what you propose works its probably the cleaner way of doing things.

Thanks!

Paul

Oh here is the code I put together for creating an IaaS user.  It first calls the function to retrieve the user id and if that fails it then does a create and returns that id.

var modelName = 'ManagementModelEntities.svc';

var entitySetName = 'Users';

var parameters = {UserName:userName};

var links = null;

var headers = null;

var existingUserID = /*call the action to retrieve userID here */

var userID = "";

if (!existingUserID) {

  System.debug("Attempting to create user: " + userName);

  var createdEntity = vCACEntityManager.createModelEntity(host.id, modelName, entitySetName, parameters, links, headers);

  var newUserID = createdEntity.getProperties().get("UserID");

  System.log("Created UserID: " + newUserID);

  userID = newUserID;

}

else {

  userID = existingUserID;

  System.log("User: " + userName + " exists aborting creation.  User ID is " + existingUserID);

}

return userID;

0 Kudos