Automation

 View Only
  • 1.  @lucd script to import vcenter permission from xml

    Posted Aug 22, 2022 07:22 PM

    I am getting error while  importing vcnter roles and permission  using LUCD script

    error:

    Set-Permission : Cannot process argument transformation on parameter 'object'. Cannot convert the
    "System.Object[]" value of type "System.Object[]" to type "VMware.Vim.ManagedEntity".
    At C:\Users\Administrator\Documents\vSphere permissions import.ps1:70 char:20
    + Set-Permission $entity $perm -ErrorAction SilentlyContinu
    + ~~~~~~~
    + CategoryInfo : InvalidData: (:) [Set-Permission], ParameterBindingArgumentTransformatio
    nException
    + FullyQualifiedErrorId : ParameterArgumentTransformationError,Set-Permission

    Exception calling "SetEntityPermissions" with "2" argument(s): "
    Required parameter entity is missing
    while parsing call information for method SetEntityPermissions
    at line 1, column 171
    while parsing SOAP body
    at line 1, column 64
    while parsing SOAP envelope
    at line 1, column 0
    while parsing HTTP request for method setEntityPermissions
    on object of type vim.AuthorizationManager
    at line 1, column 0"
    At C:\Users\Administrator\Documents\vSphere permissions import.ps1:27 char:5
    + $perms = $authMgr.SetEntityPermissions($object.MoRef,@($permissio ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : VimException

     

     

    : scripts

     

    ###Import roles###

    function New-Role
    {
    param($name, $privIds)
    Begin{}
    Process{

    $roleId = $authMgr.AddAuthorizationRole($name,$privIds)
    }
    End{
    return $roleId
    }
    }
    function Set-Permission
    {
    param(
    [VMware.Vim.ManagedEntity]$object,
    [VMware.Vim.Permission]$permission
    )
    Begin{}
    Process{
    $perms = $authMgr.SetEntityPermissions($object.MoRef,@($permission))
    }
    End{
    return
    }
    }

    # Create hash table with the current roles
    $authMgr = Get-View AuthorizationManager
    $roleHash = @{}
    $authMgr.RoleList | % {
    $roleHash[$_.Name] = $_.RoleId
    }
    # Read XML file
    $XMLfile = “C:\roles-permissions.xml”
    $vInventory = [xml]"<dummy/>"
    $vInventory.Load($XMLfile)
    # Define Xpaths for the roles and the permissions
    $XpathRoles = “Inventory/Roles/Role”
    $XpathPermissions = “Inventory/Permissions/Permission”
    # Create custom roles
    $vInventory.SelectNodes($XpathRoles) | % {
    if(-not $roleHash.ContainsKey($_.Name)){
    $privArray = @()
    $_.Privilege | % {
    $privArray += $_.Name
    }
    $roleHash[$_.Name] = (New-Role $_.Name $privArray)
    }
    }
    # Set permissions
    $vInventory.SelectNodes($XpathPermissions) | % {
    $perm = New-Object VMware.Vim.Permission
    $perm.group = &{if ($_.Group -eq “true”) {$true} else {$false}}
    $perm.principal = $_.Principal
    $perm.propagate = &{if($_.Propagate -eq “true”) {$true} else {$false}}
    $perm.roleId = $roleHash[$_.Role]

    $EntityName = $_.Entity.Replace(“(“,“\(“).Replace(“)”,“\)”)
    $EntityName = $EntityName.Replace(“[","\[").Replace("]“,“\]”)
    $EntityName = $EntityName.Replace(“{“,“\{“).Replace(“}”,“\}”)

    $entity = Get-View -ViewType $_.EntityType -Filter @{“Name”=("^" + $EntityName + "$")}
    Set-Permission $entity $perm -ErrorAction SilentlyContinu
    }



  • 2.  RE: @lucd script to import vcenter permission from xml

    Posted Aug 22, 2022 07:25 PM
      |   view attached

    attached is the xml file for the import

    Attachment(s)

    txt
    import.txt   37 KB 1 version


  • 3.  RE: @lucd script to import vcenter permission from xml

    Posted Aug 22, 2022 07:58 PM

    It looks as if

    Get-View -ViewType $_.EntityType -Filter @{“Name”=("^" + $EntityName + "$")}

    is returning more than 1 object.
    Are you perhaps connected to more than 1 vCenter?
    Check what $global:defaultVIServers returns.



  • 4.  RE: @lucd script to import vcenter permission from xml

    Posted Aug 22, 2022 08:01 PM

    there is only one connection . I run disconnect-viserver *  before I start

     



  • 5.  RE: @lucd script to import vcenter permission from xml

    Posted Aug 22, 2022 08:11 PM

    Then you should try to find out what exactly is in $EntityName
    Add a Write-Host before the Get-View line

    Write-Host "Entity: $EntityName"
    $entity = Get-View -ViewType $_.EntityType -Filter @{“Name”=("^" + $EntityName + "$")}

     



  • 6.  RE: @lucd script to import vcenter permission from xml

    Posted Aug 22, 2022 08:37 PM

    thanks again man. the datacenter and cluster name was  not matching in two vcnters



  • 7.  RE: @lucd script to import vcenter permission from xml

    Posted Aug 22, 2022 08:39 PM

    the script you have works for adding AD users, do you have anything to export local user names 



  • 8.  RE: @lucd script to import vcenter permission from xml

    Posted Aug 22, 2022 08:58 PM

    The export script just uses Get-VIPermission, that should return any principals, AD or local.