Workaround Data Service Policy Creation for DSM 9.0.2 and VCFA 9.0.1
search cancel

Workaround Data Service Policy Creation for DSM 9.0.2 and VCFA 9.0.1

book

Article ID: 437530

calendar_today

Updated On:

Products

VMware Data Services Manager VMware Data Services Manager for VCF VMware Data Services Manager for VCF Private AI Services

Issue/Introduction

Data Services UI in VCFA provider portal does not allow you to add new data service policies when your VCFA is in 9.0.1 and DSM appliance is in 9.0.2. This could happen after you upgrade the DSM appliance to 9.0.2 prior to the VCFA upgrade, or after you connect the VCFA 9.0.1 to the DSM 9.0.2.

 

When you click the NEW POLICY button, you cannot proceed to the next on step 1 because there are no regions to select.

Environment

The combination of DSM 9.0.2 + VCFA 9.0.1

Resolution

API way of Data Service Policy creation

**Note: This method assumes you have experience using API tools like command-line tool "curl" to make API requests.

Obtain VCFA provider user authorization token

There are various ways to obtain the VCFA provider user token. The formal VCFA guide to obtain an access token can be seen from link. ​​Below flows show 2 samples.

 

Method 1) Log in to the VCFA provider portal, you can right click on the page, and click Inspect (Chrome).

     
Note: The inspection tools for different web browsers are slightly different. You can refer to the links below.
1. Chrome (Chrome DevTools): https://developer.chrome.com/docs/devtools/overrides
2. Safari (Web Inspector): https://webkit.org/web-inspector/local-overrides/
3. Firefox (Firefox Developer Tools): https://fxdx.dev/network-override-in-firefox-devtools/
4. Edge (Edge DevTools): https://learn.microsoft.com/en-us/microsoft-edge/devtools/javascript/overrides

 

 

Click the Network tab in the Inspection panel, and click on any request. Navigate to the Request Headers section, and copy the content of the header “Authorization”.

 

Method 2) Use the 'curl" command (this assumes that your provider login & Password are "username / password") 

                  Make the below command to obtain the token:

curl 'https://vcfa-host-example.com/cloudapi/1.0.0/sessions/provider' \
  -X 'POST' \
  -H 'accept: application/json;version=9.0.0' \
  -H 'authorization: Basic c2VydmljZWFkbWluaXN0cmF0b3JAU3lzdGVtOnc1K3VWQm1qZS9CaHdQZzMoRjI1' \
  -H 'content-type: application/json;version=9.0.0' \
  -H 'x-vmware-vcloud-issue-refresh-token: false' \
  --insecure \
  --include

 

In the above payload, the VCFA host is vcfa-host-example.com, the username is serviceadministrator and the password is w5+uVBmje/BhwPg3(F25. The Basic authentication token is in the format of BASE64_ENCODED(username:password), hence is c2VydmljZWFkbWluaXN0cmF0b3JAU3lzdGVtOnc1K3VWQm1qZS9CaHdQZzMoRjI1.

From the output of the command, you can see a response header named “x-vmware-vcloud-access-token”. Copy its token.

 

------------

 

2. Create Data Service Policy 

Use curl to create a new Data Service Policy. The token obtained from step 1 will be filled into the request header “authorization”.

curl 'https://vcfa-host-example.com/ext-api/dsm/default/apis/infrastructure.dataservices.vmware.com/v1alpha1/namespaces/dsm-system/dataservicepolicies' \
  -H 'accept: application/json' \
  -H 'content-type: application/json' \
  -H 'authorization: Bearer eyJraWQiOiJ1cm46dmNsb3VkOm9wZW5JZFByb3ZpZGVyS2V5OjU0OGNlOTI4LWZiMDYtNDhlZS05MGFjLTFmYmZkYmJjOGYxOSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiJmYTdlNjJjNi0xMDEzLTQ0MWQtOTE3MC02NjZiODBjYTAzZDUiLCJyb2xlcyI6WyJTeXN0ZW0gQWRtaW5pc3RyYXRvciJdLCJpc3MiOiJodHRwczovL3ZjZmEuMTAuMTYxLjI0My4xNzgudmNmZC5icm9hZGNvbS5uZXQvb2lkYyIsIm51bWJlcl9vZl9ncm91cHMiOjAsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2VhZG1pbmlzdHJhdG9yIiwiYXVkIjoiOTIyZjRhMTItODJjOS00NDQwLTg0NjYtZjFiMWZhY2EwNjc1IiwibmJmIjoxNzczMTEyOTM0LCJudW1iZXJfb2Zfcm9sZXMiOjEsIm9yZ19pZCI6ImE5M2M5ZGI5LTc0NzEtMzE5Mi04ZDA5LWE4ZjdlZWRhODVmOSIsInNjb3BlIjpbInZjZF9pZHAiLCJwaG9uZSIsIm9wZW5pZCIsInByb2ZpbGUiLCJncm91cHMiLCJlbWFpbCJdLCJvcmdfZGlzcGxheV9uYW1lIjoiU3lzdGVtIiwibmFtZSI6IlNlcnZpY2UgQWRtaW5pc3RyYXRvciIsInNpdGVfaWQiOiI3ODg5ZjdlNi1mYmQxLTQyZTAtOGQ2ZC1hODNlNTZmYzM4OGQiLCJleHAiOjE3NzMxMTY1MzQsIm9yZ19uYW1lIjoiU3lzdGVtIiwiaWF0IjoxNzczMTEyOTM0LCJqdGkiOiJjNzUyODIxZC1hMDVlLTQ5M2MtYTg0Ni0yYjc5YmZkOGZlYjYifQ.aonFa0rjchemBFZ2tvWl7-TfuJv88tF8pg3Ac0phlfIckpB9F3d_AoNnKfQb3iWIHV--pZhewS_WIOdLgpyCqU0C7zk3DsU3rVtI__OyVqai9YaHdl4BGyRRGzZiJl3Rop2bdfsapAdgxxjImcQCD9t9fvAAmzuyePlYM28NqDPh9zTz9Qh-fn6_rEo7-JsVFqah6vgPtIcxSRK5vInl7LMlboOJgctGag1_eKrTI7PD64FA2pBF2s9wi-2e0boWOQ5fnur2DdpSzZsOqU5eqyCVusnpMBWFmHJ5F9eh-U-kieibyTgZKHJHgFvZq0ibU2GrcIH1d8NHXypMwpFg5Q' \
  --data-raw '{"apiVersion":"infrastructure.dataservices.vmware.com/v1alpha1","kind":"DataServicePolicy","metadata":{"namespace":"dsm-system","name":"dspolicy-api-created","labels":{"dsm.vmware.com/created-in":"vcfa"}},"spec":{"description":"","serviceType":"vmware-sql-postgres","matchCriteria":[{"key":"vcfa.vmware.com/org","operator":"in","values":["urn:vcloud:org:30594302-2b97-4018-9ca5-5ac49164bc77"]}],"postgresPolicy":{"common":{"allowedInfrastructurePolicies":["dsm-test"],"allowedBackupLocations":[],"allowedVersions":["*"]}}}}' \
  --insecure


In the above curl payload, we create a Data Service Policy named “dspolicy-api-created”. It is assigned to a specific organization with URN “urn:vcloud:org:30594302-2b97-4018-9ca5-5ac49164bc77”. You can customize other fields for the Data Service Policy. Refer to https://developer.broadcom.com/xapis/vmware-data-services-manager-kubernetes-api/9.0.2.0/dsm-k8s-apis-9.0.2.0.html#dataservicepolicy for the API specification of Data Service Policy schema.

Now the Data Service Policy is created successfully, but you still cannot view it in VCFA UI.

 

 

UI inspection to view Data Service Policies

In this step, we temporarily resolve the region name for DSM connection in VCFA, this allows the user to view or even create data service policies in UI.
Please note the region resolution in this option is temporary. After you refresh your web browser, you need to repeat the workaround.


1) Login to VCFA provider UI >>> navigate to Data Services menu >>> Navigate to the Connections page in Data Services, right click on the page and click Inspect (Chrome).

2) Click the Network tab on the Inspection panel.

3) Navigate to the Data Service Policies tab. You can see a request with name dsmBinding/1.0.0 on the Inspection panel. Right click on this request and click Override Content.

4) On the top of the Inspection panel, you will be asked to Select folder. Choose any local folder to store the temporary UI content and click Allow.

5) On the Inspection panel, click dsmBinding/1.0.0 , and you will see JSON payload for this API. Note the region is empty at the moment.

 

 

7) Set its value to “default” and save with keyboard command + s (MacOS) or ctrl + s (Windows).

8) Existing Data Service Policies should now be viewable

9) It will now be possible to create additional Data Service Policies, Click on create the new policy button and region selection for "default" will now be viewable.

Powered by Wolken Software