Symptoms:
- Tenant user is attempting to open the App Launchpad Plugin in the Cloud Director Tenant UI by clicking More > App Launchpad.
- A spinning icon appears initially, but a blank page is shown in the Tenant UI after a short period.
- Browser developer console shows a 403 Forbidden error on a GET to /api/alp/v1/system-onboard-status.
Request URL:
https://vcloud.example.com/api/alp/v1/system-onboard-status
Response:
{
"status": 403,
"message": "[ <UUID> ] This operation is denied.",
"resource": "/api/alp/v1/system-onboard-status",
"details": {
"cause": "[ <UUID> ] This operation is denied."
},
"requestId": "<REQUEST_UUID>"
}
- The /opt/vmware/alp/log/alp-default.log on the App Launchpad server show errors of the form:
ERROR c.v.alp.proxy.mqtt.MqttMessageRouter - [MQTT] Failed to get response from alp service
com.vmware.alp.error.RestClientException: {"status":403,"message":"[ <UUID> ] This operation is denied.","resource":"/api/alp/v1/system-onboard-status","details":{"cause":"[ <UUID> ] This operation is denied."},"requestId":"<REQUEST_UUID>"}
at com.vmware.alp.client.RestClientBase.exchange(RestClientBase.java:156)
at com.vmware.alp.proxy.mqtt.MqttMessageRouter.getResponseFromAlpService(MqttMessageRouter.java:68)
at com.vmware.alp.proxy.mqtt.MqttHandlerServiceImpl.handleMqttMessage(MqttHandlerServiceImpl.java:37)
at com.vmware.alp.proxy.mqtt.MqttConfig.lambda$null$0(MqttConfig.java:100)
at com.vmware.alp.service.sync.AsyncTasks$AsyncTask.compute(AsyncTasks.java:36)
at com.vmware.alp.service.sync.AsyncTasks$AsyncTask.compute(AsyncTasks.java:27)
at java.util.concurrent.RecursiveTask.exec(RecursiveTask.java:94)
at java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:289)
at java.util.concurrent.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1056)
at java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1692)
at java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:175)
- Browser developer console shows the Tenant user having a PROVIDER_ADMIN role for App Launchpad on a GET to /api/alp/v1/current-user instead of the expected TENANT_USER role.
Request URL:
https://vcloud.example.com/api/alp/v1/current-user
Response:
{
"name": "ExampleTenantUserName",
"id": "<TENANT_USER_UUID>",
"fullName": "ExampleTenantUserName",
"role": "PROVIDER_ADMIN",
"tenant": {
"id": "<TENANT_UUID>",
"name": "ExampleOrganizationName",
"enabled": true
},
"site": {
"id": "<SITE_UUID>",
"name": "Example Cloud Director"
}
}
- System users can access the App Launchpad Plugin without issue.