Transferring Ownership

Overview

This use case highlights the transfer of ownership process for multiple resource types in Cisco CloudCenter while ensuring minimal problems for the new owners.

Deployment Resources

The deployment dependent resources are: application profiles, deployment environments, repositories, services, system tags, security profiles, images, policies, cloud account, and VMs (nodes).

These deployment resources will be affected if you initiate a deployment ownership transfer.

Prerequisites and Requirements

To use the CloudCenter-recommended process, you must adhere to the following requirements and prerequisites:

  • This methodology is available if you use CloudCenter 4.8.1.

  • Only use CloudCenter APIs for this process, a UI solution is not currently available.

  • Retrieve the Users ID using the View Users API.

  • Retrieve the Managed VM ID using the View Managed and Unmanaged VMs API.

Privileges and Ownership Nuances

The following CloudCenter privileges determine the type of transfer for each resources:

  • Minimum privileges:

    • By default, the query parameter dependents=false

    • The minimum privileges provided by Cisco CloudCenter are:

      • Application - View, Deploy to

      • Deployment Environment - View, Access User's deployments, Deploy to

      • Repository - Read

      • Policy - Read

  • Complete ownership: dependents=true:

    • A complete ownership transfer is executed.

    • If the transfer source:

Depending on the Deployment Resources being transferred, the ownership nuances differ:

  • Deployments – The deployment ownership is transferred.

    • The Admin cannot be the owner of the deployment that is being privilege synced or transferred.

    • Deployment transfers depend on the application profile, deployment environment, repository, services, system tags, security profiles, images, and VMs (nodes). 

    • Once the transfer occurs, the privileges of the source user are not removed – only source user's ownership of the resource are transferred to the new owner. 

  • VMs – The privileges and ownership of the source user are removed.

    • This transfer can take place for

      • Admin to User

      • User to User

      • User to Admin

    • The cloud account must be shared with the target user to whom the VM ownership is transferred.

  • Deployment-Dependent Resources – If the dependents attribute is set to:

    • dependents=true:

      • A complete ownership transfer is executed.

      • If the transfer source:

        • IS the dependent-Deployment Resources owner: Use the Ownership transfer process.

        • IS NOT the dependent-Deployment Resources owner: Use the Sync privileges process (from source user to the target user).

    • dependents=false:

      • Minimum privileges are assigned to dependent-Deployment Resources

      • The privileges of the source user are synced with the target user for this dependent resource (as the target user is not the owner of the dependent resource, then the dependent resource ownership does not need to be transferred).

      • When you specify this attribute (regardless of its true or false setting), the ownership of the deployment is transferred.

High-Level Process Flow

The high-level process to transfer ownership is:

  1. Retrieve the User ID using the View Users API.

  2. Retrieve the Managed VM ID using the View Managed and Unmanaged VMs API. 

  3. The tenant admin may need to know more about the deployment details – but the  tenant admin may not have access to the deployment even if the deployment owner is in the same tenant hierarchy. In this case, the tenant admin can use the View Jobs API's optional parameter, accessAsAdmin=true.

  4. When a tenant admin tries to Delete a User from the tenant hierarchy, it could:

    • Succeed – There is no need for this use case!

    • Fail – as this user currently has running deployments/VMs.

  5. If a failure occurs, the tenant admin can use the View Deployments and VM API to view a complete list of deployments and virtual machines

  6. The tenant admin can issue the Update Ownership API using the report=true&dependents=true optional query parameters to understand possible errors during the transfer process.

  7. The tenant admin must decide the type of transfer for each resource: complete transfer ownership (of dependents) (or) sync minimum privileges to the target user. Based on the outcome, the tenant admin must use the optional query parameter, dependents=true with the Update Ownership API in an automated, loop fashion for each deployment or VM.

  8. After transfer of ownership, the tenant admin can Delete a User from the tenant hierarchy,

Use Case Flow

  1. Retrieve the User ID using the View Users API.

    #Request
    GET https://ven.cliqrtech.com/v1/users
    
    #Response
    {
        "resource": "https://<HOST>:<PORT>/v1/users",
        "size": 3,
        "pageNumber": 0,
        "totalElements": 3,
        "totalPages": 1,
        "users": [
            {
                "id": "2",
                "resource": https://<HOST>:<PORT>/v1/users/2,
                "perms": [],
                "username": "cloudcenteradmin",
                "password": "===redacted===",
                "enabled": true,
                "type": "TENANT",
                "firstName": "CloudCenter",
                "lastName": "Admin",
                "companyName": "CloudCenter",
                "tenantId": "1",
                "emailAddr": "admin@cliqrtech.com",
                "emailVerified": true,
                "phoneNumber": "",
                "externalId": null,
                "accessKeys": "https://<HOST>:<PORT>/v1/users/2/keys",
                "disableReason": null,
                "accountSource": null,
                "status": "ENABLED",
                "detail": null,
                "activationData": null,
                "created": 1435336896000,
                "lastUpdated": 1435336913000,
                "coAdmin": false
            },
            {
                "id": "11",
                "resource": https://<HOST>:<PORT>/v1/users/11,
                "perms": [],
                "username": "user.01_b",
                "password": "== red-acted ==",
                "enabled": false,
                "type": "STANDARD",
                "firstName": "User 01",
                "lastName": "CloudCenter",
                "companyName": "CloudCenter, Inc",
                "tenantId": "1",
                "emailAddr": "user.01@cloudCenter.com",
                "emailVerified": false,
                "phoneNumber": "14085467899",
                "externalId": "",
                "accessKeys": "https://<HOST>:<PORT>/v1/users/11/keys",
                "disableReason": null,
                "accountSource": "AdminCreated",
                "status": "NEW",
                "detail": null,
                "activationData": null,
                "created": 1438980545000,
                "lastUpdated": 1438980545000,
                "coAdmin": false
            }
        ]
    }
  2. Retrieve the Managed VM ID using the View Managed and Unmanaged VMs API.

    #Request
    GET https://ven.cliqrtech.com/v1/virtualMachines?listType=UNMANAGED_VMS
    
    #Response
    {
       "costSummary":{
          "totalNumberOfVMs":8,
          "totalNumberOfRunningVMs":4,
          "totalCloudCost":133.60898,
          "estimatedMonthlyCloudCost":221.75998,
          "totalNodeHours":2279.6501
       },
       "details":{
          "resource":null,
          "size":8,
          "pageNumber":0,
          "totalElements":8,
          "totalPages":1,
          "virtualMachineDetails":[
             {
                "id":"1",
                "resource":null,
                "perms":[
                   "administration",
                   "write",
                   "read",
                   "delete"
                ],
                "type":"DEPLOYMENT_VM",
                "nodeId":"i-099781445e3e1b0f2",
                "name":"i-099781445e3e1b0f2",
                "hostName":"ec2-54-201-68-151.us-west-2.compute.amazonaws.com",
                "nodeStartTime":1494224596611,
                "nodeEndTime":1494229863378,
                "numberOfCpus":1,
                "memorySize":1024,
                "storageSize":160,
                "osName":"OS Unknown",
                "costPerHour":0.044,
                "status":"Terminated",
                "nodeStatus":"NodeTerminated",
                "reviewNodeStatus":false,
                "cloudFamily":"Amazon",
                "cloudId":"1",
                "cloudName":"Ven_AWS_Account",
                "cloudAccountId":"1",
                "cloudAccountName":"Ven_CA",
                "regionId":"1",
                "regionName":"Ven_AWS_Account-us-west-2",
                "regionDisplayName":"US West (Oregon)",
                "tenantId":"1",
                "userId":"2",
                "firstName":"Cliqr",
                "lastName":"Admin",
                "email":"admin@cliqrtech.com",
                "instanceTypeId":"1",
                "instanceTypeName":"m1.small",
                "instanceCost":0.044,
                "nics":[
    
                ],
                "metadata":[
    
                ],
                "nodeProperties":[
    
                ],
                "actions":[
    
                ],
                "cloudNameAndAccountName":"Ven_AWS_Account US West (Oregon):Ven_CA",
                "agentVersion":null,
                "jobId":"2",
                "jobName":"tomcat6_0",
                "jobStartTime":1494224555391,
                "jobEndTime":1494229869678,
                "parentJobId":"1",
                "parentJobName":"VenkJob1",
                "parentJobStatus":"JobCanceled",
                "benchmarkId":0,
                "deploymentEnvironmentId":"1",
                "deploymentEnvironmentName":"VenkDepEnv1",
                "appId":"29",
                "appName":"Jenkins",
                "appVersion":"1.54",
                "appLogoPath":"/assets/vendors/1/img/DefaultApp.png",
                "serviceId":"7",
                "serviceName":"tomcat6",
                "tags":null,
                "publicIpAddresses":"54.201.68.151",
                "privateIpAddresses":"172.31.110.62",
                "cloudCost":0.088,
                "nodeHours":1.4622222,
                "userFavorite":false,
                "recordTimestamp":0,
                "imageId":"4",
                "terminateProtection":false,
                "importedTime":0,
                "running":false,
                "runTime":1494224596611
             },
             {
                "id":"2",
                "resource":null,
                "perms":[
                   "administration",
                   "write",
                   "read",
                   "delete"
                ],
                "type":"DEPLOYMENT_VM",
                "nodeId":"i-0e42ae16032be2404",
                "name":"i-0e42ae16032be2404",
                "hostName":"ec2-54-187-86-51.us-west-2.compute.amazonaws.com",
                "nodeStartTime":1494232228091,
                "nodeEndTime":1494238537949,
                "numberOfCpus":1,
                "memorySize":1024,
                "storageSize":160,
                "osName":"OS Unknown",
                "costPerHour":0.044,
                "status":"Terminated",
                "nodeStatus":"NodeTerminated",
                "reviewNodeStatus":false,
                "cloudFamily":"Amazon",
                "cloudId":"1",
                "cloudName":"Ven_AWS_Account",
                "cloudAccountId":"1",
                "cloudAccountName":"Ven_CA",
                "regionId":"1",
                "regionName":"Ven_AWS_Account-us-west-2",
                "regionDisplayName":"US West (Oregon)",
                "tenantId":"1",
                "userId":"2",
                "firstName":"Cliqr",
                "lastName":"Admin",
                "email":"admin@cliqrtech.com",
                "instanceTypeId":"1",
                "instanceTypeName":"m1.small",
                "instanceCost":0.044,
                "nics":[
    
                ],
                "metadata":[
    
                ],
                "nodeProperties":[
    
                ],
                "actions":[
    
                ],
                "cloudNameAndAccountName":"Ven_AWS_Account US West (Oregon):Ven_CA",
                "agentVersion":"V-4.8.0-SNAPSHOT-20170503_0013",
                "jobId":"4",
                "jobName":"tomcat6_0",
                "jobStartTime":1494232187620,
                "jobEndTime":1494238543328,
                "parentJobId":"3",
                "parentJobName":"VenkJob2",
                "parentJobStatus":"JobCanceled",
                "benchmarkId":0,
                "deploymentEnvironmentId":"1",
                "deploymentEnvironmentName":"VenkDepEnv1",
                "appId":"29",
                "appName":"Jenkins",
                "appVersion":"1.54",
                "appLogoPath":"/assets/vendors/1/img/DefaultApp.png",
                "serviceId":"7",
                "serviceName":"tomcat6",
                "tags":null,
                "publicIpAddresses":"54.187.86.51",
                "privateIpAddresses":"172.31.110.169",
                "cloudCost":0.088,
                "nodeHours":1.7522222,
                "userFavorite":false,
                "recordTimestamp":0,
                "imageId":"4",
                "terminateProtection":false,
                "importedTime":0,
                "running":false,
                "runTime":1494232228091
             },
             ...
             {
                "id":"9",
                "resource":null,
                "perms":[
                   "administration",
                   "write",
                   "read",
                   "delete"
                ],
                "type":"IMPORTED_VM",
                "nodeId":"i-0b14b8538db22a2f9",
                "name":"Brownfield-VM",
                "hostName":"ec2-54-244-206-122.us-west-2.compute.amazonaws.com",
                "nodeStartTime":1496122821000,
                "nodeEndTime":0,
                "numberOfCpus":2,
                "memorySize":4096,
                "storageSize":0,
                "osName":"OS Unknown",
                "costPerHour":0.047,
                "status":"Running",
                "nodeStatus":"NodeStarted",
                "reviewNodeStatus":false,
                "cloudFamily":"Amazon",
                "cloudId":"1",
                "cloudName":"Ven_AWS_Account",
                "cloudAccountId":"1",
                "cloudAccountName":"Ven_CA",
                "regionId":"1",
                "regionName":"Ven_AWS_Account-us-west-2",
                "regionDisplayName":"US West (Oregon)",
                "tenantId":"1",
                "userId":"2",
                "firstName":"Cliqr",
                "lastName":"Admin",
                "email":"admin@cliqrtech.com",
                "instanceTypeId":"38",
                "instanceTypeName":"t2.medium",
                "instanceCost":0.047,
                "nics":[
    
                ],
                "metadata":[
    
                ],
                "nodeProperties":[
    
                ],
                "actions":[
                   {
                      "id":"5",
                      "resource":null,
                      "name":"Create And Attach Volume",
                      "description":"create and attach volume",
                      "actionType":"INSTANCE_CREATE_ATTACH_VOLUME",
                      "lastUpdatedTime":"",
                      "timeOut":600,
                      "enabled":true,
                      "encrypted":false,
                      "deleted":false,
                      "systemDefined":true,
                      "bulkOperationSupported":false,
                      "isAvailableToUser":true,
                      "currentlyExecuting":false,
                      "owner":1,
                      "actionParameters":[
    
                      ],
                      "actionResourceMappings":[
                         {
                            "type":"VIRTUAL_MACHINE",
                            "actionResourceFilters":[
                               {
                                  "deploymentResource":null,
                                  "vmResource":{
                                     "type":"DEPLOYMENT_VM",
                                     "appProfiles":[
    
                                     ],
                                     "cloudRegions":[
    
                                     ],
                                     "cloudAccounts":[
    
                                     ],
                                     "services":[
    
                                     ],
                                     "osTypes":[
    
                                     ],
                                     "cloudFamilyNames":[
    
                                     ],
                                     "nodeStates":[
    
                                     ],
                                     "cloudResourceMappings":[
                                        {
                                           "cloudFamily":"Amazon",
                                           "nodeStates":[
                                              "NodeReady",
                                              "NodeStarted",
                                              "NodeSuspended"
                                           ]
                                        },
                                        {
                                           "cloudFamily":"Openstack",
                                           "nodeStates":[
                                              "NodeReady",
                                              "NodeStarted",
                                              "NodeSuspended"
                                           ]
                                        },
                                        {
                                           "cloudFamily":"Vmware",
                                           "nodeStates":[
                                              "NodeReady",
                                              "NodeStarted",
                                              "NodeSuspended"
                                           ]
                                        },
                                        {
                                           "cloudFamily":"Google",
                                           "nodeStates":[
                                              "NodeReady",
                                              "NodeStarted",
                                              "NodeSuspended"
                                           ]
                                        },
                                        {
                                           "cloudFamily":"Vcd",
                                           "nodeStates":[
                                              "NodeReady",
                                              "NodeStarted",
                                              "NodeSuspended"
                                           ]
                                        }
                                     ]
                                  },
                                  "isEditable":true
                               }
                            ]
                         }
                      ],
                      "actionResourceMappingAncillaries":[
    
                      ],
                      "actionCustomParamSpecs":[
    
                      ]
                   },
                   ...
                   {
                      "id":"4",
                      "resource":null,
                      "name":"Terminate",
                      "description":"terminate the instance",
                      "actionType":"INSTANCE_TERMINATE",
                      "lastUpdatedTime":"",
                      "timeOut":600,
                      "enabled":true,
                      "encrypted":false,
                      "deleted":false,
                      "systemDefined":true,
                      "bulkOperationSupported":true,
                      "isAvailableToUser":true,
                      "currentlyExecuting":false,
                      "owner":1,
                      "actionParameters":[
    
                      ],
                      "actionResourceMappings":[
                         {
                            "type":"VIRTUAL_MACHINE",
                            "actionResourceFilters":[
                               {
                                  "deploymentResource":null,
                                  "vmResource":{
                                     "type":"DEPLOYMENT_VM",
                                     "appProfiles":[
    
                                     ],
                                     "cloudRegions":[
    
                                     ],
                                     "cloudAccounts":[
    
                                     ],
                                     "services":[
    
                                     ],
                                     "osTypes":[
    
                                     ],
                                     "cloudFamilyNames":[
    
                                     ],
                                     "nodeStates":[
    
                                     ],
                                     "cloudResourceMappings":[
                                        {
                                           "cloudFamily":"all",
                                           "nodeStates":[
                                              "NodeReady",
                                              "NodeStarted",
                                              "NodeSuspended",
                                              "NodeError",
                                              "NodeNotReachable",
                                              "NodeNotFound"
                                           ]
                                        }
                                     ]
                                  },
                                  "isEditable":true
                               }
                            ]
                         }
                      ],
                      "actionResourceMappingAncillaries":[
    
                      ],
                      "actionCustomParamSpecs":[
    
                      ]
                   }
                ],
                "cloudNameAndAccountName":"Ven_AWS_Account US West (Oregon):Ven_CA",
                "agentVersion":null,
                "jobId":null,
                "jobName":null,
                "jobStartTime":0,
                "jobEndTime":0,
                "parentJobId":null,
                "parentJobName":null,
                "parentJobStatus":null,
                "benchmarkId":0,
                "deploymentEnvironmentId":null,
                "deploymentEnvironmentName":null,
                "appId":null,
                "appName":null,
                "appVersion":null,
                "appLogoPath":null,
                "serviceId":null,
                "serviceName":null,
                "tags":null,
                "publicIpAddresses":"54.244.206.122",
                "privateIpAddresses":"172.31.47.73",
                "cloudCost":76.18698,
                "nodeHours":1620.5913,
                "userFavorite":false,
                "recordTimestamp":0,
                "imageId":null,
                "terminateProtection":false,
                "importedTime":1496913258973,
                "running":true,
                "runTime":1496913258973
             }
          ]
       },
       "filters":null
    }
  3. Retrieve the Job ID from the View Jobs API. View the deployment details for this user using the View Jobs API's accessAsAdmin=true optional query parameter.

    Job ID = 336
    #Request
    GET https://ven.cliqrtech.com/v2/jobs?search=[deploymentEntity.name,fle,aug25]&accessAsAdmin=true
    
    #Response
    {
        "resource": "https://<HOST>:<PORT>/v2/jobs?search=[deploymentEntity.name,fle,aug25]&accessAsAdmin=true",
        "size": 1,
        "pageNumber": 0,
        "totalElements": 1,
        "totalPages": 1,
        "jobs": [{
            "id": "336",
            "resource": "https://<HOST>:<PORT>/v2/jobs/336",
            "name": "ven-aug25-1",
            "description": "",
            "status": "JobRunning",
            "jobStatusMessage": "Job successfully scaled",
            "startTime": "1472102236141",
            "endTime": "",
            "favoriteCreationTime": "",
            "cloudFamily": "Openstack",
            "deploymentEnvironment": {
                "id": "1",
                "resource": "https://<HOST>:<PORT>/v1/environments/1"
            },
            "application": {
                "id": "33",
                "version": "12.0",
                "resource": "https://<HOST>:<PORT>/v1/apps/33?version=12.0"
            },
            "actions": [
                "UPDATE_TAGS",
                "MARK_FAVORITE",
                "SUSPEND",
                "TERMINATE",
                "UPGRADE",
                "PROMOTE",
                "MIGRATE",
                "ON_TERMINATE_PROTECTION"
            ],
            "deploymentEntity": {
                "type": "DEPLOYMENT",
                "id": "155",
                "name": "ven-aug25-1"
            },
            "terminateProtection": false,
            "hidden": false,
            "favorite": false,
            "benchmark": false,
            "owner": true,
            "ownerEmailAddress": "admin@cliqrtech.com",
            "totalCost": 44,
            "nodeHours": 42.234722
        }]
    }
  4. View a list of deployments and virtual machines using the View Deployments and VM API.

    #Request
    GET https://ven.cliqrtech.com/v1/acls/transfer/4/resources
    
    #Response
    {
        "deployments": [
            {
                "id": "55",
                "resource": "https://ven.cliqrtech.com/v2/jobs/55",
                "properties": [
                    {
                        "key": "name",
                        "value": "FTestDeploy1"
                    }
                ]
            }
        ],
        "virtualMachines": [
            {
                "id": "9",
                "resource": "https://ven.cliqrtech.com/v1/virtualMachines/9",
                "properties": [
                    {
                        "key": "node_id",
                        "value": "i-0b14b8538db22a2f9"
                    }
                ]
            }
        ]
    }
  5. Understand possible errors during the transfer process using the Update Ownership API using the report=true&dependents=true optional query parameters.

    Use report=true for trace, dependent=true to check for possible issues if dependent-Deployment Resources are candidates for ownership transfer.

    If you ONLY provide dependent=true, you will not be using the report mode. To use the report mode, you must ALSO provide report=true.

    Update Ownership
    #Request
    PUT https://ven.cliqrtech.com/v1/acls/transfer?report=true&dependents=true
    
    #Response
    {
        "errors": [
            {
                "code": "TARGET_USER_DOES_NOT_HAVE_ACCESS_TO_CLOUD_REGION",
                "message": "Ownership cannot be transferred. Target User johnmary_b (id:11) does not currently have access to the underlying Cloud Region [OpenStack_Dev-RegionOne]. Try again, after you provide the target user access to this Cloud Region."
            },
            {
                "code": "TARGET_USER_DOES_NOT_HAVE_ACCESS_TO_CLOUD_ACCOUNT",
                "message": "Ownership cannot be transferred. Target user does not have access to the cloud account [Via-OpenStack] associated with the Virtual Machine. Try again, after you share cloud account access to this user."
            },
            {
                "code": "VM_IS_NOT_BROWN_FIELD",
                "message": "Transfer ownership is not allowed for the virtual machine because it is launched as part of Cisco cloud center deployment."
            },
            {
                "code": "ACTION_LIBRARY_ACTION_IN_PRGRESS",
                "message": "Ownership cannot be transferred as custom actions are in progress on virtual machines [be3bfad0-33e9-48fd-a243-7cc0d98bf43a]."
            }
        ]
    }
  6. Decide on the type of transfer for each resource: complete transfer ownership (of dependents) (or) sync minimum privileges to the target user. Based on the outcome, use the optional query parameter, dependents=true with the Update Ownership for deployment(s) or for VM(s) API

    Update Deployment Ownership with Dependents
    #Request
    PUT https://ven.cliqrtech.com/v1/acls/transfer?dependents=true
    #Request Body
    {
        "targetUserId" : <targetUserId>,
        "resourceInfo" : {
            "type" : "DISTRIBUTED_JOB",
            "id" : <ParentJobId>
        }
    }
    
    #Response
    200 OK if transfer is successful
    
    
    Update Deployment Ownership
    #Request
    PUT https://ven.cliqrtech.com/v1/acls/transfer
    #Request Body
    {
        "targetUserId" : <targetUserId>,
        "resourceInfo" : {
            "type" : "DISTRIBUTED_JOB",
            "id" : <ParentJobId>
        }
    }
    
    #Response
    200 OK if transfer is successful
    
    
    
    Update VM Ownership
    #Request
    PUT https://ven.cliqrtech.com/v1/acls/transfer
    #Request Body
    {
        "targetUserId" : <targetUserId>,
        "resourceInfo" : {
            "type" : "VIRTUAL_MACHINE",
            "id" : <ManagedVirtualMachine-Id>
        }
    }
    
    #Response
    200 OK if transfer is successful
  7. After transfer of ownership, the tenant admin can Delete a User from the tenant hierarchy.

    #REQUEST
    DELETE https://ven.cliqrtech.com/v1/users/2
    
    #Response
    204 No Content if the deletion of the user is successful.



  • No labels