As part of a change request portal, I need to change AD permissions during the schema to allow the workflow item "Get virtual machines by name" to view the entire vCenter inventory. I do not want the search restricted to whatever vCenter permissions the user has. The schema works fine without the "Change Credentials" workflow item. However, once I had it with valid credentials, I get...
[2013-05-28 15:39:31.567] [I] ReferenceError: "VcPlugin" is not defined. (Workflow:Get virtual machines by name / Scriptable task (item1)#12758)
2013-05-28 15:39:31.566-0700 ERROR [SDKModuleDescription] Scripting object '_VcPlugin' defines a singleton object but cannot create a plug-in factory for it , reason : Session not initialized 'SDKSession[2390e205-b73c-40ca-bdff-aaa23cbd5ba0]' for singleton init !
I was able to use "Change credentials" further into the schema without issue so I don't understand why I have the issue when using it earlier in the workflow. I am using vCO appliance v5.1.1 with vCenter 5.1 (non-U1).
Is this when you use change credential before any boxes with a VC input parameter / scripting ?
I would create a first scriptable box with any VC object has an input and just display its name or something to check if this is because the change credential need the scripting context having access to the VC plug-in to be loaded.
In any case this seems like a bug since it should also be loaded with a different user. In the meantime this may be a work around for you.
Is this when you use change credential before any boxes with a VC input parameter / scripting ?
I would create a first scriptable box with any VC object has an input and just display its name or something to check if this is because the change credential need the scripting context having access to the VC plug-in to be loaded.
In any case this seems like a bug since it should also be loaded with a different user. In the meantime this may be a work around for you.
I put a "Get Virtual Machines by Name" workflow using a pre-set attribute for the string VM name before the Change Credential. This works and I get around the VcPlugin issue...thanks for that. However, the goal of "Change Credential" is not working. If I output "Server.getCurrentLdapUser().displayName" after the change credential, I get the correct user (the service account with full perms to vCenter). For the next schema item, when I do the desired "Get Virtual Machines by Name", it still appears to use the credentials of the user that initiated the request. The goal is to allow any Domain User to make a change (done by a service account) even if they don't have vCenter permissions.
What is the type of the next schema item ?
I am surprised the credential is changed back, it used to stay there. Either it is a bug or you do something I did not experience.
I may have another work around for you.
This should allow to run the nested workflow as a separate user.
Thanks again. Before I tried this, I tried changing the vCenter 5.1.1 connection strategy (in vCO Configuration) from "Session Per User" to "Share a unique session". I entered the service account credentials and then bounced the box. This worked! I don't fully understand the difference between credentials used in the workflow and the credentials used for the vCenter session in the Configuration. However, it works as desired... thanks again for the quick help.
I assumed you wanted to run the workflow with two different credentials. If I had understood every single workflows must run under a service credential I would definitely asked you to set the plug-in to shared session.
Session per user does authenticate in vCenter with the user log in vCO.
Has anyone had an issue where the change credentials provides different results? Without editing my schema, users may launch the workflow with identical information and have it succeed or fail. It seems to typically fail the first time for a non-admin user and then work later on when they try again. I am using a simple "Get virtual machines by name". I change to a service account before that workflow item and get mixed results of the result from the "Get virtual machines by name". It sometimes works and returns the VM and sometimes returns a blank array.
I'm using vRealize Orchestrator 6.0.3 and have the same issue. But unfortunatly I'm not able to switch between 'Shared session' and 'session per user'. Due to the behavior I suggest, that I'm using 'session per user' but want to use 'shared session'. Can anyone tell me, how i change this setting in vRealize Orchestrator 6.0.3?
Thanks
Roland
Does some error appear in server.log when you execute the workflow.