Doc/script for getting a token (#94)

Signed-off-by: Carlos Tronco <[email protected]>

Author: cars

docs/get_token.ps1

@@ -0,0 +1,49 @@
+#Script to generate an API refresh token for accessing vRA8/CAS. This is needed for
+# the terraform provider to connect successfully
+param(
+    [Parameter(HelpMessage= "Username to connect to vRA with")][string]$vRAUser,
+    [Parameter(HelpMessage= "Password to connect to vRA with")][string]$vRApassword,
+    [Parameter(HelpMessage= "User's Domain connect to vRA with")][string]$vRAdomain,
+    [Parameter(HelpMessage= "vRA/identity server hostname/fqdn")][string]$vRAServer
+)
+
+if ($PSBoundParameters.Keys.Contains("vRAUser")) { 
+    Write-Host "Found value for vRAUser param: $vRAUser"
+} else {
+    $vRAUser = Read-Host -Prompt "Enter a username to connect to vRA with"
+}
+
+if ($PSBoundParameters.Keys.Contains("vRAdomain")) { 
+    Write-Host "Found value for vRAdomain param: $vRADomain"
+} else {
+    $vRAdomain = Read-Host -Prompt "Enter a domain to connect to vRA with(AD/LDap) or  press enter to leave empty"
+}
+
+if ($PSBoundParameters.Keys.Contains("vRAPassword")) { 
+    Write-Host "Found value for vRAPassword param"
+} else {
+    $vrapassword = Read-Host -Prompt "Enter a password to connect to vRA with"
+}
+
+if ($PSBoundParameters.Keys.Contains("vRAServer")) { 
+    Write-Host "Found value for vRAServer param: $vRAServer"
+} else {
+    $vRAServer = Read-Host -Prompt "Enter a hostname/fqdn to connect to vRA with"
+}
+
+$loginurl="https://$vraserver/csp/gateway/am/api/login?access_token"
+if ($vradomain.length -gt 1) {
+    $body = "{ ""username"":""$vRAUser"",""password"":""$vRAPassword"",""domain"":""$vRADomain""}"    
+} else {
+    $body = "{ ""username"":""$vRAUser"",""password"":""$vRAPassword""}"
+}
+
+$resp = Invoke-RestMethod -Method POST -ContentType "application/json" -URI $loginurl -Body $body
+Write-Host "`n---------Refresh Token---------"
+$resp.refresh_token
+Write-Host "-------------------------------`n"
+
+#Set ENV Variables for those wanting to use them for the Terraform Provider
+$ENV:VRA_URL="https://$vRAServer"
+$ENV:VRA_REFRESH_TOKEN=$resp.refresh_token
+

docs/get_token.sh

@@ -0,0 +1,85 @@
+#!/bin/bash
+#
+# Script to generate a refresh token for vRA8 on prem or vRA Cloud. 
+# This will prompt for the following values if they are not already set:
+#    username
+# Sets environment variables for VRA_REFRESH_TOKEN and VRA_URL which can be consumed by the 
+# TF provider more securely than leaving the token in cleartext. 
+#
+#
+if  ! [ -x "$(command -v jq)" ]
+then
+	echo -e "\n\nthe jq utility is missing. See https://stedolan.github.io/jq/ for instructions to get it\n\n"
+	return 1
+fi
+
+#Check for an already existing username value
+if [[ -v username ]] 
+then
+	echo -e "\nusername variable found: $username\n"
+else 
+	echo -e "\n\nPlease enter username to connect to vra with"
+	read username
+fi
+
+#Check for an already existing password value
+if [[ -v password ]]
+then
+    echo -e "\npassword variable found\n"
+else
+    echo -e "\n\nPlease enter password to connect to vra with\n"
+    read password
+fi
+
+#Check for an already existing LDAP/AD domain value
+if [[ -v domain ]]
+then
+    echo -e "\nExisting domain variable found: $domain\n"
+else
+	echo -e "\n\nPlease enter domain to connect to vra with (for AD/LDAP users) or press Enter"
+	read domain
+fi
+
+if [[ -v VRA_URL || -v host ]]
+then 
+	echo -e "\nfound a value for the vra/cas server\n"
+else
+ 	echo -e "\n\nPlease enter the hostname/fqdn of the VRA8 server/ or cloud identity server"
+	read host
+	export VRA_URL="https://$host"
+fi
+
+#use different json bodies with curl depending on whether or not a domain 
+# was specified
+echo -e "\nGetting Token"
+if [[ $domain == "" ]]
+then
+	export VRA_REFRESH_TOKEN=`curl -k -X POST \
+  		"$VRA_URL/csp/gateway/am/api/login?access_token" \
+  		-H 'Content-Type: application/json' \
+  		-s \
+  		-d '{
+  		"username": "'"$username"'",
+  		"password": "'"$password"'"
+		}' | jq -r .refresh_token`
+
+else
+	export VRA_REFRESH_TOKEN=`curl -k -X POST \
+  		"$VRA_URL/csp/gateway/am/api/login?access_token" \
+  		-H 'Content-Type: application/json' \
+  		-s \
+  		-d '{
+  		"username": "'"$username"'",
+  		"password": "'"$password"'",
+  		"domain": "'"$domain"'"
+		}' | jq -r .refresh_token`
+fi
+
+
+#clean up password 
+unset password
+
+echo -e "\n\nRefresh Token"
+echo "----------------------------"
+echo $VRA_REFRESH_TOKEN
+echo "----------------------------"

docs/getting_a_refresh_token.md

@@ -0,0 +1,55 @@
+# Getting a refresh token
+
+
+## refresh_token vs access_token
+
+This provider will accept either an access_token or a refresh_token (but not both at the same time). Access tokens are valid for 8 hours, while refresh tokens are valid for 6 months.
+
+# Process of getting a token
+
+The process of getting a token is fairly straightforward. You will need user credentials consisting of:
+
+* username
+* password
+* domain (optional, may or may not be needed)
+
+In additon you will need the name of the host associated with the identity access service. For vRealize Automation Cloud this will be api.mgmt.cloud.vmware.com. For the on premise version vRealize Automation 8 this will be the hostname associated with the appliance(s) that was deployed.
+
+You then pass a JSON body  containing the credential information to the Identity Service API.
+
+```json
+    # with domain
+    { "username":"jdoe","password":"VMW@re123!","domain":"example.com"}
+
+    # without domain
+    { "username":"jdoe","password":"VMW@re123!"}
+```
+
+If successful you should receive a JSON response with multiple values in it from which the refresh token can be extracted.
+
+![json response example](./images/json_response.png)
+
+
+## Bash example
+
+![](images/bash_get_token.png)
+
+## Powershell Example
+![](images/powershell_get_token.png)
+
+## Included scripts
+There are two scripts included in this repository in the docs folder that will prompt you for the needed values and print out the refresh token.  
+
+* [get_token.ps1](./get_token.ps1) - Powershell script
+* [get_token.sh](./get_token.sh) - bash script
+
+### Running get_token.sh
+![](images/sh_script_example.png)
+
+### Running get_token.ps1
+![](images/ps_script_example.png)
+
+
+#### Reference Links
+
+  https://vdc-repo.vmware.com/vmwb-repository/dcr-public/97d1d46c-8846-4c12-85a8-5655d1189825/488ad51d-542f-4439-ade2-f9caedeeab51/GUID-AC1E4407-6139-412A-B4AA-1F102942EA94.html