20 August 2013

Copy VIRole via PowerCLI

I had the occasion of needing to copy some VIRoles from one vCenter to another.  There are export/import scripts out there for exporting VIRoles to txt files, and then importing them elsewhere.  But, so as to help simplify the copying of VIRoles, I decided to make a Copy-VIRole function that does the copy straight-away.

It is pretty straight forward:  it creates a VIRole of the given name in a destination vCenter, based on the name of a VIRole and source vCenter.  This does involve the additional step of getting the VIPrivileges (handled in the function via Get-VIPrivilege) from the destination vCenter -- the PrivilegeList itself did not suffice.  The function definition:
function Copy-VIRole {
<#    .Description
    Copy a role to another role, either in same vCenter or to a different vCenter
    This assumes that connections to source/destination vCenter(s) are already established.  If role of given name already exists in destination vCenter, will stop.
    Author:  vNugglets.com -- Jul 2013
    Copy-VIRole -SrcRoleName SysAdm -DestRoleName SysAdm_copyTest -SrcVCName vcenter.com -DestVCName labvcenter.com
    VMware.VimAutomation.ViCore.Impl.V1.PermissionManagement.RoleImpl if role is created/updated, String in Warning stream and nothing in standard out otherwise
        ## source role name
        ## destination role name
        ## source vCenter connection name
        ## destination vCenter connection name
        ## WhatIf switch
    ) ## end param

    ## get the VIRole from the source vCenter
    $oSrcVIRole = Get-VIRole -Server $SrcVCName_str -Name $SrcRoleName_str -ErrorAction:SilentlyContinue
    ## if the role does not exist in the source vCenter
    if ($null -eq $oSrcVIRole) {Write-Warning "VIRole '$DestRoleName_str' does not exist in source vCenter '$SrcVCName_str'. No source VIRole from which to copy. Exiting"; exit}
    ## see if there is VIRole by the given name in the destination vCenter
    $oDestVIRole = Get-VIRole -Server $DestVCName_str -Name $DestRoleName_str -ErrorAction:SilentlyContinue

    ## if the role already exists in the destination vCenter
    if ($null -ne $oDestVIRole) {Write-Warning "VIRole '$DestRoleName_str' already exists in destination vCenter '$DestVCName_str'. Exiting"; exit}
    ## else, create the role
    else {
        $strNewVIRoleExpr = 'New-VIRole -Server $DestVCName_str -Name $DestRoleName_str -Privilege (Get-VIPrivilege -Server $DestVCName_str -Id $oSrcVIRole.PrivilegeList){0}' -f $(if ($WhatIf_sw) {" -WhatIf"})
        Invoke-Expression $strNewVIRoleExpr
    } ## end else
} ## end function

An example of using the function to copy a role from one vCenter to another, with a new role name:
PS vN:\> Copy-VIRole -SrcRoleName MyRole0 -SrcVCName myvcenter.dom.com -DestRoleName MyNewRole -DestVCName vcenter2.dom.com
Name            IsSystem
----            --------
MyNewRole       False

PS vN:\> Get-VIRole MyNewRole -server vcenter2*
Name            IsSystem
----            --------
MyNewRole       False

One can also use this function to clone a VIRole in the same vCenter -- just use the same vCenter for the Source and Destination vCenter parameters.

Note:  this function expects/requires that the PowerCLI session already has a connection to each of the vCenter(s) (one or two) involved in the operation.

For another way of copying a VIRole (between separate vCenters, particularly), see Grzegorz's post at http://psvmware.wordpress.com/2012/07/19/clone-roles-between-two-virtual-center-servers/.