Dynamic Input Values Based on other Inputs

A frequent requirement when performing orchestration tasks is to have input fields interdependent. For example, if I input XYZ into the first input, I want the second input to be relevant to XYZ. In the past, I have frequently done such workflows where you select a Datacenter for the first input, then the second input would present a list of Datastores (or VMs or Clusters or Hosts). In this tutorial, I'm going to do something a little different. The first input of this demo workflow will be a string and the second will be an AD:User object chosen from a list of objects that were found in Active Directory based on the first input.

 

Scenario Overview

This article will address the following requirements:
Provide an inteface for admins to login via a web browser to search for and add newly created Active Directory User to one or more groups.

The front-end for this will be vCloud Automation Center (vCAC) 6.1. The Advanced Service Designer (XaaS) will be used to call a custom vCenter Orchestrator (vCO) workflow that actually does the work. Results of the workflow should be visible in vCAC.

This tutorial will touch on the following topics:

  • Link input fields so that the values presented on one depend on another
  • Present vCO Workflow output via vCAC's Requests
  • Parameter bindings in vCO
  • vCO Presentation properties
  • vCO Action creation
  • vCO Worfklow creation
  • Using the vCAC Advanced Service Designer (ASD) to add a vCO Workflow as a Catalog Item
  • Publishing a Catalog Item and tying it to a Service

Note: Throughout this article, I use vCO and vCAC as unofficial abbreviations for VMware's vCenter Orchestrator and vCloud Automation Center respectively. In upcoming versions, these will be vRealize Orchestrator (vRO) and vRealize Automation (vRA).

Environment Requirements

  • vCAC should be setup with the default or externa vCO Server configured server (See Administration -> Advanced Services -> Server Configuration)
  • A service should be configured and entitled in vCAC to place the custom request in (This article will use a Service named "Demos")
  • An account capable of managing Advanced Services in vCAC and requesting services (this may be the same account or separate accounts: admin acct and user acct)
  • The connected vCO Server should have the Active Directory plug-in configured with a SharedSession account in AD with sufficient permissions to add users to groups
    NOTE: () Recent versions of the AD Plug-in will fail to do the user search if you have not defined a default AD server - EVEN IF you have only a single AD server connected! Run the Configure Active Directory plug-in options workflow, and specify a default AD server. -- This note added Jan 18, 2017
  • An account in the vCO Admins group capable of creating new vCO Workflows

Create vCO Workflow Schema

create_vco_workflow_schema.png

This will be the workflow we call from vCAC's Advanced Service Designer later, so be sure everything is set as described:

  1. Create a new workflow called Find and Add User to Group
  2. Drag the "Add a user to a userGroup" library workflow, an exception element, and two Scriptable tasks onto the schema as shown in the diagram above
  3. Create 3 Inputs for this workflow: name (String), user (AD:User), and group (AD:UserGroup)
  4. Create 1 Output for the workflow: outputText (String)
  5. Confirm (create if it does not exist) that an attribute named "errorCode" was created and is bound to the "Exception" tab of the "Add a user to a user group" workflow
  6. Rename each of the Scriptable task elements to "Set Output"

Next, review and/or set Input/Attribute/Output bindings.

Bindings: Add a user to a user group

bindings_add_a_user_to_a_user_group.png

  1. Select the Add a user to user group workflow
  2. In the bottom pane (or click the edit icon to bring up the pop-up window for the details), click ont he Visual Binding tab and confirm or set bindings as shown above
  3. Make sure that group is bound to the In Parameters group and that user is bound to the In Parameters user as shown above

NOTE: If you prefer the behavior shown here where the detail pane is below the selected item rather than clicking the edit icon and having a pop-up window, you can change this on your vCO client:
1) If in edit mode, Save and Close.
2) Click Tools -> User Preferences -> Workflows
3) Remove the check from "Edit workflow items in a pop-up window
With this preference set, you can always pop-out the details pane by clicking the small box in the top right corner (highlighted with a BLUE Arrow in the screenshot above.

Bindings: Normal path "Set Output" Scriptable task

bindings_normal_path_set_output_scriptable_task.png

Bind the user and userGroup inputs to the IN and outputText to the OUT for this element as shown in the screenshot above.

Paste the following in to the Scripting tab of the element:

var outputText = "Added " + user.distinguishedName + " to group " + group.distinguishedName + ". ";

Bindings: Exception path "Set Output" Scriptable task

bindings_exception_path_set_output_scriptable_task.png

Bind the user and userGroup inputs to the IN and outputText to the OUT for this element. Also, bind the errorCode attribute to the IN tab of this element as shown in the screenshot above.

Paste the following in to the Scripting tab of the element:

var outputText = "Error encountered when attempting to add " + user.distinguishedName + " to group " + group.distinguishedName + ". "+errorCode;
System.warn(outputText);
Server.warn(outputText);

Click Save and Close.

vCO Workflow Current State and next Steps

vco_workflow_current_state_and_next_steps.png

At this point, the workflow should be capable of prompting for all three inputs individually and processing the request. However, the name input has no effects on the user input at this stage. That can be setup in the Presentation tab of our workflow, but in order to do that, we'll need an action that:

  • Takes a string as an input
  • Returns an Array of AD:User objects or an Empty Array if no users are found to match the input string

Let's create that action now!

Create a findUserByName Action

create_a_finduserbyname_action.png

If you don't already have a module (Action Folder) to place your new action in, create one now. As shown above, I have created one named:
com.vmware.coe.library.ad.user <- Note the syntax. vmware.com reversed, followed by my dept. "coe", then general and specific categories: library.ad

Once you have the action created, set the Return type to Array/AD:User
Add 1 string input and set the name to name

Next, add the following to the scripting box down below:
if (!name) return []; // IMPORTANT: if the "name" input has not been provided, return an empty array. Returning a null will cause presentation issues and excluding the line will generate invalid calls to the AD Plug-in.

var users = ActiveDirectory.searchRecursively("User",name); // Do a recursive search in Active Directory for User objects with the "name" provided
// If users is not null, perform some System debug
if (users != null){
    System.debug("Found "+users.length+" matching users for: "+name);
    for each (usr in users){
        System.debug(usr);
    }
}
return users; // Finally, don't forget this line!!! you must return your array of users

vCO Workflow Presentation

vco_workflow_presentation.png

Return to the "Find and add user to group" workflow created earlier and enter edit mode.

  1. Click on the Presentation tab
  2. Select the user input
  3. In the bottom pane, click the Properties tab
  4. Click the little blue triangle icon to add a new property. When the window pops up, select the Predefined list of elements and click OK
  5. Click the small puzzle icon to the far right of the window to choose an action that will provide the array of choices. The Search action with result window will pop up and present a list of actions that return an array of objects that are the same type as the input field we have selected. In this case an Array/AD:User. Select the findUsersByName action.
  6. When an action is selected, each of the inputs to the action are presented in the bottom window. To allow us to specify an existing Input Parameter or Attribute, click the drop-down and select the Double-Arrow icon as shown above.
  7. Use the Pencil icon to select an Input or Attribute to be used as the action input. This will present the Linked parameter of type string window
  8. Select the name input
  9. Click Accept

To wrap up our Presentation settings, add the Mandatory input property to all three inputs and set each to Yes

Save and Test vCO Workflow

save_and_test_vco_workflow.png

At this point, it is important to Save and Close the workflow. Be sure to set your initial Version number and Description for the workflow.

Now, Test the workflow in the vCO Client by running it and specifying the first name or last name of an account you know is in Active Directory.

Once you have a name entered the name (Yes, it will lag a little - this is a small bug with the vCO client and will not be present when the workflow is presented to you in vCAC), Click on the Not set link for the Active Directory User Account input. Confirm that you are presented with one or more accounts that have the "name" you specified as part of their accounts. In my case, I entered "developer" and there are 4 Developer accounts to choose from.

Choose one of the accounts, and click Select.

Choose an Active Directory group to add the user to and click Submit.

Confirm that the user gets added to your AD Group.

Try running the workflow again to add the same user to the same group - what happens?

In both results above, review the value of the outputText Output Parameter to confirm you have expected values.

This workflow should now be ready to incorporate into vCloud Automation Center, let's do that now!

vCloud Automation Center - Create a new Service Blueprint

vcloud_automation_center_-_create_a_new_service_blueprint.png

Login to vCAC with your administrative account.
Click the Advanced Services, then select the Service Blueprints entry on the left
Click the Green + Add button to add a new blueprint
Select your Find and Add User to Group workflow that you created in vCenter Orchestrator and click Next
On the next page, place a check in the Hide catalog request information page box and click Next

vCloud Automation Center - Add Form

vcloud_automation_center_-_add_form.png

Add a new Form to the Blueprint so that the output text may be available to the user.

  1. Click the Add Form button (Green +)
  2. Specify a name such as Output Text
  3. Select the Submitted request details entry for the Screen Type
  4. Click Submit

Form Page Header - Output Text

form_page_header_-_output_text.png

  1. Click the New Page (Green +) button to add a new Page to the form
  2. Set the Heading to Output Text
  3. Click Submit

Output Text Page

output_text_page.png

  1. In the left pane, scroll down until you see the Outputs section. This area will have each of your vCO workflow outputs. In our case, there is only 1.
  2. Drag the outputText field onto the form page, just under the "Form page" dropdown box as shown above
  3. Click the Edit icon (pencil)
  4. Update the Label to be more user friendly: Output Text
  5. Set Size to Large
  6. Click Submit
  7. Click Next
  8. On the Provisioned Resource page, there is nothing to change so click Add
media_1416431710920.png

  1. When you return to the Service blueprints page, select the row containing your new workflow
  2. Click Publish

Your new vCO workflow is now published as a Catalog Item. But, in order to allow anyone to see it, we need to have it entitled. In this environment I have a "Demos" Service that already has entitlements setup so all I need to do is specify the "Demos" Service on my Catalog Item. Let's do that now.

media_1416432038100.png

Click Administration -> Catalog Management -> Catalog Items
Select the row containing the Find and Add User to Group item
Click Configure

media_1416432108771.png

On the Configure Catalog Item page:

  1. Browse for and add a custom icon if desired
  2. Confirm that Status is Active
  3. Click the Service dropdown and select the appropriate Service to tie the Catalog Item to. In my case, this is the Demos service
  4. Click the Entitlements tab to confirm that Entitlements exist for the selected service
  5. Click Update when done

You are now ready to test the request via the Catalog tab!

vCAC - Catalog - Demos

vcac_-_catalog_-_demos.png

The integration should be ready to test. At this point, if necessary, log out of the admin account then login using an account that is entitled to the Service specified in the previous step. My admin account is entitled, so I will continue on with the same account.

  1. Click on the Catalog tab
  2. Select the Service (in my case Demos) from the list on the left to narrow the available requestable items (If your account is only entitled to 1 service, then your screen will not have the services listed down the side of the screen.
  3. Click the Request button

New Request

new_request.png

  • Enter a valid given or surname in the name input then tab or click into the user dropdown
  • After a brief moment (vCO Action running in the background), the dropdown should populate with valid AD:User accounts
  • Select an account, then select an AD Group and Submit the request
  • Click OK on the confirmation page

Review Requests

review_requests.png

Click on the Requests tab
Locate and click on the Request Number that matches the request you just submitted. In the screenshot above, I click on the 23 at the far left of the table

Request Details

request_details.png

Review the General, Step, and Output Text tabs.

Next Steps

See if you can customize this process to accept multiple groups to add the user to. There was some good information here that taught reusable techniques. I hope you enjoyed this tutorial. Please share if you found it worthwhile!

Attachments:
Download this file (com.vmware.coe.library.nov2014demo.package)vCO Solution Package[Contains the workflow and action used in this tutorial.]17 kB

Comments  

+1 # Ajay 2016-08-29 18:13
Hey, this piece of article is useful to me even in 2016. Great article! Exactly what I was looking for!
0 # burke 2014-11-21 13:48
Quoting SeeThat:
In the group field on the New Request page, why is "[id=...]" showing up after the group name?

Because the list of elements there is not just a simple list of strings with group names, they are complex objects (AD:UserGroup). The list representation of an object does not give us any control over the property fields shown so I'm actually thankful that the ID in this case happens to be the Distinguished Name of the object in question.
0 # SeeThat 2014-11-21 03:19
In the group field on the New Request page, why is "[id=...]" showing up after the group name?

NUC Lab Kit

Below are my thoughts for a vSAN nuc lab. Since I already have cables, not including them here. I ordered (and received by Nov 30, 2016)
3 x nuc, 3 x 32GB Crucial mem, 3 x Toshiba NVMe drive, 3 x Startech USB to GB NIC, and 3 x Crucial 1TB SSD. I've also been very happy with my Cisco SG300-10 so I bought one more since my existing one only has one port available. Each of the items listed here are linked below - all were purchased using the provided links below.
single NIC (See this post for details on using the USB -> GB NIC item listed below

I stayed with the i5 for the power consumption and form factor vs. the i7 Skull Canyon ;)

 

Search

Experts Exchange