5.1
Table Of Contents
- vCloud API Programming Guide
- Contents
- vCloud API Programming Guide
- About the VMware vCloud API
- Hello vCloud: A Simplified RESTful Workflow
- Exploring a Cloud
- Summary of vCloud API Browsing Requests
- Retrieve the Login URL and List of Supported API Versions
- Create a Login Session Using the Integrated Identity Provider
- Retrieve a List of Organizations Accessible to You
- Retrieve an Administrative View of a Cloud
- Retrieve a List of vSphere Platform Operations and Objects for a Cloud
- Provisioning an Organization
- Summary of vCloud API Provisioning Requests
- Upload an OVF Package to Create a vApp Template
- Download a vApp Template as OVF
- Upload a Media Image
- Copying and Moving with the vCloud API
- Capturing and Importing vApps
- Cataloging vApp Templates and Media Images
- Creating and Using Independent Disks
- View or Change the Owner of an Object
- Deploying and Operating vApps
- Summary of vCloud API vApp and Virtual Machine Operations Requests
- Create a vApp From a Template
- Compose a vApp From Existing Virtual Machines
- Recompose a vApp to Add or Remove Virtual Machines
- Provide User Input Requested by a Virtual Machine
- Attach or Detach an Independent Disk
- Creating and Using vApp Snapshots
- Operate a vApp
- Configuring vApps and Virtual Machines
- Retrieve the Configuration Links for a vApp
- Retrieve the Configuration Links for a Virtual Machine
- Update Multiple Sections of a Virtual Machine
- Retrieve or Update a Modifiable Section
- Update a vApp Network Configuration
- Update the NetworkConnectionSection of a Virtual Machine
- Retrieve or Modify the CPU Configuration of a Virtual Machine
- Retrieve or Modify the GuestCustomizationSection of a Virtual Machine
- Retrieve or Modify ProductSection Elements
- Retrieve or Modify Groups of Related Sections in a Virtual Machine
- Retrieve or Modify the Hard Disk Configuration of a Virtual Machine
- Update the Storage Profile for a Virtual Machine
- Creating and Managing Organizations
- Summary of Administrative Requests
- Administrator Credentials and Privileges
- Organization Administration
- vDC Administration
- Network Administration
- Catalog Administration
- User and Group Administration
- Working With Roles and Rights
- Controlling Access to vApps and Catalogs
- Managing and Monitoring a Cloud
- Summary of vSphere Platform Extension Requests
- Retrieve or Update System Settings
- Attach a vCenter Server
- Finding Available vCenter Resources
- Create a Provider vDC
- Create an External Network
- Create a Network Pool
- Import a Virtual Machine from vCenter
- Relocate a Virtual Machine to a Different Datastore
- Truststore and Keytab Maintenance
- Retrieve the vSphere URL of an Object
- Working With Object Metadata
- Using the Query Service
- Configuring and Using Blocking Tasks and Notifications
- vCloud Director Extension Services
- XML Representations in the vCloud API
- Index
Administrator Credentials and Privileges
An administrator's privileges are scoped by the organization to which the administrator authenticates.
The vCloud API defines two levels of administrative privilege:
n
Organization administrators, who have administrative privileges in a specific organization.
n
System administrators, who have superuser privileges throughout the system. System administrators are
members of the System organization, and can create, read, update, and delete all objects in a cloud. They
have organization administrator rights in all organizations in a cloud, and can operate directly on vSphere
resources to create and modify provider vDCs, external networks, network pools, and similar system-
level objects.
Some administrative operations, and all vSphere platform operations, are restricted to the system
administrator. Before you attempt these operations, log in to the System organization with the user name and
password of the system administrator account that was created when vCloud Director was installed. For
example, if the system administrator’s user name and password was defined as administrator and Pa55w0rd,
the system administrator login credentials are the MIME Base64 encoding of the string
administrator@System:Pa55w0rd.
NOTE When logging in using a SAML identity provider, the system administrator must use the vSphere SSO
Service as the identity provider. See “Create a Login Session Using a SAML Identity Provider,” on page 46.
The System Organization
The System organization is created automatically when vCloud Director is installed. Unlike the organizations
represented by Org and AdminOrg objects, the System organization cannot contain catalogs, vDCs, groups, or
users who are not system administrators.
Example: The System Organization
When a system administrator logs in to the REST API, the OrgList in the returned Session element contains a
link to the System organization.
<OrgList ... >
...
<Org
type="application/vnd.vmware.admin.systemOrganization+xml"
name="System"
href="https://vcloud.example.com/api/admin/org/123"/>
...
</OrgList>
Organization Administration
System administrators create organizations and organization administrators, and establish certain
organization policies. Organization administrators populate their organization with users and groups, assign
roles, and can update most organization policies and properties.
A cloud can contain one or more organizations. Each organization is a unit of administration for a collection
of users, groups, and computing resources. Users authenticate at the organization level, supplying credentials
established when the user was created or imported. User credentials are authenticated by the organization's
identity provider, which can be either the integrated identity provider included in vCloud Director or an
external SAML-based identity provider.
vCloud API Programming Guide
132 VMware, Inc.