search

vmware-archive / powernsx

PowerShell module that abstracts the VMware NSX-v API to a set of easily used PowerShell functions
173 stars 90 forks source link

removing multiple security tags from VMs #590

Open eaphilipp opened 5 years ago

eaphilipp commented 5 years ago

Hello,

I am trying to remove multiple security tags from VMs with a certain name. Here is my code:

$VM = Get-VM | Where-Object { $_.Name -like 'ERIC' } get-vm $VM | Get-NsxSecurityTagAssignment | Remove-NsxSecurityTagAssignment -confirm:$false

When I run this I get the following error: Remove-NsxSecurityTagAssignment : Cannot validate argument on parameter 'TagAssignment'. Specify a valid Security Tag Assignment. At line:2 char:45

The VM in question has two security tags: {APP-OTHER, APP-A-STAGING} ERICTEST04

If I remove one of the security tags manually, so there is only one security tag assigned it works great. But it will not remove multiples.

I am using the PowerNSX Document for Remove-NsxSecurityTagAssignment

This cmdlet is used to remove NSX Security Tags assigned to a virtual machine

A NSX Security Tag is a arbitrary string. It is used in other functions of NSX such as Security Groups match criteria. Security Tags are applied to a Virtual Machine.

This cmdlet assigns is used to remove NSX Security Tags assigned to a virtual machine

Get-VM Web01 | Get-NsxSecurityTagAssigment | Remove-NsxSecurityTagAssignment

Any ideas?

alagoutte commented 5 years ago

Hi,

i think the returned value is not the same between there is one or multiple tags.

i will check

eaphilipp commented 5 years ago

Thanks for checking. When I run this script against VMs with one security tag applied to them it works great. If I add multiple security tags to the VM it errors out and doesn't remove the tags. Please let me know what you find. I have been trying to work on a work around and I can't come up with anything that works. So if you have an idea that would be great!

alagoutte commented 5 years ago

i have make some try and working for me...

What PowerNSX release do you are using ? and NSX ?

What the output of 

$VM = Get-VM | Where-Object { $_.Name -like 'ERIC' }
get-vm $VM | Get-NsxSecurityTagAssignment
eaphilipp commented 5 years ago

PowerNSX version is 3.0.1125 NSX version is 6.4.4.11197766

Here is the output: SecurityTag VirtualMachine

{APP-OTHER, APP-A-STAGING} ERICTESTEDC01
{APP-OTHER, APP-A-STAGING} ERICTESTEDC04
{APP-OTHER, APP-A-STAGING} ERICTEST10
{APP-OTHER, APP-A-STAGING} ERICTEST04
{APP-OTHER, APP-A-STAGING} ERICTEST03
{APP-A-STAGING, APP-FILE} ERICTEST01

This is where I am running into trouble, running this:

$VM = Get-VM | Where-Object { $_.Name -like 'ERIC' } get-vm $VM | Get-NsxSecurityTagAssignment | Remove-NsxSecurityTagAssignment -confirm:$false

In the example above, when the VM has more then a single Security Tag this fails. To remove any security tag. If I manually remove one of the security tags and then run the above commandlet it works fine. It just doesn't seem to like when the VM has more then one security tag attached.

alagoutte commented 5 years ago

if you try with only one VM ?

eaphilipp commented 5 years ago

PS C:> get-vm -name ERICTEST10 | Get-NsxSecurityTagAssignment | Remove-NsxSecurityTagAssignment -confirm:$false Remove-NsxSecurityTagAssignment : Cannot validate argument on parameter 'TagAssignment'. Specify a valid Security Tag Assignment. At line:1 char:58

alagoutte commented 5 years ago

Ok, can you try git master branch ? because look there is some issue #541 #550

eaphilipp commented 5 years ago

git master branch??? Sorry I don't know what that is.

alagoutte commented 5 years ago

Hi,

Use last dev release available on github (not yet push on PS Gallery) You need to git clone this repo (or download to zip) and load module/powernsx.psm1