API operations for custom groups are failing due to group not being found in vRA 7.4
Article ID: 342462
Updated On:
Products
Issue/Introduction
API operations for custom groups might fail with HTTP response code 404 Not Found as for the below sample request:
GET /identity/api/tenants/{tenantId}/groups/arbitrary-group-name@arbitrary-group-domain
Environment
VMware vRealize Automation 6.x
VMware vRealize Automation 7.4.x
VMware vRealize Automation 6.2
VMware vRealize Automation 7.x
VMware vRealize Automation 6.2.x
VMware vRealize Automation 7.0.x
VMware vRealize Automation Desktop 6.2.x
VMware vRealize Automation 7.1.x
VMware vRealize Automation Desktop 6.2
VMware vRealize Automation 7.3.x
Cause
Resolution
Previously, the value of the custom group domain could be an arbitrary string, normally the name of the tenant was being used as a value.
In the case when a new custom group was being created, an API request similar to the following had to be issued:
POST /api/tenants/{tenantId}/groups
{"groupType":"CUSTOM", "name":"arbitrary-group-name", "description":"arbitrary-group-description", "principalId":{"domain":"arbitrary-group-domain", "name":"arbitrary-group-name"}}
In vRA 7.4, when creating a custom group, the value of the custom group domain must always be set to the system domain configured in vRealize Automation (normally, vsphere.local).
For example:
POST /api/tenants/{tenantId}/groups
{"groupType":"CUSTOM", "name":"arbitrary-group-name", "description":"arbitrary-group-description", "principalId":{"domain":"vsphere.local", "name":"arbitrary-group-name"}}
For other API operations like in the case when retrieving a custom group, it must be referred to with the system domain configured in vRealize Automation (normally, vsphere.local).
For example:
GET /identity/api/tenants/{tenantId}/groups/[email protected]
Feedback
