In Part I of this series, we examined some of the user management functions in v1.4 of PyVMC. In this post, we will explore 2 additional user management commands in today’s v1.5 release.
show-csp-service-roles
The first new command is show-csp-service-roles. This command shows the service role names currently assigned to the logged in user – whichever user is assigned to the API token the Fling is configured to use.
C:\git\Flings\python-client-for-vmware-cloud-on-aws [master ≡]> python .\pyVMC.py show-csp-service-roles
vrni:admin
vrni:user
vmc-user:full
nsx:cloud_admin
nsx:cloud_auditor
automationservice:user
automationservice:cloud_admin
srv-marketplace:marketplaceuser
vrops:admin
vrops:user
vcdr:sddc-admin
vcdr:administrator
vcdr:backup-admin
vcdr:dr-admin
discovery:user
hcx:admin
catalog:admin
catalog:user
log-intelligence:user
log-intelligence:admin
CodeStream:developer
CodeStream:viewer
CodeStream:administrator
find-csp-user-by-service-role
This command lets you specify a service role, then finds all users who have the specific role. In Part I, I was working to revoke full VMware Cloud on AWS Administrator privileges in an org and move most org members to an Administrator (Read Only) role. This is to prevent inadvertent deletion of our primary customer-facing demo SDDC. This command has been added to help audit role assignments – I can easily scan through the output to look for users who shouldn’t have the role.
A future release will show this output in a table format, in 1.5.1 it prints as shown below
C:\git\Flings\python-client-for-vmware-cloud-on-aws [master ≡]> python .\pyVMC.py find-user-by-service-role vmc-user:full
axxxxxxxxx@vmware.com - vmc-user:full - org_owner
axxxxxxx@vmware.com - vmc-user:full - org_owner
bxxxxx@vmware.com - vmc-user:full - org_member
bxxxxx@vmware.com - vmc-user:full - support_user project_admin developer org_owner
bxxxxxx@vmware.com - vmc-user:full - org_owner
cxxxxxxxx@vmware.com - vmc-user:full - org_owner
dxxxxxxxx@vmware.com - vmc-user:full - org_owner
dxxxxxxx@vmware.com - vmc-user:full - org_owner
exxxxxxxx@vmware.com - vmc-user:full - org_owner
exxxxxx@vmware.com - vmc-user:full - org_member
jxxxxxxxx@vmware.com - vmc-user:full - org_owner
jxxxxxxx@vmware.com - vmc-user:full - support_user project_admin developer org_owner
kxxxxxxx@vmware.com - vmc-user:full - org_owner
mxxxxxxx@vmware.com - vmc-user:full - org_member
mxxxx@vmware.com - vmc-user:full - support_user project_admin developer org_owner
nxxxxxx@vmware.com - vmc-user:full - org_owner
pxxxxxxx@vmware.com - vmc-user:full - org_owner
pxxxxxx@vmware.com - vmc-user:full - org_owner
rxxxxxxxx@vmware.com - vmc-user:full - org_owner
rxxxxx@vmware.com - vmc-user:full - org_owner
sxxxxxxx@vmware.com - vmc-user:full - org_owner
sxxxxxxxx@vmware.com - vmc-user:full - org_owner
txxxxxx@vmware.com - vmc-user:full - org_owner
Python Client for VMC on AWS - Part I - User Management -
[…] all for this post. In Part II, we look at more user management […]