I am looking at Alan and LucD's import script for permissions in vCenter. I've used it in the past with no issues. I have been attempting to import permissions into my 6.7 vCenter, and have been receiving the following error:
Get-View : Cannot validate argument on parameter 'ViewType'. Accepted types: ClusterComputeResource, ComputeResource, Datacenter, Datastore,
DistributedVirtualPortgroup, DistributedVirtualSwitch, Folder, HostSystem, Network, OpaqueNetwork, ResourcePool, StoragePod, VirtualApp, VirtualMachine,
VmwareDistributedVirtualSwitch
At C:\vCenter_Permissions.ps1:231 char:34
+ $entity = Get-View -ViewType $_.EntityType -Filter @{"Name"=("^" ...
+ ~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Get-View], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,VMware.VimAutomation.ViCore.Cmdlets.Commands.DotNetInterop.GetVIView
Which corresponds to this line: $entity = Get-View -ViewType $_.EntityType -Filter @{"Name"=("^" + $EntityName + "$")}
The fact that we see "Datacenters Datacenters" could mean that there are multiple connections open.
Is there more than 1 entry in $global:DefaultVIServers when you run the export?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
There must be something in the file under EntityType that doesn't appear in the list of accepted types.
Can you check?
Or point me to the actual scripts you use for import and export.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thank you for the quick reply LucD. Here are the scripts I am using:
###Export###
$outputdir = "C:\Support\Roles\"
# Root of the XML file
$global:vInventory = [xml]"<Inventory></Inventory>"
# Functions
function New-XmlNode{
param($node, $nodeName)
$tmp = $global:vInventory.CreateElement($nodeName)
$node.AppendChild($tmp)
}
function Set-XmlAttribute{
param($node, $name, $value)
$node.SetAttribute($name, $value)
}
function Get-XmlNode{
param ($path)
$global:vInventory.SelectNodes($path)
}
function Get-Roles{
begin{
$authMgr = Get-View AuthorizationManager
$report = @()
}
process{
foreach($role in $authMgr.roleList){
$ret = New-Object PSObject
$ret | Add-Member -Type noteproperty -Name "Name" -Value $role.name
$ret | Add-Member -Type noteproperty -Name "Label" -Value $role.info.label
$ret | Add-Member -Type noteproperty -Name "Summary" -Value $role.info.summary
$ret | Add-Member -Type noteproperty -Name "RoleId" -Value $role.roleId
$ret | Add-Member -Type noteproperty -Name "System" -Value $role.system
$ret | Add-Member -Type noteproperty -Name "Privilege" -Value $role.privilege
$report += $ret
}
}
end{
return $report
}
}
function Get-Permissions
{
begin{
$report = @()
$authMgr = Get-View AuthorizationManager
$roleHash = @{}
$authMgr.RoleList | %{
$roleHash[$_.RoleId] = $_.Name
}
}
process{
$perms = $authMgr.RetrieveAllPermissions()
foreach($perm in $perms){
$ret = New-Object PSObject
$entity = Get-View $perm.Entity
$ret | Add-Member -Type noteproperty -Name "Entity" -Value $entity.Name
$ret | Add-Member -Type noteproperty -Name "EntityType" -Value $entity.gettype().Name
$ret | Add-Member -Type noteproperty -Name "Group" -Value $perm.Group
$ret | Add-Member -Type noteproperty -Name "Principal" -Value $perm.Principal
$ret | Add-Member -Type noteproperty -Name "Propagate" -Value $perm.Propagate
$ret | Add-Member -Type noteproperty -Name "Role" -Value $roleHash[$perm.RoleId]
$report += $ret
}
}
end{
return $report
}
}
$global:vInventory = [xml]"<Inventory><Roles/><Permissions/></Inventory>"
# Main
# Roles
$XMLRoles = Get-XmlNode "Inventory/Roles"
Get-Roles | where {-not $_.System} | % {
$XMLRole = New-XmlNode $XMLRoles "Role"
Set-XmlAttribute $XMLRole "Name" $_.Name
Set-XmlAttribute $XMLRole "Label" $_.Label
Set-XmlAttribute $XMLRole "Summary" $_.Summary
$_.Privilege | % {
$XMLPrivilege = New-XmlNode $XMLRole "Privilege"
Set-XmlAttribute $XMLPrivilege "Name" $_
}
}
# Permissions
$XMLPermissions = Get-XmlNode "Inventory/Permissions"
Get-Permissions | % {
$XMLPerm = New-XmlNode $XMLPermissions "Permission"
Set-XmlAttribute $XMLPerm "Entity" $_.Entity
Set-XmlAttribute $XMLPerm "EntityType" $_.EntityType
Set-XmlAttribute $XMLPerm "Group" $_.Group
Set-XmlAttribute $XMLPerm "Principal" $_.Principal
Set-XmlAttribute $XMLPerm "Propagate" $_.Propagate
Set-XmlAttribute $XMLPerm "Role" $_.Role
}
# Create XML file
$global:vInventory.Save($outputdir + "vcenter.xml")
###Import###
# Functions
function New-Role
{
param($name, $privIds)
Begin{}
Process{
$roleId = $authMgr.AddAuthorizationRole($name,$privIds)
}
End{
return $roleId
}
}
function Set-Permission
{
param(
[VMware.Vim.ManagedEntity]$object,
[VMware.Vim.Permission]$permission
)
Begin{}
Process{
$perms = $authMgr.SetEntityPermissions($object.MoRef,@($permission))
}
End{
return
}
}
# Main
# Create hash table with the current roles
$authMgr = Get-View AuthorizationManager
$roleHash = @{}
$authMgr.RoleList | % {
$roleHash[$_.Name] = $_.RoleId
}
# Read XML file
$XMLfile = "C:\Support\Roles\vcenter.xml"
$vInventory = [xml]"<dummy/>"
$vInventory.Load($XMLfile)
# Define Xpaths for the roles and the permissions
$XpathRoles = "Inventory/Roles/Role"
$XpathPermissions = "Inventory/Permissions/Permission"
# Create custom roles
$vInventory.SelectNodes($XpathRoles) | % {
if(-not $roleHash.ContainsKey($_.Name)){
$privArray = @()
$_.Privilege | % {
$privArray += $_.Name
}
$roleHash[$_.Name] = (New-Role $_.Name $privArray)
}
}
# Set permissions
$vInventory.SelectNodes($XpathPermissions) | % {
$perm = New-Object VMware.Vim.Permission
$perm.group = &{if ($_.Group -eq "true") {$true} else {$false}}
$perm.principal = $_.Principal
$perm.propagate = &{if($_.Propagate -eq "true") {$true} else {$false}}
$perm.roleId = $roleHash[$_.Role]
$EntityName = $_.Entity.Replace("(","\(").Replace(")","\)")
$EntityName = $EntityName.Replace("[","\[").Replace("]","\]")
$EntityName = $EntityName.Replace("{","\{").Replace("}","\}")
$entity = Get-View -ViewType $_.EntityType -Filter @{"Name"=("^" + $EntityName + "$")}
Set-Permission $entity $perm
}
Can you check what EntityType values are present in the XML file with the following snippet?
$vInventory = [xml]"<dummy/>"
$vInventory.Load($XMLfile)
$vInventory.SelectNodes("Inventory/Permissions/Permission") |
Select -ExpandProperty EntityType |
Group-Object
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Here is the output I get:
Count Name Group
----- ---- -----
26 Object[] {Object[], Object[], Object[], Object[]...}
2 Datastore {Datastore, Datastore}
2 ClusterComputeResource {ClusterComputeResource, ClusterComputeResource}
1 DistributedVirtualPort... {DistributedVirtualPortgroup}
1 Folder {Folder}
1 VirtualMachine {VirtualMachine}
That 1st entry is most probably the culprit.
Can find you it back in the XML file?
Eliminate all the other entries, and what is left, is probably the one shown as object[]
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I'm seeing a lot of these in the XML file:
<Permission Role="Admin" Propagate="True" Principal="VSPHERE.LOCAL\Administrator" Group="False" EntityType="Object[]" Entity="Datacenters Datacenters"/>
<Permission Role="Admin" Propagate="True" Principal="VSPHERE.LOCAL\Administrator" Group="False" EntityType="Object[]" Entity="Datacenters Datacenters"/>
<Permission Role="AutoUpdateUser" Propagate="True" Principal="VSPHERE.LOCAL\AutoUpdate" Group="True" EntityType="Object[]" Entity="Datacenters Datacenters"/>
<Permission Role="Admin" Propagate="True" Principal="VSPHERE.LOCAL\Administrators" Group="True" EntityType="Object[]" Entity="Datacenters Datacenters"/>
<Permission Role="Admin" Propagate="True" Principal="Lab\VMware_Admins" Group="True" EntityType="Object[]" Entity="Datacenters Datacenters"/>
<Permission Role="ReadOnly" Propagate="True" Principal="Lab\Tier1" Group="True" EntityType="Object[]" Entity="Datacenters Datacenters"/>
Of all the entries in my XML with EntityType="Object[]", they all appear to be for the Datacenters Entity only.
The fact that we see "Datacenters Datacenters" could mean that there are multiple connections open.
Is there more than 1 entry in $global:DefaultVIServers when you run the export?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Yes, that was it! In my testing, I more than likely did NOT kill my initial session prior to running the export. I started from scratch, and had a much better looking XML file to import from. Tested both export and import. Much thanks for your assistance LucD.
Output from $vInventory now:
Count Name Group
----- ---- -----
2 Datastore {Datastore, Datastore}
2 ClusterComputeResource {ClusterComputeResource, ClusterComputeResource}
1 DistributedVirtualPort... {DistributedVirtualPortgroup}
15 Folder {Folder, Folder, Folder, Folder...}
1 VirtualMachine {VirtualMachine}