Hi,
we are migrating vRA 8.18 into VCFA 9.0.2 clean installation (as its impossible to upgrade due some circumstances). We have created "VM Apps" organization as we need same experience as on version 8.18 for now (as we are unable to migrate our templates to Provider Org All Apps, basically because we do not know how).
We have migrated everything 1:1 to previous installation but we are struggling with simple thing - API access for common users with only "Service Broker User" role and project member role. In vRA 8.18 it was so simple to get refresh_token with username and password and then request access token. I have found that it should be somehow replaced with "Service Accounts" ??? Common user does not have API tab in "My Account".
I'm able to generate refresh_token and get bearer token for API calls for Service Account, with "Service Broker User" role, BUT.... I'm unable to find proper documentation, how to assign this service account into Project and grand him ability to see catalog of items. Broadcom documentation does not cover this at all, Broadcom support working on it several days from case creation and still nothing.
Just reminder: in clean installation old API endpoint /csp/gateway/am/api/login does not work at all, so I'm using series of following URLs. but non of them authorize service account for project, so catalog API return empty array
- https://vmware-cloud-automation.domain.com/tm/oauth/tenant/MYVMAPPSORG/device_authorization
- https://vmware-cloud-automation.domain.com/tm/oauth/tenant/MYVMAPPSORG/token
- grant_type: urn:ietf:params:oauth:grant-type:device_code
- client_id
- device_code
- https://vmware-cloud-automation.domain.com/tm/oauth/tenant/MYVMAPPSORG/token
- grant_type: refresh_token
- refresh_token: token
Was anybody of you able to call API for requesting Catalog items with non-admin user? How? I will appreciate any hint as its blocking me from destroying vRA 8.18 and fully migrate to VCFA 9.0.2.
Thanks