VMware Networking Community
wildea
Contributor
Contributor
‎03-27-2018 02:16 AM

Get Security Tags by Name in vRO

Hi

I try to write a workflow to automaticaly add vm's to a security group. The nsx workflow to add a vm to a security tag is by using the security tag id.

In my workflow an input parameter with a name should be used to lookup for a security tag but the only way that I found is to lookup a security group by its ID.

Is there a way to use a name (string) to get the ID of a secutity tag to use it forther to add the vm to this securtity tag?

hope sombody has a hint

thanks

0 Kudos
3 Replies
rutgerblommah
Enthusiast
Enthusiast
‎03-27-2018 04:52 AM

Using name instead if ID sounds like a bad idea. You want to be able to rename your tags without your workflows running into trouble.

BR

/Rutger

//Rutger
0 Kudos
wildea
Contributor
Contributor
‎03-27-2018 05:21 AM

this is right. But we use a Puppet Master plugin in the vR Automation. Goal is to put the vm to the security tag that matches the puppet role that we define in the puppet master.

for example:

We provision a vm with the puppet role webserver. The puppet role name is webserver und and the vm should get the security tag webserver.

the security tags would all have the same names like the puppet roles.

0 Kudos
bayupw
Leadership
Leadership
‎03-27-2018 07:28 PM

I think you would need to create a new workflow to retrieve Security Tag ID by Security Tag Name.

If you see the scriptable task in the "Get security tag by ID" workflow, it uses the NSXSecurityTagManager.getSecurityTag.

pastedImage_1.png

You can probably try to list all the Security Tag using the NSXSecurityTagManager.getSecurityTag, lookup for a name that matches the input and pass the Security Tag ID to other workflow so the VM can be added to that Security ID.

Not sure if this is documented somewhere.

The REST API to add VM to a Security Tag is by Security ID too as per API Guide https://docs.vmware.com/en/VMware-NSX-for-vSphere/6.4/nsx_64_api.pdf

pastedImage_4.png

So if you want to use the REST API based workflows, I think the logic would be similar that you need to list all the Security Tag, search for a specific name and find the ID.

The actual process of assigning a Security Tag to a VM still will assign it by Security Tag ID.

If you need to develop a custom workflow using REST API, you can take a look at the Extensibility Kit https://communities.vmware.com/docs/DOC-30791 and use the available workflows as sample or starting point.

Or, you can use PowerNSX cmdlet Get-NsxSecurityTag -name <Tag Name>

get the Security Tag ID and call a vRO workflow to assign the desired Security Tag to a VM

pastedImage_0.png

Bayu Wibowo | VCIX6-DCV/NV
Author of VMware NSX Cookbook http://bit.ly/NSXCookbook
https://github.com/bayupw/PowerNSX-Scripts
https://nz.linkedin.com/in/bayupw | twitter @bayupw
0 Kudos