-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathgovc-openshift-roles.sh
executable file
·192 lines (163 loc) · 5.64 KB
/
govc-openshift-roles.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
#!/bin/bash
source ../.sourcevc
govc session.login
govc about
govc role.create openshift_cluster
PRIVILEGES1="Host.Config.Storage
Resource.AssignVMToPool
Resource.CreatePool
Resource.DeletePool
Resource.ColdMigrate
Resource.HotMigrate
System.Anonymous
System.Read
System.View
VApp.AssignResourcePool
vApp.Clone
vApp.vApp application configuration
VApp.Import
VirtualMachine.Config.AddNewDisk"
govc role.update openshift_cluster $PRIVILEGES1
PRIVILEGES2="Datastore.AllocateSpace
Folder.Create
Folder.Delete
InventoryService.Tagging.AttachTag
InventoryService.Tagging.CreateCategory
InventoryService.Tagging.CreateTag
InventoryService.Tagging.DeleteCategory
InventoryService.Tagging.DeleteTag
InventoryService.Tagging.EditCategory
InventoryService.Tagging.EditTag
InventoryService.Tagging.ObjectAttachable
Network.Assign
Network.Config
Resource.AssignVMToPool
System.Anonymous
System.Read
System.View
VApp.Import
VirtualMachine.Config.AddExistingDisk
VirtualMachine.Config.AddNewDisk
VirtualMachine.Config.AddRemoveDevice
VirtualMachine.Config.AdvancedConfig
VirtualMachine.Config.Annotation
VirtualMachine.Config.CPUCount
VirtualMachine.Config.DiskExtend
VirtualMachine.Config.DiskLease
VirtualMachine.Config.EditDevice
VirtualMachine.Config.Memory
VirtualMachine.Config.RemoveDisk
VirtualMachine.Config.Rename
VirtualMachine.Config.ResetGuestInfo
VirtualMachine.Config.Resource
VirtualMachine.Config.Settings
VirtualMachine.Config.SwapPlacement
VirtualMachine.Config.UpgradeVirtualHardware
VirtualMachine.Interact.GuestControl
VirtualMachine.Interact.PowerOff
VirtualMachine.Interact.PowerOn
VirtualMachine.Interact.Reset
VirtualMachine.Inventory.Create
VirtualMachine.Inventory.CreateFromExisting
VirtualMachine.Inventory.Delete
VirtualMachine.Provisioning.Clone
VirtualMachine.Provisioning.DeployTemplate
VirtualMachine.Provisioning.MarkAsTemplate
VirtualMachine.Interact.Backup
VirtualMachine.Interact.SetCDMedia
VirtualMachine.Interact.SetFloppyMedia
VirtualMachine.Interact.ConsoleInteract
VirtualMachine.Interact.CreateScreenshot
VirtualMachine.Interact.DeviceConnection
VirtualMachine.Interact.ToolsInstall
VirtualMachine.Interact.Record
VirtualMachine.Interact.Replay
VirtualMachine.Provisioning.Customize
VirtualMachine.Provisioning.MarkAsVM"
govc role.create openshift_datacenter $PRIVILEGES2
PRIVILEGES3="Datastore.AllocateSpace
Datastore.Browse
Datastore.FileManagement
InventoryService.Tagging.ObjectAttachable
System.Anonymous
System.Read
System.View"
govc role.create openshift_datastore $PRIVILEGES3
PRIVILEGES4="Cns.Searchable
InventoryService.Tagging.AttachTag
InventoryService.Tagging.CreateCategory
InventoryService.Tagging.CreateTag
InventoryService.Tagging.DeleteCategory
InventoryService.Tagging.DeleteTag
InventoryService.Tagging.EditCategory
InventoryService.Tagging.EditTag
Network.Assign
Network.Config
Sessions.ValidateSession
StorageProfile.Update
StorageProfile.View
System.Anonymous
System.Read
System.View
VirtualMachine.Interact.Backup
VirtualMachine.Interact.SetCDMedia
VirtualMachine.Interact.SetFloppyMedia
VirtualMachine.Interact.ConsoleInteract
VirtualMachine.Interact.CreateScreenshot
VirtualMachine.Interact.DeviceConnection
VirtualMachine.Interact.GuestControl
VirtualMachine.Interact.ToolsInstall
VirtualMachine.Interact.PowerOff
VirtualMachine.Interact.PowerOn
VirtualMachine.Interact.Reset
VirtualMachine.Interact.Record
VirtualMachine.Interact.Replay"
govc role.create openshift_vcenter $PRIVILEGES4
PRIVILEGES5="Network.Assign
System.Anonymous
System.Read
System.View"
govc role.create openshift_portgroup $PRIVILEGES5
PRIVILEGES6="Resource.AssignVMToPool
System.Anonymous
System.Read
System.View
VApp.Import
VirtualMachine.Config.AddExistingDisk
VirtualMachine.Config.AddNewDisk
VirtualMachine.Config.AddRemoveDevice
VirtualMachine.Config.AdvancedConfig
VirtualMachine.Config.Annotation
VirtualMachine.Config.CPUCount
VirtualMachine.Config.DiskExtend
VirtualMachine.Config.DiskLease
VirtualMachine.Config.EditDevice
VirtualMachine.Config.Memory
VirtualMachine.Config.RemoveDisk
VirtualMachine.Config.Rename
VirtualMachine.Config.ResetGuestInfo
VirtualMachine.Config.Resource
VirtualMachine.Config.Settings
VirtualMachine.Config.UpgradeVirtualHardware
VirtualMachine.Interact.GuestControl
VirtualMachine.Interact.PowerOff
VirtualMachine.Interact.PowerOn
VirtualMachine.Interact.Reset
VirtualMachine.Inventory.Create
VirtualMachine.Inventory.CreateFromExisting
VirtualMachine.Inventory.Delete
VirtualMachine.Provisioning.Clone"
govc role.create openshift_folder $PRIVILEGES6
govc role.ls | grep openshift
#PRINCIPAL="DEVQE"
PRINCIPAL="[email protected]"
PGNETWORK="VManagement"
DC=$(govc find / -type d)
#DC2=${DC##*:}
CL=$(govc find / -type c)
govc permissions.set -group=true -principal $PRINCIPAL -role openshift_vcenter /
govc permissions.set -group=true -principal $PRINCIPAL -role openshift_datacenter $DC
govc permissions.set -group=true -principal $PRINCIPAL -role openshift_cluster $CL
govc permissions.set -group=true -principal $PRINCIPAL -role openshift_portgroup $DC/network/$PGNETWORK
govc permissions.set -group=true -principal $PRINCIPAL -role openshift_datastore $DC/datastore/vsanDatastore
govc permissions.ls |grep openshift_vcenter