halr9000 · July 2, 2012 15:28
diff --git a/Add-SplunkVmwarePermission.ps1 b/Add-SplunkVmwarePermission.ps1
 <#
 .SYNOPSIS
    Use this script to assign Splunk for VMware vCenter permisisons to a specified Active Directory account
 .DESCRIPTION
    Use this script as a companion to performing the installation steps for Splunk for VMware. It is
    necessary to first create a service account in Active Directory to which the required permissions
    are then assigned. This script will assign the permissions to all visible datacenters. To assign
    permissions across multiple vCenter servers, login to them first by using the Connect-ViServer
    cmdlet with the AllLinked parameter (assuming that you are using the Linked mode feature of vCenter
    Server.)
 .NOTES    
    This script requires VMware PowerCLI which can be obtained from http://vmware.com/go/powercli.
 .PARAMETER UserId
    The user account to which permissions will be assigned. Must be in the format "domain\username".
 .PARAMETER RoleName
    The role name to be created within vCenter. Defaults to "Splunker" if not specified.
 .EXAMPLE
  Connect-ViServer -Server "vcenter.company.com" -AllLinked   
  Add-SplunkVmwarePermission -UserId "domain\splunksvc" -RoleName "splunk"
 .LINK
    http://docs.splunk.com/Documentation/VMW/latest/Install/Createserviceaccounts
 .OUTPUTS
    VMware.VimAutomation.ViCore.Impl.V1.PermissionManagement.PermissionImpl
 #>

 param (
    [Parameter(Mandatory=$true,
        HelpMessage="Enter Active Directory UserID in the format domain\userID.")]
    [ValidatePattern("\w+\\\w+")]
    [string]$UserId,
    [string]$RoleName = 'Splunker'
 )

 Add-PSSnapin VMware.VimAutomation.Core # Required to execute below cmdlets

 # Array containing names of required privileges for the VMware App
 $ReqPriv = @(
    "System.Anonymous"
    "System.View",
    "System.Read",
    "Global.Licenses",
    "Global.Diagnostics",
    "Global.Settings",
    "Host.Config.HyperThreading",
    "Host.Config.Storage",
    "Host.Config.NetService",
    "Host.Config.Memory",
    "Host.Config.Network",
    "Host.Config.Snmp",
    "Host.Config.Power",
    "VirtualMachine.Provisioning.ReadCustSpecs",
    "Sessions.TerminateSession"
 )
 $PrivObj = Get-VIPrivilege -Id $ReqPriv # Retrieve object representing required privileges
 Write-Verbose "Privileges: $PrivObj"
 $RoleObj = New-VIRole -Name $RoleName -Privilege $PrivObj # Create new VI role with required privileges
 Write-Verbose "Role Object: $RoleObj"
 $DCObj = Get-Datacenter # The object(s) to which we will assign permissions
 Write-Verbose "Datacenter Object(s): $DCObj"
 New-VIPermission -Entity $DCObj -Principal $UserId -Role $RoleObj -Propagate:$true # Perform actual permission change
	<#
	.SYNOPSIS
	Use this script to assign Splunk for VMware vCenter permisisons to a specified Active Directory account
	.DESCRIPTION
	Use this script as a companion to performing the installation steps for Splunk for VMware. It is
	necessary to first create a service account in Active Directory to which the required permissions
	are then assigned. This script will assign the permissions to all visible datacenters. To assign
	permissions across multiple vCenter servers, login to them first by using the Connect-ViServer
	cmdlet with the AllLinked parameter (assuming that you are using the Linked mode feature of vCenter
	Server.)
	.NOTES
	This script requires VMware PowerCLI which can be obtained from http://vmware.com/go/powercli.
	.PARAMETER UserId
	The user account to which permissions will be assigned. Must be in the format "domain\username".
	.PARAMETER RoleName
	The role name to be created within vCenter. Defaults to "Splunker" if not specified.
	.EXAMPLE
	Connect-ViServer -Server "vcenter.company.com" -AllLinked
	Add-SplunkVmwarePermission -UserId "domain\splunksvc" -RoleName "splunk"
	.LINK
	http://docs.splunk.com/Documentation/VMW/latest/Install/Createserviceaccounts
	.OUTPUTS
	VMware.VimAutomation.ViCore.Impl.V1.PermissionManagement.PermissionImpl
	#>

	param (
	[Parameter(Mandatory=$true,
	HelpMessage="Enter Active Directory UserID in the format domain\userID.")]
	[ValidatePattern("\w+\\\w+")]
	[string]$UserId,
	[string]$RoleName = 'Splunker'
	)

	Add-PSSnapin VMware.VimAutomation.Core # Required to execute below cmdlets

	# Array containing names of required privileges for the VMware App
	$ReqPriv = @(
	"System.Anonymous"
	"System.View",
	"System.Read",
	"Global.Licenses",
	"Global.Diagnostics",
	"Global.Settings",
	"Host.Config.HyperThreading",
	"Host.Config.Storage",
	"Host.Config.NetService",
	"Host.Config.Memory",
	"Host.Config.Network",
	"Host.Config.Snmp",
	"Host.Config.Power",
	"VirtualMachine.Provisioning.ReadCustSpecs",
	"Sessions.TerminateSession"
	)
	$PrivObj = Get-VIPrivilege -Id $ReqPriv # Retrieve object representing required privileges
	Write-Verbose "Privileges: $PrivObj"
	$RoleObj = New-VIRole -Name $RoleName -Privilege $PrivObj # Create new VI role with required privileges
	Write-Verbose "Role Object: $RoleObj"
	$DCObj = Get-Datacenter # The object(s) to which we will assign permissions
	Write-Verbose "Datacenter Object(s): $DCObj"
	New-VIPermission -Entity $DCObj -Principal $UserId -Role $RoleObj -Propagate:$true # Perform actual permission change