HPE Community
HPE Morpheus Enterprise Software
1856403 Members
6578 Online
104112 Solutions
New Discussion

Authentication API token in multi-tenancy

 
AungKT
Regular Advisor

‎05-29-2024 10:27 AM

‎05-29-2024 10:27 AM

Authentication API token in multi-tenancy

Hello,

I am looking some advises for my below use case:

We have a catalog with user inputs like Yes/No. Based on those inputs, automation workflow call back to Morpheus APIs and trigger automation tasks/workflows into provisioned instances.

We would like to use this catalog for all sub-tenants. In that case, we need to use respective sub-tenant’s credential to get token and discover VM instances which are belong to the sub-tenant. After that, perform some automation tasks.

How we can use dynamic type or using variables to get Authentication token in multi-tenant unless we use common username and password for each tenant.

Thanks,
Aung

0 Kudos
Reply
3 REPLIES 3
AungKT
Regular Advisor

‎06-05-2024 08:19 AM

‎06-05-2024 08:19 AM

Re: Authentication API token in multi-tenancy

Thanks for your advises.

I assume that this variable will generate token depends on tenant Id, username right? So, automation task can execute on tenant’s instances.
For Cypher, I firstly need to generate token from respective tenants and then store in cypher which will be static value. But, I am looking dynamic values. So, automation workflow can execute by all sub-tenants on their instances.

0 Kudos
Reply
rbmorph
HPE Pro

‎05-30-2024 05:49 AM

‎05-30-2024 05:49 AM

Re: Authentication API token in multi-tenancy

One option if the users have the rights to perform the automation tasks would be to use the variable <%=morpheus.apiAccessToken%> this will generate a short lived morph-automation token for that user that can then be used in your scripts. Another option could be to use Cyphers and call the Cypher from your script.

0 Kudos
Reply
rbmorph
HPE Pro

‎06-17-2024 08:08 AM

‎06-17-2024 08:08 AM

Re: Authentication API token in multi-tenancy

Using the variable <%=morpheus.apiAccessToken%> will generate the token for the user that is running the task. So if this is being executed by user y in tenant y then the token will be for user y in tenant y and run as that user.

For cyphers, yes you would still need to have a user and have a process to gen and save the creds to cypher, but then you could call it from cypher using dynamic vaules like <%=cypher.read(‘secret/’ + ‘AWS’ + customOptions.GroupId + ‘accountname’)%>

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.