Adds some permission management scripts

alexpilotti · alexpilotti · commit a1a1ae1dacc7 · 2013-10-05T15:27:16.000+03:00
diff --git a/add-esxi-vm-permission.sh b/add-esxi-vm-permission.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+set -e
+
+if [ $# -ne 3 ]; then
+    echo "Usage: $0 <vm_name> <user_name> <role>"
+    exit 1
+fi
+
+VM_NAME=$1
+USER_NAME=$2
+ROLE_NAME=$3
+
+BASEDIR=$(dirname $0)
+
+VMID=`$BASEDIR/get-esxi-vm-id.sh "$VM_NAME"` 
+vim-cmd vimsvc/auth/entity_permission_add vim.VirtualMachine:$VMID $USER_NAME false $ROLE_NAME true
+
diff --git a/get-esxi-users.sh b/get-esxi-users.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+# This returns the list of users with permissions on ha-folder-root
+# TODO: find a way to return the full users list, if possible 
+vim-cmd vimsvc/auth/entity_permissions vim.Folder:ha-folder-root | sed -rn 's/\ +principal = "(.+)",\ +/\1/p'
diff --git a/get-esxi-vm-id.sh b/get-esxi-vm-id.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+if [ $# -ne 1 ]; then
+    echo "Usage: $0 <vm_name>"
+    exit 1
+fi
+
+VM_NAME=$1
+
+/bin/vim-cmd vmsvc/getallvms | awk -vvmname="$VM_NAME" '{if ($2 == vmname) print $1}'
+
diff --git a/set-esxi-vm-permission-all-users.sh b/set-esxi-vm-permission-all-users.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+set -e
+
+isinlist () {
+    for ITEM in `echo $2 | sed -e 's/,/\n/g'`
+    do
+        if [ "$ITEM" == "$1" ]; then
+            return 1
+        fi
+    done
+}
+
+if [ $# -lt 2 ]; then
+    echo "Usage: $0 <vm_name> <role> [<excluded_user_names>]"
+    exit 1
+fi
+
+VM_NAME=$1
+EXCLUDED_USER_NAMES=$3
+ROLE_NAME=$2
+
+BASEDIR=$(dirname $0)
+
+for USER_NAME in `$BASEDIR/get-esxi-users.sh`
+do
+    isinlist $USER_NAME "root,dcui,vpxuser,$EXCLUDED_USER_NAMES"
+    if [ "$?" -ne "1" ]; then
+        echo "Applying permissions for $USER_NAME"
+        $BASEDIR/add-esxi-vm-permission.sh $VM_NAME $USER_NAME $ROLE_NAME
+    fi
+done
+
