Using the vRealize Automation API to configure a VMware Cloud Director Cloud Account

VCD vRA API

Published on 23 September 2022 by Christopher Lewis. Words: 979. Reading Time: 5 mins.

In this post, we will look at how we can use the VMware vRealize Automation (vRA) API to configure a VMware Cloud Director Cloud Account.

We are going to be using cURL to complete API calls to complete the following operational tasks:

Obtaining a API Refresh Token.
Logging in to vRealize Automation.
Adding a VMware Cloud Director Cloud Account.

This post has come about following an issue with the vRealize Automation UI where a customer couldn’t use the UI to complete this task. I immediately went to the VMware Code website to locate the API call for this activity but it seems it remains currently undocumented. Hence the need for a post!

Prerequisites

The following prerequisites are required for this blog post:

Successful installation of a supported version of vRealize Automation 8.x - my environment is running vRA 8.9.1
Successful installtion of a supported version of VMware Cloud Director - my environment is running 10.0

Walkthrough

Obtaining an API Refresh Token

Overview

We are going use this API call to deploy VMware Identity Manager. As we can see there is a lot of information required wihtin the REST API body. This is beacuse we are, essentially, creating an answer file for the deployment upfront.

API Request

The following REST API request is required:

Request Type: POST
Request URL: https://{{vra-url}}/csp/gateway/am/api/login?access_token
Request Header(s):
- Accept: application/json
- Content-Type: application/json
Request Body Values:
- username - the username of a vRealize Automation user with sufficient rights to create a Cloud Account.
- password - the password of the user specified in the username field
- domain - the domain of the user in the username field.

Note:
If using a local user in vIDM (such as configadmin), then the domain field is NOT required.

API Example

An example cURL command for this REST API is:

curl --location --request POST 'https://{{vra-url}}/csp/gateway/am/api/login?access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "{{user}}",
    "password": "{{password}}",
    "domain": "{{domain}}"
}'

Note:
Remember, the –insecure flag is also required in the curl command if you are using self-signed SSL certificates in vRealize Automation.

API Response

When submitting a successful request (Status Code = 200 OK), you should receive a response that shows the Refresh Token:

{
    "refresh_token": "kkhUnUyJrUQgEViL5x71Jv2TwgGAXC65"
}

We will need the Refresh Token to log into vRealize Automation in the next step.

Logging in to vRealize Automation

Overview

In this section we are going to be using an API request to log into vRealize Automation to obtain a Bearer Token that we can then use on subsequent API calls.

API Request

The following REST API request is required:

Request Type: POST
Request URL: https://{{vra-url}}/iaas/api/login
Request Header(s):
- Accept: application/json
- Content-Type: application/json
Request Body Values:
- refreshToken - This is the token we obtained from the previous API call.

API Example

An example cURL command for this REST API is using the default repository is:

curl --location --request POST 'https://{{vra-url}}/iaas/api/login' \
--header 'Content-Type: application/json' \
--data-raw '{
	"refreshToken": "{{refreshToken}}"
}'

Note: the –insecure flag is also required in the curl command if you are using self-signed SSL certificates.

API Response

When submitting a successful request (Status Code = 200 OK), you should receive a response that shows the Bearer Token:

{
    "tokenType": "Bearer",
    "token": "{{Bearer Token}}"
}

Adding a VMware Cloud Director Cloud Account

Overview

In this section we are going to be using an API request to Add the VMware Cloud Director Cloud Account to vRealize Automation.

API Request

The following REST API request is required:

Request Type: POST
Request URL: https://{{vra-url}}/iaas/api/cloud-accounts?apiVersion=2021-07-15
Request Header(s):
- Accept: application/json
- Content-Type: application/json
- Authorization: Bearer {insert bearerToken}
Request Body Values:
- name - The display name shown within vRealize Automation UI.
- description - (OPTIONAL) Description of the Cloud Account.
- cloudAccountType - As we are using the generic cloud account API, this is the type of cloud account that needs to be configured. Therefore we are using vcd. The other currently supported currently supported values are: vsphere, aws, azure, nsxv and nsxt. However they also have their own cloud-account API calls, see the API Docs for more information.
- host - The FQDN of the VMware Cloud Director deployment.
- username - The username used to connect to VMware Cloud Director
- password - The password used to connect to VMware Cloud Director
- organization - The name of the VMware Cloud Director Organization that is being connected.
- certificate - The SSL certificate chain in order {leaf}->{sub-ordinate CA}->{CA}.
- vdcName - The name of the VMware Cloud Director Virtual Datacenter you would like to enable provisioning too.
- vdcId - The VMware Cloud Director Virtual Datacenter Id. Which I obtain this by logging into VMware Cloud Director, clickingon the target Virtual Datacenter and then took the value from the URL. In my environment the URL was: https://vcd.gsslabs.org/tenant/org1/vdcs/bb01373d-87ad-4e43-a5c6-ead6079ac01f/vm. Therefore the Virtual Datacenter Id was bb01373d-87ad-4e43-a5c6-ead6079ac01f. See below for a screenshot
- tags - (OPTIONAL) list of vRealize Automation capability tags to be used with this VMware Cloud Director cloud account.

API Example

An example cURL command for this REST API is:


curl --location --request POST 'https://{{vra-url}}/iaas/api/cloud-accounts?apiVersion=2021-07-15' \
--header 'Authorization: Bearer {{bearerToken}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name":"{{name}}",
    "description": {{decscription}},
    "cloudAccountType":"{{cloudAccountType}}",
    "cloudAccountProperties": 
    {
        "host":"{{vcd}}",
        "organization":"{{organization}}",
        "dcId":"onprem"
    },
    "customProperties":{},
    "associatedCloudAccountIds":[],
    "associatedMobilityCloudAccountIds":{},
    "privateKey":"{{password}}",
    "privateKeyId":"{{username}}",
    "certificateInfo":
    {
        "certificate":""-----BEGIN CERTIFICATE-----\n{{certificate}}\n-----END CERTIFICATE-----\n""
    },
    "regions":
    [
        {
            "externalRegionId":"urn:vcloud:vdc:{{vdcId}}",
            "name":"{{vdcName}}"
        }
    ],
    "createDefaultZones": true,
    "tags": [
      {
        "key": "{{tagKey}}",
        "value": "{{tagValue}}"
      }
    ]
  }'

Note:
Remember, the –insecure flag is also required in the curl command if you are using self-signed SSL certificates.

API Response

When submitting a successful request (Status Code = 202 Accepted), you should receive a response that shows the notification that the task has ben started.

{
    "progress": 0,
    "status": "INPROGRESS",
    "name": "Cloud account creation/update",
    "id": "bd58e1df-d0d4-4989-81fd-95466158382f",
    "selfLink": "/iaas/api/request-tracker/bd58e1df-d0d4-4989-81fd-95466158382f"
}

Now, If we flip back to vRealize Automation, the Cloud Account has been added.

Wrapping It All Up!

In this quick post, we discovered how we could use the vRealize Automation API to work around a User Inteface(UI) within vRealize Automation.

Published on 23 September 2022 by Christopher Lewis. Words: 979. Reading Time: 5 mins.

Blog Categories: VMware vRealize Automation VMware Cloud Director