When you delete a tenant from VMware Identity Manager, you also delete the resources created under it. So before deleting a tenant using the Tenant Management Controller APIs, you must verify that it is not associated with a product.

The following procedure shows how to check for tenant association with a product before deleting the tenant. To help you understand the required input, the steps include example values.

Prerequisites

  • Verify that all general prerequisites have been satisfied. See Tenant management using vRealize Suite Lifecycle Manager APIs.
  • Verify that VMware Identity Manager has multi-tenancy enabled.
  • Verify that you have the following input values for the tenant created in VMware Identity Manager.
    • vidmHostname VMware Identity Manager domain name.
    • baseTenantHostname VMware Identity Manager base tenant or default tenant alias.
    • VMware Identity Manager administrator password.
    • VMware Identity Manager administrator user name.
    • vidmHost Hostname or load-balanced FQDN of the VMware Identity Manager host.
    • vidmOAuthServiceClientId Use the default value service__Oauth2Client.
    • vidmOAuthServiceClientSecret To obtain the value, see the client configuration on the OAuth2 Client page in VMware Identity Manager. From the VMware Identity Manager console Catalog tab, select Settings > Remote App Access.
    • VMware Identity Manager tenant name.

Procedure

  1. Check to see if the tenant is associated with a product. 
    curl -X POST \
  '$url/lcm/authzn/api/idp/tenants/referenceexists' \
  -H 'Authorization: Basic YWRtaW5AbG9jYWw6VGhpc0lzUGFzc3dvcmQ=' \
  -H 'Content-Type: application/json' \
  -d '{    
    "vidmDomainName": "sqa.local",
    "baseTenantHostname": "newmaster48-179.sqa.local",
    "vidmAdminPassword": "locker:password:33e75543-9e32-4232-9b2f-8d92d6e2888b:installerPassword",
    "vidmHost": "newmaster48-179.sqa.local",
    "vidmAdminUser": "admin",
    "vidmVersion": "3.3.6",
    "vidmRootPassword": "locker:password:33e75543-9e32-4232-9b2f-8d92d6e2888b:installerPassword",
    "vidmSshPassword": "locker:password:33e75543-9e32-4232-9b2f-8d92d6e2888b:installerPassword",
    "vidmOAuthServiceClientId": "Service__OAuth2Client",
    "vidmOAuthServiceClientSecret": "5ICAFUqkN32yiAPK0fByW8MEtpzfmnog",
    "tenancyEnabled": true,
    "vidmProductCertificate": "locker:certificate:74902017-aa3e-4d4c-b85a-7ebb0d97f3bf:GSAN",
    "clusteredVidm": true,
    "vidmTenant": "PEPSITEST48-179"
} ' | jq "."
    Examine the response. The vmid is the request ID that you use to track your request. 
    {
    "vmid": "698cf49c-2ce4-496f-9804-6534527be83e",
    "transactionId": null,
    "tenant": "default",
    "requestName": "tenantreferenceexists",
    "requestReason": "Validate if the tenant has references",
    "requestType": "Validate if the tenant has references",
    "requestSource": null,
    "requestSourceType": "user",
    "inputMap": 
    {
        "vidmHostBaseExDTO": 
        {
            "vidmHost":"newmaster48-179.sqa.local",
            "vidmTenant":"PEPSITEST48-179",
            "useServiceClient":false,
            "isTenantConfiguredByPath":false,
            "vidmAdminUser":"admin",
            "vidmAdminPassword":"locker:password:33e75543-9e32-4232-9b2f-8d92d6e2888b:installerPassword",
            "vidmOAuthServiceClientId":"Service__OAuth2Client",
            "vidmOAuthServiceClientSecret":"5ICAFUqkN32yiAPK0fByW8MEtpzfmnog",
            "vidmDomainName":"sqa.local",
            "baseTenantHostname":"newmaster48-179.sqa.local",
            "requestId":"null",
            "tenantvalandassocproducts":"false"
        },
        "outputMap": {},
        "state": "CREATED",
        "executionId": null,
        "executionPath": null,
        "executionStatus": null,
        "errorCause": null,
        "resultSet": null,
        "isCancelEnabled": null,
        "lastUpdatedOn": 1658400394933,
        "createdBy": null
    }
}
  2. Assign the variable for the requestId. 
    requestId = "698cf49c-2ce4-496f-9804-6534527be83e"
  3. Use the requestId to track your request. 
    curl -X GET '$url/lcm/request/api/requests/$requestId' -H 'Authorization: Basic YWRtaW5AbG9jYWw6VGhpc0lzUGFzc3dvcmQ=' | jq "."
  4. Examine the response.
    When the status shows COMPLETED, check the values for response and message.
    • If both are false, then the tenant is not associated with a product.
    • If both are true, then the tenant is associated with a product and cannot be deleted.
    ...                
        "status":"COMPLETED",
        "lastUpdatedOn":1658836815181
    },
        "errorCause": null,
        "resultSet": 
        [
            {
                "vmid":"3c6bfe28-4e79-4c8b-8e8b-dba663f0cbe5",
                "transactionId":null,
                "tenant":"default",
                "sourceOfTheRequest":"02439556-7fce-428a-9015-c3c2d4ea4400",
                "resultKey":"vidmTaskResult",
                "resultType":"java.lang.String",
                "resultText":
                {
                    "status":"SUCCESS",
                    "statusCode":200,
                    "responseType":"String",
                    "response":"false",
                    "message":"false",
                    "currentState":null,
                    "currentTask":null
                },
                "eventId":"acb1ff10-4706-41c6-a9ae-8845299eac9b",
                "machineInstanceId":"23ac1249-6eec-4ce1-8d34-f0dc977a9277"
            }
        ],
        "isCancelEnabled": null,
        "lastUpdatedOn": 1658836817630,
        "createdBy": "admin@local"                   
}
    In this example, "response":"false" and "message":"false" so you can delete the tenant.
  5. Delete the tenant. 
    curl -X POST \
  '$url/lcm/authzn/api/idp/tenants/delete' \
  -H 'Authorization: Basic YWRtaW5AbG9jYWw6VGhpc0lzUGFzc3dvcmQ=' \
  -H 'Content-Type: application/json' \
  -d '{
    "vidmDomainName": "sqa.local", 
    "baseTenantHostname": "newmaster48-179.sqa.local", 
    "vidmAdminPassword": "locker:password:33e75543-9e32-4232-9b2f-8d92d6e2888b:installerPassword", 
    "vidmHost": "newmaster48-179.sqa.local", 
    "vidmAdminUser": "admin", 
    "vidmVersion": "3.3.6", 
    "vidmRootPassword": "locker:password:33e75543-9e32-4232-9b2f-8d92d6e2888b:installerPassword", 
    "vidmSshPassword": "locker:password:33e75543-9e32-4232-9b2f-8d92d6e2888b:installerPassword", 
    "vidmOAuthServiceClientId": "Service__OAuth2Client", 
    "vidmOAuthServiceClientSecret": "5ICAFUqkN32yiAPK0fByW8MEtpzfmnog", 
    "tenancyEnabled": true, 
    "vidmProductCertificate": "locker:certificate:74902017-aa3e-4d4c-b85a-7ebb0d97f3bf:GSAN", 
    "clusteredVidm": true, 
    "tenantToBeDeleted": "PEPSITEST48-179" 
} ' | jq "."
    Examine the response. The vmid is the request ID that you use to track your request. 
    {
    "vmid": "540e7eb7-1bed-4d59-b516-ac1176998548",
    "transactionId": null,
    "tenant": "default",
    "requestName": "deletetenant",
    "requestReason": "Delete tenant",
    "requestType": "Delete tenant",
    "requestSource": null,
    "requestSourceType": "user",
    "inputMap": 
    {
        "vidmTenantDeleteRequestDTO": 
        {
            "vidmHost":"newmaster48-179.sqa.local",
            "vidmTenant":null,
            "useServiceClient":false,
            "isTenantConfiguredByPath":false,
            "vidmAdminUser":"admin",
            "vidmAdminPassword":"locker:password:33e75543-9e32-4232-9b2f-8d92d6e2888b:installerPassword",
            "vidmOAuthServiceClientId":"Service__OAuth2Client",
            "vidmOAuthServiceClientSecret":"5ICAFUqkN32yiAPK0fByW8MEtpzfmnog",
            "vidmDomainName":"sqa.local",
            "baseTenantHostname":"newmaster48-179.sqa.local",
            "requestId":null,
            "tenantToBeDeleted":"PEPSITEST48-179"
        },
        "tenantvalandassocproducts": "false"
    },
    "outputMap": {},
    "state": "CREATED",
    "executionId": null,
    "executionPath": null,
    "executionStatus": null,
    "errorCause": null,
    "resultSet": null,
    "isCancelEnabled": null,
    "lastUpdatedOn": 1658837473065,
    "createdBy": null
}
  6. Assign the variable for the requestId. 
    requestId = "540e7eb7-1bed-4d59-b516-ac1176998548"
  7. Use the requestID to track your request. 
    curl -X GET '$url/lcm/request/api/requests/$requestId' -H 'Authorization: Basic YWRtaW5AbG9jYWw6VGhpc0lzUGFzc3dvcmQ=' | jq "."
    Examine the response. When the status shows COMPLETED, and the values for response and message show Tenant deleted successfully, the tenant is deleted. 
    ...
        "status": "COMPLETED",
        "lastUpdatedOn": 1658837473978
    },
    "errorCause": null,
    "resultSet": 
    [
        {
            "vmid":"43f7fb53-0e79-46c5-aea0-63b2e819c0d6",
            "transactionId":null,
            "tenant":"default",
            "sourceOfTheRequest":"b0ff51d6-3bd8-431e-a84b-11b876cc399e",
            "resultKey":"vidmTaskResult",
            "resultType":"java.lang.String",
            "resultText":
                {
                    "status": "SUCCESS",
                    "statusCode": 200,
                    "responseType": "String",
                    "response": "Tenant deleted successfully",
                    "message": "Tenant deleted successfully",
                    "currentState": null,
                    "currentTask": null
                },
            "eventId": "86a8631b-733b-4f21-aa08-7abbcd1ce6cc",
            "machineInstanceId": "7dae400c-7f29-47ee-9b42-f1f7c0fff692"
        }
    ],
    "isCancelEnabled": null,
    "lastUpdatedOn": 1658837477052,
    "createdBy": "admin@local"
}