Changing credentials during runtime
by Daniel Langenhan
VMware vRealize Orchestrator Cookbook - Second Edition
- VMware vRealize Orchestrator Cookbook Second Edition
- VMware vRealize Orchestrator Cookbook Second Edition
- Credits
- About the Author
- About the Reviewers
- www.PacktPub.com
- Preface
- 1. Installing and Configuring Orchestrator
- 2. Optimizing Orchestrator Configuration
- Introduction
- Tuning the appliance
- Tuning Java
- Configuring the Kerberos authentication
- Configuring access to the local filesystem
- Configuring the Orchestrator service SSL certificate
- Orchestrator log files
- Redirecting Orchestrator logs to an external server
- Backup and recovery
- Control Center titbits
- 3. Distributed Design
- Introduction
- Building an Orchestrator cluster
- Load-balancing Orchestrator
- Upgrading a cluster
- Managing remote Orchestrators
- Synchronizing Orchestrator elements between Orchestrator servers
- 4. Programming Skills
- Introduction
- Version control
- Changing elements in a workflow
- Importing and exporting Orchestrator elements
- Working with packages
- Workflow auto documentation
- Resuming failed workflows
- Using the workflow debugging function
- Undelete workflows and actions
- Scheduling workflows
- Sync presentation settings
- Locking elements
- 5. Visual Programming
- 6. Advanced Programming
- Introduction
- JavaScript complex variables
- Working with JSON
- JavaScript special statements
- Turning strings into objects
- Working with the API
- Creating actions
- Waiting tasks
- Sending and waiting for custom events
- Using asynchronous workflows
- Scripting with workflow tokens
- Working with user interactions
- 7. Interacting with Orchestrator
- Introduction
- User management
- User preferences
- Using Orchestrator though the vSphere Web Client
- Accessing Orchestrator REST API
- Accessing the Control Center via the REST plugin
- Running Orchestrator workflows using PowerShell
- Using PHP to access the REST API
- 8. Better Workflows and Optimized Working
- 9. Essential Plugins
- 10. Built-in Plugins
- Introduction
- Working with XML
- Working with SQL (JDBC)
- Working with SQL (SQL plugin)
- Working with PowerShell
- Working with SOAP
- Working with Active Directory
- Working with SNMP
- Working with AMQP
- 11. Additional Plugins
- 12. Working with vSphere
- 13. Working with vRealize Automation
- Introduction
- Working with the vRA-integrated Orchestrator
- Automating a vRA instance in Orchestrator
- Configuring an external Orchestrator in vRA
- Adding Orchestrator as an infrastructure endpoint
- Adding an Orchestrator endpoint
- Integrating Orchestrator workflows as XaaS Blueprints
- Managing AD users with vRA
- Using the Event Manager to start workflows
This recipe will show you how to use the Change credential element to change the user who is currently executing the workflow.
We need to create a new workflow.
For this recipe, you will need to have more than one AD/LDAP group configured to have access to Orchestrator. Remember that you can use the Orchestrator internal LDAP to test this. To facilitate this, please follow the User management recipe in Chapter 7, Interacting with Orchestrator.
- Create a new workflow with the following variable:
Name
Type
Section
Use
newCredential
Credential
IN
The user name and password of the new user
- Drag a Change credential element onto the schema.
- Bind the
newCredentialin-parameter to the Change credential element. - Now, drag one System log element before and one after the Change credential element.
- Edit the System log elements. Remove the text input and change the log to
workflow.runningUserName. This will log the username that is currently running the workflow. - Save and run the workflow.
- When asked, enter new credentials (for example,
vcouser). When the workflow is finished, have a look at the logs. You should see that the name of the user who executed the workflow has changed (see the following screenshot):
The usage is simple; you define the user who executes the workflow from the Change Credential element onward.
A typical usage is that you have a workflow started by a user who has no rights to create a VM on vCenter. So, what you need to do is switch credentials before the VM is created and switch them back for the rest of the workflow. The best practice (please note that this is only true when you use the vCenter plugin with a session for each user) for this is to put the elevated credentials that are used into a configuration (see the recipe Working with configurations in Chapter 8, Better Workflows and Optimized Working).
-
No Comment