REST API - create
  1. Operations
  2. vcenter
  3. trust
  4. vc trusts

vcenter trust vc trusts: create

Creates a new trust for domain in given spec. Warning: This operation is part of a new feature in development. It may be changed at any time and may not have all supported functionality implemented.

Request:

HTTP request

POST https://{server}/rest/vcenter/trust/vc-trusts

Request Body Structure:

{
    "spec"{
        "domain""string",
        "label""string",
        "signing_cert_chains"[
            {
                "cert_chain"[
                    "string",
                    "string"
                ]
            },
            {
                "cert_chain"[
                    "string",
                    "string"
                ]
            }
        ],
        "upn_suffixes"[
            "string",
            "string"
        ],
        "type""string",
        "group_map"[
            {
                "value"[
                    "string",
                    "string"
                ],
                "key""string"
            }
        ]
    }
}

Request Body Parameters:

Name Type Description
bold = required
spec create_spec The information needed to create a trust.
spec.domain string Domain identifier. Warning: This attribute is part of a new feature in development. It may be changed at any time and may not have all supported functionality implemented.
spec.label string Label of the trust. A non-unique, user-readable label. Warning: This attribute is part of a new feature in development. It may be changed at any time and may not have all supported functionality implemented.
spec.type string Type of trust, used to distinguish between different types of domains such as cloud or on-prem. Warning: This attribute is part of a new feature in development. It may be changed at any time and may not have all supported functionality implemented.

Optional. Type will only be added if provided.
spec.signing_cert_chains x509_cert_chain[] List of signing certificate chains. At least one cert chain is required. Private key is not included. Warning: This attribute is part of a new feature in development. It may be changed at any time and may not have all supported functionality implemented.
spec.group_map list Maps a group in an existing token to a list of local SSO groups in the local domain. Map key is expected to be in UPN/email address format. Example is group name and domain name separated by '@': @ Map value is the name of an existing group. Warning: This attribute is part of a new feature in development. It may be changed at any time and may not have all supported functionality implemented.

Optional. group map will only be added if provided.
spec.upn_suffixes string[] List of the UPN suffixes used in this trust relationship. Must contain at least one entry for the trusted domain. Warning: This attribute is part of a new feature in development. It may be changed at any time and may not have all supported functionality implemented.

Response:

HTTP Status Code: 200

None

Errors:

HTTP Status Code Type Description
403 unauthorized if authorization is not given to caller.
400 already_exists if trust exists for domain in given spec.
400 invalid_argument if groupMap key is not in UPN format, if group value is not found or if at least one upn suffix is not given.