VMware vRealize Suite Lifecycle Manager 8.8.0 Locker Bug

Update (May 6, 2022): VMware Engineering have confirmed that this issue will be addressed in an upcoming release.

One of my work colleagues brought to my attention today an issue in VMware vRealize Suite Lifecycle Manager 8.8.0 to my attention today. While attempting to complete some regular account password changes, he realized that the Password Locker was only returning 10 passwords and stating there were only 10 passwords in the system. We knew that more password entries existed in the Locker, but VMware vRealize Suite Lifecycle Manager would not display them. Additionally, he found that he could apply a filter to the Password Alias column, and the expected entries were returned. This behavior proved that the password entries did still exist in the Locker.

Finding this behavior quite odd, we checked three other instances of VMware vRealize Suite Lifecycle Manager 8.8.0, including my home lab, and found the same issues existed in all of the deployments. While not a complete show stopper to completing password updates in the GUI, the bug is quite annoying.

Digging a Bit Deeper

Knowing that the VMware vRealize Suite Lifecycle Manager web UI is a Javascript application that utilizes the REST API, I figured I’d check the web browser’s debugging console to determine the requested API path. The debugging console indicated that data was requested from path /lcm/locker/api/passwords/search?from=0&size=10&aliasQuery=. Next, I checked the API documentation to learn more about this particular API request path. This specific internal API request is expected to return a response in the following format:

{
  "page": 0,
  "passwords": [
    {
      "alias": "Default Password for vCenters",
      "createdOn": 1605791587373,
      "lastUpdatedOn": 1605791587373,
      "password": "PASSWORD****",
      "passwordDescription": "This password is being used for all my vCenters",
      "principal": "string",
      "referenced": true,
      "tenant": "string",
      "transactionId": "string",
      "userName": "[email protected]",
      "vmid": "6c9fca27-678d-4e79-9a0f-5f690735e67c"
    }
  ],
  "total": 1
}

Next, I started using Postman to submit requests directly to the API endpoint. When I issued the requests, the output included a total property that listed the number of returned passwords. In the case of a request to the path /lcm/locker/api/passwords/search?from=0&size=5&aliasQuery=, the response included a total value of 5. If I submitted a request to /lcm/locker/api/passwords/search?from=0&size=10&aliasQuery=, the response included a total value of 10. In my case, the instance has a total of 19 password entries in the Locker. Additionally, I tested the public API endpoint’s path of /lcm/locker/api/v2/passwords and found it demonstrated the same behavior.

I find this behavior quite strange as REST API requests that support pagination would typically return the total number of objects in the system that meet the filtering criteria, not the count of objects in the current response. Without returning a proper total count of all objects, the developer doesn’t have the information necessary to calculate the total number of pages. In this case, I believe the vRealize Suite Lifecycle Manager 8.8.0 UI is taking the value of 10, which is the API’s default page size value, and is stating that there are only 10 password entries in the Locker.

What About the Certificate and License Lockers

Exploring the API further, I found that the Locker Certificate Controller exhibits the same behavior. Sure enough, I tested the addition of more than 10 certificates to the Certificate Locker and found that the UI would only display 10 total certificates on page 1 of 1. Both the internal and public API paths exhibit the same behavior of not returning the total count of objects in the Certificate Locker.

As for the License Locker, the GUI requests the data from the API path /lcm/locker/api/licenses which does not support pagination and returns all license entries. Thus, it is not affected by this issue.

My Assumption

Based on the above information, I assume a change was made within the API or database code for version 8.8.0 that returns the incorrect number of total objects. Thus the UI no longer provides proper pagination. Unfortunately, I no longer have a vRealize Suite Lifecycle Manager deployment before version 8.8.0 to verify if the API behavior did indeed change.

While this issue doesn’t prevent you from utilizing the Locker feature within VMware vRealize Suite Lifecycle Manager 8.8.0, it is quite inconvenient. Hopefully, the issue will be resolved in the next release.

Share:

Search

Get Notified of Future Posts

Follow Me

Recent Posts