As a Service Broker administrator, you can create a content sharing policy that entitles all Service Broker users in a project to shared content defined in the policy.
The steps to get catalog sources or items to share are optional, because a content sharing policy may not share both sources and items. However, the policy must share at least one catalog source or item.
Prerequisites
- Verify that all general prerequisites and prerequisites for the Service Broker Policies service have been satisfied. See Prerequisites for API Use Case Examples.
Note: The Policies API and the Catalog API have the same API version. You set the API version value for both services when you satisfy the prerequisites for the Policies service.
- Assign an API version variable for the Projects API.
api_version_projects='2019-01-15'
Note: The Projects APIs and Policies APIs have different API version values. You set the API version value for the Policies APIs when you satisfied the prerequisites for the Policies service.
Procedure
Example: Create a content sharing policy
Create a policy named Sample Sharing Policy.
Assign variables.
$ url='https://appliance.domain.com' $ api_version='2020-08-25' $ api_version_projects='2019-01-15'
List the projects in your organization.
$ curl -X GET "$url/project-service/api/projects?apiVersion=$api_version_projects" -H "Authorization: Bearer $access_token" | jq "."
{ "id": "1d0bcd42-4d8f-4a8f-8b31-f34a4707533e", "name": "Example-project", "description": "This is an example project", "orgId": "f670fdfc-66d6-4689-9793-d524e7066d1e", ...
Assign the project ID.
$ project_id='1d0bcd42-4d8f-4a8f-8b31-f34a4707533e'
List the users in the project.
$ curl -X GET \ $url/project-service/api/projects/$project_id/principals?apiVersion=$api_version_projects&expandGroups=true& \ '$filter='"(substringof('{}',tolower(acct)))" \ -H "Authorization: Bearer $access_token" | jq "."
A snippet of the response shows the email addresses for the users in the project.
... "content": [ { "id": "ab373898-d29b-4e3b-8703-58023cadd140", "acct": "[email protected]", "domain": "mycompany.com" } ], ...
Get a list of groups in the project.
$ curl -X GET \ $url/project-service/api/projects/$project_id/groups?apiVersion=$api_version_projects&page=0 \ '$filter='"(substringof('{}',tolower(displayName)))" \ -H "Authorization: Bearer $access_token" | jq "."
A snippet of the response shows the group display name for the users that are part of the group.
... "content": [ { "id": "a9da96e7-ba19-47d4-9f38-dd1983e29424", "displayName": "[email protected]", "groupType": "USER_GROUP", "usersCount": 2 }, ...
Get a list of catalog sources for your project.
$ curl -X GET $url/catalog/api/admin/sources?projectId=$project_id&apiVersion=$api_version -H "Authorization: Bearer $access_token" | jq "."
Examine the response to find the catalog sources that you want to share.
... "content": [ { "id": "600026c6-3155-4395-a990-580ff1159e82", "name": "BpContent-Quality Engineering", "description": "For Project-Quality Engineering", "typeId": "com.vmw.blueprint", "createdAt": "2022-10-12T10:37:01.751799Z", "createdBy": "[email protected]", "lastUpdatedAt": "2022-10-17T05:06:33.976796Z", "lastUpdatedBy": "system-user", "config": { "sourceProjectId": "1d0bcd42-4d8f-4a8f-8b31-f34a4707533e" }, ...
Assign the ID of the catalog source to share.
$ catalog_source_id='600026c6-3155-4395-a990-580ff1159e82'
Get a list of catalog items for your project.
$ curl -X GET $url/catalog/api/admin/items?projectId=$project_id&apiVersion=$api_version -H "Authorization: Bearer $access_token" | jq "."
Examine the response to find the catalog item.
... "content": [ { "id": "b2d0fba7-5f62-3c79-b1b8-a2aa7d38063b", "name": "CF-SQAVC67-Centos-MultiMachine", "description": "CF-SQAVC67-Centos-MultiMachine vsphere components, disk, networks", "sourceId": "600026c6-3155-4395-a990-580ff1159e82", "sourceName": "BpContent-Quality Engineering", ...
Assign the ID of the catalog item to share.
$ catalog_item_id='b2d0fba7-5f62-3c79-b1b8-a2aa7d38063b'
Create a content sharing policy with hard enforcement.
groupDisplayName
is [email protected]-
groupDomain
is mycompany.com
$ curl -X POST \ $url/policy/api/policies?apiVersion=$api_version \ -H "Authorization: Bearer $access_token" \ -H 'Content-Type: application/json' \ -d '{ "name": "Sample Sharing Policy", "projectId": "'$project_id'", "definition": { "entitledUsers": [ { "userType": "USER", "principals": [ { "type": "USER", "referenceId": "[email protected]" }, { "type": "PROJECT", "referenceId": "'$project_id'" }, { "type": "GROUP", "referenceId": "[email protected]@mycompany.com" } ], "items": [ { "id": "'$catalog_source_id'", "type": "CATALOG_SOURCE_IDENTIFIER" }, { "id": "'$catalog_item_id'", "type": "CATALOG_ITEM_IDENTIFIER" } ] } ] }, "enforcementType": "HARD", "typeId": "com.vmware.policy.catalog.entitlement" }
The response shows the content sharing policy.
{ "id": "0cecca9a-d778-47b5-acdf-c08248406052", "name": "Sample Sharing Policy", "projectId": "1d0bcd42-4d8f-4a8f-8b31-f34a4707533e", "definition": { "entitledUsers": [ { "userType": "USER", "principals": [ { "type": "USER", "referenceId": "[email protected]" }, { "type": "PROJECT", "referenceId": "1d0bcd42-4d8f-4a8f-8b31-f34a4707533e" }, { "type": "GROUP", "referenceId": "[email protected]@mycompany.com" } ], "items": [ { "id": "600026c6-3155-4395-a990-580ff1159e82", "type": "CATALOG_SOURCE_IDENTIFIER" }, { "id": "b2d0fba7-5f62-3c79-b1b8-a2aa7d38063b", "type": "CATALOG_ITEM_IDENTIFIER" } ] } ] }, "enforcementType": "HARD", "typeId": "com.vmware.policy.catalog.entitlement", "orgId": "10ea6be1-7723-4bf0-a221-8b4f3c7a26f7", "createdAt": "2022-10-24T07:52:22.731448Z", "createdBy": "[email protected]", "lastUpdatedAt": "2022-10-24T07:52:22.731448Z", "lastUpdatedBy": "[email protected]" }