6 Replies Latest reply on Jul 1, 2019 11:47 PM by barjinders

    Apply NSX Security Tags via vRO workflow

    JohnWhyte Lurker

      I am attempting to create a workflow to use via EBS in vRA to apply some NSX security tags to VMs following provisioning. I am setting this up within the vRO Client and created a 'test' workflow that doesn't have the 'payload' as input so I can test the operation prior to subscribing the workflow.

       

      Whenever I attempt any workflow operation against the NSX security tags, I am seeing the following error returned in the logs:

      com.vmware.o11n.plugins.nsx.error.VsmException: VSM response error (202): The requested object : <security tag id> could not be found. Object identifiers are case sensitive

       

      Now, I do know that the Security tag that I am declaring  is setup and visible and able to attach to the VM, as I can do it manually from the vSphere web client and also via PowerNSX/PowerCli.

       

      This error is occurring when I am running the existing OOTB workflows 'Apply security tags on VM' and by 'Get Security Tag by id' manually.

       

      The inputs to the test workflow are 1. VC:VirtualMachine (to get the managed object reference), 2. NSX:Connection (to get the NSX endpoint), 3. array/string to hold the security tag id.

       

      Has anyone ever managed to get these workflows to operate correctly, or am I perhaps doing/supplying something incorrectly as my inputs?

       

      Any help/thoughts greatly appreciated.

        • 1. Re: Apply NSX Security Tags via vRO workflow
          Sivakumarb Lurker

          Hi John,

           

          We do have the same use case to apply NSX tag for a vm during the vm provisioning stage. I have been trying the same workflow and finally able to run successfully.

           

          You need to insert the Security tag's object ID "securitytag-xxx" that you can find by browsing into inventory tab - NSX - Security Tags on the tag name you will ses the objectid. and you need to insert the vm managed object reference that you can by following kb - VMware Knowledge Base(you need to have user that has MOB access to reference this id or user administrator@vsphere.local).

          • 2. Re: Apply NSX Security Tags via vRO workflow
            Mikael_8313 Novice
            vExpert

            Hello,

             

            I have the same case. I want apply security tag in function different custom properties that inject to payload.

            So my question is how to find security tag ID from security tag name?  and what's the best method  to find this element? Is there exist a workflow which queries the vCenter and or NSX to list all the security tags ?

             

            Thanks you !

             

            Mikael

            • 3. Re: Apply NSX Security Tags via vRO workflow
              iiliev Champion
              VMware EmployeesCommunity Warriors

              Hi,

               

              I don'thave a NSX environment to validate it, but from plug-in APIs it seems that you can retrieve the list with security tags via vRO scripting code using method listV2 of the singleton scripting object NSXSecurityTagController

              • 4. Re: Apply NSX Security Tags via vRO workflow
                KThorlund Novice

                Hi,

                can you give a few words on hour you found the MoRef. I have tried to follow the KB, but cant get it to work.

                How do you receive the reference from within vRO? Is it also available in the vCAC, or have you written a workflow/action, which can retrieve the moref from the vCenter prior to using it in vRO?

                 

                Thanks, K

                • 5. Re: Apply NSX Security Tags via vRO workflow
                  barjinders Novice
                  VMware Employees

                  You can use  NSXSecurityTagManager API to get the tags. Once you have tags in an array, you can write a function that will parse each tag and return you the "tag.objectId". Below is a sample function.

                  NSXConnection is of type NSX: Connection

                   

                  var nsxSecurityTags = NSXSecurityTagManager.getSecurityTags(NSXConnection);
                  function findTagByID(tagName, nsxSecurityTags){
                       for each(nsxTag in nsxSecurityTags){
                            if(tagName == nsxTag.name){
                                 System.log("Found NSX Security Tag Name: " + nsxTag.name);
                                 return nsxTag.objectId;
                             }
                         }
                        return "";
                  }
                  
                  • 6. Re: Apply NSX Security Tags via vRO workflow
                    barjinders Novice
                    VMware Employees

                    You can get the moref from the VC VM Object. It is one of the properties of the VM.

                    var vcVM     //(Type: VC:VirtualMachine)
                    var vmMoref = vcVM.moref.value;