I try to accomplish the following task - based on the input including a username I want to know, of which projects the user is a member of.
AD user accounts can be members of any of multiple domains configured as directories in vRA 8; it is possible for a user to have an account in multiple domains, in this case the username across domains would be the same, but the domain part in the UPN would be different.
Ideally it would look like this: the function takes the username (UPN: user@domail.local) as input and outputs a list of projects, where the user has a role assigned.
So far I tried following approaches, without success:
1. dump all projects using /iaas/api/projects and search for the user account; return all projects where the account is a member of
this has a drawback:
- the user account is listed without the domain, for example, the user myuser@localdom.org would be listed as:
{
"email": "myuser",
"type": "user"
}
so there is no way to tell which domain this username is a member of and a user cannot be searched for by the domain attribute.
2. use the search query /csp/gateway/am/api/orgs/{{orgId}}/users?userSearchTerm=
this too has some drawbacks:
- you can only use one search term, so it is not possible to search for the user and domain; domain is not accespted as a search term anyway
- the query does not request an exact match, so if a username I search for is a part of another username, both would be returned
- the query returns only organizations roles anyway, not project membership
Is this task doable at all?
