API operations for custom groups are failing due to group not being found in vRA 7.4
search cancel

API operations for custom groups are failing due to group not being found in vRA 7.4

book

Article ID: 342462

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
API operations for custom groups might fail with HTTP response code 404 Not Found as for the below sample request:

GET /identity/api/tenants/{tenantId}/groups/arbitrary-group-name@arbitrary-group-domain

Environment

VMware vRealize Automation 7.2.x
VMware vRealize Automation 6.x
VMware vRealize Automation 7.4.x
VMware vRealize Automation 6.2
VMware vRealize Automation 7.x
VMware vRealize Automation 6.2.x
VMware vRealize Automation 7.0.x
VMware vRealize Automation Desktop 6.2.x
VMware vRealize Automation 7.1.x
VMware vRealize Automation Desktop 6.2
VMware vRealize Automation 7.3.x

Cause

This issue occurs due to changes made in providing the value of the custom group domain in vRA 7.4.

Resolution

Previously, the value of the custom group domain could be an arbitrary string, normally the name of the tenant was being used as a value.
In the case when a new custom group was being created, an API request similar to the following had to be issued:

POST /api/tenants/{tenantId}/groups 
{"groupType":"CUSTOM", "name":"arbitrary-group-name", "description":"arbitrary-group-description", "principalId":{"domain":"arbitrary-group-domain", "name":"arbitrary-group-name"}}


In vRA 7.4, when creating a custom group, the value of the custom group domain must always be set to the system domain configured in vRealize Automation (normally, vsphere.local).

For example: 
POST /api/tenants/{tenantId}/groups 
{"groupType":"CUSTOM", "name":"arbitrary-group-name", "description":"arbitrary-group-description", "principalId":{"domain":"vsphere.local", "name":"arbitrary-group-name"}}


For other API operations like in the case when retrieving a custom group, it must be referred to with the system domain configured in vRealize Automation (normally, vsphere.local).

For example:
GET /identity/api/tenants/{tenantId}/groups/[email protected]