Suppose you provision a virtual machine to a vCenter and then want to change the socket/core ratio of that machine as described in vCloud Automation Center – vCAC – Workflow and Script to Change CPU’s to Cores. For this to actually work you not only need the vCenter address but also some valid credentials you can use to connect to that vCenter.

Luckily a simple solution exists for this task. You just have to look up the host that our virtual machine resides on and from there get the endpoint and its credentials (which are not really encrypted):

# $m is the management context (repository)
PS > $m.GetType().FullName;
DynamicOps.ManagementModel.ManagementModelEntities
# $vm is the virtual machine we want to access
PS > $vm.GetType().FullName;
DynamicOps.ManagementModel.VirtualMachine

# Load associated host object from this VM
PS > $null = $m.LoadProperty($vm, 'Host');

# Get host from VM
PS > $h = $vm.Host
# Load associated endpoint object from host
PS > $null = $m.LoadProperty($h, 'ManagementEndpoint');
# Get endpoint
PS > $ep = $m.ManagementEndpoints |? 
  ManagementEndpointName -eq $h.ManagementEndpoint.ManagementEndpointName;

# Load associated credentials object from endpoint and display scrambled password
PS > $null = $m.LoadProperty($ep, 'Credential');
PS > $ep.Credential.Password
/gc+hLIT0DtxdIIBJ+CTdg==

# Unscramble password
PS > $password = [DynamicOps.Common.Utils.ScramblerHelpers]::Unscramble(
  $ep.Credential.Password);
PS > $password
P@ssw0rd
# Now you can connect via PowerCli to vCenter $ep.ManagementUri

This certainly works for any “encrypted” property in vCAC:

PS > $null = $m.LoadProperty($vm, 'VirtualMachineProperties');
PS > $p = $vm.VirtualMachineProperties |? PropertyName -eq 'encryptedPropertyString';
PS > $p.PropertyValue;
58zpLxcrEPHWYdHtV/SNBQ==
PS > [DynamicOps.Common.Utils.ScramblerHelpers]::Unscramble($p.PropertyValue);
tralala

… and if you really feel like decrypting something you can go ahead like this:

PS > $cfg = [System.Configuration.ConfigurationManager]::OpenExeConfiguration(
  '{0}\VMware\vCAC\Server\ManagerService.exe' -f ${ENV:ProgramFiles(x86)});
PS > $key = [DynamicOps.Common.Utils.EncryptionHelpers]::ReadKeyFromConfiguration($cfg);
PS > [DynamicOps.Common.Utils.EncryptionHelpers]::Decrypt($cryptedString, $Key);
Posted on 1 By Ronald Rink PowerShell Posted in PowerShell, vCloud Automation Center Tagged #, ,
Ronald Rink's avatar

Ronald Rink

I am a senior auditor, consultant and architect at d-fens for business processes and information systems.

1 Comment »

  1. Pingback: vCAC: Dynamically execute Scripts in ExternalWFStubs Workflows with PowerShell – d-fens GmbH

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.