VMware Cloud Community
craigso
Enthusiast
Enthusiast
‎03-19-2019 04:39 PM
Jump to solution

getApplicableNetworks action errors with 403 forbidden post upgrade

First off, as always, thank you for taking the time to read this thread.

What we are trying to achieve

We would like to present a user with a dropdown list of networks (on a VM provisioning blueprint) that are available and associated with their business group via reservations. Once selected, this would allow for the machine to be provisioned in that network.

Issue

When calling getApplicableNetworks from the dropdown or a workflow we are receiving a 403 error.

[2019-03-12 10:53:23.889] [E] (com.vmware.vra.reservations/getReservationTypeIdForComponent) Error in (Dynamic Script Module name : getReservationTypeIdForComponent#2) 403

Steps taken so far

I've taken a look at the code for this action and it calls a series of other actions. It appears as though the actual issue with with the getReservationTypeIdForComponent action. We fail on this line of code: 

var blueprint = compositionService.getBlueprint(blueprintId);

After digging into this a bit, it appears the part that is failing is a call to the vRealize Automation Composition Service API with a 403.

Post upgrade to vRA 7.5 we've experienced a number of permissions issues. We've been slowing working through them as they arise and given the nature of this error, I am wondering if this may be another given we are receiving an 403 error from the API. I don't believe this is an issue with vRA 7.5 at all. We have 7.5 running in our production environment and these actions work fine over there.

Has anyone else had issues calling the Composition Service API? Or any idea how to set permissions to this API?

Reply
0 Kudos
1 Solution

Accepted Solutions
craigso
Enthusiast
Enthusiast
‎04-02-2019 09:26 AM
Jump to solution

After working with support we were able to resolve this issue.

We deleted all vRA and IaaS hosts, then added them back using workflows in Library > vRealize Automation > Configuration > Remove/Add vRA Host , and Library > vRealize Automation > Infrastructure Administration > Configuration > Remove/Add IaaS host.

Take note of your existing settings before removing them, and always take a snapshot just in case.

After doing this, the permissions issues were resolved.

View solution in original post

Reply
0 Kudos
14 Replies
daphnissov
Immortal
Immortal
‎03-19-2019 05:00 PM
Jump to solution

Test this by calling out to the composition service manually via API. As a shortcut, grab the Postman collection here. After setting your env params, run the 'Get catalog item for CBP' sample. Make sure you use the blueprint name and not the ID. Put in single quotes as the filter specifies. Do you get a response? Here's what a sample should look like:

{

   "links": [],

   "content": [

  {

   "@type": "CatalogItem",

   "callbacks": null,

   "catalogItemTypeRef": {

   "id": "com.vmware.csp.component.cafe.composition.blueprint",

   "label": "Composite Blueprint"

  },

   "dateCreated": "2019-03-16T14:23:14.823Z",

   "description": "",

   "forms": {

   "itemDetails": {

   "type": "external",

   "formId": "composition.catalog.item.details"

  },

   "catalogRequestInfoHidden": true,

   "requestFormScale": "BIG",

   "requestSubmission": {

   "type": "extension",

   "extensionId": "com.vmware.vcac.core.design.blueprints.requestForm",

   "extensionPointId": null

  },

   "requestDetails": {

   "type": "extension",

   "extensionId": "com.vmware.vcac.core.design.blueprints.requestDetailsForm",

   "extensionPointId": null

  },

   "requestPreApproval": null,

   "requestPostApproval": null

  },

   "iconId": "composition.blueprint.png",

   "id": "805ee9b4-7a7c-4a93-9c87-7ead9ce60808",

   "isNoteworthy": false,

   "lastUpdatedDate": "2019-03-16T15:14:14.816Z",

   "name": "Change vRA Software Agent User",

   "organization": {

   "tenantRef": "tomasi",

   "tenantLabel": "tomasi",

   "subtenantRef": null,

   "subtenantLabel": null

  },

   "outputResourceTypeRef": {

   "id": "composition.resource.type.deployment",

   "label": "Deployment"

  },

   "providerBinding": {

   "bindingId": "tomasi!::!ChangevRASoftwareAgentUser",

   "providerRef": {

   "id": "c11b1cca-92d5-4278-8ae7-cde9fea6e037",

   "label": "Blueprint Service"

  }

  },

   "serviceRef": {

   "id": "9eee04a0-8585-40c5-8403-1b16aaeaad4c",

   "label": "Tests"

  },

   "status": "PUBLISHED",

   "statusName": "Published",

   "quota": 0,

   "version": 2,

   "requestable": true

  }

  ],

   "metadata": {

   "size": 20,

   "totalElements": 1,

   "totalPages": 1,

   "number": 1,

   "offset": 0

  }

}

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
daphnissov
Immortal
Immortal
‎03-19-2019 05:06 PM
Jump to solution

Also, please confirm the precise build of the VCACCAFE plug-in in vRO you're using (to make sure it got upgraded).

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
craigso
Enthusiast
Enthusiast
‎03-20-2019 10:02 AM
Jump to solution

Version: vCACCAFE 7.5.0.10044255

Regarding the API call from postman, I was able to receive a response from the Get catalog item for CBP. 

{
    "links": [],
    "content": [
        {
            "@type": "CatalogItem",
            "callbacks": null,
            "catalogItemTypeRef": {
                "id": "com.vmware.csp.component.cafe.composition.blueprint",
                "label": "Composite Blueprint"
            },
            "dateCreated": "2018-12-05T22:53:14.086Z",
            "description": "",
            "forms": {
                "itemDetails": {
                    "type": "external",
                    "formId": "composition.catalog.item.details"
                },
                "catalogRequestInfoHidden": true,
                "requestFormScale": "BIG",
                "requestSubmission": {
                    "type": "extension",
                    "extensionId": "com.vmware.vcac.core.design.blueprints.requestForm",
                    "extensionPointId": null
                },
                "requestDetails": {
                    "type": "extension",
                    "extensionId": "com.vmware.vcac.core.design.blueprints.requestDetailsForm",
                    "extensionPointId": null
                },
                "requestPreApproval": null,
                "requestPostApproval": null
            },
            "iconId": "composition.blueprint.png",
            "id": "ee39aec7-1235-4a7c-9dcd-3fef04480ca6",
            "isNoteworthy": false,
            "lastUpdatedDate": "2019-03-14T22:47:06.106Z",
            "name": "SASDemo",
            "organization": {
                "tenantRef": "vsphere.local",
                "tenantLabel": "vsphere.local",
                "subtenantRef": null,
                "subtenantLabel": null
            },
            "outputResourceTypeRef": {
                "id": "composition.resource.type.deployment",
                "label": "Deployment"
            },
            "providerBinding": {
                "bindingId": "vsphere.local!::!SASDemo",
                "providerRef": {
                    "id": "33a39c3f-6825-4b02-aace-8b085ee4ca02",
                    "label": "Blueprint Service"
                }
            },
            "serviceRef": {
                "id": "55dadcd8-4436-47cc-995f-806086de08b8",
                "label": "Cloud"
            },
            "status": "PUBLISHED",
            "statusName": "Published",
            "quota": 0,
            "version": 21,
            "requestable": true
        }
    ],
    "metadata": {
        "size": 20,
        "totalElements": 1,
        "totalPages": 1,
        "number": 1,
        "offset": 0
    }
}
Reply
0 Kudos
daphnissov
Immortal
Immortal
‎03-20-2019 10:10 AM
Jump to solution

Plug-in version looks good; API clearly works. I'd turn up logging in vRO (Control Center => Configure Logs) and tail the log file just before you open the blueprint with this action linked. It should tell you where exactly that failure happens and then the stack trace.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
craigso
Enthusiast
Enthusiast
‎03-20-2019 11:24 AM
Jump to solution

At your recommendation I did exactly this. Set the log level to 'ALL'.

I took the actual failing action (getReservationTypeIdForComponent) which is referenced within getApplicableNetworks and copied it into a workflow and provided the required inputs. We error on line 12 with a 403 (forbidden), Shown below:

var componentId = "vSphere__vCenter__Machine_1";
var user = "user@domain.com";
var tenant = "vsphere.local";
var subtenantId = "07eb843e-08e4-4ab2-938e-2b85160c8d74";
var host = vCACCAFEHostManager.getDefaultHostForTenant(tenant , true);
var compositionService = host.createCompositionClient().getCompositionCompositeBlueprintService();
System.log(compositionService);
var blueprint = compositionService.getBlueprint(blueprintId);
var component = blueprint.getComponents().get(componentId);
if  (component != null) {
var configurationElementCategory = Server.getConfigurationElementCategoryWithPath("System/vRealize Automation/XaaS/Resource Mappings/vCenter");
for each(var configElem in configurationElementCategory.configurationElements) {
if(configElem.name == "ReservationMappingConfigurationElement") {
var reservationProps = configElem.getAttributeWithKey("ComponentTypeToReservationTypeMapper");
var match = reservationProps.value.get(component.getType());
if (match == null) {
System.warn("No matching reservation type for the type '" + component.getType() + "' for component '" + componentId + "' of blueprint '" + blueprintId + "' has been found.");
}
//return match;
System.log(match);
}
}
}
System.warn("The selected component '" + componentId + "' of blueprint '" + blueprintId + "' is null");

I followed the log right up until the method was called here is the log (sanitized a bit):

019-03-20 17:24:17.047+0000 [WorkflowExecutorPool-Thread-711] DEBUG {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [DynamicWrapperTranslator] SDK Matching method: getBlueprint()
2019-03-20 17:24:17.048+0000 [WorkflowExecutorPool-Thread-711] DEBUG {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [DynamicWrapperTranslator] SDK Matching method: getBlueprint()
2019-03-20 17:24:17.050+0000 [WorkflowExecutorPool-Thread-711] DEBUG {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [WrappedJavaMethod] Calling method : public final com.vmware.vcac.composition.rest.stubs.CompositeBlueprint com.vmware.o11n.plugin.vcac.model.cafe.service.CompositionCompositeBlueprintService$$EnhancerBySpringCGLIB$$e609fa99.getBlueprint(java.lang.String)
2019-03-20 17:24:17.077+0000 [VLSI-client-conn-monitor] TRACE {} [ConnectionMonitor] Starting to clean-up expired VLSI-client connections
2019-03-20 17:24:17.077+0000 [VLSI-client-conn-monitor] TRACE {} [ConnectionMonitor] Closing expired connections for pool 331e6d55
2019-03-20 17:24:17.077+0000 [VLSI-client-conn-monitor] DEBUG {} [ConnectionMonitor] Cleaned-up 1 connection pool(s)
2019-03-20 17:24:17.104+0000 [http-nio-127.0.0.1-8280-exec-9] DEBUG {} [OAuthTokenAuthenticationSupport] Token not found in headers. Trying request parameters.
2019-03-20 17:24:17.104+0000 [http-nio-127.0.0.1-8280-exec-9] DEBUG {} [OAuthTokenAuthenticationSupport] Token not found in request parameters.  Not an OAuth2 request.
2019-03-20 17:24:17.104+0000 [http-nio-127.0.0.1-8280-exec-9] TRACE {} [SessionRegistry] Load token for: sessionId: 6b49c64e-4b22-451a-a8ba-afd176a67fd1; increment: false
2019-03-20 17:24:17.104+0000 [http-nio-127.0.0.1-8280-exec-9] TRACE {} [SessionRegistry] Find in session cache: sessionId: 6b49c64e-4b22-451a-a8ba-afd176a67fd1;
2019-03-20 17:24:17.104+0000 [http-nio-127.0.0.1-8280-exec-9] TRACE {} [SessionRegistry] Find in session cache: sessionId: 6b49c64e-4b22-451a-a8ba-afd176a67fd1; Session found in cache!
2019-03-20 17:24:17.105+0000 [http-nio-127.0.0.1-8280-exec-9] TRACE {} [PlatformContext] Publishing event in ApplicationContext 'vcoApplicationContext': org.springframework.security.authentication.event.AuthenticationSuccessEvent[source=com.vmware.o11n.security.auth.sso.SamlAuthenticationToken@2c8567e4: Principal: user@domain.com; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffc434: RemoteIpAddress: 184.171.96.17; SessionId: null; Granted Authorities: vro, IS.DCI.Admins, IS.SYSTEMS.STAFF, ALL USERSSession Id: 6b49c64e-4b22-451a-a8ba-afd176a67fd1; Token: com.vmware.o11n.security.auth.sso.SamlTokenWrapper@e49683d7; VCOUser: LDAP-USER-['user'] - ad.domain.com\user; ]
2019-03-20 17:24:17.105+0000 [http-nio-127.0.0.1-8280-exec-9] TRACE {} [CoreContext] Publishing event in ApplicationContext 'bootContext': org.springframework.security.authentication.event.AuthenticationSuccessEvent[source=com.vmware.o11n.security.auth.sso.SamlAuthenticationToken@2c8567e4: Principal: user@domain.com; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffc434: RemoteIpAddress: 184.171.96.17; SessionId: null; Granted Authorities: vro, IS.DCI.Admins, IS.SYSTEMS.STAFF, ALL USERSSession Id: 6b49c64e-4b22-451a-a8ba-afd176a67fd1; Token: com.vmware.o11n.security.auth.sso.SamlTokenWrapper@e49683d7; VCOUser: LDAP-USER-['user'] - ad.domain.com\user; ]
2019-03-20 17:24:17.105+0000 [http-nio-127.0.0.1-8280-exec-9] TRACE {} [InfrastructureContext] Publishing event in ApplicationContext 'infrastructureContext': org.springframework.security.authentication.event.AuthenticationSuccessEvent[source=com.vmware.o11n.security.auth.sso.SamlAuthenticationToken@2c8567e4: Principal: user@domain.com; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffc434: RemoteIpAddress: 184.171.96.17; SessionId: null; Granted Authorities: vro, IS.DCI.Admins, IS.SYSTEMS.STAFF, ALL USERSSession Id: 6b49c64e-4b22-451a-a8ba-afd176a67fd1; Token: com.vmware.o11n.security.auth.sso.SamlTokenWrapper@e49683d7; VCOUser: LDAP-USER-['user'] - ad.domain.com\user; ]
2019-03-20 17:24:17.105+0000 [http-nio-127.0.0.1-8280-exec-9] TRACE {} [SessionRegistry] Load token for: sessionId: 6b49c64e-4b22-451a-a8ba-afd176a67fd1; increment: false
2019-03-20 17:24:17.105+0000 [http-nio-127.0.0.1-8280-exec-9] TRACE {} [SessionRegistry] Find in session cache: sessionId: 6b49c64e-4b22-451a-a8ba-afd176a67fd1;
2019-03-20 17:24:17.105+0000 [http-nio-127.0.0.1-8280-exec-9] TRACE {} [SessionRegistry] Find in session cache: sessionId: 6b49c64e-4b22-451a-a8ba-afd176a67fd1; Session found in cache!
2019-03-20 17:24:17.105+0000 [http-nio-127.0.0.1-8280-exec-9] TRACE {} [AccessRightsInterceptor] Calling method fetchLogEvents(LogQuery,)...
2019-03-20 17:24:17.177+0000 [WorkflowExecutorPool-Thread-711] DEBUG {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [WrappedJavaMethod] Invocation exception during 'public final com.vmware.vcac.composition.rest.stubs.CompositeBlueprint com.vmware.o11n.plugin.vcac.model.cafe.service.CompositionCompositeBlueprintService$$EnhancerBySpringCGLIB$$e609fa99.getBlueprint(java.lang.String)' call on object 'com.vmware.o11n.plugin.vcac.model.cafe.service.CompositionCompositeBlueprintService@70b5336c'
java.lang.reflect.InvocationTargetException
        at sun.reflect.GeneratedMethodAccessor1571.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at ch.dunes.vso.sdk.WrappedJavaMethod.invoke(WrappedJavaMethod.java:224)
        at ch.dunes.vso.sdk.WrappedJavaMethod.call(WrappedJavaMethod.java:170)
        at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1473)
        at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:815)
        at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:109)
        at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
        at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
        at org.mozilla.javascript.InterpretedFunction.exec(InterpretedFunction.java:120)
        at ch.dunes.scripting.server.script.MainScriptingObject.executeScript(MainScriptingObject.java:259)
        at ch.dunes.scripting.server.script.MainScriptingObject.executeScript(MainScriptingObject.java:245)
        at ch.dunes.workflow.engine.mbean.WorkflowScriptRunner.execute(WorkflowScriptRunner.java:187)
        at ch.dunes.workflow.engine.mbean.runner.WorkflowItemTaskRunner.execute(WorkflowItemTaskRunner.java:45)
        at ch.dunes.workflow.engine.mbean.runner.WorkflowItemTaskRunner.execute(WorkflowItemTaskRunner.java:26)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.executeItem(WorkflowHandler.java:1264)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.requestElementExecution(WorkflowHandler.java:1221)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.handleWorkflowTokenNextStep(WorkflowHandler.java:884)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.executeToken(WorkflowHandler.java:769)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.handleTokenExecution(WorkflowHandler.java:695)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.access$100(WorkflowHandler.java:116)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler$1.execute(WorkflowHandler.java:471)
        at ch.dunes.model.ar.AccessRightsTemplate.executeWithAccessRights(AccessRightsTemplate.java:16)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.doExecute(WorkflowHandler.java:467)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.run(WorkflowHandler.java:282)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.web.client.HttpClientErrorException: 403
        at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:86)
        at com.vmware.vcac.platform.rest.client.error.ResponseErrorHandler.handleError(ResponseErrorHandler.java:61)
        at org.springframework.web.client.RestTemplate.handleResponse(RestTemplate.java:708)
        at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:661)
        at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:621)
        at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:539)
        at com.vmware.o11n.plugin.vcac.model.cafe.compatibility.RestClientWrapper.get(RestClientWrapper.java:122)
        at com.vmware.vcac.platform.rest.client.services.AbstractService.get(AbstractService.java:91)
        at com.vmware.vcac.composition.rest.client.service.CompositeBlueprintService.getBlueprint(CompositeBlueprintService.java:78)
        at com.vmware.o11n.plugin.vcac.model.cafe.service.CompositionCompositeBlueprintService.getBlueprint(CompositionCompositeBlueprintService.java:50)
        at com.vmware.o11n.plugin.vcac.model.cafe.service.CompositionCompositeBlueprintService$$FastClassBySpringCGLIB$$869578be.invoke(<generated>)
        at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
        at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:736)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
        at com.vmware.o11n.plugin.vcac.model.mixins.PluginServiceAdvisor$2.invoke(PluginServiceAdvisor.java:76)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
        at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:671)
        at com.vmware.o11n.plugin.vcac.model.cafe.service.CompositionCompositeBlueprintService$$EnhancerBySpringCGLIB$$e609fa99.getBlueprint(<generated>)
        ... 31 more
2019-03-20 17:24:17.180+0000 [WorkflowExecutorPool-Thread-711] TRACE {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [SessionRegistry] Load token for: sessionId: 621edf9f-c315-4d1c-a073-91c07d764504; increment: false
2019-03-20 17:24:17.180+0000 [WorkflowExecutorPool-Thread-711] TRACE {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [SessionRegistry] Find in session cache: sessionId: 621edf9f-c315-4d1c-a073-91c07d764504;
2019-03-20 17:24:17.180+0000 [WorkflowExecutorPool-Thread-711] TRACE {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [SessionRegistry] Find in session cache: sessionId: 621edf9f-c315-4d1c-a073-91c07d764504; Session found in cache!
2019-03-20 17:24:17.180+0000 [WorkflowExecutorPool-Thread-711] TRACE {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [AccessRightsInterceptor] Calling method getWorkflowTokenScriptLogInfo(String,)...
2019-03-20 17:24:17.180+0000 [WorkflowExecutorPool-Thread-711] TRACE {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [VcoFactoryFacade] --getWorkflowTokenScriptLogInfo() called.
2019-03-20 17:24:17.181+0000 [WorkflowExecutorPool-Thread-711] ERROR {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [SCRIPTING_LOG] [getReservationTypeIdForComponent (3/20/19 17:24:16)] Error in (Workflow:getReservationTypeIdForComponent / Scriptable task (item1)#10) 403
2019-03-20 17:24:17.182+0000 [WorkflowExecutorPool-Thread-711] DEBUG {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [WorkflowScriptRunner] Execute exception
org.mozilla.javascript.EvaluatorException: 403  (Workflow:getReservationTypeIdForComponent / Scriptable task (item1)#10)
        at org.mozilla.javascript.DefaultErrorReporter.runtimeError(DefaultErrorReporter.java:77)
        at org.mozilla.javascript.Context.reportRuntimeError(Context.java:913)
        at org.mozilla.javascript.Context.reportRuntimeError(Context.java:969)
        at ch.dunes.vso.sdk.WrappedJavaMethod.call(WrappedJavaMethod.java:196)
        at org.mozilla.javascript.Interpreter.interpretLoop(Interpreter.java:1473)
        at script(Workflow:getReservationTypeIdForComponent / Scriptable task (item1):10)
        at org.mozilla.javascript.Interpreter.interpret(Interpreter.java:815)
        at org.mozilla.javascript.InterpretedFunction.call(InterpretedFunction.java:109)
        at org.mozilla.javascript.ContextFactory.doTopCall(ContextFactory.java:394)
        at org.mozilla.javascript.ScriptRuntime.doTopCall(ScriptRuntime.java:3091)
        at org.mozilla.javascript.InterpretedFunction.exec(InterpretedFunction.java:120)
        at ch.dunes.scripting.server.script.MainScriptingObject.executeScript(MainScriptingObject.java:259)
        at ch.dunes.scripting.server.script.MainScriptingObject.executeScript(MainScriptingObject.java:245)
        at ch.dunes.workflow.engine.mbean.WorkflowScriptRunner.execute(WorkflowScriptRunner.java:187)
        at ch.dunes.workflow.engine.mbean.runner.WorkflowItemTaskRunner.execute(WorkflowItemTaskRunner.java:45)
        at ch.dunes.workflow.engine.mbean.runner.WorkflowItemTaskRunner.execute(WorkflowItemTaskRunner.java:26)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.executeItem(WorkflowHandler.java:1264)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.requestElementExecution(WorkflowHandler.java:1221)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.handleWorkflowTokenNextStep(WorkflowHandler.java:884)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.executeToken(WorkflowHandler.java:769)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.handleTokenExecution(WorkflowHandler.java:695)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.access$100(WorkflowHandler.java:116)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler$1.execute(WorkflowHandler.java:471)
        at ch.dunes.model.ar.AccessRightsTemplate.executeWithAccessRights(AccessRightsTemplate.java:16)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.doExecute(WorkflowHandler.java:467)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.run(WorkflowHandler.java:282)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
2019-03-20 17:24:17.182+0000 [WorkflowExecutorPool-Thread-711] WARN  {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [WorkflowItemTaskRunner] Script execution error on workflow : getReservationTypeIdForComponent / 'Scriptable task'(item1) : 403  (Workflow:getReservationTypeIdForComponent / Scriptable task (item1)#10)
2019-03-20 17:24:17.182+0000 [WorkflowExecutorPool-Thread-711] DEBUG {|__SYSTEM|user@domain.com:getReservationTypeIdForComponent:c9789fb6-fad6-4e8d-ab0b-be8f40df2faa:token=c7c1d91b-a97b-4660-8c51-b020bf71bf23} [WorkflowItemTaskRunner] Script execution error stack
ch.dunes.workflow.engine.mbean.ScriptExecutionException: 403  (Workflow:getReservationTypeIdForComponent / Scriptable task (item1)#10)
        at ch.dunes.workflow.engine.mbean.WorkflowScriptRunner.execute(WorkflowScriptRunner.java:199)
        at ch.dunes.workflow.engine.mbean.runner.WorkflowItemTaskRunner.execute(WorkflowItemTaskRunner.java:45)
        at ch.dunes.workflow.engine.mbean.runner.WorkflowItemTaskRunner.execute(WorkflowItemTaskRunner.java:26)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.executeItem(WorkflowHandler.java:1264)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.requestElementExecution(WorkflowHandler.java:1221)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.handleWorkflowTokenNextStep(WorkflowHandler.java:884)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.executeToken(WorkflowHandler.java:769)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.handleTokenExecution(WorkflowHandler.java:695)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.access$100(WorkflowHandler.java:116)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler$1.execute(WorkflowHandler.java:471)
        at ch.dunes.model.ar.AccessRightsTemplate.executeWithAccessRights(AccessRightsTemplate.java:16)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.doExecute(WorkflowHandler.java:467)
        at ch.dunes.workflow.engine.mbean.helper.WorkflowHandler.run(WorkflowHandler.java:282)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
        at java.util.concurrent.FutureTask.run(FutureTask.java:266)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
Reply
0 Kudos
daphnissov
Immortal
Immortal
‎03-20-2019 02:32 PM
Jump to solution

iiliev​ Any insight you can provide since you have the source at your disposal for this plug-in? Or do you?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
daphnissov
Immortal
Immortal
‎03-20-2019 02:36 PM
Jump to solution

craigso​ If you try other componentIds, do you find you get a 403 with all of them? What if you create a net-new blueprint, very simple, single vSphere machine object. Use that as the workflow inputs. Do you still fail out?

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
craigso
Enthusiast
Enthusiast
‎03-20-2019 03:21 PM
Jump to solution

I just tested this by creating a new blueprint, with a new componentId. Fed that into the script I posted above. The end result was the same 403 error unfortunately.

var blueprintId = "getApplicableNetworks";

var componentId = "SAStest";

Reply
0 Kudos
daphnissov
Immortal
Immortal
‎03-20-2019 03:33 PM
Jump to solution

Very strange. It's like you've got some residual permissions issue somewhere. Out of curiosity, are you patched up with the latest 7.5 hot fix? If not, may want to try that. Search for the KB out there. Otherwise, consider opening an SR on this as the café plug-in is definitely supported.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
craigso
Enthusiast
Enthusiast
‎03-26-2019 03:35 PM
Jump to solution

Regarding the lastest hotfix, I don't know. I'll have our virtualization team look into this.

We have an open ticket with support regarding this issue. It's been escalated to the Dev team but no resolution yet.

Reply
0 Kudos
craigso
Enthusiast
Enthusiast
‎04-02-2019 09:26 AM
Jump to solution

After working with support we were able to resolve this issue.

We deleted all vRA and IaaS hosts, then added them back using workflows in Library > vRealize Automation > Configuration > Remove/Add vRA Host , and Library > vRealize Automation > Infrastructure Administration > Configuration > Remove/Add IaaS host.

Take note of your existing settings before removing them, and always take a snapshot just in case.

After doing this, the permissions issues were resolved.

Reply
0 Kudos
daphnissov
Immortal
Immortal
‎04-02-2019 10:49 AM
Jump to solution

Glad they got that sorted for you. If I were smart I should have suggestedGlad they got that sorted for you. If I were smart I should have suggested that at the outset Smiley Happy

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos
craigso
Enthusiast
Enthusiast
‎04-03-2019 08:13 AM
Jump to solution

This was the comment from support to close the ticket. I forgot about restarting vco.

Deleted all the vRA endpoints in vRO, "/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh reset-authentication" restart vco-configurator service. Re-tested and it's working. Manually added back IaaS endpoint, for vcac-cafe only the default connect...

Reply
0 Kudos
daphnissov
Immortal
Immortal
‎04-03-2019 08:14 AM
Jump to solution

Ok, they also had you reset authentication which with the endpoint removal is probably what did it.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
Reply
0 Kudos