jcpowermac/create-existing-folder-permissions.sh

## create-existing-folder-permissions.sh
#!/bin/bash
set -e
set -x


declare -A roles


VCENTER="Cns.Searchable InventoryService.Tagging.AttachTag InventoryService.Tagging.CreateCategory InventoryService.Tagging.CreateTag InventoryService.Tagging.DeleteCategory InventoryService.Tagging.DeleteTag InventoryService.Tagging.EditCategory InventoryService.Tagging.EditTag Sessions.ValidateSession StorageProfile.View"
VCENTER_ROLE_NAME="openshift-vcenter-level"
roles+=( ["${VCENTER_ROLE_NAME}"]=${VCENTER} )

CLUSTER="Host.Config.Storage Resource.AssignVMToPool VApp.AssignResourcePool VApp.Import VirtualMachine.Config.AddNewDisk"
CLUSTER_ROLE_NAME="openshift-cluster-level"
roles+=( ["${CLUSTER_ROLE_NAME}"]=${CLUSTER} )

DATASTORE="Datastore.AllocateSpace Datastore.Browse Datastore.FileManagement"
DATASTORE_ROLE_NAME="openshift-datastore-level"
roles+=( ["${DATASTORE_ROLE_NAME}"]=${DATASTORE} )


PORTGROUP="Network.Assign"
PORTGROUP_ROLE_NAME="openshift-portgroup-level"

roles+=( ["${PORTGROUP_ROLE_NAME}"]=${PORTGROUP} )

FOLDER="Resource.AssignVMToPool VApp.Import VirtualMachine.Config.AddExistingDisk VirtualMachine.Config.AddNewDisk VirtualMachine.Config.AddRemoveDevice VirtualMachine.Config.AdvancedConfig VirtualMachine.Config.Annotation VirtualMachine.Config.CPUCount VirtualMachine.Config.DiskExtend VirtualMachine.Config.DiskLease VirtualMachine.Config.EditDevice VirtualMachine.Config.Memory VirtualMachine.Config.RemoveDisk VirtualMachine.Config.Rename VirtualMachine.Config.ResetGuestInfo VirtualMachine.Config.Resource VirtualMachine.Config.Settings VirtualMachine.Config.UpgradeVirtualHardware VirtualMachine.Interact.GuestControl VirtualMachine.Interact.PowerOff VirtualMachine.Interact.PowerOn VirtualMachine.Interact.Reset VirtualMachine.Inventory.Create VirtualMachine.Inventory.CreateFromExisting VirtualMachine.Inventory.Delete VirtualMachine.Provisioning.Clone"

FOLDER_ROLE_NAME="openshift-folder-level"
roles+=( ["${FOLDER_ROLE_NAME}"]=${FOLDER} )

for key in "${!roles[@]}"; do
	if ! govc role.ls "${key}"; then
		govc role.create ${key} ${roles[${key}]} || true
		sleep 5
	fi
done

#openshift-vcenter-level | False | vSphere vCenter
#ReadOnly | False | vSphere vCenter Datacenter
#ReadOnly | False | vSphere vCenter Switch
#openshift-cluster-level | True | vSphere vCenter Cluster
#openshift-datastore-level | False | vSphere vCenter Datastore
#openshift-portgroup-level | False | vSphere Port Group
#openshift-folder-level | True | vSphere vCenter Virtual Machine folder


govc permissions.set --propagate=false -principal openshift@vsphere.local -role openshift-vcenter-level /

govc permissions.set  --propagate=false -principal openshift@vsphere.local -role ReadOnly /SDDC-Datacenter-Nested

govc permissions.set  --propagate=false -principal openshift@vsphere.local -role ReadOnly /SDDC-Datacenter-Nested/host/Cluster-1-Nested

govc permissions.set  --propagate=false -principal openshift@vsphere.local -role openshift-portgroup-level /SDDC-Datacenter-Nested/network/internal

govc permissions.set  --propagate=false -principal openshift@vsphere.local -role ReadOnly /SDDC-Datacenter-Nested/network/DSwitch1

govc permissions.set -propagate=false -principal openshift@vsphere.local -role openshift-datastore-level /SDDC-Datacenter-Nested/datastore/WorkloadDatastoreA

govc permissions.set -propagate=true -principal openshift@vsphere.local -role openshift-cluster-level /SDDC-Datacenter-Nested/host/Cluster-1-Nested


govc folder.create /SDDC-Datacenter-Nested/vm/jcallen2
govc permissions.set -propagate=true -principal openshift@vsphere.local -role openshift-folder-level /SDDC-Datacenter-Nested/vm/jcallen2
	#!/bin/bash
	set -e
	set -x


	declare -A roles


	VCENTER="Cns.Searchable InventoryService.Tagging.AttachTag InventoryService.Tagging.CreateCategory InventoryService.Tagging.CreateTag InventoryService.Tagging.DeleteCategory InventoryService.Tagging.DeleteTag InventoryService.Tagging.EditCategory InventoryService.Tagging.EditTag Sessions.ValidateSession StorageProfile.View"
	VCENTER_ROLE_NAME="openshift-vcenter-level"
	roles+=( ["${VCENTER_ROLE_NAME}"]=${VCENTER} )

	CLUSTER="Host.Config.Storage Resource.AssignVMToPool VApp.AssignResourcePool VApp.Import VirtualMachine.Config.AddNewDisk"
	CLUSTER_ROLE_NAME="openshift-cluster-level"
	roles+=( ["${CLUSTER_ROLE_NAME}"]=${CLUSTER} )

	DATASTORE="Datastore.AllocateSpace Datastore.Browse Datastore.FileManagement"
	DATASTORE_ROLE_NAME="openshift-datastore-level"
	roles+=( ["${DATASTORE_ROLE_NAME}"]=${DATASTORE} )


	PORTGROUP="Network.Assign"
	PORTGROUP_ROLE_NAME="openshift-portgroup-level"

	roles+=( ["${PORTGROUP_ROLE_NAME}"]=${PORTGROUP} )

	FOLDER="Resource.AssignVMToPool VApp.Import VirtualMachine.Config.AddExistingDisk VirtualMachine.Config.AddNewDisk VirtualMachine.Config.AddRemoveDevice VirtualMachine.Config.AdvancedConfig VirtualMachine.Config.Annotation VirtualMachine.Config.CPUCount VirtualMachine.Config.DiskExtend VirtualMachine.Config.DiskLease VirtualMachine.Config.EditDevice VirtualMachine.Config.Memory VirtualMachine.Config.RemoveDisk VirtualMachine.Config.Rename VirtualMachine.Config.ResetGuestInfo VirtualMachine.Config.Resource VirtualMachine.Config.Settings VirtualMachine.Config.UpgradeVirtualHardware VirtualMachine.Interact.GuestControl VirtualMachine.Interact.PowerOff VirtualMachine.Interact.PowerOn VirtualMachine.Interact.Reset VirtualMachine.Inventory.Create VirtualMachine.Inventory.CreateFromExisting VirtualMachine.Inventory.Delete VirtualMachine.Provisioning.Clone"

	FOLDER_ROLE_NAME="openshift-folder-level"
	roles+=( ["${FOLDER_ROLE_NAME}"]=${FOLDER} )

	for key in "${!roles[@]}"; do
	if ! govc role.ls "${key}"; then
	govc role.create ${key} ${roles[${key}]} \|\| true
	sleep 5
	fi
	done

	#openshift-vcenter-level \| False \| vSphere vCenter
	#ReadOnly \| False \| vSphere vCenter Datacenter
	#ReadOnly \| False \| vSphere vCenter Switch
	#openshift-cluster-level \| True \| vSphere vCenter Cluster
	#openshift-datastore-level \| False \| vSphere vCenter Datastore
	#openshift-portgroup-level \| False \| vSphere Port Group
	#openshift-folder-level \| True \| vSphere vCenter Virtual Machine folder


	govc permissions.set --propagate=false -principal openshift@vsphere.local -role openshift-vcenter-level /

	govc permissions.set --propagate=false -principal openshift@vsphere.local -role ReadOnly /SDDC-Datacenter-Nested

	govc permissions.set --propagate=false -principal openshift@vsphere.local -role ReadOnly /SDDC-Datacenter-Nested/host/Cluster-1-Nested

	govc permissions.set --propagate=false -principal openshift@vsphere.local -role openshift-portgroup-level /SDDC-Datacenter-Nested/network/internal

	govc permissions.set --propagate=false -principal openshift@vsphere.local -role ReadOnly /SDDC-Datacenter-Nested/network/DSwitch1

	govc permissions.set -propagate=false -principal openshift@vsphere.local -role openshift-datastore-level /SDDC-Datacenter-Nested/datastore/WorkloadDatastoreA

	govc permissions.set -propagate=true -principal openshift@vsphere.local -role openshift-cluster-level /SDDC-Datacenter-Nested/host/Cluster-1-Nested


	govc folder.create /SDDC-Datacenter-Nested/vm/jcallen2
	govc permissions.set -propagate=true -principal openshift@vsphere.local -role openshift-folder-level /SDDC-Datacenter-Nested/vm/jcallen2