Changing Password programatically using API for a managed product in vRSLCM 8.x


 

In this blog we shall discuss methods or process needed to change passwords of managed products by vRSLCM using locker API's



 

In all below API calls where mentioned

{{idmurl}} is the VMware Identity Manager's hostname 
(e.g idm.domain.example)

{{lcmurl}} is the vRealize Suite Lifecycle Manager's hostname 
(e.g https://lcm.domain.example)

 

Aquire Session Token ( vIDM )


Request


Method: POST 

Request: {{vidmurl}}/SAAS/API/1.0/REST/auth/system/login

Headers:
Content-Type: application/json
Accept: application/json

Request body:

{
"username": "configadmin",
"password": "configadmin_password",
"issueToken": "true"
}

Response


<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<userSession>
    <admin>false</admin>   <sessionToken>eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIwN2VlNDQ0My0yYzYzLTRkNmQtODk4ZC1kY2UzZjQzNDZkYWYiLCJwcm4iOiJjb25maWdhZG1pbkBJRE0iLCJkb21haW4iOiJTeXN0ZW0gRG9tY**********3_qehterCBvH60n_ecUx4tweMj6byOorhEcFBfgCgG5LxDUDKH5Da9XaPmBsOF5qcozCz9YWdJciuwGtCGUxdow2zhdwfVGb-uNk71QyUET6fSh1G-JQCn41K_8rJ4tgtRX8ETm--BGLY9fy5g</sessionToken>
</userSession>


A cookie is set in this case as well

This session token has been placed under environment details as variable





Aquire LCM Auth Token (admin@local)


Request

Method: POST
Request:  {{lcmurl}}/lcm/authzn/api/login
Authorization: Basic Auth
username: admin@local
password: ******


Response


A cookie is created and response code is 200


As one can see there are two cookies set , one for idm based authentication and the other for lcm local auth



 


Fetch Environment Details


We shall use this API to fetch environment details in which the product is present


Request

Method: GET

Request: {{lcmurl}}/lcm/lcops/api/v2/environments?status=COMPLETED


Response




[
    {
        "environmentId": "globalenvironment",
        "environmentName": "globalenvironment",
        "environmentDescription": "",
        "environmentHealth": null,
        "logHistory": "[ {\n  \"logGeneratedTime\" : 1657682435109,\n  \"logLocation\" : \"https://lcm.cap.org/repo/logBundleRepo/environment/globalenvironment/log-globalenvironment-1657682435109.tar.gz\"\n} ]",
        "environmentStatus": "COMPLETED",
        "infrastructure": {
            "properties": {
            }
        },
        "products": [
            {
                "id": "vidm",
                "version": "3.3.6",
                "patchHistory": null,
                "snapshotHistory": null,
                "logHistory": null,
                "clusterVIP": null,
                "nodes": [
                    {
                        "type": "vidm-primary",
                        "properties": {
                            "hostName": "********",
                            "cluster": "********",
                            "esxHost": "********",
                            "memory": "**",
                            "diskMode": "***",
                            "vCenterHost": "******",
                            "storage": "****",
                            "network": "*****",
                            "capacity": "***",
                            "vidmRootPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias",
                            "vidmSystemAdminPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword",
                            "enableTelemetry": "false",
                            "affinityRules": null,
                            "__vMoid": "vm-43",
                            
                        }
                    },
                    {
                        "type": "vidm-connector",
                        "properties": {
                            
                        }
                    }
                ],
                "collectorGroups": null,
                "properties": {
                    *
                    *

                    "vidmAdminPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword",
                    "enableTelemetry": "false",
                    "defaultConfigurationPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword",
                    *
                    *
                    *
                    "certificate": "locker:certificate:6d7a83c9-40c6-42f8-9d6b-af75227b3689:idm"
                }
            }
        ],
        "metaData": {
            "isCloudProxyEnvironment": "false"
        }
    },



You will get a json response with all the environment and product data. Look at the screenshot for more information.


Based on the environment and the product you have selected to change specific account passwords , those data can be aquired from this response

 

Get the root password from the product


As an example in this blog , we will choose to change root password of vIDM


Based on the above response we got the the environments api , we will collect current root password of vIDM and keep it aside


So that would be


 "vidmRootPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias"

We can confirm that from UI too





If you look at the syntax on how it's stored


 "vidmRootPassword": "locker:password:vmid:locker_alias"
 
  "vidmRootPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias"



Get the Password using VMID


Now let's get the details of the password using the extracted vmid by using following API




Request

Method: GET

Request: {{lcmurl}}/lcm/locker/api/v2/passwords/details/<vmid>



Response




{
    "vmid": "b1ed53c1-c6c2-4422-ba3c-68f39b33a04a",
    "tenant": "default",
    "alias": "dummyalias",
    "userName": "dummy",
    "password": "PASSWORD****",
    "passwordDescription": "dummypassword",
    "createdOn": 1664436058965,
    "lastUpdatedOn": 1664436058965
}




View Password


To view the password use the below URL



Request

Method: POST
Request: {{lcmurl}}/lcm/locker/api/v2/passwords/details/<vmid>



Response


{
    "passwordVmid": "b1ed53c1-c6c2-4422-ba3c-68f39b33a04a",
    "password": "Dummy123!"
}



 

Create New Password object in Locker


Here's the API to create an object in locker. It's a post call. In the response your returned with the vmid of the password object which has been created


Request

Method: POST
Request: {{lcmurl}}/lcm/locker/api/v2/passwords


Response



{
    "vmid": "deab31fa-ea7a-452b-a0ad-a5daa5bb4126",
    "tenant": "default",
    "alias": "vidmroot071022",
    "userName": "root",
    "password": "PASSWORD****",
    "passwordDescription": "vidmroot071022",
    "createdOn": 1665147383168,
    "lastUpdatedOn": 1665147383168
}




We can check the new password in the UI as well




 

Update Password


As an example , we shall consider root password of vIDM to be changed


Request



Method: PUT
Request:{{lcmurl}}/lcm/lcops/api/v2/environments/{{envid}}/products/{{idmprodid}}/nodes/{{nodetype}}


Note: the above request url should be properly replaced by appropriate values

This URL is used to change root password for vIDM node

 {{envid}}: "globalenvironment"
 {{idmprodid}}: "vidm"
 {{nodetype}}: "vidm-primary"
 


We need to compile body of the request


Remeber from the previous API , we've collected the current password and also stored the vmid of the new password onject we created to apply as a new root password

{
"currentPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias",
"hostName": "{{nodehostname}}",
"newPassword": "locker:password:deab31fa-ea7a-452b-a0ad-a5daa5bb4126:vidmroot071022",
"userNameToUpdate": "root"
}


Remember the {{nodehostname}} is the node for which the password is being changed. If it's a cluster , this has to be executed thrice on each node to maintain consistency



Once we submit the request , as a response a request id is sent which can be tracked too



The request id can be polled using following API


Request

Method: PUT
Request:{{lcmurl}}/lcm/request/api/v2/requests/<requestId>

Response



In the UI you may see the request to update password is now complete for root



In similar manner if you want to change admin password of vIDM then you have to do following.


Remeber the API would change it's not going to be same



Request



Method: PUT
Request:
{{lcmurl}}/lcm/lcops/api/v2/environments/{{envid}}/products/{{idmprodid}}/admin-password


Note: the above request url should be properly replaced by appropriate values

This URL is used to change root password for vIDM node

 {{envid}}: "globalenvironment"
 {{idmprodid}}: "vidm"
 {{nodetype}}: "vidm-primary"
 

Request Body


{
"adminPassword": "locker:password:deab31fa-ea7a-452b-a0ad-a5daa5bb4126:vidmroot071022",
"currentAdminPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword"
}

I will replace the values in the body with appropriate values


Then execute the API




If you poll the request you can see whole lot of details. If it's a failure then stop polling




You may now see the request created and completed in UI .




 

Delete Password


To delete the password , one can use the following API





Request

Method: DELETE
Request: {{lcmurl}}/lcm/locker/api/v2/passwords/<vmid>




I'll get the vmid from the url or from the api as shown before


Response



{
    "vmid": "b1ed53c1-c6c2-4422-ba3c-68f39b33a04a",
    "tenant": "default",
    "alias": "dummyalias",
    "userName": "dummy",
    "password": "Dummy123!",
    "passwordDescription": "dummypassword",
    "createdOn": 1664436058965,
    "lastUpdatedOn": 1664436058965
}


 


In this manner if you know the API's and appropriate values to substitute you should be able to programatically change passwords on any products managed by vRSLCM 8.x



 


40 views0 comments