Python Client for VMC on AWS – Part II – More User Management

In Part I of this series, we examined some of the user management functions in v1.4 of PyVMC. In this post, we will explore 2 additional user management commands in today’s v1.5 release.

show-csp-service-roles

The first new command is show-csp-service-roles. This command shows the service role names currently assigned to the logged in user – whichever user is assigned to the API token the Fling is configured to use.

C:\git\Flings\python-client-for-vmware-cloud-on-aws [master ≡]> python .\pyVMC.py show-csp-service-roles
vrni:admin
vrni:user
vmc-user:full
nsx:cloud_admin
nsx:cloud_auditor
automationservice:user
automationservice:cloud_admin  
srv-marketplace:marketplaceuser
vrops:admin
vrops:user
vcdr:sddc-admin
vcdr:administrator
vcdr:backup-admin
vcdr:dr-admin
discovery:user
hcx:admin
catalog:admin
catalog:user
log-intelligence:user
log-intelligence:admin
CodeStream:developer
CodeStream:viewer
CodeStream:administrator

find-csp-user-by-service-role

This command lets you specify a service role, then finds all users who have the specific role. In Part I, I was working to revoke full VMware Cloud on AWS Administrator privileges in an org and move most org members to an Administrator (Read Only) role. This is to prevent inadvertent deletion of our primary customer-facing demo SDDC. This command has been added to help audit role assignments – I can easily scan through the output to look for users who shouldn’t have the role.

A future release will show this output in a table format, in 1.5.1 it prints as shown below

C:\git\Flings\python-client-for-vmware-cloud-on-aws [master ≡]> python .\pyVMC.py find-user-by-service-role vmc-user:full

axxxxxxxxx@vmware.com - vmc-user:full - org_owner 
axxxxxxx@vmware.com - vmc-user:full - org_owner
bxxxxx@vmware.com - vmc-user:full - org_member
bxxxxx@vmware.com - vmc-user:full - support_user project_admin developer org_owner    
bxxxxxx@vmware.com - vmc-user:full - org_owner
cxxxxxxxx@vmware.com - vmc-user:full - org_owner
dxxxxxxxx@vmware.com - vmc-user:full - org_owner
dxxxxxxx@vmware.com - vmc-user:full - org_owner
exxxxxxxx@vmware.com - vmc-user:full - org_owner
exxxxxx@vmware.com - vmc-user:full - org_member
jxxxxxxxx@vmware.com - vmc-user:full - org_owner
jxxxxxxx@vmware.com - vmc-user:full - support_user project_admin developer org_owner 
kxxxxxxx@vmware.com - vmc-user:full - org_owner
mxxxxxxx@vmware.com - vmc-user:full - org_member
mxxxx@vmware.com - vmc-user:full - support_user project_admin developer org_owner  
nxxxxxx@vmware.com - vmc-user:full - org_owner
pxxxxxxx@vmware.com - vmc-user:full - org_owner
pxxxxxx@vmware.com - vmc-user:full - org_owner
rxxxxxxxx@vmware.com - vmc-user:full - org_owner
rxxxxx@vmware.com - vmc-user:full - org_owner
sxxxxxxx@vmware.com - vmc-user:full - org_owner
sxxxxxxxx@vmware.com - vmc-user:full - org_owner
txxxxxx@vmware.com - vmc-user:full - org_owner

1 comment

Leave a Reply

Your email address will not be published. Required fields are marked *