Solved: VM tagging and permission assignment

yosingh · ‎08-04-2020

Hi Community,

I need to assign the tag based on tag category in csv file. (http://www.virtu-al.net/2014/11/13/automating-tags-tag-category-creation-assignment-powercli/ )

1. I want to tag all the VMs where MktMgmt is the application.

2. Assign the role MktMgmt_role with AD group domain\MktMgmt_group to the tag Application:MktMgmt

This way I will be giving access to usergroup domain\MktMgmt_group on VMs where Application:MktMgmt is the tag.

Here is example CSV.

vc	vmname	tags_with_category
VC01	VM01	ApplicationCategory:HR-stream,Owner:WindowsTeam,Application:HRmgmt,ProductOwner:abc
VC02	VM02	ApplicationCategory:HR-stream,Owner:WindowsTeam,Application:HRmgmt,ProductOwner:abc
VC03	VM03	ApplicationCategory:Mkt-stream,Owner:WindowsTeam,Application:MktMgmt,ProductOwner:xxx
VC04	VM04	ApplicationCategory:HR-stream,Owner:WindowsTeam,Application:HRmgmt,ProductOwner:abc
VC01	VM05	ApplicationCategory:Mkt-stream,Owner:WindowsTeam,Application:MktMgmt,ProductOwner:xxx
VC02	VM06	ApplicationCategory:Fin-stream,Owner:LinuxTeam,Application:Finmgmt
VC03	VM07	ApplicationCategory:Fin-stream,Owner:LinuxTeam,Application:Finmgmt
VC04	VM08	ApplicationCategory:Fin-stream,Owner:LinuxTeam,Application:Finmgmt
VC01	VM09	ApplicationCategory:Mkt-stream,Owner:WindowsTeam,Application:MktMgmt

LucD · ‎08-05-2020

The Server parameter is there because your CSV file seems to contain multiple vCenters.

I would be curious to see which error that can give, unless your entry in the CSV is not correct.

The Tag creation wasn't captured in a variable, hence it didn't work on the 1st run.

This should work

Import-Csv -Path .\ExampleCSV.csv -UseCulture -PipelineVariable row |

ForEach-Object -Process {

$vm = Get-VM -Name $row.vmname -Server $row.vc

$row.tags_with_categore.Split(',') | ForEach-Object -Process {

if($_ -eq 'Application:MktMgmt'){

New-VIPermission -Role 'MktMgmt_role' -Principal 'domain\MktMgmt_group' -Server $row.vc -Confirm:$false

}

$catName,$tagName = $_.Split(':')

try{

$cat = Get-TagCategory -Name $catName -Server $row.vc -ErrorAction Stop

}

catch{

$cat = New-TagCategory -Name $catName -EntityType VirtualMachine -Server $row.vc

}

try{

$tag = Get-Tag -Name $tagName -Category $cat -Server $row.vc -ErrorAction Stop

}

catch{

$tag = New-Tag -Name $tagName -Category $cat -Server $row.vc

}

New-TagAssignment -Entity $vm -Tag $tag -Server $row.vc -Confirm:$false

}

The current New-VIPermossion doesn't accept Tags or TagCategories as Entity.

It was not clear from your question you wanted that permission on the Tag itself.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

yosingh · ‎08-04-2020

LucD can you please help here

LucD · ‎08-04-2020

You mean something like this?

Import-Csv -Path .\ExampleCSV.csv -UseCulture -PipelineVariable row |

where{$_.tags_with_categore.Split(',') -contains 'Application:MktMgmt'} |

ForEach-Object -Process {

Get-VM -Name $row.vmname -Server $row.vc |

New-VIPermission -Role 'MktMgmt_role' -Principal 'domain\MktMgmt_group' -Confirm:$false

}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

yosingh · ‎08-04-2020

Thanks LucD for your quick response.

But my VMs are not tagged yet, Can you please add another line to tag the VMs first.

1. I want to tag all the VMs where MktMgmt is the application.

LucD · ‎08-04-2020

Tag all the VMs with all the tags in the CSV or just the ones that fit the test?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

LucD · ‎08-04-2020

If you want to tag all VMs, you could do something like this

Import-Csv -Path .\ExampleCSV.csv -UseCulture -PipelineVariable row |

ForEach-Object -Process {

$vm = Get-VM -Name $row.vmname -Server $row.vc

$row.tags_with_categore.Split(',') | ForEach-Object -Process {

if($_ -eq 'Application:MktMgmt'){

New-VIPermission -Role 'MktMgmt_role' -Principal 'domain\MktMgmt_group' -Server $row.vc -Confirm:$false

}

$catName,$tagName = $_.Split(':')

try{

$cat = Get-TagCategory -Name $catName -Server $row.vc -ErrorAction Stop

}

catch{

$cat = New-TagCategory -Name $catName -EntityType VirtualMachine -Server $row.vc

}

try{

$tag = Get-Tag -Name $tagName -Category $cat -Server $row.vc -ErrorAction Stop

}

catch{

New-Tag -Name $tagName -Category $cat -Server $row.vc

}

New-TagAssignment -Entity $vm -Tag $tag -Server $row.vc -Confirm:$false

}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

yosingh · ‎08-05-2020

I made some change i.e clearing the variable, commented after -server $row.vc

$vm = Get-VM -Name $row.vmname #-Server $row.vc commented this as it was giving error.

And it started working but some how it does not assign the Tags properly (partially tag assignment) to the VMs when you run script first time. (was getting null error for some of theTags)

but when you run the same script second time without changes it assigns the tags properly.
May be first time it is creating Tags /Tag categories and it take some time to reflect and throws an error if we are trying to assign it to VM. (just thinking could be different issue)

Further...

I want to assign permission on a Tag but look likes that is not possible through command line (script) but from GUI there is a way.

New-VIPermission -Role 'MktMgmt_role' -Principal 'domain\MktMgmt_group' -Entity MktMgmt

Above command doesn't identify Tag as an entity (is it wrong or some other way to mention the tag ?)

Thanks a lot for the script

LucD · ‎08-05-2020

The Server parameter is there because your CSV file seems to contain multiple vCenters.

I would be curious to see which error that can give, unless your entry in the CSV is not correct.

The Tag creation wasn't captured in a variable, hence it didn't work on the 1st run.

This should work

Import-Csv -Path .\ExampleCSV.csv -UseCulture -PipelineVariable row |

ForEach-Object -Process {

$vm = Get-VM -Name $row.vmname -Server $row.vc

$row.tags_with_categore.Split(',') | ForEach-Object -Process {

if($_ -eq 'Application:MktMgmt'){

New-VIPermission -Role 'MktMgmt_role' -Principal 'domain\MktMgmt_group' -Server $row.vc -Confirm:$false

}

$catName,$tagName = $_.Split(':')

try{

$cat = Get-TagCategory -Name $catName -Server $row.vc -ErrorAction Stop

}

catch{

$cat = New-TagCategory -Name $catName -EntityType VirtualMachine -Server $row.vc

}

try{

$tag = Get-Tag -Name $tagName -Category $cat -Server $row.vc -ErrorAction Stop

}

catch{

$tag = New-Tag -Name $tagName -Category $cat -Server $row.vc

}

New-TagAssignment -Entity $vm -Tag $tag -Server $row.vc -Confirm:$false

}

The current New-VIPermossion doesn't accept Tags or TagCategories as Entity.

It was not clear from your question you wanted that permission on the Tag itself.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

yosingh · ‎08-05-2020

Yeah i missed to mentioned in the beginning for assigning permission on tag, anyway that can be done manually.

Thanks a lot for the script.

yosingh · ‎08-05-2020

Hi LucD How can I skip the VMs with no Tag/Tag category , I tried compare $row.tags_with_categore with $Null but didn't help.
I would really appreciate if you can help with it.

LucD · ‎08-05-2020

Every property from an object coming from Import-Csv is a [string].
So you will have to compare against the empty string ''

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

All

VM tagging and permission assignment