vRA with vIDM – RBAC

Posted on by admin

hi, recently I moved my lab to the basement so I can dig a little deeper in the infrastructure and connection.

At first glance, I took the RBAC (Role-based access control). Based on the documentation from vRA, I created a map of what groups should be in the environment

there is a bit of it so we can click it, but I made a simple script that will create it for me in AD

for sure you can write it better but the script does its job and you can find it on my GITHub

https://github.com/lukasz-tworek/vRA8

ok we have set up groups in AD and now what.

vRA uses a connection to the vIDM to provide authentication. So I started looking for an API for vIDM.

Unfortunately it is terribly complicated because vmware on its website https://developer.vmware.com/apis
unfortunately, it does not have a well-described API.

So I started doing reverse engineering

First of all, we need to be able to connect to the vIDM, it turned out to be the easiest one because I created a new profile that I will authenticate with and I will use it to download the token

to create such a profile, go to catalog-> settings

in Remote App Access, click Create Client

As Access Type we need to choos Service Client Token

as client ID we are putting our name which will be used

in Shared Secret we can setup our own pass or generate Shared Secret

and that’s where the easy part is over

We can divide the adding of active directory into the following parts

  • generating a Token
  • finding the Connector ID that will be used
  • creating a new directory (AD)
  • assigning our directory to a connector
  • find all existing groups in AD
  • adding groups to directory
  • synchronization

What was the most difficult for me is that each action requires different headers as well as the url is not fully available to the public

I tested each part in postman and then I tried to create a script that will add groups previously created in AD to the directory

I will not write here about each step of the script, you can also find it on my GITHub

https://github.com/lukasz-tworek/vRA8

However, I am happy with the action because it does for me what I would have to excuse,

Only part of the vRA is left to do, but AD and vIDM work, if you have any questions about the script or some thoughts, I am at your disposal.

The article is short, however, it seems to me that the content may be useful personally I searched a large part of the Internet and did not find this information

You can use the script in any way you want, but remember to keep the information about the original creator.

My small note to the script, if you will change groups, you must remember to always download the existing ones because API call overwrites the current configuration

Share with:


1 thought on “vRA with vIDM – RBAC

  1. Pingback: vExpert Cloud Management July 2022 Blog Digest - Möbius Business Technologies Ltd.

Leave a Reply

Your email address will not be published. Required fields are marked *