Update the Tenancy for a Security Group

To set the tenancy level for an NSX security object, you pass the security object to its API with a tenant ID specified. To do this efficiently, you use the API to retrieve the object, alter its JSON, then pass the edited JSON back to the API.

This use case example updates the tenant ID for a security group, but the same procedure applies to security tags and security policies using similar APIs such as:
  • /network-service/api/security-tags/{id}
  • /network-service/api/security-policies/{id}

Prerequisites

  • Log in to vRealize Automation as a system administrator or a tenant administrator.
  • Verify that the appliance name and fully qualified domain name of the vRealize Automation instance are available.
  • Verify that you have a valid HTTP bearer token that matches your login credentials. See REST API Authentication.

Procedure

  1. Retrieve the security group with ID=24. 
    curl --insecure -H "Accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer $token" https://$vRA/network-service/api/security-groups/24
    For details regarding input and output for this request, see Syntax for Retrieving Security Groups.
  2. Edit the JSON for the security group.
    Name the JSON file updateTenantId.json and set the tenant ID to a single tenant named rainpole. 
    {
   "@type": "SecurityGroup",
   "id": "24",
   "name": "security-group-name",
   "description": "Managed by VMware vRealize Automation",
   "externalId": "securitygroup-19567",
   "tenantId": "rainpole",
   "extensionData": {
      "entries": [...]
   },
   "securityGroupTypeId": "Infrastructure.Network.SecurityGroup.NSX",
   "internal": false,
   "machineIdCollection": null,
   "ipAddressCollection": null
}
  3. Submit a request to update the security group with ID=24 that calls the JSON file. 
    curl -X PUT --insecure -H "Accept: application/json" -H "Content-type: application/json" -H "Authorization: Bearer $token” -H "Cache-control: no cache" https://$vRA/network-service/api/security-groups/24 --data @C:/Temp/updateTenantId.json
    For details regarding input and output for this request see Syntax for Updating a Tenant ID .
  4. Examine the response to verify that the security group has the tenant you specified.

Results

With the tenancy changed to rainpole, rainpole is the only tenant on this endpoint that can now see the security group with ID=24 .