vSphere Automation API Error Structure
The vAPI standard errors API provides the standard errors that can be included in the list of errors in the specification of operations to indicate that the operation might report those errors. It also provides some structures intended to be used as payload to provide additional information about those errors.
On an error response, the messages list will always be included, and contain the error message(s) returned by the API call. The other two properties are optional, depending on reasons described in their descriptions below.
Properties
| Property Name | Type | Description |
|---|---|---|
| messages | Array of StdLocalizableMessage |
Stack of one or more localizable messages for human error consumers. The message at the top of the stack (first in the list) describes the error from the perspective of the operation the client invoked. Each subsequent message in the stack describes the "cause" of the prior message. |
| data | Object |
Optional. Some operations will not set this field when reporting errors. Data to facilitate clients responding to the operation reporting a standard error to indicating that it was unable to complete successfully. Operations may provide data that clients can use when responding to errors. Since the data that clients need may be specific to the context of the operation reporting the error, different operations that report the same error may provide different data in the error. The documentation for each each operation will describe what, if any, data it provides for each error it reports. The ArgumentLocations, FileLocations, and TransientIndication structures are intended as possible values for this field. com.vmware.vapi.std.DynamicID may also be useful as a value for this field (although that is not its primary purpose). Some services may provide their own specific structures for use as the value of this field when reporting errors from their operations. |
| error_type | Enum |
Optional. Can be unset for compatibility with preceding implementations.
Discriminator field to help API consumers identify the structure type. This attribute was added in vSphere API 6.7.2.
|
Data Object Structure Types
This section details the possible object types that the above Error structure could provide in the data property.
ArgumentLocations
The ArgumentLocations structure describes which part(s) of the input to the operation caused the error.Some types of errors are caused by the value of one of the inputs to the operation, possibly due to an interaction with other inputs to the operation. This structure is intended to be used as the payload to identify those inputs when the operation reports errors like InvalidArgument or NotFound. See data property above.
| Property | Type | Description |
|---|---|---|
| primary | string | String describing the location of the input that triggered the error. |
| secondary | array of string | List (possibly empty) of strings describing the locations of other inputs that caused the the primary input to trigger the error. |
FileLocations
The FileLocations structure identifies the file(s) that caused the operation to report the error.
Some types of errors are caused by a problem with one or more files. This structure is intended to be used as the payload to identify those files when the operation reports errors like NotFound. See data property above.
| Property | Type | Description |
|---|---|---|
| primary | string | String identifying the file that triggered the error. |
| secondary | array of string | List (possibly empty) of strings identifying other files that caused the primary file to trigger the error. |
TransientIndication
The TransientIndication structure indicates whether the error is transient.
Some types of errors are transient in certain situations and not transient in other situations. This error payload can be used to indicate to clients whether a particular error is transient. See data property above.
| Property | Type | Description |
|---|---|---|
| is_transient | boolean | Indicates that the error this structure is attached to is transient. |
Error Enum Types
This section details the possible error types that the above Error structure could provide in the error_type property.
UNAUTHORIZED - 403
The Unauthorized error indicates that the user is not authorized to perform the operation.API requests may include a security context containing user credentials. For example, the user credentials could be a SAML token, a user name and password, or the session identifier for a previously established session. Invoking the operation may require that the user identified by those credentials has particular privileges on the operation or on one or more resource identifiers passed to the operation.
Examples:
- The operation requires that the user have one or more privileges on the operation, but the user identified by the credentials in the security context does not have the required privileges.
- The operation requires that the user have one or more privileges on a resource identifier passed to the operation, but the user identified by the credentials in the security context does not have the required privileges.
Counterexamples:
- The SAML token in the request’s security context has expired. A Unauthenticated error would be used instead.
- The user name and password in the request’s security context are invalid. The Unauthenticated error would be used instead.
- The session identifier in the request’s security context identifies a session that has expired. The Unauthenticated error would be used instead.
For security reasons, the Error#data field in this error is unset, and the Error#messages field in this error does not disclose why the user is not authorized to perform the operation. For example the messages would not disclose which privilege the user did not have or which resource identifier the user did not have the required privilege to access. The API documentation should indicate what privileges are required.
FEATURE_IN_USE - 400
The FeatureInUse error indicates that an action cannot be completed because a feature is in use.Examples:
- Trying to disable snapshots on a virtual machine which has a snapshot.
- Trying to downgrade a license that has licensed features that are in use.
UNEXPECTED_INPUT - 400
The UnexpectedInput error indicates that the request contained a parameter or field whose name is not known by the server.Every operation expects parameters with known names. Some of those parameters may be (or contain) structures, and the operation expects those structures to contain fields with known names. If the operation receives parameters or fields with names that is does not expect, this error may be reported.
This error can be reported by the API infrastructure for any operation, but it is specific to the API infrastructure, and should never be reported by the implementation of any operation.
Examples:
- A client using stubs generated from the interface specification for version2 of a service invokes the operation passing one or more parameters that were added in version2, but they are communicating with a server that only supports version1 of the service.
- A client provides an unexpected parameter or field name when invoking the operation using a dynamic interface (for example REST).
RESOURCE_IN_USE - 400
The ResourceInUse error indicates that the operation could not be completed because a resource is in use.Examples:
- Trying to remove a VMFS datastore when the is a virtual machine registered on any host attached to the datastore.
- Trying to add a virtual switch if the physical network adapter being bridged is already in use.
Counterexamples:
- Trying to power off a virtual machine that is in the process of being powered on. The ResourceBusy error would be used instead.
ALREADY_IN_DESIRED_STATE - 400
The AlreadyInDesiredState error indicates that an attempt to change the state of a resource or service had no effect because the resource or service is already in the desired state.Examples:
- Trying to power on a virtual machine that is already powered on.
SERVICE_UNAVAILABLE - 503
The ServiceUnavailable error indicates that the service is unavailable.Examples:
- Attempt to invoke a operation when the server is too busy.
- Attempt to invoke a operation when the server is undergoing maintenance.
- An operation fails to contact VMware Tools running inside the virtual machine.
Counterexamples:
- A client provides an invalid service or operation identifier when invoking the operation using a dynamic interface (for example REST). The OperationNotFound error would be used instead.
- A client invokes the operation from the service, but that service has not been installed. The OperationNotFound error would be used instead.
ALREADY_EXISTS - 400
The AlreadyExists error indicates that an attempt was made to create an entity, but the entity already exists. Typically, the entity has a name or identifier that is required to be unique in some context, but there is already an entity with that name or identifier in that context.Examples:
- Trying to create a new tag category when a tag category with the specified name already exists.
- Trying to create a new tag in tag category when a tag with the specified name already exists the tag category.
- Trying to create a LUN with a specific UUID on a node (for replication purposes) when a LUN with that UUID already exists on the node.
- Trying to create a file in a directory or move or copy a file to a directory when a file with that name already exists in the directory.
INVALID_ARGUMENT - 400
The InvalidArgument error indicates that the values received for one or more parameters are not acceptable.This error is reported by the API infrastructure, so it could occur in response to the invocation of any operation. It may also be reported as the result of operation-specific validation.
Examples:
- A parameter has a value that is not of the expected type.
- A parameter has a value that is not in the required range.
- A parameter has a value that is not one of the specifically allowed strings.
- One field of a structure is the tag for a tagged union, and has a specific value but another field of the structure that is required to be specified when the tag has that value is not specified, or another field of the structure that is required to be unspecified when the tag has that value is specified.
Counterexamples:
- Trying to create a new tag in tag category when a tag with the specified name already exists the tag category. The AlreadyExists error would be used instead.
- Invoke the operation to retrieve information about a virtual machine, passing an id that does not identify an existing virtual machine. The NotFound error would be used instead.
- Attempt to put a virtual machine into a folder that can only contain hosts. The InvalidElementType error would be used instead.
- Attempt to attach a SCSI virtual disk to an IDE port. The InvalidElementType error would be used instead.
INVALID_ELEMENT_TYPE - 400
The InvalidElementType error indicates that the server was unable to fulfil the request because an element of a specific type cannot be a member of particular group.This error could be reported, for example, if an attempt is made to put an element into the wrong type of container.
Examples:
- Attempt to put a virtual machine into a folder that can only contain hosts.
- Attempt to attach a SCSI virtual disk to an IDE port.
- A parameter has a value that is not of the expected type. The InvalidArgument error would be used instead.
INVALID_REQUEST - 400
The InvalidRequest error indicates that the request is malformed in such a way that the server is unable to process it.Examples:
- The XML in a SOAP request is not well-formed so the server cannot parse the request.
- The XML in a SOAP request is well-formed but does not match the structure required by the SOAP specification.
- A JSON-RPC request is not valid JSON.
- The JSON sent in a JSON-RPC request is not a valid JSON-RPC Request object.
- The Request object from a JSON-RPC request does not match the structure required by the API infrastructure.
Counterexamples:
- The parameter has a value that is not with the required range. The InvalidArgument error would be used instead.
- The name of the operation specified in the request doesn’t not match any known operation. The NotFound error would be used instead.
Some transport protocols (for example JSON-RPC) include their own mechanism for reporting these kinds of errors, and the API infrastructure for a programming language may expose the errors using a language specific mechanism, so this error might not be used.
UNABLE_TO_ALLOCATE_RESOURCE - 500
The UnableToAllocateResource error indicates that the operation failed because it was unable to allocate or acquire a required resource.Examples:
- Trying to power on a virtual machine when there are not enough licenses to do so.
- Trying to power on a virtual machine that would violate a resource usage policy.
Counterexamples:
- Trying to power off a virtual machine that is in the process of being powered on. A ResourceBusy error would be used instead.
- Trying to remove a VMFS datastore when the is a virtual machine registered on any host attached to the datastore. The ResourceInUse error would be used instead.
- Trying to add a virtual switch if the physical network adapter being bridged is already in use. The ResourceInUse error would be used instead.
- Attempt to invoke some operation on a virtual machine when the virtual machine’s configuration file is not accessible (for example due to a storage APD condition). The ResourceInaccessible error would be used instead.
TIMED_OUT - 500
The TimedOut error indicates that the operation did not complete within the allowed amount of time. The allowed amount of time might be:- provided by the client as an input parameter.
- a fixed limit of the service implementation that is a documented part of the contract of the service.
- a configurable limit used by the implementation of the service.
- a dynamic limit computed by the implementation of the service.
Examples:
- The operation was unable to complete within the timeout duration specified by a parameter of the operation.
Counterexamples:
- A server implementation that puts requests into a queue before dispatching them might delete a request from the queue if it doesn’t get dispatched within n minutes. The ServiceUnavailable error would be used instead.
UNVERIFIED_PEER - 400
The UnverifiedPeer error indicates that an attempt to connect to an unknown or not-yet-trusted endpoint failed because the system was unable to verify the identity of the endpoint.Typically the Error#data field of this error will contain information that can be presented to a human to allow them to decide whether to trust the endpoint. If they decide to trust the endpoint, the request can be resubmitted with an indication that the endpoint should be trusted.
Examples:
- The client provides an IP address or URL of an endpoint the system should communicate with using an SSL connection, but the endpoint’s SSL certificate is self-signed, expired, or otherwise not trustworthy.
- The client provides an IP address of a host the system should communicate with using ssh, but ssh doesn’t recognize the public key of the host
ERROR - 500
The ‘Error’ error describes the fields common to all standard errors.This error serves two purposes:
- It is the error that clients in many programming languages can catch to handle all standard errors. Typically those clients will display one or more of the localizable messages from #messages to a human.
- It is the error that operations can report when they need to report some error, but the error doesn’t fit into any other standard error, and in fact the only reasonable way for a client to react to the error is to display the message(s) to a human.
CANCELED - 400
The Canceled error indicates that the operation canceled itself in response to an explicit request to do so. Operations being “canceled” for other reasons (for example the client connection was closed, a time out occurred, or due to excessive resource consumption) should not report this error.Examples:
- A user is monitoring the progress of the operation in a GUI and sees that it is likely to take longer than he is willing to wait and clicks the cancel button.
- A user invokes the operation using a command-line tool and decides that she didn’t really want to invoke that operation, and presses CTRL-c.
Counterexamples:
- The client’s connection to the server was closed. Reporting an error is pointless since the client will not receive the error response because the connection has been closed.
- The request is taking longer than some amount of time. The TimedOut error would be reported if the time was specified as part of the input or is documented in the API contract.
CONCURRENT_CHANGE - 409
The ConcurrentChange error indicates that a data structure, entity, or resource has been modified since some earlier point in time. Typically, this happens when the client is doing the write portion of a read-modify-write sequence and indicates that it wants the server to notify it if the data in the server has changed after it did the read, so that it can avoid overwriting that change inadvertently.INVALID_ELEMENT_CONFIGURATION - 400
The InvalidElementConfiguration error indicates that an attempt to modify the configuration of an element or a group containing the element failed due to the configuration of the element. A typical case is when the operation is an attempt to change the group membership of the element fails, in which case a configuration change on the element may allow the group membership change to succeed.Examples:
- Attempt to move a host with a fault tolerant virtual machine out of a cluster (i.e. make the host a standalone host).
- Attempt to remove a host from a DRS cluster without putting the host into maintenance mode.
RESOURCE_INACCESSIBLE - 500
The ResourceInaccessible error indicates that the operation could not be completed because an entity is not accessible.Examples:
- Attempt to invoke some operation on a virtual machine when the virtual machine’s configuration file is not accessible (for example due to a storage APD condition).
Counterexamples:
- Attempt to invoke some operation when the server is too busy. The ServiceUnavailable error would be used instead.
- Attempt to invoke some operation when the server is undergoing maintenance. The ServiceUnavailable error would be used instead.
- Some operation fails to contact VMware Tools running inside the virtual machine. The ServiceUnavailable error would be used instead.
NOT_FOUND - 404
The NotFound error indicates that a specified element could not be found.Examples:
- Invoke the operation to retrieve information about a virtual machine, passing an id that does not identify an existing virtual machine.
- Invoke the operation to modify the configuration of a virtual nic, passing an id that does not identify an existing virtual nic in the specified virtual machine.
- Invoke the operation to remove a vswitch, passing an id that does not identify an existing vswitch.
RESOURCE_BUSY - 500
The ResourceBusy error indicates that the operation could not be completed because a resource it needs is busy.Examples:
- Trying to power off a virtual machine that is in the process of being powered on.
Counterexamples:
- Trying to remove a VMFS datastore when there is a virtual machine registered on any host attached to the datastore. The ResourceInUse error would be used instead.
NOT_ALLOWED_IN_CURRENT_STATE - 400
The NotAllowedInCurrentState error indicates that the requested operation is not allowed with a resource or service in its current state. This could be because the operation is performing a configuration change that is not allowed in the current state or because operation itself is not allowed in the current state.Examples:
- Trying to add a virtual device that cannot be hot plugged to a running virtual machine.
- Trying to upgrade the virtual hardware version for a suspended virtual machine.
- Trying to power off, reset, or suspend a virtual machine that is not powered on.
Counterexamples:
- Trying to power off a virtual machine that is in the process of being powered on. The ResourceBusy error would be used instead.
UNAUTHENTICATED - 401
The Unauthenticated error indicates that the operation requires authentication, and the user is not authenticated.API requests may include a security context containing user credentials. For example, the user credentials could be a SAML token, a user name and password, or the session identifier for a previously established session.
Examples:
- The SAML token in the request’s security context has expired.
- The user name and password in the request’s security context are invalid.
- The session identifier in the request’s security context identifies a session that has expired.
- The user is authenticated but isn’t authorized to perform the requested operation. The Unauthorized error would be used instead.
For security reasons, the Error#data field in this error is unset, and the Error#messages field in this error does not disclose which part of the security context is correct or incorrect. For example the messages would not disclose whether a username or a password is valid or invalid, but only that a combination of username and password is invalid.
INTERNAL_SERVER_ERROR - 500
The InternalServerError error indicates that the server encounters an unexpected condition that prevented it from fulfilling the request.This error is reported by the API infrastructure, so it could occur in response to the invocation of any operation.
Examples:
- The operation returns a value whose type doesn’t match the type type the operation says it should return.
- The operation reports an error that is not included in the list of errors the operation says that it can report.
OPERATION_NOT_FOUND - 404
The OperationNotFound error indicates that the operation specified in the request could not be found.Every API request specifies a service identifier and an operation identifier along with the parameters. If the API infrastructure is unable to find the requested service or operation it reports this error.
This error can be reported by the API infrastructure for any operation, but it is specific to the API infrastructure, and should never be reported by the implementation of any operation.
Examples:
- A client provides an invalid service or operation identifier when invoking the operation using a dynamic interface (for example REST).
- A client invokes the operation from a service, but that service has not been installed.
Counterexamples:
- A client invokes a task scheduling operation, but provides an invalid service identifier or operation identifier. The NotFound error would be used instead.
UNSUPPORTED - 400
The Unsupported error indicates that the operation is not supported by the service.Examples:
- Trying to hot-plug a CPU when the current configuration of the VM does not support hot-plugging of CPUs.
- Trying to change the memory size to a value that is not within the acceptable guest memory bounds supported by the virtual machine’s host.
