Detect missing permissions and provide more helpful diagnosis

rnelson0 / vCenter-roles

Set up roles for common applications to access vCenter

Apache License 2.0

11 stars 3 forks source link

Detect missing permissions and provide more helpful diagnosis #3

Closed rnelson0 closed 8 years ago

rnelson0 commented 8 years ago

During testing of the new framework, I discovered that some sample privileges @chriswahl uses are from VUM, which is not part of my lab vCenter. As these privs do not exist, PoSH spews lots of red for each and every missing priv:

Get-VIPrivilege : 2/17/2016 10:01:33 PM    Get-VIPrivilege        VIPrivilege with id 'VcIntegrity.Updates.com.vmware.vcIntegrity.ViewStatus' was not found using the specified filter(s).    
At C:\Users\RN7284\Documents\vCenter-roles-master\Import-VIRole.ps1:111 char:21
+         $PermList = Get-VIPrivilege -Id $PermArray
+                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Get-VIPrivilege], VimException
    + FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.GetVIPrivilege

See if there's a better way to handle these errors and make the missing privs more visible to the calling user/cmdlet.

chriswahl commented 8 years ago

Snark - shouldn't everyone have VUM? Kidding. And you're right. I think we can easily test this by making up bogus permissions and working on error handling to format an eyeballs friendly response using Write-Warning (as an example).

rnelson0 commented 8 years ago

Ha, I don't have enough capacity on my two-host lab to do automatic updates, so... yeah :)

chriswahl commented 8 years ago

@rnelson0 - Check out this commit that reports missing permissions and try it in your environment?

https://github.com/chriswahl/vCenter-roles/commit/152ad9e981981a14f77f4e0375e5abd578488279

rnelson0 commented 8 years ago

Awesome!

PS C:\users\RN7284\Documents\vCenter-roles> Import-VIRole  -Name Test -Permission .\Roles\Administrator.json vcsa
WARNING: Permission named VcIntegrity.Baseline.com.vmware.vcIntegrity.AssignBaselines not found
WARNING: Permission named VcIntegrity.Baseline.com.vmware.vcIntegrity.ManageBaselines not found
WARNING: Permission named VcIntegrity.FileUpload.com.vmware.vcIntegrity.ImportFile not found
WARNING: Permission named VcIntegrity.General.com.vmware.vcIntegrity.Configure not found
WARNING: Permission named VcIntegrity.Updates.com.vmware.vcIntegrity.Remediate not found
WARNING: Permission named VcIntegrity.Updates.com.vmware.vcIntegrity.Scan not found
WARNING: Permission named VcIntegrity.Updates.com.vmware.vcIntegrity.Stage not found
WARNING: Permission named VcIntegrity.Updates.com.vmware.vcIntegrity.ViewStatus not found

Can you fix the indent on L118 before submitting a PR?

chriswahl commented 8 years ago

It's a nested curly brace, that's the correct format.

chriswahl commented 8 years ago

Submitted https://github.com/rnelson0/vCenter-roles/pull/5 for review