Managing access to the VMware vCloud Availability for Cloud-to-Cloud Plugin to vCloud Director 9.5

With C2C 1.5, a new plugin was introduced inside of the vCloud Director 9.x context switching menu. By default, all organizations and org admins receive this plugin once C2C is installed. What if we wanted to restrict/control access and mask this from specific tenants? Well, I plan on walking through how this is done using … Continue reading “Managing access to the VMware vCloud Availability for Cloud-to-Cloud Plugin to vCloud Director 9.5”

The post Managing access to the VMware vCloud Availability for Cloud-to-Cloud Plugin to vCloud Director 9.5 appeared first on Clouds, etc..

Spread the love

With C2C 1.5, a new plugin was introduced inside of the vCloud Director 9.x context switching menu. By default, all organizations and org admins receive this plugin once C2C is installed. What if we wanted to restrict/control access and mask this from specific tenants? Well, I plan on walking through how this is done using the new /cloudapi inside of 9.5.

Recently, I ran into a situation where my Cloud-to-Cloud plugin was not populating in the vCD context menu for my organizations, however, I saw it in the sysadmin view –

So, this led me to investigate further and discover the full capacity of the plugin management from the new vCloud Director 9.5 API (with the help of Jeff Moroski)

With vCD 9.5, we introduced the use of bearer tokens for authentication. Tomas Fojta did a great job of writing up a how-to guide on using bearer tokens inside of Postman while embedding the token after login.

First off, how did I resolve the above problem? Well, it turned out that it was not published out to any organization. Let’s walk through the API and discuss how one can control access to the plugin.

Steps

First off, POST to your vCD instance to grab the access token –

https://vcd-fqdn/api/sessions


From there, I’m ready to run a GET to see what extensions are registered to this vCD instance (remember, uncheck the Accept/XML header since this is JSON) –

https://vcd-fqdn/cloudapi/extensions/ui

We can see my plugin has a identifier associated of –

"id": "urn:vcloud:uiPlugin:c450bdf8-764f-4631-a319-1c849873c176",

So, let’s see which tenants have access to this now. Here’s my GET API string –

https://vcd-fdqn/cloudapi/extensions/ui/urn:vcloud:uiPlugin:c450bdf8-764f-4631-a319-1c849873c176/tenants

Now, in my above issue, I had nothing in the output body. Therefore, Jeff stated that I needed to append “publishAll” to propagate to all tenants. Great!

Let’s go ahead and remove access to the “Daniel” organization for C2C. Right now, I see this in my UI –

This requires a POST command with the JSON body that has the “Daniel” organization inside of it –

https://vcd-fqdn/cloudapi/extensions/ui/urn:vcloud:uiPlugin:c450bdf8-764f-4631-a319-1c849873c176/tenants/unpublish [ { "name": "Daniel", "id": "urn:vcloud:org:aa663210-b11f-4c14-8dca-1efab8dec429" }
]

I received a 200 OK message, so it looks like it worked, let’s go check.

A quick refresh, voila! Gone.

Again, this is a great way to verify and control the accessibility to the Availability plugin (or any vCD plugin) in vCloud Director 9.5. Cheers!

-Daniel

Facebook Comments

More Stuff

vCloud Director – Unable to Remove vCenter Endpoint This is a quickie, but I’m hoping this will help others if they run into this. I received some odd behavior when attempting to remove a vCenter endpoi...
vSphere Update Manager Enhancements in vSphere 6.7 Update 1 vSphere 6.7 Update 1 is now out, and with that the vSphere Client is now Fully Featured for your vSphere Environment. With the addition of vSphere Up...
Automating the Upgrade of the Virtual Distributed Switch We are on the home stretch of our Automating your vSphere Upgrade blog series. The final step of completing our upgrade will be upgrading our Virtual ...
vSphere Upgrade Series Part 6: Upgrading vSphere Networking Congratulations! You have made it to the final part of the vSphere Upgrade Series, Part 6: Upgrading vSphere Networking. To recap, I kicked off this s...
Spread the love

Posted by News Monkey