Vcenter Namespaces ManagementServices AccessGrants create
Creates an Access Grant in the given namespace.
This operation was added in vSphere API 9.1.0.0.
Returns an authorization error if you do not have all of the privileges described as follows:
- The resource
com.vmware.vcenter.namespaces.Instancereferenced by the parameter namespace requiresManagementServiceAccessGrants.Configure.
Identifier of the namespace.
The parameter must be an identifier for the resource type: com.vmware.vcenter.namespaces.Instance.
Specification of the Access Grant.
Show optional properties
{
"access_grant": "string",
"management_service": "string",
"workload_selector": {}
}{
"access_grant": "string",
"description": "string",
"managed_by": "string",
"management_service": "string",
"workload_selector": {
"type": "string"
},
"enabled": false
}Identifier of the Access Grant. The name has DNS Label restrictions as specified in RFC 1123. This must be an alphanumeric (a-z and 0-9) string and with maximum length of 63 characters and with the '-' character allowed anywhere except the first or last character. The name of an Access Grant has to be unique within the namespace.
This property was added in vSphere API 9.1.0.0.
When clients pass a value of this schema as a parameter, the property must be an identifier for the resource type: com.vmware.vcenter.namespaces.management_services.AccessGrant. When operations return a value of this schema as a response, the property will be an identifier for the resource type: com.vmware.vcenter.namespaces.management_services.AccessGrant.
The description of the Access Grant.
This property was added in vSphere API 9.1.0.0.
If missing or null, no description will be available for the Access Grant.
Information about the entity responsible for the lifecycle of this Access Grant record.
When set, the field implies that any change to update or delete the Access Grant by any principal other than the component referenced by the field may be reverted by the automation component managing it.
This property was added in vSphere API 9.1.0.0.
If missing or null, it implies the Access Grant is not created by automation.
A reference to an existing Management Service.
This property was added in vSphere API 9.1.0.0.
When clients pass a value of this schema as a parameter, the property must be an identifier for the resource type: com.vmware.vcenter.namespace_management.supervisor.ManagementService. When operations return a value of this schema as a response, the property will be an identifier for the resource type: com.vmware.vcenter.namespace_management.supervisor.ManagementService.
Selection of workloads to be granted access to the given management service.
This property was added in vSphere API 9.1.0.0.
Set to false to create an Access Grant in a disabled state. A disabled Access Grant deactivates access for the recipient workloads of the grant to the referenced Management Service. The field defaults to true, which means the Access Grant will be enabled on its creation.
This property was added in vSphere API 9.1.0.0.
If missing or null, will default to true. The Access Grant will be enabled on creation.
Success!
Vapi Std Errors InvalidArgument if spec contains any errors.
Vapi Std Errors AlreadyExists if an Access Grant ID defined in spec already exists in the namespace.
Vapi Std Errors NotAllowedInCurrentState if the namespace or its Supervisor is being disabled.
Vapi Std Errors Unsupported if the Supervisor associated with the namespace doesn't support Management Services.
{
"messages": [
{
"id": "string",
"default_message": "string",
"args": [
"string"
],
"params": {
"params": {
"s": "string",
"dt": "string",
"i": 0,
"d": "number",
"l": {
"id": "string",
"params": {
"params": "Vapi Std LocalizationParam Object"
}
},
"format": "string",
"precision": 0
}
},
"localized": "string"
}
],
"data": {},
"error_type": "string"
}Stack of one or more localizable messages for human error consumers.
The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.
Each subsequent message in the stack describes the "cause" of the prior message.
Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully.
Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.
The Vapi Std Errors ArgumentLocations, Vapi Std Errors FileLocations, and Vapi Std Errors TransientIndication schemas are intended as possible values for this property. Vapi Std DynamicID may also be useful as a value for this property (although that is not its primary purpose). Some resources may provide their own specific schemas for use as the value of this property when reporting errors from their operations.
Some operations will not set this property when reporting errors.
Discriminator field to help API consumers identify the structure type.
For more information see: Vapi Std Errors Error Type.
This property was added in vSphere API 6.7.2.
Can be missing or null for compatibility with preceding implementations.
if the user cannot be authenticated.
{
"messages": [
{
"id": "string",
"default_message": "string",
"args": [
"string"
],
"params": {
"params": {
"s": "string",
"dt": "string",
"i": 0,
"d": "number",
"l": "Vapi Std NestedLocalizableMessage Object",
"format": "string",
"precision": 0
}
},
"localized": "string"
}
],
"data": {},
"error_type": "string",
"challenge": "string"
}Indicates the authentication challenges applicable to the target API provider. It can be used by a client to discover the correct authentication scheme to use. The exact syntax of the value is defined by the specific provider, the protocol and authentication schemes used.
For example, a provider using REST may adhere to the WWW-Authenticate HTTP header specification, RFC7235, section 4.1. In this case an example challenge value may be: SIGN realm="27da1358-2ba4-11e9-b210-d663bd873d93",sts="http://vcenter/sso?vsphere.local", Basic realm="vCenter"
This property was added in vSphere API 7.0.0.0.
This property is optional because it was added in a newer version than its parent node.
if the user does not have the ManagementServiceAccesses.Configure privilege on the specified namespace.
{
"messages": [
{
"id": "string",
"default_message": "string",
"args": [
"string"
],
"params": {
"params": {
"s": "string",
"dt": "string",
"i": 0,
"d": "number",
"l": "Vapi Std NestedLocalizableMessage Object",
"format": "string",
"precision": 0
}
},
"localized": "string"
}
],
"data": {},
"error_type": "string",
"challenge": "string"
}Indicates the authentication challenges applicable to the target API provider. It can be used by a client to discover the correct authentication scheme to use. The exact syntax of the value is defined by the specific provider, the protocol and authentication schemes used.
For example, a provider using REST may adhere to the WWW-Authenticate HTTP header specification, RFC7235, section 4.1. In this case an example challenge value may be: SIGN realm="27da158-2ba4-11e9-b",sts="http://vcenter/sso?vsphere.local", Basic realm="vCenter"
This property was added in vSphere API 9.1.0.0.
This property is optional because it was added in a newer version than its parent node.
if the namespace with the given ID could not be located.
{
"messages": [
{
"id": "string",
"default_message": "string",
"args": [
"string"
],
"params": {
"params": {
"s": "string",
"dt": "string",
"i": 0,
"d": "number",
"l": "Vapi Std NestedLocalizableMessage Object",
"format": "string",
"precision": 0
}
},
"localized": "string"
}
],
"data": {},
"error_type": "string"
}if the system reports an error while responding to the request.
{
"messages": [
{
"id": "string",
"default_message": "string",
"args": [
"string"
],
"params": {
"params": {
"s": "string",
"dt": "string",
"i": 0,
"d": "number",
"l": "Vapi Std NestedLocalizableMessage Object",
"format": "string",
"precision": 0
}
},
"localized": "string"
}
],
"data": {},
"error_type": "string"
}Stack of one or more localizable messages for human error consumers.
The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked.
Each subsequent message in the stack describes the "cause" of the prior message.
Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully.
Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports.
The Vapi Std Errors ArgumentLocations, Vapi Std Errors FileLocations, and Vapi Std Errors TransientIndication schemas are intended as possible values for this property. Vapi Std DynamicID may also be useful as a value for this property (although that is not its primary purpose). Some resources may provide their own specific schemas for use as the value of this property when reporting errors from their operations.
Some operations will not set this property when reporting errors.
Discriminator field to help API consumers identify the structure type.
For more information see: Vapi Std Errors Error Type.
This property was added in vSphere API 6.7.2.
Can be missing or null for compatibility with preceding implementations.
curl -X POST -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{"access_grant":"string","management_service":"string","workload_selector":"{}"}' https://{api_host}/api/vcenter/namespaces/{namespace}/management-services/access-grants