The change to remove hidden properties in a request submitted by a basic user was made in an earlier version. This change was made in response to a perceived security risk in vRealize Automation that allowed users making requests via vRealize Orchestrator or the REST API to add request properties that were disallowed through the UI.
Symptoms:
- The values of hidden custom properties do not get transferred into the payload when a custom property is marked as "show in request = false" on the blueprint and that custom property is added to a custom form.
- There are log messages stating that the field has been removed from the request in /var/log/vmware/vcac/catalina.out
[UTC:2019-07-03 17:40:11,328 Local:2019-07-03 17:40:11,328] vcac: [component="cafe:composition-service" priority="INFO" thread="tomcat-http--70" tenant="imp" context="urQEiqu4" parent="hEJaIXWY" token="t4z2ehho"] com.vmware.vcac.composition.service.util.EffectiveValueBuilder.filterInvisibleFields:149 - Field [Windows_Server_Base~HiddenCustSpec] is determined to be hidden
vcac/catalina.out.5:36458:[UTC:2019-07-03 17:40:11,338 Local:2019-07-03 17:40:11,338] vcac: [component="cafe:composition-service" priority="INFO" thread="tomcat-http--70" tenant="imp" context="urQEiqu4" parent="hEJaIXWY" token="t4z2ehho"] com.vmware.vcac.composition.service.util.EffectiveValueBuilder.filterInvisibleFields:149 - Field [HiddenCustSpec] is determined to be hidden
vcac/catalina.out.5:36508:[UTC:2019-07-03 17:40:11,387 Local:2019-07-03 17:40:11,387] vcac: [component="cafe:composition-service" priority="INFO" thread="tomcat-http--70" tenant="imp" context="urQEiqu4" parent="hEJaIXWY" token="t4z2ehho"] com.vmware.vcac.composition.service.util.DeploymentUtil.removeFieldFromLiteralMap:476 - Removing [HiddenCustSpec] from request data.
-
NOTE! The below failure message varies depending on the actual custom property being used.
Provisioning failures similar to the following occur due to NULL key pair values within the payload:
"CloneVM : Cannot locate the virtual machine or template with name ."
In the above error, a basic user is requesting a custom form for a vSphere machine deployment using the CloneFrom property value, which is being NULL'd out by the system, thus failing the provisioning request as a template cannot be found within vCenter."