elihuj
Enthusiast
Enthusiast

Thank you for the quick reply LucD. Here are the scripts I am using:

###Export###

$outputdir = "C:\Support\Roles\"

# Root of the XML file

$global:vInventory = [xml]"<Inventory></Inventory>"

# Functions

function New-XmlNode{

param($node, $nodeName)

$tmp = $global:vInventory.CreateElement($nodeName)

$node.AppendChild($tmp)

}

function Set-XmlAttribute{

param($node, $name, $value)

$node.SetAttribute($name, $value)

}

function Get-XmlNode{

param ($path)

$global:vInventory.SelectNodes($path)

}

function Get-Roles{

  begin{

    $authMgr = Get-View AuthorizationManager

    $report = @()

  }

  process{

    foreach($role in $authMgr.roleList){

      $ret = New-Object PSObject

      $ret | Add-Member -Type noteproperty -Name "Name" -Value $role.name

      $ret | Add-Member -Type noteproperty -Name "Label" -Value $role.info.label

      $ret | Add-Member -Type noteproperty -Name "Summary" -Value $role.info.summary

      $ret | Add-Member -Type noteproperty -Name "RoleId" -Value $role.roleId

      $ret | Add-Member -Type noteproperty -Name "System" -Value $role.system

      $ret | Add-Member -Type noteproperty -Name "Privilege" -Value $role.privilege

      $report += $ret

    }

  }

  end{

    return $report

  }

}

function Get-Permissions

{

  begin{

    $report = @()

    $authMgr = Get-View AuthorizationManager

    $roleHash = @{}

    $authMgr.RoleList | %{

      $roleHash[$_.RoleId] = $_.Name

    }

  }

  process{

    $perms = $authMgr.RetrieveAllPermissions()

    foreach($perm in $perms){

      $ret = New-Object PSObject

      $entity = Get-View $perm.Entity

      $ret | Add-Member -Type noteproperty -Name "Entity" -Value $entity.Name

      $ret | Add-Member -Type noteproperty -Name "EntityType" -Value $entity.gettype().Name

      $ret | Add-Member -Type noteproperty -Name "Group" -Value $perm.Group

      $ret | Add-Member -Type noteproperty -Name "Principal" -Value $perm.Principal

      $ret | Add-Member -Type noteproperty -Name "Propagate" -Value $perm.Propagate

      $ret | Add-Member -Type noteproperty -Name "Role" -Value $roleHash[$perm.RoleId]

      $report += $ret

    }

  }

  end{

    return $report

  }

}

$global:vInventory = [xml]"<Inventory><Roles/><Permissions/></Inventory>"

# Main

# Roles

  $XMLRoles = Get-XmlNode "Inventory/Roles"

Get-Roles | where {-not $_.System} | % {

  $XMLRole = New-XmlNode $XMLRoles "Role"

  Set-XmlAttribute $XMLRole "Name" $_.Name

  Set-XmlAttribute $XMLRole "Label" $_.Label

  Set-XmlAttribute $XMLRole "Summary" $_.Summary

  $_.Privilege | % {

    $XMLPrivilege = New-XmlNode $XMLRole "Privilege"

    Set-XmlAttribute $XMLPrivilege "Name" $_

  }

}

# Permissions

$XMLPermissions = Get-XmlNode "Inventory/Permissions"

Get-Permissions | % {

  $XMLPerm = New-XmlNode $XMLPermissions "Permission"

  Set-XmlAttribute $XMLPerm "Entity" $_.Entity

  Set-XmlAttribute $XMLPerm "EntityType" $_.EntityType

  Set-XmlAttribute $XMLPerm "Group" $_.Group

  Set-XmlAttribute $XMLPerm "Principal" $_.Principal

  Set-XmlAttribute $XMLPerm "Propagate" $_.Propagate

  Set-XmlAttribute $XMLPerm "Role" $_.Role

}

# Create XML file

$global:vInventory.Save($outputdir + "vcenter.xml")

###Import###

# Functions

function New-Role

{

    param($name, $privIds)

    Begin{}

    Process{

        $roleId = $authMgr.AddAuthorizationRole($name,$privIds)

    }

    End{

        return $roleId

    }

}

function Set-Permission

{

param(

[VMware.Vim.ManagedEntity]$object,

[VMware.Vim.Permission]$permission

)

Begin{}

Process{

    $perms = $authMgr.SetEntityPermissions($object.MoRef,@($permission))

}

End{

    return

}

}

# Main

# Create hash table with the current roles

$authMgr = Get-View AuthorizationManager

$roleHash = @{}

$authMgr.RoleList | % {

    $roleHash[$_.Name] = $_.RoleId

}

# Read XML file

$XMLfile = "C:\Support\Roles\vcenter.xml"

$vInventory = [xml]"<dummy/>"

$vInventory.Load($XMLfile)

# Define Xpaths for the roles and the permissions

$XpathRoles = "Inventory/Roles/Role"

$XpathPermissions = "Inventory/Permissions/Permission"

# Create custom roles

$vInventory.SelectNodes($XpathRoles) | % {

    if(-not $roleHash.ContainsKey($_.Name)){

        $privArray = @()

        $_.Privilege | % {

            $privArray += $_.Name

        }

        $roleHash[$_.Name] = (New-Role $_.Name $privArray)

    }

}

# Set permissions

$vInventory.SelectNodes($XpathPermissions) | % {

    $perm = New-Object VMware.Vim.Permission

    $perm.group = &{if ($_.Group -eq "true") {$true} else {$false}}

    $perm.principal = $_.Principal

    $perm.propagate = &{if($_.Propagate -eq "true") {$true} else {$false}}

    $perm.roleId = $roleHash[$_.Role]

    $EntityName = $_.Entity.Replace("(","\(").Replace(")","\)")

    $EntityName = $EntityName.Replace("[","\[").Replace("]","\]")

    $EntityName = $EntityName.Replace("{","\{").Replace("}","\}")

    $entity = Get-View -ViewType $_.EntityType -Filter @{"Name"=("^" + $EntityName + "$")}

    Set-Permission $entity $perm

}

Reply
0 Kudos