lib/vra/client.rb in vmware-vra-3.0.0 vs lib/vra/client.rb in vmware-vra-3.0.1
- old
+ new
@@ -21,11 +21,12 @@
require 'passwordmasker'
require 'vra/http'
module Vra
class Client
- ACCESS_TOKEN_URL = '/csp/gateway/am/api/login?access_token'
+ REFRESH_TOKEN_URL = '/csp/gateway/am/api/login?access_token'
+ ACCESS_TOKEN_URL = '/iaas/api/login'
ROLES_URL = '/csp/gateway/am/api/loggedin/user/orgs'
attr_accessor :page_size
def initialize(opts)
@@ -104,20 +105,29 @@
response = http_head(ROLES_URL, :skip_auth)
response.success?
end
def generate_access_token
+ @refresh_token.value = nil
@access_token.value = nil
validate_client_options!
- response = http_post(ACCESS_TOKEN_URL,
+ # VRA 8 has a two-step authentication process - This probably breaks VRA7, who knows?!?
+ # First step: Sending Username/Password to get a Refresh Token
+ refresh_response = http_post(REFRESH_TOKEN_URL,
FFI_Yajl::Encoder.encode(token_params),
:skip_auth)
- raise Vra::Exception::Unauthorized, "Unable to get the access token: #{response.body}" unless response.success_ok?
+ raise Vra::Exception::Unauthorized, "Unable to get the refresh token: #{refresh_response.body}" unless refresh_response.success_ok?
- response_body = FFI_Yajl::Parser.parse(response.body)
- @access_token.value = response_body['access_token']
- @refresh_token.value = response_body['refresh_token']
+ refresh_response_body = FFI_Yajl::Parser.parse(refresh_response.body)
+ @refresh_token.value = refresh_response_body['refresh_token']
+
+ # Second Step: Sending the refresh token to a separate endpoint to get an Access Token
+ access_response = http_post(ACCESS_TOKEN_URL, "{ \"refreshToken\": \"#{@refresh_token.value}\" }", :skip_auth)
+ raise Vra::Exception::Unauthorized, "Unable to get the access token: #{access_response.body}" unless access_response.success_ok?
+
+ access_response_body = FFI_Yajl::Parser.parse(access_response.body)
+ @access_token.value = access_response_body['token']
end
def full_url(path)
"#{@base_url}#{path}"
end