VMware Cloud Community
jason_davis
Enthusiast
Enthusiast
‎09-27-2019 06:14 AM
Jump to solution

How to programatically add a role to a custom group

I am using vRA Rest API to build a custom application.  I am trying to find an API which allows me to add a role to a custom group.

The screen shot shows where in the vRA GUI this can be done.

Any suggestions would be appreciated.

Tags (1)
Preview file
39 KB
0 Kudos
1 Solution

Accepted Solutions
xian_
Expert
Expert
‎11-04-2019 12:22 PM
Jump to solution

1. First get the principalId of the custom group:

curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/tenants/dev/groups/custadmin'

{

  "groupType": "CUSTOM",

  "netbios": null,

  "name": "custadmin",

  "fqdn": null,

  "domain": "dev",

  "description": "",

  "principalId": {

    "domain": "dev",

    "name": "custadmin"

  },

  "emailAddress": null

}

2. Optional: query current roles assigned (it is a Catalog Admin at the moment):

curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/tenants/dev/principals/custadmin@dev/roles'

{

  "links": [],

  "content": [

    {

      "@type": "TenantRole",

      "id": "CATALOG_SERVICE_CATALOG_ADMIN",

      "name": "Catalog Administrator",

      "description": "Creates and manages service categories and catalog items for the tenant.",

      "assignedPermissions": [

        {

          "id": "GUI_MY_TENANT_MANAGEMENT",

          "name": "My Tenant Administration User Interface",

          "description": "Access my tenant administration GUI.",

          "prereqAdminPermissions": null

        },

        {

          "id": "CATALOG_AUTHOR_TENANT",

          "name": "Catalog Tenant-level Author",

          "description": "Create, update and publish services, catalog items and actions shared across a Tenant.",

          "prereqAdminPermissions": null

        }

      ]

    }

  ],

  "metadata": {

    "size": 20,

    "totalElements": 1,

    "totalPages": 1,

    "number": 1,

    "offset": 0

  }

}

3. Then add the desired role:

curl -s -k -X PUT --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/tenants/dev/principals/custadmin@dev/roles/COMPOSITION_SERVICE_APPLICATION_ARCHITECT'

4. Verify (see point 2)

5. Extra: list of roles:

curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/roles?page=1&limit=50'

View solution in original post

2 Replies
xian_
Expert
Expert
‎11-04-2019 12:22 PM
Jump to solution

1. First get the principalId of the custom group:

curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/tenants/dev/groups/custadmin'

{

  "groupType": "CUSTOM",

  "netbios": null,

  "name": "custadmin",

  "fqdn": null,

  "domain": "dev",

  "description": "",

  "principalId": {

    "domain": "dev",

    "name": "custadmin"

  },

  "emailAddress": null

}

2. Optional: query current roles assigned (it is a Catalog Admin at the moment):

curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/tenants/dev/principals/custadmin@dev/roles'

{

  "links": [],

  "content": [

    {

      "@type": "TenantRole",

      "id": "CATALOG_SERVICE_CATALOG_ADMIN",

      "name": "Catalog Administrator",

      "description": "Creates and manages service categories and catalog items for the tenant.",

      "assignedPermissions": [

        {

          "id": "GUI_MY_TENANT_MANAGEMENT",

          "name": "My Tenant Administration User Interface",

          "description": "Access my tenant administration GUI.",

          "prereqAdminPermissions": null

        },

        {

          "id": "CATALOG_AUTHOR_TENANT",

          "name": "Catalog Tenant-level Author",

          "description": "Create, update and publish services, catalog items and actions shared across a Tenant.",

          "prereqAdminPermissions": null

        }

      ]

    }

  ],

  "metadata": {

    "size": 20,

    "totalElements": 1,

    "totalPages": 1,

    "number": 1,

    "offset": 0

  }

}

3. Then add the desired role:

curl -s -k -X PUT --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/tenants/dev/principals/custadmin@dev/roles/COMPOSITION_SERVICE_APPLICATION_ARCHITECT'

4. Verify (see point 2)

5. Extra: list of roles:

curl -s -k -X GET --header 'Accept: application/json' --header "Authorization: Bearer $token" 'https://vra.cloud.local/identity/api/authorization/roles?page=1&limit=50'

jason_davis
Enthusiast
Enthusiast
‎11-05-2019 04:46 AM
Jump to solution

Hi Xian, thanks so much for the detailed advice.  We are going to look at this later in the week and will confirm if it works.

0 Kudos