Trigger / Execute Task / Workflow remotely (from another script)

Bilal_Inamdar · November 7, 2023, 7:51am

Hi,
I have a requirement where in i need to create VLAN / DVSWITCH (sdn) for clients and provide them access for the same via automation.
Some of the script which are sensitive are not inside the tenant but on the ADMIN level. So i need to call them from tenant level or externally to execute the task/workflow and provide the output or so.

Regards,
Bilal Inamdar

Ollie_Phillips · November 7, 2023, 8:17am

Hi, my first thought is store an API token for a service account on the master tenant inside the subtenants which need to access this automation using Cypher. A workflow in the subtenant could then run the actual VLAN creation workflow in the master tenant via this endpoint.

https://apidocs.morpheusdata.com/reference/executeworkflows

Bilal_Inamdar · November 7, 2023, 8:45am

Thanks for link will check that
I haven’t had success in Sharing Cypher between master tenant and subtenant. Also i am unable to understand what you said. Please can you explain again the cypher thing.

Initially the script is working fine in Master tenant. Also necessary VMWARE creds are stored in master tenant cypher. Now when i share the workflow with subtenant i get cypher error. Which i understand. But how exactly i can secure plus make this workable ?

Ollie_Phillips · November 7, 2023, 5:12pm

It’s not possible to share cyphers with sub-tenants. You’d need to create the cypher in each tenant that needed to run the workflow on the master.

rboyd · November 17, 2023, 1:04pm

Have you tried this. You can reference the original owner of a workflow so that keys can be used in a subtenant. Example PASSWORD=<%=cypher.read('secret/myuserpassword')%> could be changed to PASSWORD=<%=cypher.read('secret/myuserpassword',true)%> within a library or a workflow and the true means OWNER true. This will keep that key in the master tenants cypher store.

Bilal_Inamdar · November 24, 2023, 7:19am

Hi,

Thanks for the solution but how to use in python ?

pwd=Cypher(morpheus=morpheus, ssl_verify=False).get(‘secret/vmware’)

I tried pwd=Cypher(morpheus=morpheus, ssl_verify=False).get(‘secret/vmware’,true) but it failed.

aabraham · November 24, 2023, 10:06am

imported cypher?

from morpheuscypher import Cypher

additional packages: Screen Shot 2023-11-24 at 10.06.27.png - Droplr

Bilal_Inamdar · November 24, 2023, 11:09am

Hi,
Yes both entries are already there but the provided entries doesn’t work in python script.

I resolved this by checking the github issues for cypher and also this solution is mentioned in youtube minutes for cypher.

Use <%=cypher.read('secret/myuserpassword')%> as a command argument within your Morpheus task. Then within your Python code use cypher = sys.argv[1] which will have the value. It will call/use the secret/myuserpassword Cypher stored in the master tenant

aabraham · November 24, 2023, 11:16am

Sorry, I am confused. Is it resolved?

Bilal_Inamdar · November 24, 2023, 11:35am

Yes it is resolved because of the Github link (of morpheus)

Topic		Replies	Views
Can I use a master tenant cypher in a subtenant with Ansible? Secrets Management cypher , tenants	12	446	May 5, 2022
Triggering a snapshot during a workflow? Automation/IaC automation , vmware	6	346	May 10, 2022
Using Cypher From A Python Task Automation/IaC python	0	378	March 30, 2022
Morpheus Task/Workflow API Responses From External CI/CD API/CLI api , python , tasks , cicd	4	291	September 29, 2022
Creating a custom Task Plugin that can access secrets from Cypher and HashiCorp Vault Plugins automation , cypher , plugins , tasks	0	262	October 11, 2023

Trigger / Execute Task / Workflow remotely (from another script)

Related Topics