I have a requirement where in i need to create VLAN / DVSWITCH (sdn) for clients and provide them access for the same via automation.
Some of the script which are sensitive are not inside the tenant but on the ADMIN level. So i need to call them from tenant level or externally to execute the task/workflow and provide the output or so.
Hi, my first thought is store an API token for a service account on the master tenant inside the subtenants which need to access this automation using Cypher. A workflow in the subtenant could then run the actual VLAN creation workflow in the master tenant via this endpoint.
- Thanks for link will check that
- I haven’t had success in Sharing Cypher between master tenant and subtenant. Also i am unable to understand what you said. Please can you explain again the cypher thing.
Initially the script is working fine in Master tenant. Also necessary VMWARE creds are stored in master tenant cypher. Now when i share the workflow with subtenant i get cypher error. Which i understand. But how exactly i can secure plus make this workable ?
It’s not possible to share cyphers with sub-tenants. You’d need to create the cypher in each tenant that needed to run the workflow on the master.
Have you tried this. You can reference the original owner of a workflow so that keys can be used in a subtenant. Example
PASSWORD=<%=cypher.read('secret/myuserpassword')%> could be changed to
PASSWORD=<%=cypher.read('secret/myuserpassword',true)%> within a library or a workflow and the true means OWNER true. This will keep that key in the master tenants cypher store.
Thanks for the solution but how to use in python ?
I tried pwd=Cypher(morpheus=morpheus, ssl_verify=False).get(‘secret/vmware’,true) but it failed.
from morpheuscypher import Cypher
additional packages: Screen Shot 2023-11-24 at 10.06.27.png - Droplr
Yes both entries are already there but the provided entries doesn’t work in python script.
I resolved this by checking the github issues for cypher and also this solution is mentioned in youtube minutes for cypher.
<%=cypher.read('secret/myuserpassword')%> as a command argument within your Morpheus task. Then within your Python code use
cypher = sys.argv which will have the value. It will call/use the secret/myuserpassword Cypher stored in the master tenant
Sorry, I am confused. Is it resolved?
Yes it is resolved because of the Github link (of morpheus)