Changing Password programatically using API for a managed product in vRSLCM 8.x

Changing Password programatically using API for a managed product in vRSLCM 8.x

Rated NaN out of 5 stars.

In this blog we shall discuss methods or process needed to change passwords of managed products by vRSLCM using locker API’s

In all below API calls where mentioned

{{idmurl}} is the VMware Identity Manager's hostname 
(e.g idm.domain.example)

{{lcmurl}} is the vRealize Suite Lifecycle Manager's hostname 
(e.g https://lcm.domain.example)

Aquire Session Token ( vIDM )

Request

Method: POST 

Request: {{vidmurl}}/SAAS/API/1.0/REST/auth/system/login

Headers:
Content-Type: application/json
Accept: application/json

Request body:

{
"username": "configadmin",
"password": "configadmin_password",
"issueToken": "true"
}

Response

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<userSession>
    <admin>false</admin>   <sessionToken>eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIwN2VlNDQ0My0yYzYzLTRkNmQtODk4ZC1kY2UzZjQzNDZkYWYiLCJwcm4iOiJjb25maWdhZG1pbkBJRE0iLCJkb21haW4iOiJTeXN0ZW0gRG9tY**********3_qehterCBvH60n_ecUx4tweMj6byOorhEcFBfgCgG5LxDUDKH5Da9XaPmBsOF5qcozCz9YWdJciuwGtCGUxdow2zhdwfVGb-uNk71QyUET6fSh1G-JQCn41K_8rJ4tgtRX8ETm--BGLY9fy5g</sessionToken>
</userSession>
A cookie is set in this case as well

This session token has been placed under environment details as variable

Aquire LCM Auth Token (admin@local)

Request

Method: POST
Request:  {{lcmurl}}/lcm/authzn/api/login
Authorization: Basic Auth
username: admin@local
password: ******

Response

A cookie is created and response code is 200

As one can see there are two cookies set , one for idm based authentication and the other for lcm local auth

Fetch Environment Details

We shall use this API to fetch environment details in which the product is present

Request

Method: GET

Request: {{lcmurl}}/lcm/lcops/api/v2/environments?status=COMPLETED

Response

[
    {
        "environmentId": "globalenvironment",
        "environmentName": "globalenvironment",
        "environmentDescription": "",
        "environmentHealth": null,
        "logHistory": "[ {\n  \"logGeneratedTime\" : 1657682435109,\n  \"logLocation\" : \"https://lcm.cap.org/repo/logBundleRepo/environment/globalenvironment/log-globalenvironment-1657682435109.tar.gz\"\n} ]",
        "environmentStatus": "COMPLETED",
        "infrastructure": {
            "properties": {
            }
        },
        "products": [
            {
                "id": "vidm",
                "version": "3.3.6",
                "patchHistory": null,
                "snapshotHistory": null,
                "logHistory": null,
                "clusterVIP": null,
                "nodes": [
                    {
                        "type": "vidm-primary",
                        "properties": {
                            "hostName": "********",
                            "cluster": "********",
                            "esxHost": "********",
                            "memory": "**",
                            "diskMode": "***",
                            "vCenterHost": "******",
                            "storage": "****",
                            "network": "*****",
                            "capacity": "***",
                            "vidmRootPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias",
                            "vidmSystemAdminPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword",
                            "enableTelemetry": "false",
                            "affinityRules": null,
                            "__vMoid": "vm-43",
                            
                        }
                    },
                    {
                        "type": "vidm-connector",
                        "properties": {
                            
                        }
                    }
                ],
                "collectorGroups": null,
                "properties": {
                    *
                    *

                    "vidmAdminPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword",
                    "enableTelemetry": "false",
                    "defaultConfigurationPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword",
                    *
                    *
                    *
                    "certificate": "locker:certificate:6d7a83c9-40c6-42f8-9d6b-af75227b3689:idm"
                }
            }
        ],
        "metaData": {
            "isCloudProxyEnvironment": "false"
        }
    },

You will get a json response with all the environment and product data. Look at the screenshot for more information.

Based on the environment and the product you have selected to change specific account passwords , those data can be aquired from this response

Get the root password from the product

As an example in this blog , we will choose to change root password of vIDM

Based on the above response we got the the environments api , we will collect current root password of vIDM and keep it aside

So that would be

 "vidmRootPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias"

We can confirm that from UI too

If you look at the syntax on how it’s stored

 "vidmRootPassword": "locker:password:vmid:locker_alias"
 
  "vidmRootPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias"

Get the Password using VMID

Now let’s get the details of the password using the extracted vmid by using following API

Request

Method: GET

Request: {{lcmurl}}/lcm/locker/api/v2/passwords/details/<vmid>

Response

{
    "vmid": "b1ed53c1-c6c2-4422-ba3c-68f39b33a04a",
    "tenant": "default",
    "alias": "dummyalias",
    "userName": "dummy",
    "password": "PASSWORD****",
    "passwordDescription": "dummypassword",
    "createdOn": 1664436058965,
    "lastUpdatedOn": 1664436058965
}

View Password

To view the password use the below URL

Request

Method: POST
Request: {{lcmurl}}/lcm/locker/api/v2/passwords/details/<vmid>

Response

{
    "passwordVmid": "b1ed53c1-c6c2-4422-ba3c-68f39b33a04a",
    "password": "Dummy123!"
}

Create New Password object in Locker

Here’s the API to create an object in locker. It’s a post call. In the response your returned with the vmid of the password object which has been created

Request

Method: POST
Request: {{lcmurl}}/lcm/locker/api/v2/passwords

Response

{
    "vmid": "deab31fa-ea7a-452b-a0ad-a5daa5bb4126",
    "tenant": "default",
    "alias": "vidmroot071022",
    "userName": "root",
    "password": "PASSWORD****",
    "passwordDescription": "vidmroot071022",
    "createdOn": 1665147383168,
    "lastUpdatedOn": 1665147383168
}

We can check the new password in the UI as well

Update Password

As an example , we shall consider root password of vIDM to be changed

Request

Method: PUT
Request:{{lcmurl}}/lcm/lcops/api/v2/environments/{{envid}}/products/{{idmprodid}}/nodes/{{nodetype}}

Note: the above request url should be properly replaced by appropriate values

This URL is used to change root password for vIDM node

 {{envid}}: "globalenvironment"
 {{idmprodid}}: "vidm"
 {{nodetype}}: "vidm-primary"

We need to compile body of the request

Remeber from the previous API , we’ve collected the current password and also stored the vmid of the new password onject we created to apply as a new root password

{
"currentPassword": "locker:password:b1ed53c1-c6c2-4422-ba3c-68f39b33a04a:dummyalias",
"hostName": "{{nodehostname}}",
"newPassword": "locker:password:deab31fa-ea7a-452b-a0ad-a5daa5bb4126:vidmroot071022",
"userNameToUpdate": "root"
}

Remember the {{nodehostname}} is the node for which the password is being changed. If it’s a cluster , this has to be executed thrice on each node to maintain consistency

Once we submit the request , as a response a request id is sent which can be tracked too

The request id can be polled using following API

Request

Method: PUT
Request:{{lcmurl}}/lcm/request/api/v2/requests/<requestId>

Response

In the UI you may see the request to update password is now complete for root

In similar manner if you want to change admin password of vIDM then you have to do following.

Remeber the API would change it’s not going to be same

Request

Method: PUT
Request:
{{lcmurl}}/lcm/lcops/api/v2/environments/{{envid}}/products/{{idmprodid}}/admin-password

Note: the above request url should be properly replaced by appropriate values

This URL is used to change root password for vIDM node

 {{envid}}: "globalenvironment"
 {{idmprodid}}: "vidm"
 {{nodetype}}: "vidm-primary"

Request Body

{
"adminPassword": "locker:password:deab31fa-ea7a-452b-a0ad-a5daa5bb4126:vidmroot071022",
"currentAdminPassword": "locker:password:17e1d72f-2a2d-4105-ba13-ba26b62473ee:installerPassword"
}

I will replace the values in the body with appropriate values

Then execute the API

If you poll the request you can see whole lot of details. If it’s a failure then stop polling

You may now see the request created and completed in UI .

Delete Password

To delete the password , one can use the following API

Request

Method: DELETE
Request: {{lcmurl}}/lcm/locker/api/v2/passwords/<vmid>

I’ll get the vmid from the url or from the api as shown before

Response

{
    "vmid": "b1ed53c1-c6c2-4422-ba3c-68f39b33a04a",
    "tenant": "default",
    "alias": "dummyalias",
    "userName": "dummy",
    "password": "Dummy123!",
    "passwordDescription": "dummypassword",
    "createdOn": 1664436058965,
    "lastUpdatedOn": 1664436058965
}

In this manner if you know the API’s and appropriate values to substitute you should be able to programatically change passwords on any products managed by vRSLCM 8.x