13 Replies Latest reply on Jul 18, 2019 7:55 AM by Hitesh Jha

    Adding Cloud credentials for Cloud Support using REST API

      Share:|

      Hello Discovery Experts,

       

      I am new to REST API for BMC Discovery.We are asked to automate the task like adding credentials for cloud using Rest API.

       

      BMC Discovery Version: 11.3 Release: 729942 [CentOS 6]

       

      Let's suppose we need to add the cloud credentials for AWS Cloud service provider including the parameters like Account name,Account ID,Access key ID ,Secret Access key.

       

      Any leads will be highly appreciated.

      Regards

      Hitesh Jha

        • 1. Re: Adding Cloud credentials for Cloud Support using REST API
          Andrew Waters

          See the REST API example in the docs.

          2 of 2 people found this helpful
          • 3. Re: Adding Cloud credentials for Cloud Support using REST API

            Hello Andrew,

             

            Thanks for your response.I am going though the shared document and try to run the rest api query for adding cloud credentials.

            [tideway@abc ~]$  curl -i -X -k POST -d 'grant_type=password&username=xyz&password=def' https://appliance/api/token

             

             

            curl: (56) Failure when receiving data from the peer

            curl: (60) Peer certificate cannot be authenticated with known CA certificates

            More details here: http://curl.haxx.se/docs/sslcerts.html

             

             

            curl performs SSL certificate verification by default, using a "bundle"

            of Certificate Authority (CA) public keys (CA certs). If the default

            bundle file isn't adequate, you can specify an alternate file

            using the --cacert option.

            If this HTTPS server uses a certificate signed by a CA represented in

            the bundle, the certificate verification probably failed due to a

            problem with the certificate (it might be expired, or the name might

            not match the domain name in the URL).

            If you'd like to turn off curl's verification of the certificate, use

            the -k (or --insecure) option.

             

            Please guide how to proceed next.

            • 4. Re: Adding Cloud credentials for Cloud Support using REST API

              I am getting an above error while generating an expiring token from the /api/token endpoint

              • 5. Re: Adding Cloud credentials for Cloud Support using REST API
                Andrew Waters

                Your command line has options in the wrong order.

                 

                -X expects the request type where you have -X -k so -k is used as the request type rather than preventing verifying the certificate. So you would need either -X POST -k or -k -X POST

                2 of 2 people found this helpful
                • 6. Re: Adding Cloud credentials for Cloud Support using REST API

                  Thanks Andrew for the response.I have tried the other way around as well like generate the api token for a user from GUI.I have also modified the below script as per our appliance details.

                  BASE_PATH = 'https://10.*.*.*/api/v1.1/';

                  TOKEN = 'DZlNmZmZjpEaXNMzpiYmU2OTYz***********************************************';

                   

                  AWS_CREDENTIAL =

                  {

                      types: ['aws'],

                      label: 'Test AWS credential',

                      'aws.access_key_id': 'AK*********************', 

                      'aws.access_key_secret': 'hC*********************************'

                  };

                   

                   

                  // Set up some defaults for every call to the API

                  var request = require('request').defaults({auth: {'bearer': TOKEN},

                                                             json: true,

                                                             agentOptions: {

                                                                 rejectUnauthorized: false

                                                             }});

                   

                   

                  // Helper functions

                  function fail(message) {

                      console.error(`ERROR: ${message}`);

                      process.exit(1);

                  }

                   

                  function post(options, callback) {

                      request.post(options, function (error, response, body) {

                          if (error) {

                              fail(error);

                          }

                   

                          if (response.statusCode === 200) {

                              callback(body);

                          }

                          else {

                              let msg = `Request to ${options.uri} failed with status ${response.statusCode}`;

                              if (body && body.message) {

                                  msg = `${body.message} (${msg})`;

                              }

                              else if (response.statusMessage) {

                                  msg = `${response.statusMessage} (${msg})`;

                              }

                              fail(msg);

                          }

                      });

                  }

                   

                  // Application code

                   

                  // Create the credential, print out credential id.

                  post({uri: `${BASE_PATH}/vault/credentials`, body: AWS_CREDENTIAL},

                      function (body) {

                          console.log("Created credential id:", body.uuid);

                      });

                   

                  But I am getting response code as below.

                  "code": 400,

                  "message": "Invalid json body:

                  "transient": false

                  • 7. Re: Adding Cloud credentials for Cloud Support using REST API
                    Andrew Waters

                    It is complaining about AWS_CREDENTIAL not being valid JSON

                    1 of 1 people found this helpful
                    • 8. Re: Adding Cloud credentials for Cloud Support using REST API

                      Hello Andrew,

                      Thanks for your response.

                       

                      Could you please let me know Do I need to authorize both as below.

                      Currently I am using my LDAP details In user name ,password section and in API_key the generated API token .

                      • 9. Re: Adding Cloud credentials for Cloud Support using REST API
                        Andrew Waters

                        That is for using the REST API in the swagger UI.

                         

                        To use it externally you either need to get a token using a valid account with sufficient rights or create a REST API account with a permanent token. This is covered in the docs.

                        2 of 2 people found this helpful
                        • 10. Re: Adding Cloud credentials for Cloud Support using REST API

                          Hello Andrew,

                          I have removed the quotes from label and types.

                           

                          BASE_PATH = 'https://applianceipaddress/api/v1.1/';

                          TOKEN = 'MzpiYmU2OTYzNzdlMjJhYmU1MzMwNDBhNjQwMDZlNmZmZjpEaXNjb3Zlcnk6MC0yOTA0M2U1Y*******************************';

                           

                          AWS_CREDENTIAL =

                          {

                              types: [aws],

                              label: Test AWS credential,

                              'aws.access_key_id': 'AK****************', 

                              'aws.access_key_secret': 'hCP**********************'

                          };

                           

                           

                          // Set up some defaults for every call to the API

                          var request = require('request').defaults({auth: {'bearer': TOKEN},

                                                                     json: true,

                                                                     agentOptions: {

                                                                         rejectUnauthorized: false

                                                                     }});

                           

                           

                          // Helper functions

                          function fail(message) {

                              console.error(`ERROR: ${message}`);

                              process.exit(1);

                          }

                           

                          function post(options, callback) {

                              request.post(options, function (error, response, body) {

                                  if (error) {

                                      fail(error);

                                  }

                           

                                  if (response.statusCode === 200) {

                                      callback(body);

                                  }

                                  else {

                                      let msg = `Request to ${options.uri} failed with status ${response.statusCode}`;

                                      if (body && body.message) {

                                          msg = `${body.message} (${msg})`;

                                      }

                                      else if (response.statusMessage) {

                                          msg = `${response.statusMessage} (${msg})`;

                                      }

                                      fail(msg);

                                  }

                              });

                          }

                           

                          // Application code

                           

                          // Create the credential, print out credential id.

                          post({uri: `${BASE_PATH}/vault/credentials`, body: AWS_CREDENTIAL},

                              function (body) {

                                  console.log("Created credential id:", body.uuid);

                              });

                          But now I am getting the response as below.

                          • 11. Re: Adding Cloud credentials for Cloud Support using REST API
                            Andrew Waters

                            401 is no permission so either the authorization token is invalid or the account you are using does not have permission to add credentials

                            2 of 2 people found this helpful
                            • 12. Re: Adding Cloud credentials for Cloud Support using REST API

                              But Andrew when I tried using the Swagger UI it's working perfectly fine.