Content Sharing Policy scope criteria not pulled and unable to push an updated version

[Indy-rbo]

Description

We now make extensive usage of the ability to push/pull policies. We recently started doing this for Content Sharing Policies as well, but noticed an issue when using them with BTVA. When we pull the Content Sharing Policy the scope criteria disappear, so later pushing that Content Sharing Policy to a tenant would break the policy as there are no criteria.

Manually trying to add some form of criteria to the JSON also doesn't seem to have any effect. If the policy already exists and we push, we get the error: Policy scope criteria cannot be updated

We manually create this on a tenant

After pulling this and pushing it to another tenant (as pushing an existing policy to that same tenant errors):

This is the JSON when pulled:

{
  "name": "Grant Permissions",
  "typeId": "com.vmware.policy.catalog.entitlement",
  "enforcementType": "HARD",
  "description": "Grant Permissions",
  "definition": {
    "entitledUsers": [
      {
        "items": [
          {
            "name": "Grant Permissions",
            "type": "CATALOG_SOURCE_IDENTIFIER"
          }
        ],
        "userType": "ROLE",
        "principals": [
          {
            "type": "ROLE",
            "referenceId": "member"
          }
        ]
      }
    ]
  }
}

Steps to Reproduce

1. Create a Content Sharing Policy with scope criteria
2. Pull that Content Sharing Policy
3. Observe the missing scope criteria

Preconditions: Have a Content Sharing Policy with criteria and a content.yaml with:

policy:
  content-sharing:
  - Grant Permissions

Expected behavior: For BTVA to correctly pull the scope on a Content Sharing Policy and being able to push an updated version (with the criteria)

Actual behavior: scope details are missing in the pulled JSON and erros if it already exists when pushed (I'd expect it to update - possibly by replacing it with a delete/create - the policy)

Reproduces how often: 100%

Component/s: common/artifact-manager

Affects Build/s: 4.17.0 and below

Environment

Client

• Build Tools for VMware Aria Version: 4.17.0

Dependencies

✔ Node.js version 22.21.1 is within the required range (22 - 22).
✔ Maven version 3.9.11 meets the minimum requirement (>= 3.9).
✔ Java version 21.0.9 is within the required range (17 - 24).

Server

• vRealize Automation Version: 8.18.1
• vRealize Orchestrator Version: 8.18.1

[VenelinBakalov]

Hi @Indy-rbo , what you mentioned is true but it is due to the current design of the vra-ng project and organization handling. It is related to the same topic that we discussed some time ago regarding this issue:
#820

Currently the only options supported is single project or organization and is controlled via the settings.xml / installer profile. I explained it in a bit more details in the issue above.