EdSp
Enthusiast
Enthusiast

Workflow kicked off by script fails to obtain passed securestring parameter

Jump to solution

Hi,

I am using a (linux) script to kick off a workflow (thanks to Defined by Software for the script;-) This mechanism works very well.

However, yesterday we removed an input parameter from a certain workflow (and also removed it from the script) and now it fails.

Before the change, the input parameters were: vmName (string), vmUser (string), vmPassword (SecureString)

After the change, the input parameters are: vmName (string), vmPassword (SecureString)

In the script I can add statements to prove that the password has a value and is being passed.

In the workflow I added a scriptable task that is executed first and shows that the value of the vmPassword input parameter is empty.

The xml output from the calling script also shows that the value setting is 'lost'...

See the correct parameter definition for vmName on lines 11 and 12.

See an incorrect parameter definition for vmPassword on line 13 - it is missing the "<SecureString>secret<\SecureString>" part...

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<workflow-execution  href="https://ehc3-vco2.ehc.ssev.local:8281/vco/api/workflows/fe59b484-ec21-4028-8a32-5e434b4139c2/executi...">

<relations>

<link href="https://ehc3-vco2.ehc.ssev.local:8281/vco/api/workflows/fe59b484-ec21-4028-8a32-5e434b4139c2/executi..." rel="up"/>

<link href="https://ehc3-vco2.ehc.ssev.local:8281/vco/api/workflows/fe59b484-ec21-4028-8a32-5e434b4139c2/executi..." rel="remove"/>

<link href="https://ehc3-vco2.ehc.ssev.local:8281/vco/api/workflows/fe59b484-ec21-4028-8a32-5e434b4139c2/executi..." rel="logs"/>

<link href="https://ehc3-vco2.ehc.ssev.local:8281/vco/api/workflows/fe59b484-ec21-4028-8a32-5e434b4139c2/executi..." rel="state"/></relations>

<id>ff8080814e0272b6014eadc7c37424fb</id>

<state>failed</state>

<input-parameters>

<parameter type="string" name="vmName" scope="local">

<string>vm093</string></parameter>

<parameter type="SecureString" name="vmPassword" scope="local"/></input-parameters>

<output-parameters/>

<start-date>2015-07-20T19:23:46.932-04:00</start-date>

<end-date>2015-07-20T19:23:48.070-04:00</end-date>

<started-by>app_vmw_vco_adbind@domain.local</started-by>

<name>Add Agent</name>

<content-exception>; nested exception is:

        java.io.IOException: java.io.IOException: Non nillable element 'password' is null. (Dynamic Script Module name : addAgent#32)</content-exception>

<current-item-display-name>Add Agent</current-item-display-name></workflow-execution>

Anybody seen this and -more importantly- able to fix it? 🙂

Thanks,

Ed

0 Kudos
1 Solution

Accepted Solutions
EdSp
Enthusiast
Enthusiast

It turns out that in the input XML, which gets passed to the vCO server, the password parameter's type spec can be <SecureString>, but the definition of its value must be specified using <string>...</string>.

For example:

                <parameter type="SecureString" name="vmPassword" scope="local">

                        <string>secret</string>

                </parameter>

Lesson learnt... Smiley Happy

Ed

View solution in original post

0 Kudos
3 Replies
EdSp
Enthusiast
Enthusiast

It turns out that in the input XML, which gets passed to the vCO server, the password parameter's type spec can be <SecureString>, but the definition of its value must be specified using <string>...</string>.

For example:

                <parameter type="SecureString" name="vmPassword" scope="local">

                        <string>secret</string>

                </parameter>

Lesson learnt... Smiley Happy

Ed

View solution in original post

0 Kudos
Burke-
VMware Employee
VMware Employee

You found the solution quickly, that's good. For reference, you may want to bookmark my article as it covers exactly this topic as well as plenty of other stuff:

http://bit.ly/restvco

If my answer resolved or helped you, please mark it as Correct or Helpful to award points. Thank you! Visit http://www.vcoteam.info & http://blogs.vmware.com/orchestrator for vRealize Orchestrator tips and tutorials - @TechnicalValues on Twitter
0 Kudos
mmumshad
Contributor
Contributor

Do you know how it would work if we were to pass a secure string as part of a composite type? I couldn't get it to work.

I then get the error : ch.dunes.model.type.ConvertorException: Workflow attribute configuration contains value of unexpected type: string (expected: SecureString)

{
              "id": "sharedUserPassword",
              "value": {
                "string": {
                  "value": "P@ssw0rd@123"
                }
              }
            },
0 Kudos