Authentication API token in multi-tenancy

Hello,

I am looking some advises for my below use case:

We have a catalog with user inputs like Yes/No. Based on those inputs, automation workflow call back to Morpheus APIs and trigger automation tasks/workflows into provisioned instances.

We would like to use this catalog for all sub-tenants. In that case, we need to use respective sub-tenant’s credential to get token and discover VM instances which are belong to the sub-tenant. After that, perform some automation tasks.

How we can use dynamic type or using variables to get Authentication token in multi-tenant unless we use common username and password for each tenant.

Thanks,
Aung

One option if the users have the rights to perform the automation tasks would be to use the variable <%=morpheus.apiAccessToken%> this will generate a short lived morph-automation token for that user that can then be used in your scripts. Another option could be to use Cyphers and call the Cypher from your script.

Thanks for your advises.

I assume that this variable will generate token depends on tenant Id, username right? So, automation task can execute on tenant’s instances.
For Cypher, I firstly need to generate token from respective tenants and then store in cypher which will be static value. But, I am looking dynamic values. So, automation workflow can execute by all sub-tenants on their instances.

Using the variable <%=morpheus.apiAccessToken%> will generate the token for the user that is running the task. So if this is being executed by user y in tenant y then the token will be for user y in tenant y and run as that user.

For cyphers, yes you would still need to have a user and have a process to gen and save the creds to cypher, but then you could call it from cypher using dynamic vaules like <%=cypher.read(‘secret/’ + ‘AWS’ + customOptions.GroupId + ‘accountname’)%>