Using the Aria Automation API to configure a Cloud Account for VMware Cloud Director


Aria Automation AA VCD API

Published on 23 September 2022 by Christopher Lewis. Words: 1120. Reading Time: 6 mins.

From version 8.6, VMware Aria Automation (formerly vRealize Automation) introduced the capability to add a VMware Cloud Director (VCD) Organization as a Cloud Account. In this post, we will look at how we can use the Aria Automation (AA) Infrastructure as a Service API to configure a VMware Cloud Director Cloud Account without the need for the UI.

The Issue

The genesis of this post has come from an issue that was reported to me where a VMware partner couldn’t use the UI to complete this task due to some interesting validation of the VCD URL around different Top Level Domains. After raising a bug report internally, I immediately went to the VMware Code website to locate the relevant API call for this activity but it seems the API call remains currently undocumented. Therefore I thought it would be useful to write a blog article on the different API calls you would need to complete this task.

Objective Overview

We are going to be completing the following tasks to meet the objective:

  • Obtaining a API Refresh Token.
  • Logging in to Aria Automation.
  • Adding a VMware Cloud Director Cloud Account.

The examples provided are using cURL but this is not the only way to complete API calls.

Prerequisites

The following prerequisites are required for this blog post:

  • Successful installation of a supported version of Aria Automation 8.6 (or above) - my environment is running vRA 8.9.1
  • Successful installtion of a supported version of VMware Cloud Director - my environment is running 10.0

Walkthrough

Obtaining an API Refresh Token

Overview

In this section we are going to be using an API request to get an refresh token from Aria Automation so that we can then log into Aria Automation.

API Request

The following REST API request is required:

  • Request Type: POST
  • Request URL: https://{{aa-url}}/csp/gateway/am/api/login?access_token
  • Request Header(s):
    • Accept: application/json
    • Content-Type: application/json
  • Request Body Values:
    • username - the username of a Aria Automation user with sufficient rights to create a Cloud Account.
    • password - the password of the user specified in the username field
    • domain - the domain of the user in the username field.

Note:
If using a local user in vIDM (such as configadmin), then the domain field is NOT required.

API Example

An example cURL command for this REST API is:

curl --location --request POST 'https://{{aa-url}}/csp/gateway/am/api/login?access_token' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "{{user}}",
    "password": "{{password}}",
    "domain": "{{domain}}"
}'

Note:
Remember, the –insecure flag is also required in the cURL command if you are using self-signed SSL certificates in Aria Automation.

API Response

When submitting a successful request (Status Code = 200 OK), you should receive a response that shows the Refresh Token:

{
    "refresh_token": "kkhUnUyJrUQgEViL5x71Jv2TwgGAXC65"
}

We will need the Refresh Token to log into Aria Automation in the next step.

Logging in to Aria Automation

Overview

In this section we are going to be using an API request to log into Aria Automation to obtain a Bearer Token that we can then use on subsequent API calls.

API Request

The following REST API request is required:

  • Request Type: POST
  • Request URL: https://{{aa-url}}/iaas/api/login
  • Request Header(s):
    • Accept: application/json
    • Content-Type: application/json
  • Request Body Values:
    • refreshToken - This is the token we obtained from the previous API call.

API Example

An example cURL command for this REST API is using the default repository is:

curl --location --request POST 'https://{{aa-url}}/iaas/api/login' \
--header 'Content-Type: application/json' \
--data-raw '{
	"refreshToken": "{{refreshToken}}"
}'

Note: the –insecure flag is also required in the cURL command if you are using self-signed SSL certificates.

API Response

When submitting a successful request (Status Code = 200 OK), you should receive a response that shows the Bearer Token:

{
    "tokenType": "Bearer",
    "token": "{{Bearer Token}}"
}

Adding a VMware Cloud Director Cloud Account

Overview

In this section we are going to be using an API request to Add the VMware Cloud Director Cloud Account to Aria Automation.

API Request

The following REST API request is required:

  • Request Type: POST
  • Request URL: https://{{aa-url}}/iaas/api/cloud-accounts?apiVersion=2021-07-15
  • Request Header(s):
    • Accept: application/json
    • Content-Type: application/json
    • Authorization: Bearer {insert bearerToken}
  • Request Body Values:
    • name - The display name shown within Aria Automation UI.
    • description - (OPTIONAL) Description of the Cloud Account.
    • cloudAccountType - As we are using the generic cloud account API, this is the type of cloud account that needs to be configured. Therefore we are using vcd. The other currently supported currently supported values are: vsphere, aws, azure, nsxv and nsxt. However they also have their own cloud-account API calls, see the API Docs for more information.
    • vcdHost - The FQDN of the VMware Cloud Director deployment.
    • username - The username used to connect to VMware Cloud Director
    • password - The password used to connect to VMware Cloud Director
    • organization - The name of the VMware Cloud Director Organization that is being connected.
    • certificate - The SSL certificate chain in order {leaf}->{sub-ordinate CA}->{CA}.
    • vdcName - The name of the VMware Cloud Director Virtual Datacenter you would like to enable provisioning too.
    • vdcId - The VMware Cloud Director Virtual Datacenter Id. Which I obtain this by logging into VMware Cloud Director, clickingon the target Virtual Datacenter and then took the value from the URL. In my environment the URL was: https://vcd.gsslabs.org/tenant/org1/vdcs/bb01373d-87ad-4e43-a5c6-ead6079ac01f/vm. Therefore the Virtual Datacenter Id was bb01373d-87ad-4e43-a5c6-ead6079ac01f. See below for a screenshot
    • tags - (OPTIONAL) list of Aria Automation capability tags to be used with this cloud account.

API Example

An example cURL command for this REST API is:


curl --location --request POST 'https://{{aa-url}}/iaas/api/cloud-accounts?apiVersion=2021-07-15' \
--header 'Authorization: Bearer {{bearerToken}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "name":"{{name}}",
    "description": {{decscription}},
    "cloudAccountType":"{{cloudAccountType}}",
    "cloudAccountProperties": 
    {
        "host":"{{vcdHost}}",
        "organization":"{{organization}}",
        "dcId":"onprem"
    },
    "customProperties":{},
    "associatedCloudAccountIds":[],
    "associatedMobilityCloudAccountIds":{},
    "privateKey":"{{password}}",
    "privateKeyId":"{{username}}",
    "certificateInfo":
    {
        "certificate":""-----BEGIN CERTIFICATE-----\n{{certificate}}\n-----END CERTIFICATE-----\n""
    },
    "regions":
    [
        {
            "externalRegionId":"urn:vcloud:vdc:{{vdcId}}",
            "name":"{{vdcName}}"
        }
    ],
    "createDefaultZones": true,
    "tags": [
      {
        "key": "{{tagKey}}",
        "value": "{{tagValue}}"
      }
    ]
  }'

Note:
Remember, the –insecure flag is also required in the cURL command if you are using self-signed SSL certificates.

API Response

When submitting a successful request (Status Code = 202 Accepted), you should receive a response that shows the notification that the task has ben started.

{
    "progress": 0,
    "status": "INPROGRESS",
    "name": "Cloud account creation/update",
    "id": "bd58e1df-d0d4-4989-81fd-95466158382f",
    "selfLink": "/iaas/api/request-tracker/bd58e1df-d0d4-4989-81fd-95466158382f"
}

Now, If we flip back to Aria Automation and refresh the Cloud Account page, our new Cloud Account should have been added.

Wrapping It All Up!

In this quick post, we discovered the benefit of Aria Automation 8.x being an API-first product. We walked through how we could use the Aria Automation 8.x Infrastructure as a Service API to create a VMware Cloud Director Cloud Account to work around a User Inteface(UI) issue and complete the task.

Finally thanks go out to my colleague, Cosmin Trif , who provided the test environment for me to capture and validate the necessary API calls!

Published on 23 September 2022 by Christopher Lewis. Words: 1120. Reading Time: 6 mins.