Hi,
I'm not having much luck finding a way to determine the list of users in the "Fabric Administrators" shown in VRA (VCAC) using a script in VCO. Does anyone have any insight on how I can go about getting the array of users?
I've been able to do it with business groups:
var groups = vCACCAFEEntitiesFinder.getBusinessGroups(vCACHost);
for (i in groups) {
System.debug("groups[" + i + "]=" + groups[i]);
var admins = groups[i].administrators;
}
So I'm looking for something similar but related to EnterpriseAdminGroups, which does not have the "administrators" property.
So far I only have this code, which isn't getting me the administrators:
var entities = vCACEntityManager.readModelEntitiesByCustomFilter(vCACHost.id, "ManagementModelEntities.svc", "EnterpriseAdminGroups", null, null);
System.log("Enterprise Admin Groups found: "+entities.length);
var prop = new Properties();
for each (var entity in entities) {
System.debug("\n\nentity: " + entity);
prop.put(entity.getProperty("AdminName"));
}
Thanks!
Ok I think I eventually figured it out. The action created is getFabricGroupAdminByVirtualMachine(vCAC:VCACHost vCACHost, vCACCAFE:VCACHost vCACCAFEHost, vCAC:VirtualMachine virtualMachine). The method will return a String value of the username found as a fabric admin for one of the fabric groups for the compute resource that the VM belongs to.
Here is the code:
if (!vCACHost) {
throw "Missing vCACHost (vCAC:VCACHost)";
}
if (!vCACCAFEHost) {
throw "Missing vCACCAFEHost (vCACCAFE:VCACHost)";
}
if (!virtualMachine) {
throw "Missing virtualMachine (vCAC:VirtualMachine)";
}
var vchost = virtualMachine.getEntity().getLink(vCACHost, 'Host')[0];
var fabricGroups = vchost.getLink(vCACHost, 'EnterpriseAdminGroups');
var tenantName = vCACCAFEHost.tenant;
var authorClient = vCACCAFEHost.createAuthorizationClient();
var authorPrincipalSvc = authorClient.getAuthorizationPrincipalService();
var currPage = 1;
var numPages = 1;
var maxItemsPerPage = 25;
// loop through each page
while (currPage <= numPages) {
var page = new vCACCAFEPageOdataRequest(currPage, maxItemsPerPage);
var princExtResult = authorPrincipalSvc.getPrincipalExtensions(tenantName, page);
// update with the resulting number of pages
numPages = princExtResult.getMetadata().getTotalPages();
for (var i in princExtResult.getContent()) {
var princExt = princExtResult.getContent()[i];
var scopes = princExt.getScopes();
for (var j in scopes) {
var scope = scopes[j];
for (k in fabricGroups) {
if (scope.getName() === fabricGroups[k].getProperty('AdminName')) {
var scopeRoles = scope.getPrincipalScopeRole();
for (var x in scopeRoles) {
if (scopeRoles[x].getName() === "Enterprise Administrator") {
// found a fabric admin
System.debug("Found fabric group admin: " + princExt.getDisplayName());
return princExt.getDisplayName();
}
}
}
}
}
}
currPage++;
}
// no user found
return null;
Ok, this seems to be working for me:
var fabricGroup = "MyFabricGroup";
var authorClient = myVcacCafeVcacHost.createAuthorizationClient();
var authorPrincipalSvc = authorClient.getAuthorizationPrincipalService();
// I think this will break if there are multiple pages
var princExtResult = authorPrincipalSvc.getPrincipalExtensions('vsphere.local');
var fabricGroupAdmins = new Array();
for (i in princExtResult.getContent()) {
var princExt = princExtResult.getContent()[i];
var scopes = princExt.getScopes();
eachuser:for (j in scopes) {
var scope = scopes[j];
if (scope.getName() === fabricGroup) {
var scopeRoles = scope.getPrincipalScopeRole();
for (x in scopeRoles) {
if (scopeRoles[x].getName() === "Enterprise Administrator") {
// found a fabric admin
fabricGroupAdmins.push(princExt.getDisplayName());
break eachuser;
}
}
}
}
}
System.log("found users = " + fabricGroupAdmins);
I don't like the nested loops though. I tried getting a query to work but I've never done that before and couldn't get it to work for getPrincipalExtensions(?_tenant, ?_pageable). Anyone have experience with using pageable?
Ok I think I eventually figured it out. The action created is getFabricGroupAdminByVirtualMachine(vCAC:VCACHost vCACHost, vCACCAFE:VCACHost vCACCAFEHost, vCAC:VirtualMachine virtualMachine). The method will return a String value of the username found as a fabric admin for one of the fabric groups for the compute resource that the VM belongs to.
Here is the code:
if (!vCACHost) {
throw "Missing vCACHost (vCAC:VCACHost)";
}
if (!vCACCAFEHost) {
throw "Missing vCACCAFEHost (vCACCAFE:VCACHost)";
}
if (!virtualMachine) {
throw "Missing virtualMachine (vCAC:VirtualMachine)";
}
var vchost = virtualMachine.getEntity().getLink(vCACHost, 'Host')[0];
var fabricGroups = vchost.getLink(vCACHost, 'EnterpriseAdminGroups');
var tenantName = vCACCAFEHost.tenant;
var authorClient = vCACCAFEHost.createAuthorizationClient();
var authorPrincipalSvc = authorClient.getAuthorizationPrincipalService();
var currPage = 1;
var numPages = 1;
var maxItemsPerPage = 25;
// loop through each page
while (currPage <= numPages) {
var page = new vCACCAFEPageOdataRequest(currPage, maxItemsPerPage);
var princExtResult = authorPrincipalSvc.getPrincipalExtensions(tenantName, page);
// update with the resulting number of pages
numPages = princExtResult.getMetadata().getTotalPages();
for (var i in princExtResult.getContent()) {
var princExt = princExtResult.getContent()[i];
var scopes = princExt.getScopes();
for (var j in scopes) {
var scope = scopes[j];
for (k in fabricGroups) {
if (scope.getName() === fabricGroups[k].getProperty('AdminName')) {
var scopeRoles = scope.getPrincipalScopeRole();
for (var x in scopeRoles) {
if (scopeRoles[x].getName() === "Enterprise Administrator") {
// found a fabric admin
System.debug("Found fabric group admin: " + princExt.getDisplayName());
return princExt.getDisplayName();
}
}
}
}
}
}
currPage++;
}
// no user found
return null;