5.1
Table Of Contents
- vCloud API Programming Guide
- Contents
- vCloud API Programming Guide
- About the VMware vCloud API
- Hello vCloud: A Simplified RESTful Workflow
- Exploring a Cloud
- Summary of vCloud API Browsing Requests
- Retrieve the Login URL and List of Supported API Versions
- Create a Login Session Using the Integrated Identity Provider
- Retrieve a List of Organizations Accessible to You
- Retrieve an Administrative View of a Cloud
- Retrieve a List of vSphere Platform Operations and Objects for a Cloud
- Provisioning an Organization
- Summary of vCloud API Provisioning Requests
- Upload an OVF Package to Create a vApp Template
- Download a vApp Template as OVF
- Upload a Media Image
- Copying and Moving with the vCloud API
- Capturing and Importing vApps
- Cataloging vApp Templates and Media Images
- Creating and Using Independent Disks
- View or Change the Owner of an Object
- Deploying and Operating vApps
- Summary of vCloud API vApp and Virtual Machine Operations Requests
- Create a vApp From a Template
- Compose a vApp From Existing Virtual Machines
- Recompose a vApp to Add or Remove Virtual Machines
- Provide User Input Requested by a Virtual Machine
- Attach or Detach an Independent Disk
- Creating and Using vApp Snapshots
- Operate a vApp
- Configuring vApps and Virtual Machines
- Retrieve the Configuration Links for a vApp
- Retrieve the Configuration Links for a Virtual Machine
- Update Multiple Sections of a Virtual Machine
- Retrieve or Update a Modifiable Section
- Update a vApp Network Configuration
- Update the NetworkConnectionSection of a Virtual Machine
- Retrieve or Modify the CPU Configuration of a Virtual Machine
- Retrieve or Modify the GuestCustomizationSection of a Virtual Machine
- Retrieve or Modify ProductSection Elements
- Retrieve or Modify Groups of Related Sections in a Virtual Machine
- Retrieve or Modify the Hard Disk Configuration of a Virtual Machine
- Update the Storage Profile for a Virtual Machine
- Creating and Managing Organizations
- Summary of Administrative Requests
- Administrator Credentials and Privileges
- Organization Administration
- vDC Administration
- Network Administration
- Catalog Administration
- User and Group Administration
- Working With Roles and Rights
- Controlling Access to vApps and Catalogs
- Managing and Monitoring a Cloud
- Summary of vSphere Platform Extension Requests
- Retrieve or Update System Settings
- Attach a vCenter Server
- Finding Available vCenter Resources
- Create a Provider vDC
- Create an External Network
- Create a Network Pool
- Import a Virtual Machine from vCenter
- Relocate a Virtual Machine to a Different Datastore
- Truststore and Keytab Maintenance
- Retrieve the vSphere URL of an Object
- Working With Object Metadata
- Using the Query Service
- Configuring and Using Blocking Tasks and Notifications
- vCloud Director Extension Services
- XML Representations in the vCloud API
- Index
Authorization Framework for Extension Service Operations
All requests to extension services must be authenticated through the vCloud API. Extension services can
participate in vCloud API REST authorization by controlling access to their objects and operations through
new or existing rights and roles.
An extension service that does not enable the use of vCloud Director REST authorization implicitly grants
permission for all users to perform all operations that the service uses. A service can use the native
vCloud Director REST authorization model by taking the following steps:
1 Define resource classes that represent references to service-specific object types.
2 Define resource class actions that specify the actions that are implemented for those object types.
3 Define ACL rules specifying the rights required to perform an operation on objects of a specific type.
Participation in the Authorization Framework
To participate in the authorization framework, a service must include an AuthorizationEnabled element with
a value of true in its registration request.
<vmext:AuthorizationEnabled>true</vmext:AuthorizationEnabled>
It must also define at least one resource class, specify at least one action for that class, and define an ACL rule
that constrains use of the action on the class.
Resource Classes and Actions
A service uses the following constructs to define the objects, operations, and permissions that constitute its
authorization model.
Resource Classes
Set of rules for creating references to service-specific objects. Like other object
references in the vCloud API, resource classes are a Link element that specifies
the MIME type of the resource and includes an href,URL, that can be used to
retrieve the resource. The rules include a MIME type, a URL pattern, and a
template for creating an id attribute value in URN form.
Resource Class Actions
Combination of a URL pattern that specifies a resource class and an HTTP
method that implements an action on a resource of that class. The action uses
the specified method in a request to a URL that matches the specified pattern.
ACL Rules
Specifies the rights that an organization or user have to an operation defined
as a resource class action.
Querying for Organization and User Rights
The vCloud API query service implements several queries that return a list of rights that a specified user or
organization is granted. A user can make a request that specifies one or more entity references and returns a
summary of user rights to the specified entities.
vCloud API Programming Guide
294 VMware, Inc.