Custom property values defined/set in Custom Forms will not be passed in payload for Business Group basic users when 'Show in request' is set to false
Article ID: 326105
Updated On:
Products
VMware Aria Suite
Issue/Introduction
The change to remove hidden properties in a request submitted by a basic user was made in an earlier version. This change was made in response to a perceived security risk in vRealize Automation that allowed users making requests via vRealize Orchestrator or the REST API to add request properties that were disallowed through the UI.
Symptoms:
Symptoms:
- The values of hidden custom properties do not get transferred into the payload when a custom property is marked as "show in request = false" on the blueprint and that custom property is added to a custom form.
- There are log messages stating that the field has been removed from the request in /var/log/vmware/vcac/catalina.out
[UTC:2019-07-03 17:40:11,328 Local:2019-07-03 17:40:11,328] vcac: [component="cafe:composition-service" priority="INFO" thread="tomcat-http--70" tenant="imp" context="urQEiqu4" parent="hEJaIXWY" token="t4z2ehho"] com.vmware.vcac.composition.service.util.EffectiveValueBuilder.filterInvisibleFields:149 - Field [Windows_Server_Base~HiddenCustSpec] is determined to be hidden
vcac/catalina.out.5:36458:[UTC:2019-07-03 17:40:11,338 Local:2019-07-03 17:40:11,338] vcac: [component="cafe:composition-service" priority="INFO" thread="tomcat-http--70" tenant="imp" context="urQEiqu4" parent="hEJaIXWY" token="t4z2ehho"] com.vmware.vcac.composition.service.util.EffectiveValueBuilder.filterInvisibleFields:149 - Field [HiddenCustSpec] is determined to be hidden
vcac/catalina.out.5:36508:[UTC:2019-07-03 17:40:11,387 Local:2019-07-03 17:40:11,387] vcac: [component="cafe:composition-service" priority="INFO" thread="tomcat-http--70" tenant="imp" context="urQEiqu4" parent="hEJaIXWY" token="t4z2ehho"] com.vmware.vcac.composition.service.util.DeploymentUtil.removeFieldFromLiteralMap:476 - Removing [HiddenCustSpec] from request data.
vcac/catalina.out.5:36458:[UTC:2019-07-03 17:40:11,338 Local:2019-07-03 17:40:11,338] vcac: [component="cafe:composition-service" priority="INFO" thread="tomcat-http--70" tenant="imp" context="urQEiqu4" parent="hEJaIXWY" token="t4z2ehho"] com.vmware.vcac.composition.service.util.EffectiveValueBuilder.filterInvisibleFields:149 - Field [HiddenCustSpec] is determined to be hidden
vcac/catalina.out.5:36508:[UTC:2019-07-03 17:40:11,387 Local:2019-07-03 17:40:11,387] vcac: [component="cafe:composition-service" priority="INFO" thread="tomcat-http--70" tenant="imp" context="urQEiqu4" parent="hEJaIXWY" token="t4z2ehho"] com.vmware.vcac.composition.service.util.DeploymentUtil.removeFieldFromLiteralMap:476 - Removing [HiddenCustSpec] from request data.
-
NOTE! The below failure message varies depending on the actual custom property being used.
Provisioning failures similar to the following occur due to NULL key pair values within the payload:
"CloneVM : Cannot locate the virtual machine or template with name ."
In the above error, a basic user is requesting a custom form for a vSphere machine deployment using the CloneFrom property value, which is being NULL'd out by the system, thus failing the provisioning request as a template cannot be found within vCenter."
Environment
VMware vRealize Orchestrator 7.x
VMware vRealize Automation 7.x
VMware vRealize Automation 7.x
Cause
The vRealize Automation composition-service strips the key pair values within the payload delivery mechanism of any basic user requesting a Catalog item from vRealize Automation, in which the property value in question is not set to "Show in Request".
In the UI, a basic user does not have access to any properties not marked show-in-request in the blueprint (i.e., the properties tab is hidden from them). Support users or above, within the Business Group, are not impacted by this functionality.
In the UI, a basic user does not have access to any properties not marked show-in-request in the blueprint (i.e., the properties tab is hidden from them). Support users or above, within the Business Group, are not impacted by this functionality.
Resolution
Currently, there is no identified resolution for this issue as this was implemented by design in the latest iterations of vRealize Automation 7.x.
Workaround:
Workaround:
- If using hidden properties in a custom form the requesting user must be a assigned the Support User role or the Group Manger role.
- Setting the custom property in question to "Show in Request" box to "true" to pass the value of the property in the payload.
Feedback
Yes
No
Powered by
