Automation

 View Only
  • 1.  Assigning Tags to vCLS

    Posted Apr 05, 2022 07:21 PM

    I am trying to assign tags to a vCLS VM automatically, but I am getting an error, but not sure if this is normal or not.

     

    ### Apply Admin Tag ###
    $folderName = 'vCLS'
    $tagCategory = 'Admin'
    $tagName = 'Internal-TSG'
    $tag = Get-Tag -Name $tagName -Category $tagCategory

    Get-VM -PipelineVariable vm | where{$_.Folder.Name -eq $folderName} |
    ForEach-Object -Process {
    New-TagAssignment -Entity $vm -Tag $tag -Confirm:$false
    Get-VM -Name "$($vm.Name)_replica" -ErrorAction SilentlyContinue |
    New-TagAssignment -Tag $tag -Confirm:$false
    }

     

    ERROR:

    Line |
    3 | New-TagAssignment -Entity $vm -Tag $tag -Confirm:$false
    | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    | 4/5/2022 2:16:02 PM New-TagAssignment VSPHERE.LOCAL\powercli does not have attach privilege on DynamicID (com.vmware.vapi.std.dynamic_ID) => {
    type = VirtualMachine,
    id = vm-409109:788cb3df-0a77-4169-9077-0968bb8cb005



  • 2.  RE: Assigning Tags to vCLS

    Posted Apr 05, 2022 08:31 PM

    The error is quite clear, you are missing the privilege 'InventoryService.Tagging.AttachTag' on the vCLS folder.
    That privilege is present in the Admin role, and a few other roles, but the VCSA has locked down the vCLS folder and all the VMs in there.

    Afaik, there is no documented method to assign the required permission to the vCLS folder and it's content.