Monday, February 10, 2020

Using Powershell against vRealize Automation Cloud Assembly

Over the last few weeks, I have been working to automate the steps to onboard a new customer into vRealize Automation (VRA) Cloud Assembly. The plan is as a new customer signs up with our solution, we will create a new AWS account that all of their resources will be deployed into. VRA will then be configured with a new 'cloud account'. Since we could potentially have different support areas needing access, we will create a new project to grant the permissions. With the new cloud account, we need to touch each of the flavor mappings and image mappings, create network profiles for each AWS region and storage profiles.

Prerequisite # 1: Get a refresh token
A refresh token is used to initiate the authenticated communications with your environment. This refresh token is exchanged by VRA for a bearer token. You then pass this bearer token in the header of each REST call to VRA.

  1. Log into your VMware Cloud Services console.
  2. Click down caret by your name in the upper right corner. 
  3. Select My Account from the dropdown menu.
  4. Select API Tokens from the top menu. 
  5. Populate the form so that it includes the permissions you want to include. 
  6. Click the Generate button and it will pop up a screen with a 64 character token. 
  7. Copy down this code, you'll need it to populate the variable in the AuthenticateWithVRA function.  (line 53)

Prerequisite 2: AWS Programmatic Access Token
The script configures the AWS cloud account in the very beginning. Therefore script requires an AWS Access key and secret key credentials for a programmatic access account. The account will need to have power user role access to the AWS environment if it is to actually provision objects there. 

Prerequisite 3: Master Account configured
To limit the scope of the script, I clone most of the configuration of an existing 'master account'. This account has the flavor and image mappings configured similar to how all new projects would be configured. To simplify the script I've embedded this value in the script.  (line 33)

# VRA Dev Account ID -> Script copies this account for new customers to be.
$DevAccountID = 'abc12345667890'

This value can be pulled from the UI fairly easily. Log into VRA Cloud console, open the Cloud Account that you want to replicate then look at the URL for the project. The end of the URL, after the last %2F contains the cloud account ID to use. Mine is 29 hex digits long.

sorry this is either really BIG or really small.

Copy down that code and then locate (see reference above) and replace the ID value in the code. 

The full script can be pulled from GitHub.

No comments:

Post a Comment