Skip to content

Instantly share code, notes, and snippets.

@davoult

davoult/create-existing-folder-permissions.sh

Forked from jcpowermac/create-existing-folder-permissions.sh
Last active December 8, 2023 20:28
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save davoult/2259f17579f19e9618f48f92aa9740cd to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save davoult/2259f17579f19e9618f48f92aa9740cd to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. davoult revised this gist Jan 11, 2022. 1 changed file with 9 additions and 9 deletions.
    18 changes: 9 additions & 9 deletions create-existing-folder-permissions.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -14,7 +14,7 @@ CLUSTER="Host.Config.Storage Resource.AssignVMToPool VApp.AssignResourcePool VAp
    CLUSTER_ROLE_NAME="openshift-cluster-level"
    roles+=( ["${CLUSTER_ROLE_NAME}"]=${CLUSTER} )

    DATASTORE="Datastore.AllocateSpace Datastore.Browse Datastore.FileManagement"
    DATASTORE="Datastore.AllocateSpace Datastore.Browse Datastore.FileManagement InventoryService.Tagging.ObjectAttachable"
    DATASTORE_ROLE_NAME="openshift-datastore-level"
    roles+=( ["${DATASTORE_ROLE_NAME}"]=${DATASTORE} )

    @@ -47,18 +47,18 @@ done

    govc permissions.set --propagate=false -principal [email protected] -role openshift-vcenter-level /

    govc permissions.set --propagate=false -principal [email protected] -role ReadOnly /SDDC-Datacenter-Nested
    govc permissions.set --propagate=false -principal [email protected] -role ReadOnly /Datacenter

    govc permissions.set --propagate=false -principal [email protected] -role ReadOnly /SDDC-Datacenter-Nested/host/Cluster-1-Nested
    govc permissions.set --propagate=false -principal [email protected] -role ReadOnly /Datacenter/host/Cluster-1-Nested

    govc permissions.set --propagate=false -principal [email protected] -role openshift-portgroup-level /SDDC-Datacenter-Nested/network/internal
    govc permissions.set --propagate=false -principal [email protected] -role openshift-portgroup-level /Datacenter/network/internal

    govc permissions.set --propagate=false -principal [email protected] -role ReadOnly /SDDC-Datacenter-Nested/network/DSwitch1
    govc permissions.set --propagate=false -principal [email protected] -role ReadOnly /Datacenter/network/DSwitch1

    govc permissions.set -propagate=false -principal [email protected] -role openshift-datastore-level /SDDC-Datacenter-Nested/datastore/WorkloadDatastoreA
    govc permissions.set -propagate=false -principal [email protected] -role openshift-datastore-level /Datacenter/datastore/WorkloadDatastoreA

    govc permissions.set -propagate=true -principal [email protected] -role openshift-cluster-level /SDDC-Datacenter-Nested/host/Cluster-1-Nested
    govc permissions.set -propagate=true -principal [email protected] -role openshift-cluster-level /Datacenter/host/Cluster-1-Nested


    govc folder.create /SDDC-Datacenter-Nested/vm/jcallen2
    govc permissions.set -propagate=true -principal [email protected] -role openshift-folder-level /SDDC-Datacenter-Nested/vm/jcallen2
    govc folder.create /Datacenter/vm/Openshift
    govc permissions.set -propagate=true -principal [email protected] -role openshift-folder-level /Datacenter/vm/Openshift
  2. @jcpowermac jcpowermac created this gist Jan 13, 2021.
    64 changes: 64 additions & 0 deletions create-existing-folder-permissions.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,64 @@
    #!/bin/bash
    set -e
    set -x


    declare -A roles


    VCENTER="Cns.Searchable InventoryService.Tagging.AttachTag InventoryService.Tagging.CreateCategory InventoryService.Tagging.CreateTag InventoryService.Tagging.DeleteCategory InventoryService.Tagging.DeleteTag InventoryService.Tagging.EditCategory InventoryService.Tagging.EditTag Sessions.ValidateSession StorageProfile.View"
    VCENTER_ROLE_NAME="openshift-vcenter-level"
    roles+=( ["${VCENTER_ROLE_NAME}"]=${VCENTER} )

    CLUSTER="Host.Config.Storage Resource.AssignVMToPool VApp.AssignResourcePool VApp.Import VirtualMachine.Config.AddNewDisk"
    CLUSTER_ROLE_NAME="openshift-cluster-level"
    roles+=( ["${CLUSTER_ROLE_NAME}"]=${CLUSTER} )

    DATASTORE="Datastore.AllocateSpace Datastore.Browse Datastore.FileManagement"
    DATASTORE_ROLE_NAME="openshift-datastore-level"
    roles+=( ["${DATASTORE_ROLE_NAME}"]=${DATASTORE} )


    PORTGROUP="Network.Assign"
    PORTGROUP_ROLE_NAME="openshift-portgroup-level"

    roles+=( ["${PORTGROUP_ROLE_NAME}"]=${PORTGROUP} )

    FOLDER="Resource.AssignVMToPool VApp.Import VirtualMachine.Config.AddExistingDisk VirtualMachine.Config.AddNewDisk VirtualMachine.Config.AddRemoveDevice VirtualMachine.Config.AdvancedConfig VirtualMachine.Config.Annotation VirtualMachine.Config.CPUCount VirtualMachine.Config.DiskExtend VirtualMachine.Config.DiskLease VirtualMachine.Config.EditDevice VirtualMachine.Config.Memory VirtualMachine.Config.RemoveDisk VirtualMachine.Config.Rename VirtualMachine.Config.ResetGuestInfo VirtualMachine.Config.Resource VirtualMachine.Config.Settings VirtualMachine.Config.UpgradeVirtualHardware VirtualMachine.Interact.GuestControl VirtualMachine.Interact.PowerOff VirtualMachine.Interact.PowerOn VirtualMachine.Interact.Reset VirtualMachine.Inventory.Create VirtualMachine.Inventory.CreateFromExisting VirtualMachine.Inventory.Delete VirtualMachine.Provisioning.Clone"

    FOLDER_ROLE_NAME="openshift-folder-level"
    roles+=( ["${FOLDER_ROLE_NAME}"]=${FOLDER} )

    for key in "${!roles[@]}"; do
    if ! govc role.ls "${key}"; then
    govc role.create ${key} ${roles[${key}]} || true
    sleep 5
    fi
    done

    #openshift-vcenter-level | False | vSphere vCenter
    #ReadOnly | False | vSphere vCenter Datacenter
    #ReadOnly | False | vSphere vCenter Switch
    #openshift-cluster-level | True | vSphere vCenter Cluster
    #openshift-datastore-level | False | vSphere vCenter Datastore
    #openshift-portgroup-level | False | vSphere Port Group
    #openshift-folder-level | True | vSphere vCenter Virtual Machine folder


    govc permissions.set --propagate=false -principal [email protected] -role openshift-vcenter-level /

    govc permissions.set --propagate=false -principal [email protected] -role ReadOnly /SDDC-Datacenter-Nested

    govc permissions.set --propagate=false -principal [email protected] -role ReadOnly /SDDC-Datacenter-Nested/host/Cluster-1-Nested

    govc permissions.set --propagate=false -principal [email protected] -role openshift-portgroup-level /SDDC-Datacenter-Nested/network/internal

    govc permissions.set --propagate=false -principal [email protected] -role ReadOnly /SDDC-Datacenter-Nested/network/DSwitch1

    govc permissions.set -propagate=false -principal [email protected] -role openshift-datastore-level /SDDC-Datacenter-Nested/datastore/WorkloadDatastoreA

    govc permissions.set -propagate=true -principal [email protected] -role openshift-cluster-level /SDDC-Datacenter-Nested/host/Cluster-1-Nested


    govc folder.create /SDDC-Datacenter-Nested/vm/jcallen2
    govc permissions.set -propagate=true -principal [email protected] -role openshift-folder-level /SDDC-Datacenter-Nested/vm/jcallen2