diff --git a/changelog/348.added b/changelog/348.added new file mode 100644 index 00000000..8ab63734 --- /dev/null +++ b/changelog/348.added @@ -0,0 +1,2 @@ +Added module for vCenter Security Roles with functionality - list/find/save roles. +Added state for Security Roles - drift report and remediation. diff --git a/docs/ref/modules/all.rst b/docs/ref/modules/all.rst index 0aea788b..c7aa03a5 100644 --- a/docs/ref/modules/all.rst +++ b/docs/ref/modules/all.rst @@ -30,6 +30,7 @@ Execution Modules saltext.vmware.modules.nsxt_transport_node_profiles saltext.vmware.modules.nsxt_transport_zone saltext.vmware.modules.nsxt_uplink_profiles + saltext.vmware.modules.roles saltext.vmware.modules.ssl_adapter saltext.vmware.modules.storage_policies saltext.vmware.modules.tag diff --git a/docs/ref/modules/saltext.vmware.modules.roles.rst b/docs/ref/modules/saltext.vmware.modules.roles.rst new file mode 100644 index 00000000..a180b0bc --- /dev/null +++ b/docs/ref/modules/saltext.vmware.modules.roles.rst @@ -0,0 +1,6 @@ + +saltext.vmware.modules.roles +============================ + +.. automodule:: saltext.vmware.modules.roles + :members: diff --git a/docs/ref/states/all.rst b/docs/ref/states/all.rst index c6ee2f5f..75b9d35a 100644 --- a/docs/ref/states/all.rst +++ b/docs/ref/states/all.rst @@ -25,6 +25,7 @@ State Modules saltext.vmware.states.nsxt_transport_node_profiles saltext.vmware.states.nsxt_transport_zone saltext.vmware.states.nsxt_uplink_profiles + saltext.vmware.states.roles saltext.vmware.states.storage_policies saltext.vmware.states.tag saltext.vmware.states.vm diff --git a/docs/ref/states/saltext.vmware.states.roles.rst b/docs/ref/states/saltext.vmware.states.roles.rst new file mode 100644 index 00000000..9b32fbb3 --- /dev/null +++ b/docs/ref/states/saltext.vmware.states.roles.rst @@ -0,0 +1,6 @@ + +saltext.vmware.states.roles +=========================== + +.. automodule:: saltext.vmware.states.roles + :members: diff --git a/src/saltext/vmware/modules/roles.py b/src/saltext/vmware/modules/roles.py new file mode 100644 index 00000000..680f5718 --- /dev/null +++ b/src/saltext/vmware/modules/roles.py @@ -0,0 +1,337 @@ +# Copyright 2021 VMware, Inc. +# SPDX-License: Apache-2.0 +import json +import logging + +import salt.exceptions +import saltext.vmware.utils.connect as connect + +log = logging.getLogger(__name__) + +try: + from pyVmomi import pbm, VmomiSupport, SoapStubAdapter, vim + + HAS_PYVMOMI = True +except ImportError: + HAS_PYVMOMI = False + + +__virtualname__ = "vcenter_roles" + + +def __virtual__(): + if not HAS_PYVMOMI: + return False, "Unable to import pyVmomi module." + return __virtualname__ + + +def _get_privilege_descriptions(authorizationManager): + privileges_desc = {} + for desciption in authorizationManager.description.privilege: + privileges_desc[desciption.key] = {"label": desciption.label, "summary": desciption.summary} + return privileges_desc + + +def _get_privilege_group_descriptions(authorizationManager): + privilege_groups_desc = {} + for desciption in authorizationManager.description.privilegeGroup: + privilege_groups_desc[desciption.key] = { + "label": desciption.label, + "summary": desciption.summary, + } + return privilege_groups_desc + + +def get_privilege_descriptions(service_instance=None, profile=None): + """ + Returns descriptions of all privileges. + + service_instance + Use this vCenter service connection instance instead of creating a new one. (optional). + + profile + Profile to use (optional) + """ + service_instance = service_instance or connect.get_service_instance( + config=__opts__, profile=profile + ) + authorizationManager = service_instance.RetrieveContent().authorizationManager + return _get_privilege_descriptions(authorizationManager) + + +def get_privilege_group_descriptions(service_instance=None, profile=None): + """ + Returns descriptions of all privilege groups. + + service_instance + Use this vCenter service connection instance instead of creating a new one. (optional). + + profile + Profile to use (optional) + """ + service_instance = service_instance or connect.get_service_instance( + config=__opts__, profile=profile + ) + authorizationManager = service_instance.RetrieveContent().authorizationManager + return _get_privilege_group_descriptions(authorizationManager) + + +def find(role_name=None, service_instance=None, profile=None): + """ + Gets vCenter roles. Returns list of roles filtered by role_name or all roles if rone_name is not provided. + + role_name + Filter by role name, if None returns all policies + + service_instance + Use this vCenter service connection instance instead of creating a new one. (optional). + + profile + Profile to use (optional) + + .. code-block:: json + + { + "role": "SRM Administrator", + "privileges": { + "Protection Group": [ + "Assign to plan", + "Create", + "Modify", + "Remove", + "Remove from plan" + ], + "Recovery Plan": [ + "Configure commands", + "Create", + "Remove", + "Modify", + "Recovery" + ] + } + } + """ + service_instance = service_instance or connect.get_service_instance( + config=__opts__, profile=profile + ) + + authorizationManager = service_instance.RetrieveContent().authorizationManager + + # Collect priviliges descriptions + privileges_desc = _get_privilege_descriptions(authorizationManager) + privilege_groups_desc = _get_privilege_group_descriptions(authorizationManager) + + # Collect all privilages with their descriptions + privileges = {} + for privilege in authorizationManager.privilegeList: + desciption = privileges_desc[privilege.privId] + desciption_group = privilege_groups_desc[privilege.privGroupName] + privileges[privilege.privId] = { + "name": privilege.name, + "label": desciption["label"], + "summary": desciption["summary"], + "groupName": privilege.privGroupName, + "groupLabel": desciption_group["label"], + "onParent": privilege.onParent, + } + + # make JSON representation of current policies + # old_configs holds only the rules that are in the scope of interest (provided in argument config_input) + result = [] + for role in authorizationManager.roleList: + if role_name is not None and role_name != role.info.label: + continue + + role_json = { + "id": role.roleId, + "roleName": role.name, + "label": role.info.label, + "description": role.info.summary, + "system": role.system, + } + role_json["privileges"] = [] + for privilage_id in role.privilege: + role_privilege = privileges[privilage_id] + role_json["privileges"].append( + { + "id": privilage_id, + "name": role_privilege["label"], + "description": role_privilege["summary"], + "groupName": role_privilege["groupName"], + "groupLabel": role_privilege["groupLabel"], + "onParent": role_privilege["onParent"], + } + ) + result.append(role_json) + + # make JSON representation of current policies + roles_config = [] + for role in result: + role_json = {"role": role["label"], "privileges": {}} + for privilege in role["privileges"]: + priv_name = privilege["name"] + group_name = privilege["groupLabel"] + if group_name not in role_json["privileges"]: + role_json["privileges"][group_name] = [] + role_json["privileges"][group_name].append(priv_name) + roles_config.append(role_json) + + return roles_config + + +def save(role_config, service_instance=None, profile=None): + """ + Create new role with given configuration, if it doesn't exist. + Otherwise update existing role. + Apply changes only for particular group from configuration. + Roles outside the groups mentioned in configuration are kept unchanged. + + role_config + Role name and configuration values. + + service_instance + Use this vCenter service connection instance instead of creating a new one. (optional). + + profile + Profile to use (optional) + + .. code-block:: json + + { + "role": "SRM Administrator", + "privileges": { + "Protection Group": [ + "Assign to plan", + "Create", + "Modify", + "Remove", + "Remove from plan" + ], + "Recovery Plan": [ + "Configure commands", + "Create", + "Remove", + "Modify", + "Recovery" + ] + } + } + """ + service_instance = service_instance or connect.get_service_instance( + config=__opts__, profile=profile + ) + + authorizationManager = service_instance.RetrieveContent().authorizationManager + + privileges_desc = _get_privilege_descriptions(authorizationManager) + privilege_groups_desc = _get_privilege_group_descriptions(authorizationManager) + + # Collect privilages by group label and privilege name + group_privileges = {} + privilege_group_map = {} + for privilege in authorizationManager.privilegeList: + desciption_group = privilege_groups_desc[privilege.privGroupName] + group_label = desciption_group["label"] + if group_label not in group_privileges: + group_privileges[group_label] = [] + group_privileges[group_label].append(privilege) + privilege_group_map[privilege.privId] = group_label + + role_name = role_config["role"] + + # find role to store or update + role = None + for role_obj in authorizationManager.roleList: + if role_obj.info.label == role_name: + role = role_obj + break + + # group new privileges + new_privileges_by_groups = {} + for group in role_config["privileges"]: + if group not in new_privileges_by_groups: + new_privileges_by_groups[group] = [] + privileges_in_group = role_config["privileges"][group] + for priv in group_privileges[group]: + priv_label = privileges_desc[priv.privId]["label"] + if priv_label in privileges_in_group: + # collect new privileges + new_privileges_by_groups[group].append(priv.privId) + + # Create if role doesn't exist + if role is None: + if not role_name: + raise salt.exceptions.CommandExecutionError(f"Role name is required!") + + log.debug("") + log.debug("*********************************") + log.debug("Create Role: " + role_name) + log.debug("") + + role_privileges = [] + for group in new_privileges_by_groups: + role_privileges += new_privileges_by_groups[group] + + log.debug("Privileges:") + log.debug(json.dumps(list(role_privileges), indent=2)) + + authorizationManager.AddAuthorizationRole(role_name, role_privileges) + log.debug("*********************************") + + return {"status": "created"} + else: + # otherwise update existing role + # apply changes only for particular group from configuration + # roles outside the groups mentioned in configuration are kept unchanged + + role_privileges = [] + old_privileges_by_groups = {} + for priv_name in role.privilege: + role_privileges.append(priv_name) + if priv_name in privilege_group_map: + group = privilege_group_map[priv_name] + if group not in old_privileges_by_groups: + old_privileges_by_groups[group] = [] + # collect current privileges + old_privileges_by_groups[group].append(priv_name) + + log.debug("") + log.debug("*********************************") + log.debug("Update Role: " + role_name) + log.debug("") + add_privileges = [] + remove_priviliges = [] + for group in new_privileges_by_groups: + if group in old_privileges_by_groups: + # merge group privileges + add_privileges += set(new_privileges_by_groups[group]).difference( + old_privileges_by_groups[group] + ) + remove_priviliges += set(old_privileges_by_groups[group]).difference( + new_privileges_by_groups[group] + ) + else: + # add new group with privileges + add_privileges += new_privileges_by_groups[group] + + log.debug("Add privileges:") + log.debug(json.dumps(list(add_privileges), indent=2)) + log.debug("Remove privileges:") + log.debug(json.dumps(list(remove_priviliges), indent=2)) + log.debug("---------------------------") + + # remove privileges from role + for priv in remove_priviliges: + role_privileges.remove(priv) + + # add privileges to role + for priv in add_privileges: + role_privileges.append(priv) + + log.debug("Final privileges:") + log.debug(json.dumps(list(role_privileges), indent=2)) + + authorizationManager.UpdateAuthorizationRole(role.roleId, role.name, role_privileges) + log.debug("*********************************") + + return {"status": "updated"} diff --git a/src/saltext/vmware/states/roles.py b/src/saltext/vmware/states/roles.py new file mode 100644 index 00000000..8006fcf9 --- /dev/null +++ b/src/saltext/vmware/states/roles.py @@ -0,0 +1,161 @@ +# SPDX-License-Identifier: Apache-2.0 +import json +import logging + +import saltext.vmware.modules.roles as roles_module +import saltext.vmware.utils.connect as connect +import saltext.vmware.utils.drift as drift + +log = logging.getLogger(__name__) + +try: + from pyVmomi import vim + + HAS_PYVMOMI = True +except ImportError: + HAS_PYVMOMI = False + + +__virtualname__ = "vcenter_roles" +__proxyenabled__ = ["vcenter_roles"] + + +def __virtual__(): + if not HAS_PYVMOMI: + return False, "Unable to import pyVmomi module." + return __virtualname__ + + +def config(name, config, service_instance=None, profile=None): + """ + Get/Set roles configuration based on drift report. + + name + Name of configuration. (required). + + config + List of objects with configuration values. (required). + + service_instance + Use this vCenter service connection instance instead of creating a new one. (optional). + + profile + Profile to use (optional) + + .. code-block:: yaml + + vcenter_roles_config_example: + vcenter_roles.config: + - profile: vcenter + - config: + - role: SRM Administrator + groups: + - group: SRM Protection + privileges: + - Stop + - Protect + - group: Recovery History + privileges: + - Delete History + - View Deleted Plans + - group: Recovery Plan + privileges: + - Configure commands + - Create + - Remove + - Modify + - Recovery + - group: Protection Group + privileges: + - Assign to plan + - Create + - Modify + - Remove + - Remove from plan + """ + + service_instance = service_instance or connect.get_service_instance( + config=__opts__, profile=profile + ) + ret = {"name": name, "changes": {}, "result": None, "comment": ""} + + # # Clone config input to a Map. + # # Can be used to transform input to internal objects and do validation if needed + new_config = {} + for role_config in config: + # Create full representation of the object, default or empty values + new_role_config = {"privileges": {}} + # Transform / Validate input vs object, e.g. constraints section + if "groups" in role_config: + for privilege in role_config["groups"]: + priv_group = privilege["group"] + new_role_config["privileges"][priv_group] = [] + for item in privilege["privileges"]: + new_role_config["privileges"][priv_group].append(item) + new_config[role_config["role"]] = new_role_config + + log.debug("---------------NEW--------------") + log.debug(json.dumps(new_config, indent=2)) + log.debug("---------------NEW--------------") + + # Get all policies from vCenter, the objects are VMOMI objects + old_configs = roles_module.find( + role_name=None, service_instance=service_instance, profile=profile + ) + + # old_configs must have only the rules that are in the scope of interest (provided in argument config_input) + old_config = {} + for role in old_configs: + if role["role"] not in new_config.keys(): + continue + + old_config[role["role"]] = {"privileges": role["privileges"]} + + log.debug("--------------OLD---------------") + log.debug(json.dumps(old_config, indent=2)) + log.debug("--------------OLD---------------") + + # Find rules changes + changes = [] + diffs = drift.drift_report(old_config, new_config, diff_level=0) + diffs = json.loads(json.dumps(diffs)) # clone object + if diffs is not None: + ret["changes"] = diffs + + log.debug("==============DRIFT===============") + log.debug(json.dumps(diffs, indent=2)) + log.debug("==============DRIFT===============") + + # add changes for process if not dry-run + for d_name in diffs: + new_policy = diffs[d_name]["new"] + changes.append({**{"role": d_name}, **new_policy}) + + # If it's not dry-run and has changes, then apply changes + if not __opts__["test"] and changes: + success = True + + log.debug("===============CHANGES==============") + log.debug(json.dumps(changes, indent=2)) + log.debug("===============CHANGES==============") + + comments = {} + for change in changes: + try: + # save/update rule + roles_module.save(change, service_instance, profile) + comments[change["role"]] = { + "status": "SUCCESS", + "message": f"Role '{change['role']}' has been changed successfully.", + } + except Exception as err: + success = False + comments[change["role"]] = { + "status": "FAILURE", + "message": f"Error occured while saving role '{change['role']}': {err}", + } + + ret["comment"] = comments # it's more readable if passed as object + ret["result"] = success # at least one success + + return ret diff --git a/tests/test_files/role-privilege-descriptions.json b/tests/test_files/role-privilege-descriptions.json new file mode 100644 index 00000000..d9e53d1a --- /dev/null +++ b/tests/test_files/role-privilege-descriptions.json @@ -0,0 +1,2002 @@ +[ + { + "key": "System.Anonymous", + "label": "Anonymous", + "summary": "The only privilege held by sessions which have not logged in" + }, + { + "key": "System.View", + "label": "View", + "summary": "Visibility without read access to an entity. This is assigned implicitly by the system, if read privileges are assigned at lower levels in the inventory" + }, + { + "key": "System.Read", + "label": "Read", + "summary": "Grants read access to an entity" + }, + { + "key": "Global.ManageCustomFields", + "label": "Manage custom attributes", + "summary": "Add, remove, and rename custom attribute definitions" + }, + { + "key": "Global.SetCustomField", + "label": "Set custom attribute", + "summary": "Set the value of a custom attribute on an object" + }, + { + "key": "Global.LogEvent", + "label": "Log event", + "summary": "Log a user-defined event on an object" + }, + { + "key": "Global.CancelTask", + "label": "Cancel task", + "summary": "Cancel a running task" + }, + { + "key": "Global.Licenses", + "label": "Licenses", + "summary": "Manage licenses" + }, + { + "key": "Global.Diagnostics", + "label": "Diagnostics", + "summary": "Export diagnostic data" + }, + { + "key": "Global.Settings", + "label": "Settings", + "summary": "Edit global settings" + }, + { + "key": "Global.VCServer", + "label": "Act as vCenter Server", + "summary": "Act as the vCenter Server" + }, + { + "key": "Global.CapacityPlanning", + "label": "Capacity planning", + "summary": "Discover and convert physical host to virtual machine" + }, + { + "key": "Global.ScriptAction", + "label": "Script action", + "summary": "Schedule an external script action" + }, + { + "key": "Global.Proxy", + "label": "Proxy", + "summary": "Add or remove endpoints to or from the proxy" + }, + { + "key": "Global.DisableMethods", + "label": "Disable methods", + "summary": "Operations are disabled in vCenter " + }, + { + "key": "Global.EnableMethods", + "label": "Enable methods", + "summary": "Operations are enabled in vCenter " + }, + { + "key": "Global.ServiceManagers", + "label": "Service managers", + "summary": "Access the directory service" + }, + { + "key": "Global.Health", + "label": "Health", + "summary": "Access the health of vCenter group" + }, + { + "key": "Global.SystemTag", + "label": "System tag", + "summary": "Add or remove system tag" + }, + { + "key": "Global.GlobalTag", + "label": "Global tag", + "summary": "Add or remove global tag" + }, + { + "key": "Folder.Create", + "label": "Create folder", + "summary": "Create folder" + }, + { + "key": "Folder.Delete", + "label": "Delete folder", + "summary": "Delete folder" + }, + { + "key": "Folder.Rename", + "label": "Rename folder", + "summary": "Rename folder" + }, + { + "key": "Folder.Move", + "label": "Move folder", + "summary": "Move folder" + }, + { + "key": "Datacenter.Create", + "label": "Create datacenter", + "summary": "Create a datacenter" + }, + { + "key": "Datacenter.Delete", + "label": "Remove datacenter", + "summary": "Remove a datacenter" + }, + { + "key": "Datacenter.Rename", + "label": "Rename datacenter", + "summary": "Rename a datacenter" + }, + { + "key": "Datacenter.Move", + "label": "Move datacenter", + "summary": "Move a datacenter" + }, + { + "key": "Datacenter.IpPoolConfig", + "label": "Network protocol profile configuration", + "summary": "Configure a network protocol profile on a datacenter" + }, + { + "key": "Datacenter.IpPoolReleaseIp", + "label": "Release IP allocation", + "summary": "Release IP allocation on a network protocol profile in a datacenter" + }, + { + "key": "Datacenter.IpPoolQueryAllocations", + "label": "Query IP pool allocation", + "summary": "Query IP pool allocation on a network protocol profile in a datacenter" + }, + { + "key": "Datacenter.Reconfigure", + "label": "Reconfigure datacenter", + "summary": "Reconfigure a datacenter" + }, + { + "key": "Datastore.Rename", + "label": "Rename datastore", + "summary": "Rename a datastore" + }, + { + "key": "Datastore.Move", + "label": "Move datastore", + "summary": "Move a datastore" + }, + { + "key": "Datastore.Delete", + "label": "Remove datastore", + "summary": "Remove a datastore from the datacenter" + }, + { + "key": "Datastore.Browse", + "label": "Browse datastore", + "summary": "Browse a datastore" + }, + { + "key": "Datastore.DeleteFile", + "label": "Remove file", + "summary": "Remove a file from a datastore" + }, + { + "key": "Datastore.FileManagement", + "label": "Low level file operations", + "summary": "Perform low level file operations on a datastore" + }, + { + "key": "Datastore.AllocateSpace", + "label": "Allocate space", + "summary": "Allocate space on a datastore" + }, + { + "key": "Datastore.Config", + "label": "Configure datastore", + "summary": "Configure a datastore" + }, + { + "key": "Datastore.UpdateVirtualMachineFiles", + "label": "Update virtual machine files", + "summary": "Update virtual machine files on a datastore" + }, + { + "key": "Datastore.UpdateVirtualMachineMetadata", + "label": "Update virtual machine metadata", + "summary": "Update virtual machine metadata on a datastore" + }, + { + "key": "Network.Move", + "label": "Move network", + "summary": "Move a network" + }, + { + "key": "Network.Delete", + "label": "Remove", + "summary": "Remove a network" + }, + { + "key": "Network.Config", + "label": "Configure", + "summary": "Configure a network" + }, + { + "key": "Network.Assign", + "label": "Assign network", + "summary": "Assign network to virtual machine, host service console, VMkernel virtual NIC or physical NIC" + }, + { + "key": "DVSwitch.Create", + "label": "Create", + "summary": "Create a distributed switch" + }, + { + "key": "DVSwitch.Modify", + "label": "Modify", + "summary": "Change the configuration of a distributed switch" + }, + { + "key": "DVSwitch.HostOp", + "label": "Host operation", + "summary": "Change the host member of a distributed switch" + }, + { + "key": "DVSwitch.PolicyOp", + "label": "Policy operation", + "summary": "Change the policy of a distributed switch" + }, + { + "key": "DVSwitch.PortConfig", + "label": "Port configuration operation", + "summary": "Change the configuration of a port in a distributed switch" + }, + { + "key": "DVSwitch.PortSetting", + "label": "Port setting operation", + "summary": "Change the setting of a port in a distributed switch" + }, + { + "key": "DVSwitch.Delete", + "label": "Delete", + "summary": "Delete a distributed switch" + }, + { + "key": "DVSwitch.Move", + "label": "Move", + "summary": "Move a distributed switch into another folder" + }, + { + "key": "DVSwitch.Vspan", + "label": "VSPAN operation", + "summary": "Change the distributed port mirroring configuration of a distributed switch" + }, + { + "key": "DVSwitch.Ipfix", + "label": "IPFIX operation", + "summary": "Change the ipfix configuration of a distributed switch" + }, + { + "key": "DVSwitch.ResourceManagement", + "label": "Network I/O control operation", + "summary": "Add or update network I/O control resource pools" + }, + { + "key": "DVPortgroup.Create", + "label": "Create", + "summary": "Create a dvPort group" + }, + { + "key": "DVPortgroup.Modify", + "label": "Modify", + "summary": "Modify the configuration of a dvPort group" + }, + { + "key": "DVPortgroup.PolicyOp", + "label": "Policy operation", + "summary": "Set the policy of a dvPort group" + }, + { + "key": "DVPortgroup.ScopeOp", + "label": "Scope operation", + "summary": "Set the scope of a dvPort group" + }, + { + "key": "DVPortgroup.Ipfix", + "label": "IPFIX operation", + "summary": "Change the ipfix configuration of a dvPort group" + }, + { + "key": "DVPortgroup.Delete", + "label": "Delete", + "summary": "Delete a dvPort group" + }, + { + "key": "Host.Inventory.AddStandaloneHost", + "label": "Add standalone host", + "summary": "Add a standalone host" + }, + { + "key": "Host.Inventory.CreateCluster", + "label": "Create cluster", + "summary": "Create a cluster along with its initial specification" + }, + { + "key": "Host.Inventory.AddHostToCluster", + "label": "Add host to cluster", + "summary": "Add a host to a cluster" + }, + { + "key": "Host.Inventory.RemoveHostFromCluster", + "label": "Remove host", + "summary": "Remove a host" + }, + { + "key": "Host.Inventory.MoveCluster", + "label": "Move cluster or standalone host", + "summary": "Move a cluster or standalone host" + }, + { + "key": "Host.Inventory.RenameCluster", + "label": "Rename cluster", + "summary": "Rename cluster" + }, + { + "key": "Host.Inventory.DeleteCluster", + "label": "Remove cluster", + "summary": "Remove a cluster or standalone host" + }, + { + "key": "Host.Inventory.EditCluster", + "label": "Modify cluster", + "summary": "Modify a cluster's specification" + }, + { + "key": "Host.Inventory.MoveHost", + "label": "Move host", + "summary": "Move a host between clusters" + }, + { + "key": "Host.Hbr.HbrManagement", + "label": "Manage replication", + "summary": "Manage replication of virtual machines" + }, + { + "key": "Host.Config.AuthenticationStore", + "label": "Authentication Store", + "summary": "Configure authentication stores" + }, + { + "key": "Host.Config.SystemManagement", + "label": "System Management", + "summary": "Remote file management and CIM read/write access" + }, + { + "key": "Host.Config.Connection", + "label": "Connection", + "summary": "Connect or disconnect a host" + }, + { + "key": "Host.Config.Maintenance", + "label": "Maintenance", + "summary": "Enable and disable maintenance mode" + }, + { + "key": "Host.Config.AutoStart", + "label": "Virtual machine autostart configuration", + "summary": "Virtual machine autostart configuration" + }, + { + "key": "Host.Config.HyperThreading", + "label": "Hyperthreading", + "summary": "Enable/disable hyperthreading" + }, + { + "key": "Host.Config.Storage", + "label": "Storage partition configuration", + "summary": "Storage, host datastore, and diagnostic partition configuration" + }, + { + "key": "Host.Config.NetService", + "label": "Security profile and firewall", + "summary": "Configure internet services and firewall" + }, + { + "key": "Host.Config.Memory", + "label": "Memory configuration", + "summary": "Service console memory reservation" + }, + { + "key": "Host.Config.Network", + "label": "Network configuration", + "summary": "Network configuration" + }, + { + "key": "Host.Config.AdvancedConfig", + "label": "Advanced settings", + "summary": "Modify advanced settings for the host" + }, + { + "key": "Host.Config.Resources", + "label": "System resources", + "summary": "Modify system resource settings" + }, + { + "key": "Host.Config.Snmp", + "label": "Change SNMP settings", + "summary": "Modify SNMP settings" + }, + { + "key": "Host.Config.DateTime", + "label": "Change date and time settings", + "summary": "Change date and time settings for the host" + }, + { + "key": "Host.Config.PciPassthru", + "label": "Change PciPassthru settings", + "summary": "Change PciPassthru settings for the host" + }, + { + "key": "Host.Config.Settings", + "label": "Change settings", + "summary": "Change host settings" + }, + { + "key": "Host.Config.Patch", + "label": "Query patch", + "summary": "Query host patches" + }, + { + "key": "Host.Config.Firmware", + "label": "Firmware", + "summary": "Firmware system operations" + }, + { + "key": "Host.Config.Power", + "label": "Power", + "summary": "Power system operations" + }, + { + "key": "Host.Config.Image", + "label": "Image configuration", + "summary": "Change image configuration settings" + }, + { + "key": "Host.Config.Quarantine", + "label": "Quarantine", + "summary": "Change quarantine mode of a host" + }, + { + "key": "Host.Config.Nvdimm", + "label": "NVDIMM", + "summary": "NVDIMM system operations" + }, + { + "key": "Host.Local.InstallAgent", + "label": "Add host to vCenter", + "summary": "Bring the host under vCenter management" + }, + { + "key": "Host.Local.ManageUserGroups", + "label": "Manage user groups", + "summary": "User account management" + }, + { + "key": "Host.Local.CreateVM", + "label": "Create virtual machine", + "summary": "Create a virtual machine without registering it" + }, + { + "key": "Host.Local.ReconfigVM", + "label": "Reconfigure virtual machine", + "summary": "Reconfigure a virtual machine" + }, + { + "key": "Host.Local.DeleteVM", + "label": "Delete virtual machine", + "summary": "Delete an unregistered virtual machine" + }, + { + "key": "Host.Cim.CimInteraction", + "label": "CIM interaction", + "summary": "Establish a remote connection to a CIM interface. By default, this privilege is belongs only to the administrator. This privilege provides SuperUser level access to the CIM service" + }, + { + "key": "VirtualMachine.Inventory.Create", + "label": "Create new", + "summary": "Create a new virtual machine or template" + }, + { + "key": "VirtualMachine.Inventory.CreateFromExisting", + "label": "Create from existing", + "summary": "Create a virtual machine based on an existing virtual machine or template" + }, + { + "key": "VirtualMachine.Inventory.Register", + "label": "Register", + "summary": "Add an existing virtual machine to the inventory" + }, + { + "key": "VirtualMachine.Inventory.Delete", + "label": "Remove", + "summary": "Remove a virtual machine" + }, + { + "key": "VirtualMachine.Inventory.Unregister", + "label": "Unregister", + "summary": "Unregister a virtual machine" + }, + { + "key": "VirtualMachine.Inventory.Move", + "label": "Move", + "summary": "Move a virtual machine" + }, + { + "key": "VirtualMachine.Interact.PowerOn", + "label": "Power on", + "summary": "Power on or resume a virtual machine" + }, + { + "key": "VirtualMachine.Interact.PowerOff", + "label": "Power off", + "summary": "Power off a virtual machine" + }, + { + "key": "VirtualMachine.Interact.Suspend", + "label": "Suspend", + "summary": "Suspend a virtual machine" + }, + { + "key": "VirtualMachine.Interact.Reset", + "label": "Reset", + "summary": "Reset (power cycle) a virtual machine" + }, + { + "key": "VirtualMachine.Interact.Pause", + "label": "Pause or Unpause", + "summary": "Pause or unpause a virtual machine" + }, + { + "key": "VirtualMachine.Interact.AnswerQuestion", + "label": "Answer question", + "summary": "Answer a virtual machine run-time question" + }, + { + "key": "VirtualMachine.Interact.ConsoleInteract", + "label": "Console interaction", + "summary": "Interact with the virtual machine console" + }, + { + "key": "VirtualMachine.Interact.DeviceConnection", + "label": "Connect devices", + "summary": "Connect/disconnect media and network devices" + }, + { + "key": "VirtualMachine.Interact.SetCDMedia", + "label": "Configure CD media", + "summary": "Configure a different media for virtual CD-ROMs" + }, + { + "key": "VirtualMachine.Interact.SetFloppyMedia", + "label": "Configure floppy media", + "summary": "Configure a different media for virtual floppies" + }, + { + "key": "VirtualMachine.Interact.ToolsInstall", + "label": "Install VMware Tools", + "summary": "Install VMware Tools (or mount/unmount the tools installer image)" + }, + { + "key": "VirtualMachine.Interact.GuestControl", + "label": "Guest operating system management by VIX API", + "summary": "Perform management operations within the guest operating system via the VIX API" + }, + { + "key": "VirtualMachine.Interact.DefragmentAllDisks", + "label": "Defragment all disks", + "summary": "Defragment all disks on the virtual machine" + }, + { + "key": "VirtualMachine.Interact.CreateSecondary", + "label": "Turn on Fault Tolerance", + "summary": "Turn on Fault Tolerance for this virtual machine" + }, + { + "key": "VirtualMachine.Interact.TurnOffFaultTolerance", + "label": "Turn off Fault Tolerance", + "summary": "Turn off Fault Tolerance for this virtual machine" + }, + { + "key": "VirtualMachine.Interact.MakePrimary", + "label": "Test failover", + "summary": "Make the Secondary VM the Primary VM" + }, + { + "key": "VirtualMachine.Interact.TerminateFaultTolerantVM", + "label": "Test restart Secondary VM", + "summary": "Terminate the Secondary VM" + }, + { + "key": "VirtualMachine.Interact.DisableSecondary", + "label": "Suspend Fault Tolerance", + "summary": "Suspend Fault Tolerance for this virtual machine" + }, + { + "key": "VirtualMachine.Interact.EnableSecondary", + "label": "Resume Fault Tolerance", + "summary": "Resume Fault Tolerance for this virtual machine" + }, + { + "key": "VirtualMachine.Interact.Record", + "label": "Record session on virtual machine", + "summary": "Record session on a virtual machine" + }, + { + "key": "VirtualMachine.Interact.Replay", + "label": "Replay session on virtual machine", + "summary": "Replay session on a virtual machine" + }, + { + "key": "VirtualMachine.Interact.Backup", + "label": "Backup operation on virtual machine", + "summary": "Backup operations on a virtual machine" + }, + { + "key": "VirtualMachine.Interact.CreateScreenshot", + "label": "Create screenshot", + "summary": "Create a screenshot" + }, + { + "key": "VirtualMachine.Interact.PutUsbScanCodes", + "label": "Inject USB HID scan codes", + "summary": "Inject a sequence of USB HID scan codes into the keyboard" + }, + { + "key": "VirtualMachine.Interact.SESparseMaintenance", + "label": "Perform wipe or shrink operations", + "summary": "Perform wipe or shrink operations on Flex-SE disks" + }, + { + "key": "VirtualMachine.Interact.DnD", + "label": "Drag and drop", + "summary": "Drag files between a virtual machine and a remote client" + }, + { + "key": "VirtualMachine.GuestOperations.Query", + "label": "Guest operation queries", + "summary": "Queries in a virtual machine guest operating system" + }, + { + "key": "VirtualMachine.GuestOperations.Modify", + "label": "Guest operation modifications", + "summary": "Modifications in a virtual machine guest operating system" + }, + { + "key": "VirtualMachine.GuestOperations.Execute", + "label": "Guest operation program execution", + "summary": "Running processes in a virtual machine guest operating system" + }, + { + "key": "VirtualMachine.GuestOperations.QueryAliases", + "label": "Guest operation alias query", + "summary": "Querying the alias store in a virtual machine guest operating system" + }, + { + "key": "VirtualMachine.GuestOperations.ModifyAliases", + "label": "Guest operation alias modification", + "summary": "Modifying the alias store in a virtual machine guest operating system" + }, + { + "key": "VirtualMachine.Config.Rename", + "label": "Rename", + "summary": "Rename a virtual machine" + }, + { + "key": "VirtualMachine.Config.Annotation", + "label": "Set annotation", + "summary": "Set annotation on a virtual machine" + }, + { + "key": "VirtualMachine.Config.AddExistingDisk", + "label": "Add existing disk", + "summary": "Browse for and attach an existing virtual disk" + }, + { + "key": "VirtualMachine.Config.AddNewDisk", + "label": "Add new disk", + "summary": "Create and attach a new virtual disk" + }, + { + "key": "VirtualMachine.Config.RemoveDisk", + "label": "Remove disk", + "summary": "Detach and optionally remove a virtual disk" + }, + { + "key": "VirtualMachine.Config.RawDevice", + "label": "Configure Raw device", + "summary": "Virtual machine raw device configuration" + }, + { + "key": "VirtualMachine.Config.HostUSBDevice", + "label": "Configure Host USB device", + "summary": "Add, remove or edit a virtual USB device backed by a host USB device" + }, + { + "key": "VirtualMachine.Config.CPUCount", + "label": "Change CPU count", + "summary": "Change the number of virtual CPUs" + }, + { + "key": "VirtualMachine.Config.Memory", + "label": "Change Memory", + "summary": "Set the amount of virtual machine memory" + }, + { + "key": "VirtualMachine.Config.AddRemoveDevice", + "label": "Add or remove device", + "summary": "Add or remove virtual devices" + }, + { + "key": "VirtualMachine.Config.EditDevice", + "label": "Modify device settings", + "summary": "Modify virtual device settings" + }, + { + "key": "VirtualMachine.Config.Settings", + "label": "Change Settings", + "summary": "Change virtual machine settings" + }, + { + "key": "VirtualMachine.Config.Resource", + "label": "Change resource", + "summary": "Change virtual machine resource allocations" + }, + { + "key": "VirtualMachine.Config.UpgradeVirtualHardware", + "label": "Upgrade virtual machine compatibility", + "summary": "Upgrade virtual machine compatibility" + }, + { + "key": "VirtualMachine.Config.ResetGuestInfo", + "label": "Reset guest information", + "summary": "Reset guest information variables" + }, + { + "key": "VirtualMachine.Config.ToggleForkParent", + "label": "Toggle fork parent", + "summary": "Enable or disable a vmfork parent" + }, + { + "key": "VirtualMachine.Config.AdvancedConfig", + "label": "Advanced configuration", + "summary": "Make advanced configuration changes" + }, + { + "key": "VirtualMachine.Config.DiskLease", + "label": "Acquire disk lease", + "summary": "Lease disks for disk manager" + }, + { + "key": "VirtualMachine.Config.SwapPlacement", + "label": "Change Swapfile placement", + "summary": "Set the placement policy for a single virtual machine's swapfile" + }, + { + "key": "VirtualMachine.Config.DiskExtend", + "label": "Extend virtual disk", + "summary": "Extend virtual disk" + }, + { + "key": "VirtualMachine.Config.ChangeTracking", + "label": "Toggle disk change tracking", + "summary": "Enable or disable change tracking for the virtual machine's disks" + }, + { + "key": "VirtualMachine.Config.QueryUnownedFiles", + "label": "Query unowned files", + "summary": "Query unowned files" + }, + { + "key": "VirtualMachine.Config.ReloadFromPath", + "label": "Reload from path", + "summary": "Reload Virtual Machine from new configuration path" + }, + { + "key": "VirtualMachine.Config.QueryFTCompatibility", + "label": "Query Fault Tolerance compatibility", + "summary": "Check if a virtual machine is compatible for Fault Tolerance" + }, + { + "key": "VirtualMachine.Config.MksControl", + "label": "Display connection settings", + "summary": "Toggle virtual machine display connection settings" + }, + { + "key": "VirtualMachine.Config.ManagedBy", + "label": "Configure managedBy", + "summary": "Configure managedBy on a virtual machine" + }, + { + "key": "VirtualMachine.State.CreateSnapshot", + "label": "Create snapshot", + "summary": "Create a snapshot" + }, + { + "key": "VirtualMachine.State.RevertToSnapshot", + "label": "Revert to snapshot", + "summary": "Make a snapshot current" + }, + { + "key": "VirtualMachine.State.RemoveSnapshot", + "label": "Remove snapshot", + "summary": "Remove a snapshot" + }, + { + "key": "VirtualMachine.State.RenameSnapshot", + "label": "Rename snapshot", + "summary": "Rename a snapshot" + }, + { + "key": "VirtualMachine.Hbr.ConfigureReplication", + "label": "Configure replication", + "summary": "Configure a virtual machine for replication" + }, + { + "key": "VirtualMachine.Hbr.ReplicaManagement", + "label": "Manage replication", + "summary": "Manage replication properties of a virtual machine" + }, + { + "key": "VirtualMachine.Hbr.MonitorReplication", + "label": "Monitor replication", + "summary": "Monitor replication of a virtual machine" + }, + { + "key": "VirtualMachine.Provisioning.Customize", + "label": "Customize guest", + "summary": "Customize a virtual machine's guest operating system" + }, + { + "key": "VirtualMachine.Provisioning.Clone", + "label": "Clone virtual machine", + "summary": "Clone a virtual machine" + }, + { + "key": "VirtualMachine.Provisioning.PromoteDisks", + "label": "Promote disks", + "summary": "Promote a virtual machine's disks" + }, + { + "key": "VirtualMachine.Provisioning.CreateTemplateFromVM", + "label": "Create template from virtual machine", + "summary": "Create a template from a virtual machine" + }, + { + "key": "VirtualMachine.Provisioning.DeployTemplate", + "label": "Deploy template", + "summary": "Deploy a virtual machine from a template" + }, + { + "key": "VirtualMachine.Provisioning.CloneTemplate", + "label": "Clone template", + "summary": "Clone a template" + }, + { + "key": "VirtualMachine.Provisioning.MarkAsTemplate", + "label": "Mark as template", + "summary": "Mark a virtual machine as a template" + }, + { + "key": "VirtualMachine.Provisioning.MarkAsVM", + "label": "Mark as virtual machine", + "summary": "Mark a template as a virtual machine" + }, + { + "key": "VirtualMachine.Provisioning.ReadCustSpecs", + "label": "Read customization specifications", + "summary": "Read customization specifications" + }, + { + "key": "VirtualMachine.Provisioning.ModifyCustSpecs", + "label": "Modify customization specification", + "summary": "Create, edit or delete customization specifications" + }, + { + "key": "VirtualMachine.Provisioning.DiskRandomAccess", + "label": "Allow disk access", + "summary": "Allow random access to disk files through a separate NFC connection" + }, + { + "key": "VirtualMachine.Provisioning.DiskRandomRead", + "label": "Allow read-only disk access", + "summary": "Allow read-only random access to disk files through a separate NFC connection" + }, + { + "key": "VirtualMachine.Provisioning.FileRandomAccess", + "label": "Allow file access", + "summary": "Allow access to files through a separate NFC connection" + }, + { + "key": "VirtualMachine.Provisioning.GetVmFiles", + "label": "Allow virtual machine download", + "summary": "Allow download of virtual machines (used by provisioning operations)" + }, + { + "key": "VirtualMachine.Provisioning.PutVmFiles", + "label": "Allow virtual machine files upload", + "summary": "Allow upload of virtual machine (used by provisioning operations)" + }, + { + "key": "VirtualMachine.Namespace.Management", + "label": "Manage service configurations", + "summary": "Manage virtual machine service configurations" + }, + { + "key": "VirtualMachine.Namespace.Query", + "label": "Query service configurations", + "summary": "Query virtual machine service configurations" + }, + { + "key": "VirtualMachine.Namespace.ModifyContent", + "label": "Modify service configuration", + "summary": "Modify existing virtual machine service configuration" + }, + { + "key": "VirtualMachine.Namespace.ReadContent", + "label": "Read service configuration", + "summary": "Read existing virtual machine service configuration" + }, + { + "key": "VirtualMachine.Namespace.Event", + "label": "Allow notifications", + "summary": "Allow generating and consuming service notifications" + }, + { + "key": "VirtualMachine.Namespace.EventNotify", + "label": "Allow polling of global event notifications", + "summary": "Allow use of property collector to receive push notification for pending service notifications" + }, + { + "key": "Resource.AssignVMToPool", + "label": "Assign virtual machine to resource pool", + "summary": "Assign a virtual machine to a resource pool" + }, + { + "key": "Resource.AssignVAppToPool", + "label": "Assign vApp to resource pool", + "summary": "Assign a vApp to a resource pool" + }, + { + "key": "Resource.ApplyRecommendation", + "label": "Apply recommendation", + "summary": "Apply a DRS vMotion recommendation" + }, + { + "key": "Resource.CreatePool", + "label": "Create resource pool", + "summary": "Create a resource pool" + }, + { + "key": "Resource.RenamePool", + "label": "Rename resource pool", + "summary": "Rename a resource pool" + }, + { + "key": "Resource.EditPool", + "label": "Modify resource pool", + "summary": "Modify a resource pool" + }, + { + "key": "Resource.MovePool", + "label": "Move resource pool", + "summary": "Move a resource pool" + }, + { + "key": "Resource.DeletePool", + "label": "Remove resource pool", + "summary": "Remove a resource pool" + }, + { + "key": "Resource.HotMigrate", + "label": "Migrate powered on virtual machine", + "summary": "Migrate a powered on virtual machine" + }, + { + "key": "Resource.ColdMigrate", + "label": "Migrate powered off virtual machine", + "summary": "Migrate a powered off virtual machine" + }, + { + "key": "Resource.QueryVMotion", + "label": "Query vMotion", + "summary": "Query vMotion compatibility of a set of hosts" + }, + { + "key": "Alarm.Create", + "label": "Create alarm", + "summary": "Create an alarm" + }, + { + "key": "Alarm.Delete", + "label": "Remove alarm", + "summary": "Remove an alarm" + }, + { + "key": "Alarm.Edit", + "label": "Modify alarm", + "summary": "Modify an alarm" + }, + { + "key": "Alarm.Acknowledge", + "label": "Acknowledge alarm", + "summary": "Acknowledge an alarm" + }, + { + "key": "Alarm.SetStatus", + "label": "Set alarm status", + "summary": "Set status for an alarm" + }, + { + "key": "Alarm.DisableActions", + "label": "Disable alarm action", + "summary": "Disable actions for an alarm" + }, + { + "key": "Task.Create", + "label": "Create task", + "summary": "Create a task" + }, + { + "key": "Task.Update", + "label": "Update task", + "summary": "Update a task" + }, + { + "key": "ScheduledTask.Create", + "label": "Create tasks", + "summary": "Create a scheduled task" + }, + { + "key": "ScheduledTask.Delete", + "label": "Remove task", + "summary": "Remove a scheduled task" + }, + { + "key": "ScheduledTask.Run", + "label": "Run task", + "summary": "Run a scheduled task immediately" + }, + { + "key": "ScheduledTask.Edit", + "label": "Modify task", + "summary": "Edit a scheduled task" + }, + { + "key": "Sessions.TerminateSession", + "label": "View and stop sessions", + "summary": "Monitor who is logged in and stop sessions" + }, + { + "key": "Sessions.ValidateSession", + "label": "Validate session", + "summary": "Verify session validity" + }, + { + "key": "Sessions.GlobalMessage", + "label": "Message", + "summary": "Modify the message (seen by all users when logging in)" + }, + { + "key": "Sessions.ImpersonateUser", + "label": "Impersonate user", + "summary": "Impersonate users" + }, + { + "key": "Performance.ModifyIntervals", + "label": "Modify intervals", + "summary": "Modify historical intervals" + }, + { + "key": "Authorization.ModifyRoles", + "label": "Modify role", + "summary": "Modify a role's name or privileges" + }, + { + "key": "Authorization.ReassignRolePermissions", + "label": "Reassign role permissions", + "summary": "Reassign the permissions of one role to another" + }, + { + "key": "Authorization.ModifyPermissions", + "label": "Modify permission", + "summary": "Modify a permission's role or propagation" + }, + { + "key": "Extension.Register", + "label": "Register extension", + "summary": "Register extensions" + }, + { + "key": "Extension.Update", + "label": "Update extension", + "summary": "Update extensions" + }, + { + "key": "Extension.Unregister", + "label": "Unregister extension", + "summary": "Unregister extensions" + }, + { + "key": "VApp.ResourceConfig", + "label": "vApp resource configuration", + "summary": "Edit vApp resource configuration" + }, + { + "key": "VApp.InstanceConfig", + "label": "vApp instance configuration", + "summary": "Edit vApp instance configuration, such as policies and property values" + }, + { + "key": "VApp.ApplicationConfig", + "label": "vApp application configuration", + "summary": "Edit vApp application configuration, such as product info" + }, + { + "key": "VApp.ManagedByConfig", + "label": "vApp managedBy configuration", + "summary": "Edit vApp managedBy configuration" + }, + { + "key": "VApp.Export", + "label": "Export", + "summary": "Export vApp" + }, + { + "key": "VApp.Import", + "label": "Import", + "summary": "Import vApp" + }, + { + "key": "VApp.ExtractOvfEnvironment", + "label": "View OVF environment", + "summary": "View the OVF environment for a virtual machine" + }, + { + "key": "VApp.AssignVM", + "label": "Add virtual machine", + "summary": "Add a virtual machine to the vApp" + }, + { + "key": "VApp.AssignResourcePool", + "label": "Assign resource pool", + "summary": "Assign resource pool to vApp" + }, + { + "key": "VApp.AssignVApp", + "label": "Assign vApp", + "summary": "Assign a vApp to another vApp" + }, + { + "key": "VApp.Clone", + "label": "Clone", + "summary": "Clone a vApp" + }, + { + "key": "VApp.Create", + "label": "Create", + "summary": "Create a new vApp" + }, + { + "key": "VApp.Delete", + "label": "Delete", + "summary": "Delete a vApp" + }, + { + "key": "VApp.Unregister", + "label": "Unregister", + "summary": "Unregister a vApp" + }, + { + "key": "VApp.Move", + "label": "Move", + "summary": "Move a vApp" + }, + { + "key": "VApp.PowerOn", + "label": "Power on", + "summary": "Power on a vApp" + }, + { + "key": "VApp.PowerOff", + "label": "Power off", + "summary": "Power off a vApp" + }, + { + "key": "VApp.Suspend", + "label": "Suspend", + "summary": "Suspend a vApp" + }, + { + "key": "VApp.Rename", + "label": "Rename", + "summary": "Rename a vApp" + }, + { + "key": "Profile.Create", + "label": "Create", + "summary": "Create a host profile" + }, + { + "key": "Profile.Delete", + "label": "Delete", + "summary": "Delete a host profile" + }, + { + "key": "Profile.Edit", + "label": "Edit", + "summary": "Edit a host profile" + }, + { + "key": "Profile.View", + "label": "View", + "summary": "View a host profile" + }, + { + "key": "Profile.Clear", + "label": "Clear", + "summary": "Clear host profile related information" + }, + { + "key": "Profile.Export", + "label": "Export", + "summary": "Export a host profile" + }, + { + "key": "EAM.Config", + "label": "Config", + "summary": "Update ESX agent host configuration" + }, + { + "key": "EAM.Modify", + "label": "Modify", + "summary": "Modify agencies and agents" + }, + { + "key": "EAM.View", + "label": "View", + "summary": "View agencies and agents" + }, + { + "key": "StoragePod.Config", + "label": "Configure a datastore cluster", + "summary": "Configure a datastore cluster" + }, + { + "key": "Certificate.Manage", + "label": "Manage certificates", + "summary": "Manage certificates" + }, + { + "key": "HealthUpdateProvider.Register", + "label": "Register", + "summary": "Register a health update provider" + }, + { + "key": "HealthUpdateProvider.Update", + "label": "Update", + "summary": "Add, remove and update entities managed by this provider" + }, + { + "key": "HealthUpdateProvider.Unregister", + "label": "Unregister", + "summary": "Unregister a health update provider" + }, + { + "key": "ExternalStatsProvider.Register", + "label": "Register", + "summary": "Register an external stats provider" + }, + { + "key": "ExternalStatsProvider.Update", + "label": "Update", + "summary": "Report VM stats" + }, + { + "key": "ExternalStatsProvider.Unregister", + "label": "Unregister", + "summary": "Unregister an external stats provider" + }, + { + "key": "Cryptographer.ManageKeys", + "label": "Manage keys", + "summary": "Add/Update/Remove/List cryptographic keys" + }, + { + "key": "Cryptographer.ManageKeyServers", + "label": "Manage KMS", + "summary": "Add/Update/Remove/List KMS information" + }, + { + "key": "Cryptographer.ManageEncryptionPolicy", + "label": "Manage encryption policies", + "summary": "Manage encryption storage policies" + }, + { + "key": "Cryptographer.Access", + "label": "Direct Access", + "summary": "Grants access to unencrypted or cleartext data of encrypted VMs" + }, + { + "key": "Cryptographer.RegisterHost", + "label": "Register host", + "summary": "Register host in a cluster with encrypted VMs" + }, + { + "key": "Cryptographer.EncryptNew", + "label": "Encrypt new", + "summary": "Encrypt newly created VM or disk" + }, + { + "key": "Cryptographer.Encrypt", + "label": "Encrypt", + "summary": "Encrypt existing VM or disk" + }, + { + "key": "Cryptographer.Decrypt", + "label": "Decrypt", + "summary": "Decrypt encrypted VM or disk" + }, + { + "key": "Cryptographer.RegisterVM", + "label": "Register VM", + "summary": "Registed encrypted VM" + }, + { + "key": "Cryptographer.Migrate", + "label": "Migrate", + "summary": "Migrate an encrypted VM" + }, + { + "key": "Cryptographer.Recrypt", + "label": "Recrypt", + "summary": "Re-encrypt an encrypted VM or disk with another key" + }, + { + "key": "Cryptographer.AddDisk", + "label": "Add disk", + "summary": "Add an encrypted disk to a VM" + }, + { + "key": "Cryptographer.Clone", + "label": "Clone", + "summary": "Clone an encrypted VM" + }, + { + "key": "TenantManager.Query", + "label": "Query", + "summary": "Query" + }, + { + "key": "HmsSession.com.vmware.vcHms.Session.Terminate", + "label": "Terminate", + "summary": "Terminate a user session" + }, + { + "key": "InventoryService.Tagging.AttachTag", + "label": "AttachTag", + "summary": "AttachTag" + }, + { + "key": "VcDr.Diagnostics.com.vmware.vcDr.SystemLogs", + "label": "Export", + "summary": "Export diagnostic data" + }, + { + "key": "InventoryService.Tagging.ModifyUsedByForCategory", + "label": "ModifyUsedByForCategory", + "summary": "ModifyUsedByForCategory" + }, + { + "key": "Cns.Searchable", + "label": "Searchable", + "summary": "Can use all CNS searchable APIs" + }, + { + "key": "VcDr.PlaceholderDatastoreManager.com.vmware.vcDr.Edit", + "label": "Configure", + "summary": "Configure placeholder datastores" + }, + { + "key": "Host.Config.GuestStore", + "label": "GuestStore", + "summary": "GuestStore" + }, + { + "key": "TrustedAdmin.ReadTrustedHosts", + "label": "ReadTrustedHosts", + "summary": "ReadTrustedHosts" + }, + { + "key": "ContentLibrary.EvictLibraryItem", + "label": "Evict library item", + "summary": "Evict the cached content of a subscribed library item" + }, + { + "key": "InventoryService.Tagging.DeleteCategory", + "label": "DeleteCategory", + "summary": "DeleteCategory" + }, + { + "key": "TrustedAdmin.ReadKMSTrust", + "label": "ReadKMSTrust", + "summary": "ReadKMSTrust" + }, + { + "key": "VcDr.RecoveryHistoryManager.com.vmware.vcDr.ViewDeleted", + "label": "View Deleted Plans", + "summary": "View deleted plan history" + }, + { + "key": "ContentLibrary.TypeIntrospection", + "label": "Type introspection", + "summary": "Introspect types supported by Content Library" + }, + { + "key": "TrustedAdmin.ConfigureHostMetadata", + "label": "ConfigureHostMetadata", + "summary": "ConfigureHostMetadata" + }, + { + "key": "VcDr.ProtectionProfile.com.vmware.vcDr.Edit", + "label": "Modify", + "summary": "Modify a protection group" + }, + { + "key": "ContentLibrary.GetConfiguration", + "label": "View configuration settings", + "summary": "View global settings of Content Library" + }, + { + "key": "VcDr.RecoveryHistoryManager.com.vmware.vcDr.Delete", + "label": "Delete History", + "summary": "Delete history" + }, + { + "key": "VcDr.InventoryMapper.com.vmware.vcDr.Edit", + "label": "Modify", + "summary": "Modify inventory mappings" + }, + { + "key": "CertificateManagement.Manage", + "label": "Manage", + "summary": "Manage" + }, + { + "key": "VirtualMachine.Interact.SuspendToMemory", + "label": "SuspendToMemory", + "summary": "SuspendToMemory" + }, + { + "key": "InventoryService.Tagging.EditTag", + "label": "EditTag", + "summary": "EditTag" + }, + { + "key": "ContentLibrary.UpdateSession", + "label": "Update files", + "summary": "Update files of a library item" + }, + { + "key": "AutoDeploy.Host.AssociateMachine", + "label": "AssociateMachine", + "summary": "Associate a machine identifier with a host in vCenter" + }, + { + "key": "VcIntegrity.Updates.com.vmware.vcIntegrity.ViewStatus", + "label": "View Compliance Status", + "summary": "View baseline or software update compliance information for an object in the vSphere inventory." + }, + { + "key": "VcDr.Autoprotect.com.vmware.vcDr.Edit", + "label": "Modify", + "summary": "Modify automatic protection configuration" + }, + { + "key": "ContentLibrary.AddSubscription", + "label": "Create a subscription for a published library", + "summary": "Create a subscription" + }, + { + "key": "ContentLibrary.DeleteSubscription", + "label": "Delete subscription of a published library", + "summary": "Delete subscription" + }, + { + "key": "ContentLibrary.UpdateLibrary", + "label": "Update library", + "summary": "Update properties common to all library types" + }, + { + "key": "VcDr.RecoveryProfile.com.vmware.vcDr.ConfigureServerCommands", + "label": "Configure commands", + "summary": "Configure commands to run during recovery" + }, + { + "key": "TransferService.Monitor", + "label": "Monitor", + "summary": "Monitor" + }, + { + "key": "InventoryService.Tagging.ModifyUsedByForTag", + "label": "ModifyUsedByForTag", + "summary": "ModifyUsedByForTag" + }, + { + "key": "VcIntegrity.General.com.vmware.vcIntegrity.Configure", + "label": "Configure Service", + "summary": "Configure the vSphere Update Manager service and the scheduled task to download patches, extensions, notifications, and related data." + }, + { + "key": "Cryptographer.ReadKeyServersInfo", + "label": "ReadKeyServersInfo", + "summary": "ReadKeyServersInfo" + }, + { + "key": "ContentLibrary.SyncLibraryItem", + "label": "Sync library item", + "summary": "Synchronize a subscribed library item" + }, + { + "key": "AutoDeploy.Rule.Create", + "label": "Create", + "summary": "Create a rule" + }, + { + "key": "HmsReplication.com.vmware.vcHms.Replication.View", + "label": "View replications", + "summary": "View replications status and details" + }, + { + "key": "ContentLibrary.UpdateSubscribedLibrary", + "label": "Update subscribed library", + "summary": "Update a subscribed library" + }, + { + "key": "Vsan.Cluster.ShallowRekey", + "label": "ShallowRekey", + "summary": "Rotate the key encryption key for vSAN Cluster, without re-encrypting all data" + }, + { + "key": "VApp.PullFromUrls", + "label": "PullFromUrls", + "summary": "PullFromUrls" + }, + { + "key": "AutoDeploy.RuleSet.Activate", + "label": "Activate", + "summary": "Activate a rule set" + }, + { + "key": "HmsRemote.com.vmware.vcHms.Hms.Manage", + "label": "Manage VRM", + "summary": "Pair, repair or break pairing between two vSphere Replication Management Servers" + }, + { + "key": "VcDr.ProtectionProfile.com.vmware.vcDr.RemoveFromRecoveryPlan", + "label": "Remove from plan", + "summary": "Remove from a recovery plan" + }, + { + "key": "VcDr.ProtectionProfile.com.vmware.vcDr.Create", + "label": "Create", + "summary": "Create a protection group" + }, + { + "key": "VirtualMachine.Replication.com.vmware.vcDr.Protect", + "label": "Protect", + "summary": "Protect virtual machine" + }, + { + "key": "ContentLibrary.UpdateLibraryItem", + "label": "Update library item", + "summary": "Update a library item in a local library" + }, + { + "key": "VcDr.RecoveryProfile.com.vmware.vcDr.Run", + "label": "Test", + "summary": "Test recovery plan" + }, + { + "key": "ContentLibrary.DeleteLibraryItem", + "label": "Delete library item", + "summary": "Delete a library item from a local library" + }, + { + "key": "VcDr.Internal.com.vmware.vcDr.InternalAccess", + "label": "Internal Access", + "summary": "Internal SRM use" + }, + { + "key": "vService.DestroyDependency", + "label": "Destroy dependency", + "summary": "Destroy a vService dependency on a virtual machine or vApp" + }, + { + "key": "InventoryService.Tagging.CreateTag", + "label": "CreateTag", + "summary": "CreateTag" + }, + { + "key": "vService.UpdateDependency", + "label": "Update dependency", + "summary": "Update a vService dependency on a virtual machine or vApp" + }, + { + "key": "InventoryService.Tagging.DeleteTag", + "label": "DeleteTag", + "summary": "DeleteTag" + }, + { + "key": "VcDr.OptionManager.com.vmware.vcDr.Edit", + "label": "Modify", + "summary": "Modify advanced settings" + }, + { + "key": "AutoDeploy.Rule.Edit", + "label": "Edit", + "summary": "Edit a rule" + }, + { + "key": "TenantManager.Update", + "label": "Update", + "summary": "Update" + }, + { + "key": "ContentLibrary.SyncLibrary", + "label": "Sync subscribed library", + "summary": "Synchronize a subscribed library" + }, + { + "key": "TrustedAdmin.RetrieveTPMHostCertificates", + "label": "RetrieveTPMHostCertificates", + "summary": "RetrieveTPMHostCertificates" + }, + { + "key": "ContentLibrary.UpdateConfiguration", + "label": "Update configuration settings", + "summary": "Update global configuration settings of Content Library" + }, + { + "key": "VcDr.RemoteSite.com.vmware.vcDr.Edit", + "label": "Modify", + "summary": "Modify remote site" + }, + { + "key": "AutoDeploy.RuleSet.Edit", + "label": "Edit", + "summary": "Edit a rule set" + }, + { + "key": "VcIntegrity.Updates.com.vmware.vcIntegrity.Stage", + "label": "Stage Patches and Extensions", + "summary": "Stage patches or extensions to hosts. In addition, this privilege allows you to view the compliance status." + }, + { + "key": "GuestDataPublisher.GetData", + "label": "GetData", + "summary": "GetData" + }, + { + "key": "ContentLibrary.PublishLibraryItem", + "label": "Publish a library item to its subscribers", + "summary": "Publish a library item" + }, + { + "key": "Datastore.Replication.com.vmware.vcDr.Protect", + "label": "Protect", + "summary": "Protect datastore" + }, + { + "key": "VcDr.RecoveryProfile.com.vmware.vcDr.Reprotect", + "label": "Reprotect", + "summary": "Reprotect" + }, + { + "key": "ContentLibrary.UpdateSubscription", + "label": "Update subscription of a published library", + "summary": "Update subscription" + }, + { + "key": "HmsRemote.com.vmware.vcHms.Hbr.Manage", + "label": "Manage VR Server", + "summary": "Add, update or remove a vSphere Replication Server" + }, + { + "key": "ContentLibrary.DownloadSession", + "label": "Download files", + "summary": "Download files from a library item" + }, + { + "key": "VcDr.RecoveryProfile.com.vmware.vcDr.Create", + "label": "Create", + "summary": "Create recovery plan" + }, + { + "key": "Resource.com.vmware.vcDr.RecoveryUse", + "label": "Recovery use", + "summary": "Allow SRM to use resource" + }, + { + "key": "vService.ReconfigureDependency", + "label": "Reconfigure dependency configuration", + "summary": "Reconfigure the vService dependency" + }, + { + "key": "HmsDiagnostics.com.vmware.vcHms.Diagnostics.Manage", + "label": "Manage", + "summary": "Generate, retrieve or delete a support bundle" + }, + { + "key": "TrustedAdmin.ReadAttestingSSO", + "label": "ReadAttestingSSO", + "summary": "ReadAttestingSSO" + }, + { + "key": "HmsRemote.com.vmware.vcHms.Hbr.View", + "label": "View VR Server", + "summary": "View vSphere Replication Server connection details" + }, + { + "key": "TrustedAdmin.ConfigureHostCertificates", + "label": "ConfigureHostCertificates", + "summary": "ConfigureHostCertificates" + }, + { + "key": "TrustedAdmin.ConfigureTokenConversionPolicy", + "label": "ConfigureTokenConversionPolicy", + "summary": "ConfigureTokenConversionPolicy" + }, + { + "key": "ContentLibrary.DeleteLocalLibrary", + "label": "Delete local library", + "summary": "Delete a local library" + }, + { + "key": "AutoDeploy.Profile.Edit", + "label": "Edit", + "summary": "Associate an Image Profile" + }, + { + "key": "VcDr.ProtectionProfile.com.vmware.vcDr.AssignToRecoveryPlan", + "label": "Assign to plan", + "summary": "Assign to a recovery plan" + }, + { + "key": "VcDr.ProtectionProfile.com.vmware.vcDr.Delete", + "label": "Remove", + "summary": "Remove a protection group" + }, + { + "key": "VcDr.RecoveryProfile.com.vmware.vcDr.Delete", + "label": "Remove", + "summary": "Remove recovery plan" + }, + { + "key": "Authorization.ModifyPrivileges", + "label": "Modify privilege", + "summary": "Modify a privilege's group or description" + }, + { + "key": "StorageProfile.Update", + "label": "Profile-driven storage update", + "summary": "Profile-driven storage update" + }, + { + "key": "ContentLibrary.EvictSubscribedLibrary", + "label": "Evict subscribed library", + "summary": "Evict the cached content of a subscribed library" + }, + { + "key": "VcIntegrity.Baseline.com.vmware.vcIntegrity.AssignBaselines", + "label": "Attach Baseline", + "summary": "Attach baselines to an object in the vSphere inventory." + }, + { + "key": "VcIntegrity.Updates.com.vmware.vcIntegrity.Scan", + "label": "Scan for Applicable Patches, Extensions, and Upgrades", + "summary": "Scan virtual machines, virtual appliances, and hosts to search for applicable patches, extensions, or upgrades." + }, + { + "key": "ContentLibrary.DeleteSubscribedLibrary", + "label": "Delete subscribed library", + "summary": "Delete a subscribed library" + }, + { + "key": "StorageProfile.View", + "label": "Profile-driven storage view", + "summary": "Profile-driven storage view" + }, + { + "key": "TrustedAdmin.ManageAttestingSSO", + "label": "ManageAttestingSSO", + "summary": "ManageAttestingSSO" + }, + { + "key": "ContentLibrary.ImportStorage", + "label": "Import storage", + "summary": "Import storage to a library item" + }, + { + "key": "TransferService.Manage", + "label": "Manage", + "summary": "Manage" + }, + { + "key": "StorageViews.ConfigureService", + "label": "Configure service", + "summary": "Allows changing server configuration such as the reports update interval and database connectivity information" + }, + { + "key": "CertificateManagement.Administer", + "label": "Administer", + "summary": "Administer" + }, + { + "key": "TrustedAdmin.ManageKMSTrust", + "label": "ManageKMSTrust", + "summary": "ManageKMSTrust" + }, + { + "key": "Host.Config.ProductLocker", + "label": "ProductLocker", + "summary": "ProductLocker" + }, + { + "key": "HmsDatastoreMapper.com.vmware.vcHms.Mappings.Manage", + "label": "Manage", + "summary": "Add or remove mappings" + }, + { + "key": "TrustedAdmin.RetrieveHostMetadata", + "label": "RetrieveHostMetadata", + "summary": "RetrieveHostMetadata" + }, + { + "key": "HmsRemote.com.vmware.vcHms.Hms.View", + "label": "View VRM", + "summary": "View pairing connection details" + }, + { + "key": "ContentLibrary.CreateSubscribedLibrary", + "label": "Create subscribed library", + "summary": "Create a subscribed library" + }, + { + "key": "Alarm.ToggleEnableOnEntity", + "label": "ToggleEnableOnEntity", + "summary": "ToggleEnableOnEntity" + }, + { + "key": "AutoDeploy.Rule.Delete", + "label": "Delete", + "summary": "Delete a rule" + }, + { + "key": "VcIntegrity.Baseline.com.vmware.vcIntegrity.ManageBaselines", + "label": "Manage Baseline", + "summary": "Create, edit, or delete a baseline." + }, + { + "key": "VirtualMachine.Replication.com.vmware.vcDr.Unprotect", + "label": "Stop", + "summary": "Stop protection of a virtual machine" + }, + { + "key": "VcIntegrity.Updates.com.vmware.vcIntegrity.Remediate", + "label": "Remediate to Apply Patches, Extensions, and Upgrades", + "summary": "Remediate virtual machines, virtual appliances, and hosts to apply patches, extensions, or upgrades. In addition, this privilege allows you to view the compliance status." + }, + { + "key": "vService.CreateDependency", + "label": "Create dependency", + "summary": "Create a vService dependency on a virtual machine or vApp" + }, + { + "key": "VcIntegrity.FileUpload.com.vmware.vcIntegrity.ImportFile", + "label": "Upload file", + "summary": "Upload host upgrade releases and offline patch bundles" + }, + { + "key": "TrustedAdmin.ManageTrustedHosts", + "label": "ManageTrustedHosts", + "summary": "ManageTrustedHosts" + }, + { + "key": "Host.Inventory.ManageClusterLifecyle", + "label": "ManageClusterLifecyle", + "summary": "ManageClusterLifecyle" + }, + { + "key": "AutoDeploy.Profile.Create", + "label": "Create", + "summary": "Create an Image Profile" + }, + { + "key": "HmsDatastoreMapper.com.vmware.vcHms.Mappings.View", + "label": "View", + "summary": "View mappings" + }, + { + "key": "ContentLibrary.UpdateLocalLibrary", + "label": "Update local library", + "summary": "Update a local library" + }, + { + "key": "InventoryService.Tagging.EditCategory", + "label": "EditCategory", + "summary": "EditCategory" + }, + { + "key": "InventoryService.Tagging.CreateCategory", + "label": "CreateCategory", + "summary": "CreateCategory" + }, + { + "key": "ContentLibrary.PublishLibrary", + "label": "Publish a library to its subscribers", + "summary": "Publish a library" + }, + { + "key": "VcDr.RecoveryProfile.com.vmware.vcDr.Edit", + "label": "Modify", + "summary": "Modify recovery plan" + }, + { + "key": "VcDr.Storage.com.vmware.vcDr.Configure", + "label": "Configure", + "summary": "Configure the SAN array manager" + }, + { + "key": "TrustedAdmin.ReadStsInfo", + "label": "ReadStsInfo", + "summary": "ReadStsInfo" + }, + { + "key": "ContentLibrary.ProbeSubscription", + "label": "Probe subscription information", + "summary": "Probe remote library subscription information to validate subscription configuration" + }, + { + "key": "ContentLibrary.ReadStorage", + "label": "Read storage", + "summary": "Get storage information for a library item" + }, + { + "key": "StorageViews.View", + "label": "View", + "summary": "View" + }, + { + "key": "ContentLibrary.AddLibraryItem", + "label": "Add library item", + "summary": "Add or copy a library item to a local library" + }, + { + "key": "ContentLibrary.CreateLocalLibrary", + "label": "Create local library", + "summary": "Create a local library" + }, + { + "key": "VcDr.RecoveryProfile.com.vmware.vcDr.Failover", + "label": "Recovery", + "summary": "Run recovery plan" + }, + { + "key": "Datastore.Replication.com.vmware.vcDr.Unprotect", + "label": "Stop", + "summary": "Stop protection of a datastore" + } +] diff --git a/tests/test_files/role-privilege-group-descriptions.json b/tests/test_files/role-privilege-group-descriptions.json new file mode 100644 index 00000000..57a9f091 --- /dev/null +++ b/tests/test_files/role-privilege-group-descriptions.json @@ -0,0 +1,412 @@ +[ + { + "key": "System", + "label": "System", + "summary": "System" + }, + { + "key": "Global", + "label": "Global", + "summary": "Global" + }, + { + "key": "Folder", + "label": "Folder", + "summary": "Folder" + }, + { + "key": "Datacenter", + "label": "Datacenter", + "summary": "Datacenter" + }, + { + "key": "Datastore", + "label": "Datastore", + "summary": "Datastore" + }, + { + "key": "Network", + "label": "Network", + "summary": "Networks" + }, + { + "key": "DVSwitch", + "label": "Distributed switch", + "summary": "Distributed switch" + }, + { + "key": "DVPortgroup", + "label": "dvPort group", + "summary": "dvPort groups" + }, + { + "key": "Host", + "label": "Host", + "summary": "Host" + }, + { + "key": "Host.Inventory", + "label": "Inventory", + "summary": "Host inventory" + }, + { + "key": "Host.Hbr", + "label": "vSphere Replication", + "summary": "vSphere Replication operations" + }, + { + "key": "Host.Config", + "label": "Configuration", + "summary": "Host configuration" + }, + { + "key": "Host.Local", + "label": "Local operations", + "summary": "Host local operations" + }, + { + "key": "Host.Cim", + "label": "CIM", + "summary": "CIM" + }, + { + "key": "VirtualMachine", + "label": "Virtual machine", + "summary": "Virtual machine" + }, + { + "key": "VirtualMachine.Inventory", + "label": "Edit Inventory", + "summary": "Edit the Virtual machine inventory" + }, + { + "key": "VirtualMachine.Interact", + "label": "Interaction", + "summary": "Virtual machine interaction" + }, + { + "key": "VirtualMachine.GuestOperations", + "label": "Guest operations", + "summary": "Operations in a virtual machine guest operating system" + }, + { + "key": "VirtualMachine.Config", + "label": "Change Configuration", + "summary": "Virtual machine configuration" + }, + { + "key": "VirtualMachine.State", + "label": "Snapshot management", + "summary": "Virtual machine snapshot management" + }, + { + "key": "VirtualMachine.Hbr", + "label": "vSphere Replication", + "summary": "vSphere Replication configuration" + }, + { + "key": "VirtualMachine.Provisioning", + "label": "Provisioning", + "summary": "Virtual machine provisioning" + }, + { + "key": "VirtualMachine.Namespace", + "label": "Service configuration", + "summary": "Virtual machine service configuration" + }, + { + "key": "Resource", + "label": "Resource", + "summary": "Resource allocation" + }, + { + "key": "Alarm", + "label": "Alarms", + "summary": "Alarms" + }, + { + "key": "Task", + "label": "Tasks", + "summary": "Tasks" + }, + { + "key": "ScheduledTask", + "label": "Scheduled task", + "summary": "Scheduled task" + }, + { + "key": "Sessions", + "label": "Sessions", + "summary": "Sessions" + }, + { + "key": "Performance", + "label": "Performance", + "summary": "Performance" + }, + { + "key": "Authorization", + "label": "Permissions", + "summary": "Permissions" + }, + { + "key": "Extension", + "label": "Extension", + "summary": "Extensions" + }, + { + "key": "VApp", + "label": "vApp", + "summary": "Privileges related to vApps" + }, + { + "key": "Profile", + "label": "Host profile", + "summary": "Host profile" + }, + { + "key": "EAM", + "label": "ESX Agent Manager", + "summary": "ESX Agent Manager" + }, + { + "key": "StoragePod", + "label": "Datastore cluster", + "summary": "Datastore cluster" + }, + { + "key": "Certificate", + "label": "Certificates", + "summary": "Certificates" + }, + { + "key": "HealthUpdateProvider", + "label": "Health update provider", + "summary": "Health update provider" + }, + { + "key": "ExternalStatsProvider", + "label": "External stats provider", + "summary": "External stats provider" + }, + { + "key": "Cryptographer", + "label": "Cryptographic operations", + "summary": "Cryptographic operations" + }, + { + "key": "TenantManager", + "label": "TenantManager", + "summary": "TenantManager" + }, + { + "key": "HmsSession", + "label": "VRM session", + "summary": "Manage VRM user sessions" + }, + { + "key": "InventoryService", + "label": "InventoryService", + "summary": "InventoryService" + }, + { + "key": "InventoryService.Tagging", + "label": "Tagging", + "summary": "Tagging" + }, + { + "key": "VcDr", + "label": "Site Recovery Manager", + "summary": "Site Recovery Manager" + }, + { + "key": "VcDr.Diagnostics", + "label": "Diagnostics", + "summary": "Diagnostics Options" + }, + { + "key": "Cns", + "label": "Cns", + "summary": "VMware Cns" + }, + { + "key": "VcDr.PlaceholderDatastoreManager", + "label": "Placeholder Datastores", + "summary": "Placeholder datastores" + }, + { + "key": "TrustedAdmin", + "label": "TrustedAdmin", + "summary": "TrustedAdmin" + }, + { + "key": "ContentLibrary", + "label": "Content Library", + "summary": "Content Library" + }, + { + "key": "VcDr.RecoveryHistoryManager", + "label": "Recovery History", + "summary": "Recovery history options" + }, + { + "key": "VcDr.ProtectionProfile", + "label": "Protection Group", + "summary": "Protection Group" + }, + { + "key": "VcDr.InventoryMapper", + "label": "Inventory Preferences", + "summary": "Inventory Preferences" + }, + { + "key": "CertificateManagement", + "label": "CertificateManagement", + "summary": "CertificateManagement" + }, + { + "key": "AutoDeploy", + "label": "AutoDeploy", + "summary": "Auto Deploy" + }, + { + "key": "AutoDeploy.Host", + "label": "Host", + "summary": "Host" + }, + { + "key": "VcIntegrity", + "label": "VMware vSphere Update Manager", + "summary": "VMware vSphere Update Manager" + }, + { + "key": "VcIntegrity.Updates", + "label": "Manage Patches and Upgrades", + "summary": "Manage virtual machine and host software patches and upgrades" + }, + { + "key": "VcDr.Autoprotect", + "label": "Automatic Protection", + "summary": "Automatic Protection" + }, + { + "key": "VcDr.RecoveryProfile", + "label": "Recovery Plan", + "summary": "Recovery Plan" + }, + { + "key": "TransferService", + "label": "TransferService", + "summary": "TransferService" + }, + { + "key": "VcIntegrity.General", + "label": "Configure", + "summary": "General VMware vSphere Update Manager Configuration" + }, + { + "key": "AutoDeploy.Rule", + "label": "Rule", + "summary": "Rule" + }, + { + "key": "HmsReplication", + "label": "VRM replication", + "summary": "Manage replications" + }, + { + "key": "Vsan", + "label": "vSAN", + "summary": "VMware vSAN" + }, + { + "key": "Vsan.Cluster", + "label": "Cluster", + "summary": "vSphere Cluster" + }, + { + "key": "AutoDeploy.RuleSet", + "label": "RuleSet", + "summary": "Rule sets" + }, + { + "key": "HmsRemote", + "label": "VRM remote", + "summary": "Manage vSphere Replication Server connections and vSphere Replication Management Server pairings" + }, + { + "key": "VirtualMachine.Replication", + "label": "SRM Protection", + "summary": "SRM Protection for Virtual machine" + }, + { + "key": "VcDr.Internal", + "label": "Internal", + "summary": "Internal SRM use" + }, + { + "key": "vService", + "label": "vService", + "summary": "vService management" + }, + { + "key": "VcDr.OptionManager", + "label": "Advanced Settings", + "summary": "Advanced Settings" + }, + { + "key": "VcDr.RemoteSite", + "label": "Remote Site", + "summary": "Remote Site" + }, + { + "key": "GuestDataPublisher", + "label": "GuestDataPublisher", + "summary": "GuestDataPublisher" + }, + { + "key": "Datastore.Replication", + "label": "Replication", + "summary": "Datastore replication" + }, + { + "key": "HmsDiagnostics", + "label": "VRM diagnostics", + "summary": "Manage VRM and VR support bundles" + }, + { + "key": "AutoDeploy.Profile", + "label": "Image Profile", + "summary": "Image Profile" + }, + { + "key": "StorageProfile", + "label": "Profile-driven storage", + "summary": "Profile-driven storage" + }, + { + "key": "VcIntegrity.Baseline", + "label": "Manage Baseline", + "summary": "Manage baselines" + }, + { + "key": "StorageViews", + "label": "Storage views", + "summary": "Storage views" + }, + { + "key": "HmsDatastoreMapper", + "label": "VRM datastore mapper", + "summary": "Manage datastore mappings" + }, + { + "key": "VcIntegrity.FileUpload", + "label": "Upload file", + "summary": "Upload file" + }, + { + "key": "VcDr.Storage", + "label": "Array Manager", + "summary": "Array Manager" + } +] diff --git a/tests/test_files/role-privileges.json b/tests/test_files/role-privileges.json new file mode 100644 index 00000000..24ee6314 --- /dev/null +++ b/tests/test_files/role-privileges.json @@ -0,0 +1,2402 @@ +[ + { + "name": "Anonymous", + "privId": "System.Anonymous", + "privGroupName": "System", + "onParent": false + }, + { + "name": "View", + "privId": "System.View", + "privGroupName": "System", + "onParent": false + }, + { + "name": "Read", + "privId": "System.Read", + "privGroupName": "System", + "onParent": false + }, + { + "name": "ManageCustomFields", + "privId": "Global.ManageCustomFields", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "SetCustomField", + "privId": "Global.SetCustomField", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "LogEvent", + "privId": "Global.LogEvent", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "CancelTask", + "privId": "Global.CancelTask", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "Licenses", + "privId": "Global.Licenses", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "Diagnostics", + "privId": "Global.Diagnostics", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "Settings", + "privId": "Global.Settings", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "VCServer", + "privId": "Global.VCServer", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "CapacityPlanning", + "privId": "Global.CapacityPlanning", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "ScriptAction", + "privId": "Global.ScriptAction", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "Proxy", + "privId": "Global.Proxy", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "DisableMethods", + "privId": "Global.DisableMethods", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "EnableMethods", + "privId": "Global.EnableMethods", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "ServiceManagers", + "privId": "Global.ServiceManagers", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "Health", + "privId": "Global.Health", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "SystemTag", + "privId": "Global.SystemTag", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "GlobalTag", + "privId": "Global.GlobalTag", + "privGroupName": "Global", + "onParent": false + }, + { + "name": "Create", + "privId": "Folder.Create", + "privGroupName": "Folder", + "onParent": false + }, + { + "name": "Delete", + "privId": "Folder.Delete", + "privGroupName": "Folder", + "onParent": true + }, + { + "name": "Rename", + "privId": "Folder.Rename", + "privGroupName": "Folder", + "onParent": false + }, + { + "name": "Move", + "privId": "Folder.Move", + "privGroupName": "Folder", + "onParent": false + }, + { + "name": "Create", + "privId": "Datacenter.Create", + "privGroupName": "Datacenter", + "onParent": false + }, + { + "name": "Delete", + "privId": "Datacenter.Delete", + "privGroupName": "Datacenter", + "onParent": true + }, + { + "name": "Rename", + "privId": "Datacenter.Rename", + "privGroupName": "Datacenter", + "onParent": false + }, + { + "name": "Move", + "privId": "Datacenter.Move", + "privGroupName": "Datacenter", + "onParent": false + }, + { + "name": "IpPoolConfig", + "privId": "Datacenter.IpPoolConfig", + "privGroupName": "Datacenter", + "onParent": false + }, + { + "name": "IpPoolReleaseIp", + "privId": "Datacenter.IpPoolReleaseIp", + "privGroupName": "Datacenter", + "onParent": false + }, + { + "name": "IpPoolQueryAllocations", + "privId": "Datacenter.IpPoolQueryAllocations", + "privGroupName": "Datacenter", + "onParent": false + }, + { + "name": "Reconfigure", + "privId": "Datacenter.Reconfigure", + "privGroupName": "Datacenter", + "onParent": false + }, + { + "name": "Rename", + "privId": "Datastore.Rename", + "privGroupName": "Datastore", + "onParent": false + }, + { + "name": "Move", + "privId": "Datastore.Move", + "privGroupName": "Datastore", + "onParent": false + }, + { + "name": "Delete", + "privId": "Datastore.Delete", + "privGroupName": "Datastore", + "onParent": true + }, + { + "name": "Browse", + "privId": "Datastore.Browse", + "privGroupName": "Datastore", + "onParent": false + }, + { + "name": "DeleteFile", + "privId": "Datastore.DeleteFile", + "privGroupName": "Datastore", + "onParent": false + }, + { + "name": "FileManagement", + "privId": "Datastore.FileManagement", + "privGroupName": "Datastore", + "onParent": false + }, + { + "name": "AllocateSpace", + "privId": "Datastore.AllocateSpace", + "privGroupName": "Datastore", + "onParent": false + }, + { + "name": "Config", + "privId": "Datastore.Config", + "privGroupName": "Datastore", + "onParent": false + }, + { + "name": "UpdateVirtualMachineFiles", + "privId": "Datastore.UpdateVirtualMachineFiles", + "privGroupName": "Datastore", + "onParent": false + }, + { + "name": "UpdateVirtualMachineMetadata", + "privId": "Datastore.UpdateVirtualMachineMetadata", + "privGroupName": "Datastore", + "onParent": false + }, + { + "name": "Move", + "privId": "Network.Move", + "privGroupName": "Network", + "onParent": false + }, + { + "name": "Delete", + "privId": "Network.Delete", + "privGroupName": "Network", + "onParent": true + }, + { + "name": "Config", + "privId": "Network.Config", + "privGroupName": "Network", + "onParent": false + }, + { + "name": "Assign", + "privId": "Network.Assign", + "privGroupName": "Network", + "onParent": false + }, + { + "name": "Create", + "privId": "DVSwitch.Create", + "privGroupName": "DVSwitch", + "onParent": false + }, + { + "name": "Modify", + "privId": "DVSwitch.Modify", + "privGroupName": "DVSwitch", + "onParent": false + }, + { + "name": "HostOp", + "privId": "DVSwitch.HostOp", + "privGroupName": "DVSwitch", + "onParent": false + }, + { + "name": "PolicyOp", + "privId": "DVSwitch.PolicyOp", + "privGroupName": "DVSwitch", + "onParent": false + }, + { + "name": "PortConfig", + "privId": "DVSwitch.PortConfig", + "privGroupName": "DVSwitch", + "onParent": false + }, + { + "name": "PortSetting", + "privId": "DVSwitch.PortSetting", + "privGroupName": "DVSwitch", + "onParent": false + }, + { + "name": "Delete", + "privId": "DVSwitch.Delete", + "privGroupName": "DVSwitch", + "onParent": true + }, + { + "name": "Move", + "privId": "DVSwitch.Move", + "privGroupName": "DVSwitch", + "onParent": false + }, + { + "name": "Vspan", + "privId": "DVSwitch.Vspan", + "privGroupName": "DVSwitch", + "onParent": false + }, + { + "name": "Ipfix", + "privId": "DVSwitch.Ipfix", + "privGroupName": "DVSwitch", + "onParent": false + }, + { + "name": "ResourceManagement", + "privId": "DVSwitch.ResourceManagement", + "privGroupName": "DVSwitch", + "onParent": false + }, + { + "name": "Create", + "privId": "DVPortgroup.Create", + "privGroupName": "DVPortgroup", + "onParent": false + }, + { + "name": "Modify", + "privId": "DVPortgroup.Modify", + "privGroupName": "DVPortgroup", + "onParent": false + }, + { + "name": "PolicyOp", + "privId": "DVPortgroup.PolicyOp", + "privGroupName": "DVPortgroup", + "onParent": false + }, + { + "name": "ScopeOp", + "privId": "DVPortgroup.ScopeOp", + "privGroupName": "DVPortgroup", + "onParent": false + }, + { + "name": "Ipfix", + "privId": "DVPortgroup.Ipfix", + "privGroupName": "DVPortgroup", + "onParent": false + }, + { + "name": "Delete", + "privId": "DVPortgroup.Delete", + "privGroupName": "DVPortgroup", + "onParent": true + }, + { + "name": "AddStandaloneHost", + "privId": "Host.Inventory.AddStandaloneHost", + "privGroupName": "Host.Inventory", + "onParent": false + }, + { + "name": "CreateCluster", + "privId": "Host.Inventory.CreateCluster", + "privGroupName": "Host.Inventory", + "onParent": false + }, + { + "name": "AddHostToCluster", + "privId": "Host.Inventory.AddHostToCluster", + "privGroupName": "Host.Inventory", + "onParent": false + }, + { + "name": "RemoveHostFromCluster", + "privId": "Host.Inventory.RemoveHostFromCluster", + "privGroupName": "Host.Inventory", + "onParent": true + }, + { + "name": "MoveCluster", + "privId": "Host.Inventory.MoveCluster", + "privGroupName": "Host.Inventory", + "onParent": false + }, + { + "name": "RenameCluster", + "privId": "Host.Inventory.RenameCluster", + "privGroupName": "Host.Inventory", + "onParent": false + }, + { + "name": "DeleteCluster", + "privId": "Host.Inventory.DeleteCluster", + "privGroupName": "Host.Inventory", + "onParent": true + }, + { + "name": "EditCluster", + "privId": "Host.Inventory.EditCluster", + "privGroupName": "Host.Inventory", + "onParent": false + }, + { + "name": "MoveHost", + "privId": "Host.Inventory.MoveHost", + "privGroupName": "Host.Inventory", + "onParent": false + }, + { + "name": "HbrManagement", + "privId": "Host.Hbr.HbrManagement", + "privGroupName": "Host.Hbr", + "onParent": false + }, + { + "name": "AuthenticationStore", + "privId": "Host.Config.AuthenticationStore", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "SystemManagement", + "privId": "Host.Config.SystemManagement", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Connection", + "privId": "Host.Config.Connection", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Maintenance", + "privId": "Host.Config.Maintenance", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "AutoStart", + "privId": "Host.Config.AutoStart", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "HyperThreading", + "privId": "Host.Config.HyperThreading", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Storage", + "privId": "Host.Config.Storage", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "NetService", + "privId": "Host.Config.NetService", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Memory", + "privId": "Host.Config.Memory", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Network", + "privId": "Host.Config.Network", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "AdvancedConfig", + "privId": "Host.Config.AdvancedConfig", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Resources", + "privId": "Host.Config.Resources", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Snmp", + "privId": "Host.Config.Snmp", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "DateTime", + "privId": "Host.Config.DateTime", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "PciPassthru", + "privId": "Host.Config.PciPassthru", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Settings", + "privId": "Host.Config.Settings", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Patch", + "privId": "Host.Config.Patch", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Firmware", + "privId": "Host.Config.Firmware", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Power", + "privId": "Host.Config.Power", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Image", + "privId": "Host.Config.Image", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Quarantine", + "privId": "Host.Config.Quarantine", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "Nvdimm", + "privId": "Host.Config.Nvdimm", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "InstallAgent", + "privId": "Host.Local.InstallAgent", + "privGroupName": "Host.Local", + "onParent": false + }, + { + "name": "ManageUserGroups", + "privId": "Host.Local.ManageUserGroups", + "privGroupName": "Host.Local", + "onParent": false + }, + { + "name": "CreateVM", + "privId": "Host.Local.CreateVM", + "privGroupName": "Host.Local", + "onParent": false + }, + { + "name": "ReconfigVM", + "privId": "Host.Local.ReconfigVM", + "privGroupName": "Host.Local", + "onParent": false + }, + { + "name": "DeleteVM", + "privId": "Host.Local.DeleteVM", + "privGroupName": "Host.Local", + "onParent": false + }, + { + "name": "CimInteraction", + "privId": "Host.Cim.CimInteraction", + "privGroupName": "Host.Cim", + "onParent": false + }, + { + "name": "Create", + "privId": "VirtualMachine.Inventory.Create", + "privGroupName": "VirtualMachine.Inventory", + "onParent": false + }, + { + "name": "CreateFromExisting", + "privId": "VirtualMachine.Inventory.CreateFromExisting", + "privGroupName": "VirtualMachine.Inventory", + "onParent": false + }, + { + "name": "Register", + "privId": "VirtualMachine.Inventory.Register", + "privGroupName": "VirtualMachine.Inventory", + "onParent": false + }, + { + "name": "Delete", + "privId": "VirtualMachine.Inventory.Delete", + "privGroupName": "VirtualMachine.Inventory", + "onParent": true + }, + { + "name": "Unregister", + "privId": "VirtualMachine.Inventory.Unregister", + "privGroupName": "VirtualMachine.Inventory", + "onParent": true + }, + { + "name": "Move", + "privId": "VirtualMachine.Inventory.Move", + "privGroupName": "VirtualMachine.Inventory", + "onParent": false + }, + { + "name": "PowerOn", + "privId": "VirtualMachine.Interact.PowerOn", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "PowerOff", + "privId": "VirtualMachine.Interact.PowerOff", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "Suspend", + "privId": "VirtualMachine.Interact.Suspend", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "Reset", + "privId": "VirtualMachine.Interact.Reset", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "Pause", + "privId": "VirtualMachine.Interact.Pause", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "AnswerQuestion", + "privId": "VirtualMachine.Interact.AnswerQuestion", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "ConsoleInteract", + "privId": "VirtualMachine.Interact.ConsoleInteract", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "DeviceConnection", + "privId": "VirtualMachine.Interact.DeviceConnection", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "SetCDMedia", + "privId": "VirtualMachine.Interact.SetCDMedia", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "SetFloppyMedia", + "privId": "VirtualMachine.Interact.SetFloppyMedia", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "ToolsInstall", + "privId": "VirtualMachine.Interact.ToolsInstall", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "GuestControl", + "privId": "VirtualMachine.Interact.GuestControl", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "DefragmentAllDisks", + "privId": "VirtualMachine.Interact.DefragmentAllDisks", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "CreateSecondary", + "privId": "VirtualMachine.Interact.CreateSecondary", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "TurnOffFaultTolerance", + "privId": "VirtualMachine.Interact.TurnOffFaultTolerance", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "MakePrimary", + "privId": "VirtualMachine.Interact.MakePrimary", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "TerminateFaultTolerantVM", + "privId": "VirtualMachine.Interact.TerminateFaultTolerantVM", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "DisableSecondary", + "privId": "VirtualMachine.Interact.DisableSecondary", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "EnableSecondary", + "privId": "VirtualMachine.Interact.EnableSecondary", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "Record", + "privId": "VirtualMachine.Interact.Record", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "Replay", + "privId": "VirtualMachine.Interact.Replay", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "Backup", + "privId": "VirtualMachine.Interact.Backup", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "CreateScreenshot", + "privId": "VirtualMachine.Interact.CreateScreenshot", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "PutUsbScanCodes", + "privId": "VirtualMachine.Interact.PutUsbScanCodes", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "SESparseMaintenance", + "privId": "VirtualMachine.Interact.SESparseMaintenance", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "DnD", + "privId": "VirtualMachine.Interact.DnD", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "Query", + "privId": "VirtualMachine.GuestOperations.Query", + "privGroupName": "VirtualMachine.GuestOperations", + "onParent": false + }, + { + "name": "Modify", + "privId": "VirtualMachine.GuestOperations.Modify", + "privGroupName": "VirtualMachine.GuestOperations", + "onParent": false + }, + { + "name": "Execute", + "privId": "VirtualMachine.GuestOperations.Execute", + "privGroupName": "VirtualMachine.GuestOperations", + "onParent": false + }, + { + "name": "QueryAliases", + "privId": "VirtualMachine.GuestOperations.QueryAliases", + "privGroupName": "VirtualMachine.GuestOperations", + "onParent": false + }, + { + "name": "ModifyAliases", + "privId": "VirtualMachine.GuestOperations.ModifyAliases", + "privGroupName": "VirtualMachine.GuestOperations", + "onParent": false + }, + { + "name": "Rename", + "privId": "VirtualMachine.Config.Rename", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "Annotation", + "privId": "VirtualMachine.Config.Annotation", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "AddExistingDisk", + "privId": "VirtualMachine.Config.AddExistingDisk", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "AddNewDisk", + "privId": "VirtualMachine.Config.AddNewDisk", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "RemoveDisk", + "privId": "VirtualMachine.Config.RemoveDisk", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "RawDevice", + "privId": "VirtualMachine.Config.RawDevice", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "HostUSBDevice", + "privId": "VirtualMachine.Config.HostUSBDevice", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "CPUCount", + "privId": "VirtualMachine.Config.CPUCount", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "Memory", + "privId": "VirtualMachine.Config.Memory", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "AddRemoveDevice", + "privId": "VirtualMachine.Config.AddRemoveDevice", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "EditDevice", + "privId": "VirtualMachine.Config.EditDevice", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "Settings", + "privId": "VirtualMachine.Config.Settings", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "Resource", + "privId": "VirtualMachine.Config.Resource", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "UpgradeVirtualHardware", + "privId": "VirtualMachine.Config.UpgradeVirtualHardware", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "ResetGuestInfo", + "privId": "VirtualMachine.Config.ResetGuestInfo", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "ToggleForkParent", + "privId": "VirtualMachine.Config.ToggleForkParent", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "AdvancedConfig", + "privId": "VirtualMachine.Config.AdvancedConfig", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "DiskLease", + "privId": "VirtualMachine.Config.DiskLease", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "SwapPlacement", + "privId": "VirtualMachine.Config.SwapPlacement", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "DiskExtend", + "privId": "VirtualMachine.Config.DiskExtend", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "ChangeTracking", + "privId": "VirtualMachine.Config.ChangeTracking", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "QueryUnownedFiles", + "privId": "VirtualMachine.Config.QueryUnownedFiles", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "ReloadFromPath", + "privId": "VirtualMachine.Config.ReloadFromPath", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "QueryFTCompatibility", + "privId": "VirtualMachine.Config.QueryFTCompatibility", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "MksControl", + "privId": "VirtualMachine.Config.MksControl", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "ManagedBy", + "privId": "VirtualMachine.Config.ManagedBy", + "privGroupName": "VirtualMachine.Config", + "onParent": false + }, + { + "name": "CreateSnapshot", + "privId": "VirtualMachine.State.CreateSnapshot", + "privGroupName": "VirtualMachine.State", + "onParent": false + }, + { + "name": "RevertToSnapshot", + "privId": "VirtualMachine.State.RevertToSnapshot", + "privGroupName": "VirtualMachine.State", + "onParent": false + }, + { + "name": "RemoveSnapshot", + "privId": "VirtualMachine.State.RemoveSnapshot", + "privGroupName": "VirtualMachine.State", + "onParent": false + }, + { + "name": "RenameSnapshot", + "privId": "VirtualMachine.State.RenameSnapshot", + "privGroupName": "VirtualMachine.State", + "onParent": false + }, + { + "name": "ConfigureReplication", + "privId": "VirtualMachine.Hbr.ConfigureReplication", + "privGroupName": "VirtualMachine.Hbr", + "onParent": false + }, + { + "name": "ReplicaManagement", + "privId": "VirtualMachine.Hbr.ReplicaManagement", + "privGroupName": "VirtualMachine.Hbr", + "onParent": false + }, + { + "name": "MonitorReplication", + "privId": "VirtualMachine.Hbr.MonitorReplication", + "privGroupName": "VirtualMachine.Hbr", + "onParent": false + }, + { + "name": "Customize", + "privId": "VirtualMachine.Provisioning.Customize", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "Clone", + "privId": "VirtualMachine.Provisioning.Clone", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "PromoteDisks", + "privId": "VirtualMachine.Provisioning.PromoteDisks", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "CreateTemplateFromVM", + "privId": "VirtualMachine.Provisioning.CreateTemplateFromVM", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "DeployTemplate", + "privId": "VirtualMachine.Provisioning.DeployTemplate", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "CloneTemplate", + "privId": "VirtualMachine.Provisioning.CloneTemplate", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "MarkAsTemplate", + "privId": "VirtualMachine.Provisioning.MarkAsTemplate", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "MarkAsVM", + "privId": "VirtualMachine.Provisioning.MarkAsVM", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "ReadCustSpecs", + "privId": "VirtualMachine.Provisioning.ReadCustSpecs", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "ModifyCustSpecs", + "privId": "VirtualMachine.Provisioning.ModifyCustSpecs", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "DiskRandomAccess", + "privId": "VirtualMachine.Provisioning.DiskRandomAccess", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "DiskRandomRead", + "privId": "VirtualMachine.Provisioning.DiskRandomRead", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "FileRandomAccess", + "privId": "VirtualMachine.Provisioning.FileRandomAccess", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "GetVmFiles", + "privId": "VirtualMachine.Provisioning.GetVmFiles", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "PutVmFiles", + "privId": "VirtualMachine.Provisioning.PutVmFiles", + "privGroupName": "VirtualMachine.Provisioning", + "onParent": false + }, + { + "name": "Management", + "privId": "VirtualMachine.Namespace.Management", + "privGroupName": "VirtualMachine.Namespace", + "onParent": false + }, + { + "name": "Query", + "privId": "VirtualMachine.Namespace.Query", + "privGroupName": "VirtualMachine.Namespace", + "onParent": false + }, + { + "name": "ModifyContent", + "privId": "VirtualMachine.Namespace.ModifyContent", + "privGroupName": "VirtualMachine.Namespace", + "onParent": false + }, + { + "name": "ReadContent", + "privId": "VirtualMachine.Namespace.ReadContent", + "privGroupName": "VirtualMachine.Namespace", + "onParent": false + }, + { + "name": "Event", + "privId": "VirtualMachine.Namespace.Event", + "privGroupName": "VirtualMachine.Namespace", + "onParent": false + }, + { + "name": "EventNotify", + "privId": "VirtualMachine.Namespace.EventNotify", + "privGroupName": "VirtualMachine.Namespace", + "onParent": false + }, + { + "name": "AssignVMToPool", + "privId": "Resource.AssignVMToPool", + "privGroupName": "Resource", + "onParent": false + }, + { + "name": "AssignVAppToPool", + "privId": "Resource.AssignVAppToPool", + "privGroupName": "Resource", + "onParent": false + }, + { + "name": "ApplyRecommendation", + "privId": "Resource.ApplyRecommendation", + "privGroupName": "Resource", + "onParent": false + }, + { + "name": "CreatePool", + "privId": "Resource.CreatePool", + "privGroupName": "Resource", + "onParent": false + }, + { + "name": "RenamePool", + "privId": "Resource.RenamePool", + "privGroupName": "Resource", + "onParent": false + }, + { + "name": "EditPool", + "privId": "Resource.EditPool", + "privGroupName": "Resource", + "onParent": true + }, + { + "name": "MovePool", + "privId": "Resource.MovePool", + "privGroupName": "Resource", + "onParent": false + }, + { + "name": "DeletePool", + "privId": "Resource.DeletePool", + "privGroupName": "Resource", + "onParent": true + }, + { + "name": "HotMigrate", + "privId": "Resource.HotMigrate", + "privGroupName": "Resource", + "onParent": false + }, + { + "name": "ColdMigrate", + "privId": "Resource.ColdMigrate", + "privGroupName": "Resource", + "onParent": false + }, + { + "name": "QueryVMotion", + "privId": "Resource.QueryVMotion", + "privGroupName": "Resource", + "onParent": false + }, + { + "name": "Create", + "privId": "Alarm.Create", + "privGroupName": "Alarm", + "onParent": false + }, + { + "name": "Delete", + "privId": "Alarm.Delete", + "privGroupName": "Alarm", + "onParent": false + }, + { + "name": "Edit", + "privId": "Alarm.Edit", + "privGroupName": "Alarm", + "onParent": false + }, + { + "name": "Acknowledge", + "privId": "Alarm.Acknowledge", + "privGroupName": "Alarm", + "onParent": false + }, + { + "name": "SetStatus", + "privId": "Alarm.SetStatus", + "privGroupName": "Alarm", + "onParent": false + }, + { + "name": "DisableActions", + "privId": "Alarm.DisableActions", + "privGroupName": "Alarm", + "onParent": false + }, + { + "name": "Create", + "privId": "Task.Create", + "privGroupName": "Task", + "onParent": false + }, + { + "name": "Update", + "privId": "Task.Update", + "privGroupName": "Task", + "onParent": false + }, + { + "name": "Create", + "privId": "ScheduledTask.Create", + "privGroupName": "ScheduledTask", + "onParent": false + }, + { + "name": "Delete", + "privId": "ScheduledTask.Delete", + "privGroupName": "ScheduledTask", + "onParent": false + }, + { + "name": "Run", + "privId": "ScheduledTask.Run", + "privGroupName": "ScheduledTask", + "onParent": false + }, + { + "name": "Edit", + "privId": "ScheduledTask.Edit", + "privGroupName": "ScheduledTask", + "onParent": false + }, + { + "name": "TerminateSession", + "privId": "Sessions.TerminateSession", + "privGroupName": "Sessions", + "onParent": false + }, + { + "name": "ValidateSession", + "privId": "Sessions.ValidateSession", + "privGroupName": "Sessions", + "onParent": false + }, + { + "name": "GlobalMessage", + "privId": "Sessions.GlobalMessage", + "privGroupName": "Sessions", + "onParent": false + }, + { + "name": "ImpersonateUser", + "privId": "Sessions.ImpersonateUser", + "privGroupName": "Sessions", + "onParent": false + }, + { + "name": "ModifyIntervals", + "privId": "Performance.ModifyIntervals", + "privGroupName": "Performance", + "onParent": false + }, + { + "name": "ModifyRoles", + "privId": "Authorization.ModifyRoles", + "privGroupName": "Authorization", + "onParent": false + }, + { + "name": "ReassignRolePermissions", + "privId": "Authorization.ReassignRolePermissions", + "privGroupName": "Authorization", + "onParent": false + }, + { + "name": "ModifyPermissions", + "privId": "Authorization.ModifyPermissions", + "privGroupName": "Authorization", + "onParent": false + }, + { + "name": "Register", + "privId": "Extension.Register", + "privGroupName": "Extension", + "onParent": false + }, + { + "name": "Update", + "privId": "Extension.Update", + "privGroupName": "Extension", + "onParent": false + }, + { + "name": "Unregister", + "privId": "Extension.Unregister", + "privGroupName": "Extension", + "onParent": false + }, + { + "name": "ResourceConfig", + "privId": "VApp.ResourceConfig", + "privGroupName": "VApp", + "onParent": true + }, + { + "name": "InstanceConfig", + "privId": "VApp.InstanceConfig", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "ApplicationConfig", + "privId": "VApp.ApplicationConfig", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "ManagedByConfig", + "privId": "VApp.ManagedByConfig", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "Export", + "privId": "VApp.Export", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "Import", + "privId": "VApp.Import", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "ExtractOvfEnvironment", + "privId": "VApp.ExtractOvfEnvironment", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "AssignVM", + "privId": "VApp.AssignVM", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "AssignResourcePool", + "privId": "VApp.AssignResourcePool", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "AssignVApp", + "privId": "VApp.AssignVApp", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "Clone", + "privId": "VApp.Clone", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "Create", + "privId": "VApp.Create", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "Delete", + "privId": "VApp.Delete", + "privGroupName": "VApp", + "onParent": true + }, + { + "name": "Unregister", + "privId": "VApp.Unregister", + "privGroupName": "VApp", + "onParent": true + }, + { + "name": "Move", + "privId": "VApp.Move", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "PowerOn", + "privId": "VApp.PowerOn", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "PowerOff", + "privId": "VApp.PowerOff", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "Suspend", + "privId": "VApp.Suspend", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "Rename", + "privId": "VApp.Rename", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "Create", + "privId": "Profile.Create", + "privGroupName": "Profile", + "onParent": false + }, + { + "name": "Delete", + "privId": "Profile.Delete", + "privGroupName": "Profile", + "onParent": false + }, + { + "name": "Edit", + "privId": "Profile.Edit", + "privGroupName": "Profile", + "onParent": false + }, + { + "name": "View", + "privId": "Profile.View", + "privGroupName": "Profile", + "onParent": false + }, + { + "name": "Clear", + "privId": "Profile.Clear", + "privGroupName": "Profile", + "onParent": false + }, + { + "name": "Export", + "privId": "Profile.Export", + "privGroupName": "Profile", + "onParent": false + }, + { + "name": "Config", + "privId": "EAM.Config", + "privGroupName": "EAM", + "onParent": false + }, + { + "name": "Modify", + "privId": "EAM.Modify", + "privGroupName": "EAM", + "onParent": false + }, + { + "name": "View", + "privId": "EAM.View", + "privGroupName": "EAM", + "onParent": false + }, + { + "name": "Config", + "privId": "StoragePod.Config", + "privGroupName": "StoragePod", + "onParent": false + }, + { + "name": "Manage", + "privId": "Certificate.Manage", + "privGroupName": "Certificate", + "onParent": false + }, + { + "name": "Register", + "privId": "HealthUpdateProvider.Register", + "privGroupName": "HealthUpdateProvider", + "onParent": false + }, + { + "name": "Update", + "privId": "HealthUpdateProvider.Update", + "privGroupName": "HealthUpdateProvider", + "onParent": false + }, + { + "name": "Unregister", + "privId": "HealthUpdateProvider.Unregister", + "privGroupName": "HealthUpdateProvider", + "onParent": false + }, + { + "name": "Register", + "privId": "ExternalStatsProvider.Register", + "privGroupName": "ExternalStatsProvider", + "onParent": false + }, + { + "name": "Update", + "privId": "ExternalStatsProvider.Update", + "privGroupName": "ExternalStatsProvider", + "onParent": false + }, + { + "name": "Unregister", + "privId": "ExternalStatsProvider.Unregister", + "privGroupName": "ExternalStatsProvider", + "onParent": false + }, + { + "name": "ManageKeys", + "privId": "Cryptographer.ManageKeys", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "ManageKeyServers", + "privId": "Cryptographer.ManageKeyServers", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "ManageEncryptionPolicy", + "privId": "Cryptographer.ManageEncryptionPolicy", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "Access", + "privId": "Cryptographer.Access", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "RegisterHost", + "privId": "Cryptographer.RegisterHost", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "EncryptNew", + "privId": "Cryptographer.EncryptNew", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "Encrypt", + "privId": "Cryptographer.Encrypt", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "Decrypt", + "privId": "Cryptographer.Decrypt", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "RegisterVM", + "privId": "Cryptographer.RegisterVM", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "Migrate", + "privId": "Cryptographer.Migrate", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "Recrypt", + "privId": "Cryptographer.Recrypt", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "AddDisk", + "privId": "Cryptographer.AddDisk", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "Clone", + "privId": "Cryptographer.Clone", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "Query", + "privId": "TenantManager.Query", + "privGroupName": "TenantManager", + "onParent": false + }, + { + "name": "com.vmware.vcHms.Session.Terminate", + "privId": "HmsSession.com.vmware.vcHms.Session.Terminate", + "privGroupName": "HmsSession", + "onParent": false + }, + { + "name": "AttachTag", + "privId": "InventoryService.Tagging.AttachTag", + "privGroupName": "InventoryService.Tagging", + "onParent": true + }, + { + "name": "com.vmware.vcDr.SystemLogs", + "privId": "VcDr.Diagnostics.com.vmware.vcDr.SystemLogs", + "privGroupName": "VcDr.Diagnostics", + "onParent": false + }, + { + "name": "ModifyUsedByForCategory", + "privId": "InventoryService.Tagging.ModifyUsedByForCategory", + "privGroupName": "InventoryService.Tagging", + "onParent": true + }, + { + "name": "Searchable", + "privId": "Cns.Searchable", + "privGroupName": "Cns", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Edit", + "privId": "VcDr.PlaceholderDatastoreManager.com.vmware.vcDr.Edit", + "privGroupName": "VcDr.PlaceholderDatastoreManager", + "onParent": false + }, + { + "name": "GuestStore", + "privId": "Host.Config.GuestStore", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "ReadTrustedHosts", + "privId": "TrustedAdmin.ReadTrustedHosts", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "EvictLibraryItem", + "privId": "ContentLibrary.EvictLibraryItem", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "DeleteCategory", + "privId": "InventoryService.Tagging.DeleteCategory", + "privGroupName": "InventoryService.Tagging", + "onParent": true + }, + { + "name": "ReadKMSTrust", + "privId": "TrustedAdmin.ReadKMSTrust", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "com.vmware.vcDr.ViewDeleted", + "privId": "VcDr.RecoveryHistoryManager.com.vmware.vcDr.ViewDeleted", + "privGroupName": "VcDr.RecoveryHistoryManager", + "onParent": false + }, + { + "name": "TypeIntrospection", + "privId": "ContentLibrary.TypeIntrospection", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "ConfigureHostMetadata", + "privId": "TrustedAdmin.ConfigureHostMetadata", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Edit", + "privId": "VcDr.ProtectionProfile.com.vmware.vcDr.Edit", + "privGroupName": "VcDr.ProtectionProfile", + "onParent": false + }, + { + "name": "GetConfiguration", + "privId": "ContentLibrary.GetConfiguration", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Delete", + "privId": "VcDr.RecoveryHistoryManager.com.vmware.vcDr.Delete", + "privGroupName": "VcDr.RecoveryHistoryManager", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Edit", + "privId": "VcDr.InventoryMapper.com.vmware.vcDr.Edit", + "privGroupName": "VcDr.InventoryMapper", + "onParent": false + }, + { + "name": "Manage", + "privId": "CertificateManagement.Manage", + "privGroupName": "CertificateManagement", + "onParent": false + }, + { + "name": "SuspendToMemory", + "privId": "VirtualMachine.Interact.SuspendToMemory", + "privGroupName": "VirtualMachine.Interact", + "onParent": false + }, + { + "name": "EditTag", + "privId": "InventoryService.Tagging.EditTag", + "privGroupName": "InventoryService.Tagging", + "onParent": true + }, + { + "name": "UpdateSession", + "privId": "ContentLibrary.UpdateSession", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "AssociateMachine", + "privId": "AutoDeploy.Host.AssociateMachine", + "privGroupName": "AutoDeploy.Host", + "onParent": false + }, + { + "name": "com.vmware.vcIntegrity.ViewStatus", + "privId": "VcIntegrity.Updates.com.vmware.vcIntegrity.ViewStatus", + "privGroupName": "VcIntegrity.Updates", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Edit", + "privId": "VcDr.Autoprotect.com.vmware.vcDr.Edit", + "privGroupName": "VcDr.Autoprotect", + "onParent": false + }, + { + "name": "AddSubscription", + "privId": "ContentLibrary.AddSubscription", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "DeleteSubscription", + "privId": "ContentLibrary.DeleteSubscription", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "UpdateLibrary", + "privId": "ContentLibrary.UpdateLibrary", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "com.vmware.vcDr.ConfigureServerCommands", + "privId": "VcDr.RecoveryProfile.com.vmware.vcDr.ConfigureServerCommands", + "privGroupName": "VcDr.RecoveryProfile", + "onParent": false + }, + { + "name": "Monitor", + "privId": "TransferService.Monitor", + "privGroupName": "TransferService", + "onParent": false + }, + { + "name": "ModifyUsedByForTag", + "privId": "InventoryService.Tagging.ModifyUsedByForTag", + "privGroupName": "InventoryService.Tagging", + "onParent": true + }, + { + "name": "com.vmware.vcIntegrity.Configure", + "privId": "VcIntegrity.General.com.vmware.vcIntegrity.Configure", + "privGroupName": "VcIntegrity.General", + "onParent": false + }, + { + "name": "ReadKeyServersInfo", + "privId": "Cryptographer.ReadKeyServersInfo", + "privGroupName": "Cryptographer", + "onParent": false + }, + { + "name": "SyncLibraryItem", + "privId": "ContentLibrary.SyncLibraryItem", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "Create", + "privId": "AutoDeploy.Rule.Create", + "privGroupName": "AutoDeploy.Rule", + "onParent": false + }, + { + "name": "com.vmware.vcHms.Replication.View", + "privId": "HmsReplication.com.vmware.vcHms.Replication.View", + "privGroupName": "HmsReplication", + "onParent": false + }, + { + "name": "UpdateSubscribedLibrary", + "privId": "ContentLibrary.UpdateSubscribedLibrary", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "ShallowRekey", + "privId": "Vsan.Cluster.ShallowRekey", + "privGroupName": "Vsan.Cluster", + "onParent": false + }, + { + "name": "PullFromUrls", + "privId": "VApp.PullFromUrls", + "privGroupName": "VApp", + "onParent": false + }, + { + "name": "Activate", + "privId": "AutoDeploy.RuleSet.Activate", + "privGroupName": "AutoDeploy.RuleSet", + "onParent": false + }, + { + "name": "com.vmware.vcHms.Hms.Manage", + "privId": "HmsRemote.com.vmware.vcHms.Hms.Manage", + "privGroupName": "HmsRemote", + "onParent": false + }, + { + "name": "com.vmware.vcDr.RemoveFromRecoveryPlan", + "privId": "VcDr.ProtectionProfile.com.vmware.vcDr.RemoveFromRecoveryPlan", + "privGroupName": "VcDr.ProtectionProfile", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Create", + "privId": "VcDr.ProtectionProfile.com.vmware.vcDr.Create", + "privGroupName": "VcDr.ProtectionProfile", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Protect", + "privId": "VirtualMachine.Replication.com.vmware.vcDr.Protect", + "privGroupName": "VirtualMachine.Replication", + "onParent": false + }, + { + "name": "UpdateLibraryItem", + "privId": "ContentLibrary.UpdateLibraryItem", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Run", + "privId": "VcDr.RecoveryProfile.com.vmware.vcDr.Run", + "privGroupName": "VcDr.RecoveryProfile", + "onParent": false + }, + { + "name": "DeleteLibraryItem", + "privId": "ContentLibrary.DeleteLibraryItem", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "com.vmware.vcDr.InternalAccess", + "privId": "VcDr.Internal.com.vmware.vcDr.InternalAccess", + "privGroupName": "VcDr.Internal", + "onParent": false + }, + { + "name": "DestroyDependency", + "privId": "vService.DestroyDependency", + "privGroupName": "vService", + "onParent": false + }, + { + "name": "CreateTag", + "privId": "InventoryService.Tagging.CreateTag", + "privGroupName": "InventoryService.Tagging", + "onParent": true + }, + { + "name": "UpdateDependency", + "privId": "vService.UpdateDependency", + "privGroupName": "vService", + "onParent": false + }, + { + "name": "DeleteTag", + "privId": "InventoryService.Tagging.DeleteTag", + "privGroupName": "InventoryService.Tagging", + "onParent": true + }, + { + "name": "com.vmware.vcDr.Edit", + "privId": "VcDr.OptionManager.com.vmware.vcDr.Edit", + "privGroupName": "VcDr.OptionManager", + "onParent": false + }, + { + "name": "Edit", + "privId": "AutoDeploy.Rule.Edit", + "privGroupName": "AutoDeploy.Rule", + "onParent": false + }, + { + "name": "Update", + "privId": "TenantManager.Update", + "privGroupName": "TenantManager", + "onParent": false + }, + { + "name": "SyncLibrary", + "privId": "ContentLibrary.SyncLibrary", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "RetrieveTPMHostCertificates", + "privId": "TrustedAdmin.RetrieveTPMHostCertificates", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "UpdateConfiguration", + "privId": "ContentLibrary.UpdateConfiguration", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Edit", + "privId": "VcDr.RemoteSite.com.vmware.vcDr.Edit", + "privGroupName": "VcDr.RemoteSite", + "onParent": false + }, + { + "name": "Edit", + "privId": "AutoDeploy.RuleSet.Edit", + "privGroupName": "AutoDeploy.RuleSet", + "onParent": false + }, + { + "name": "com.vmware.vcIntegrity.Stage", + "privId": "VcIntegrity.Updates.com.vmware.vcIntegrity.Stage", + "privGroupName": "VcIntegrity.Updates", + "onParent": false + }, + { + "name": "GetData", + "privId": "GuestDataPublisher.GetData", + "privGroupName": "GuestDataPublisher", + "onParent": false + }, + { + "name": "PublishLibraryItem", + "privId": "ContentLibrary.PublishLibraryItem", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Protect", + "privId": "Datastore.Replication.com.vmware.vcDr.Protect", + "privGroupName": "Datastore.Replication", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Reprotect", + "privId": "VcDr.RecoveryProfile.com.vmware.vcDr.Reprotect", + "privGroupName": "VcDr.RecoveryProfile", + "onParent": false + }, + { + "name": "UpdateSubscription", + "privId": "ContentLibrary.UpdateSubscription", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "com.vmware.vcHms.Hbr.Manage", + "privId": "HmsRemote.com.vmware.vcHms.Hbr.Manage", + "privGroupName": "HmsRemote", + "onParent": false + }, + { + "name": "DownloadSession", + "privId": "ContentLibrary.DownloadSession", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Create", + "privId": "VcDr.RecoveryProfile.com.vmware.vcDr.Create", + "privGroupName": "VcDr.RecoveryProfile", + "onParent": false + }, + { + "name": "com.vmware.vcDr.RecoveryUse", + "privId": "Resource.com.vmware.vcDr.RecoveryUse", + "privGroupName": "Resource", + "onParent": false + }, + { + "name": "ReconfigureDependency", + "privId": "vService.ReconfigureDependency", + "privGroupName": "vService", + "onParent": false + }, + { + "name": "com.vmware.vcHms.Diagnostics.Manage", + "privId": "HmsDiagnostics.com.vmware.vcHms.Diagnostics.Manage", + "privGroupName": "HmsDiagnostics", + "onParent": false + }, + { + "name": "ReadAttestingSSO", + "privId": "TrustedAdmin.ReadAttestingSSO", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "com.vmware.vcHms.Hbr.View", + "privId": "HmsRemote.com.vmware.vcHms.Hbr.View", + "privGroupName": "HmsRemote", + "onParent": false + }, + { + "name": "ConfigureHostCertificates", + "privId": "TrustedAdmin.ConfigureHostCertificates", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "ConfigureTokenConversionPolicy", + "privId": "TrustedAdmin.ConfigureTokenConversionPolicy", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "DeleteLocalLibrary", + "privId": "ContentLibrary.DeleteLocalLibrary", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "Edit", + "privId": "AutoDeploy.Profile.Edit", + "privGroupName": "AutoDeploy.Profile", + "onParent": false + }, + { + "name": "com.vmware.vcDr.AssignToRecoveryPlan", + "privId": "VcDr.ProtectionProfile.com.vmware.vcDr.AssignToRecoveryPlan", + "privGroupName": "VcDr.ProtectionProfile", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Delete", + "privId": "VcDr.ProtectionProfile.com.vmware.vcDr.Delete", + "privGroupName": "VcDr.ProtectionProfile", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Delete", + "privId": "VcDr.RecoveryProfile.com.vmware.vcDr.Delete", + "privGroupName": "VcDr.RecoveryProfile", + "onParent": false + }, + { + "name": "ModifyPrivileges", + "privId": "Authorization.ModifyPrivileges", + "privGroupName": "Authorization", + "onParent": false + }, + { + "name": "Update", + "privId": "StorageProfile.Update", + "privGroupName": "StorageProfile", + "onParent": false + }, + { + "name": "EvictSubscribedLibrary", + "privId": "ContentLibrary.EvictSubscribedLibrary", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "com.vmware.vcIntegrity.AssignBaselines", + "privId": "VcIntegrity.Baseline.com.vmware.vcIntegrity.AssignBaselines", + "privGroupName": "VcIntegrity.Baseline", + "onParent": false + }, + { + "name": "com.vmware.vcIntegrity.Scan", + "privId": "VcIntegrity.Updates.com.vmware.vcIntegrity.Scan", + "privGroupName": "VcIntegrity.Updates", + "onParent": false + }, + { + "name": "DeleteSubscribedLibrary", + "privId": "ContentLibrary.DeleteSubscribedLibrary", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "View", + "privId": "StorageProfile.View", + "privGroupName": "StorageProfile", + "onParent": false + }, + { + "name": "ManageAttestingSSO", + "privId": "TrustedAdmin.ManageAttestingSSO", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "ImportStorage", + "privId": "ContentLibrary.ImportStorage", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "Manage", + "privId": "TransferService.Manage", + "privGroupName": "TransferService", + "onParent": false + }, + { + "name": "ConfigureService", + "privId": "StorageViews.ConfigureService", + "privGroupName": "StorageViews", + "onParent": false + }, + { + "name": "Administer", + "privId": "CertificateManagement.Administer", + "privGroupName": "CertificateManagement", + "onParent": false + }, + { + "name": "ManageKMSTrust", + "privId": "TrustedAdmin.ManageKMSTrust", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "ProductLocker", + "privId": "Host.Config.ProductLocker", + "privGroupName": "Host.Config", + "onParent": false + }, + { + "name": "com.vmware.vcHms.Mappings.Manage", + "privId": "HmsDatastoreMapper.com.vmware.vcHms.Mappings.Manage", + "privGroupName": "HmsDatastoreMapper", + "onParent": false + }, + { + "name": "RetrieveHostMetadata", + "privId": "TrustedAdmin.RetrieveHostMetadata", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "com.vmware.vcHms.Hms.View", + "privId": "HmsRemote.com.vmware.vcHms.Hms.View", + "privGroupName": "HmsRemote", + "onParent": false + }, + { + "name": "CreateSubscribedLibrary", + "privId": "ContentLibrary.CreateSubscribedLibrary", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "ToggleEnableOnEntity", + "privId": "Alarm.ToggleEnableOnEntity", + "privGroupName": "Alarm", + "onParent": false + }, + { + "name": "Delete", + "privId": "AutoDeploy.Rule.Delete", + "privGroupName": "AutoDeploy.Rule", + "onParent": false + }, + { + "name": "com.vmware.vcIntegrity.ManageBaselines", + "privId": "VcIntegrity.Baseline.com.vmware.vcIntegrity.ManageBaselines", + "privGroupName": "VcIntegrity.Baseline", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Unprotect", + "privId": "VirtualMachine.Replication.com.vmware.vcDr.Unprotect", + "privGroupName": "VirtualMachine.Replication", + "onParent": false + }, + { + "name": "com.vmware.vcIntegrity.Remediate", + "privId": "VcIntegrity.Updates.com.vmware.vcIntegrity.Remediate", + "privGroupName": "VcIntegrity.Updates", + "onParent": false + }, + { + "name": "CreateDependency", + "privId": "vService.CreateDependency", + "privGroupName": "vService", + "onParent": false + }, + { + "name": "com.vmware.vcIntegrity.ImportFile", + "privId": "VcIntegrity.FileUpload.com.vmware.vcIntegrity.ImportFile", + "privGroupName": "VcIntegrity.FileUpload", + "onParent": false + }, + { + "name": "ManageTrustedHosts", + "privId": "TrustedAdmin.ManageTrustedHosts", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "ManageClusterLifecyle", + "privId": "Host.Inventory.ManageClusterLifecyle", + "privGroupName": "Host.Inventory", + "onParent": false + }, + { + "name": "Create", + "privId": "AutoDeploy.Profile.Create", + "privGroupName": "AutoDeploy.Profile", + "onParent": false + }, + { + "name": "com.vmware.vcHms.Mappings.View", + "privId": "HmsDatastoreMapper.com.vmware.vcHms.Mappings.View", + "privGroupName": "HmsDatastoreMapper", + "onParent": false + }, + { + "name": "UpdateLocalLibrary", + "privId": "ContentLibrary.UpdateLocalLibrary", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "EditCategory", + "privId": "InventoryService.Tagging.EditCategory", + "privGroupName": "InventoryService.Tagging", + "onParent": true + }, + { + "name": "CreateCategory", + "privId": "InventoryService.Tagging.CreateCategory", + "privGroupName": "InventoryService.Tagging", + "onParent": true + }, + { + "name": "PublishLibrary", + "privId": "ContentLibrary.PublishLibrary", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Edit", + "privId": "VcDr.RecoveryProfile.com.vmware.vcDr.Edit", + "privGroupName": "VcDr.RecoveryProfile", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Configure", + "privId": "VcDr.Storage.com.vmware.vcDr.Configure", + "privGroupName": "VcDr.Storage", + "onParent": false + }, + { + "name": "ReadStsInfo", + "privId": "TrustedAdmin.ReadStsInfo", + "privGroupName": "TrustedAdmin", + "onParent": false + }, + { + "name": "ProbeSubscription", + "privId": "ContentLibrary.ProbeSubscription", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "ReadStorage", + "privId": "ContentLibrary.ReadStorage", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "View", + "privId": "StorageViews.View", + "privGroupName": "StorageViews", + "onParent": false + }, + { + "name": "AddLibraryItem", + "privId": "ContentLibrary.AddLibraryItem", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "CreateLocalLibrary", + "privId": "ContentLibrary.CreateLocalLibrary", + "privGroupName": "ContentLibrary", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Failover", + "privId": "VcDr.RecoveryProfile.com.vmware.vcDr.Failover", + "privGroupName": "VcDr.RecoveryProfile", + "onParent": false + }, + { + "name": "com.vmware.vcDr.Unprotect", + "privId": "Datastore.Replication.com.vmware.vcDr.Unprotect", + "privGroupName": "Datastore.Replication", + "onParent": false + } +] diff --git a/tests/unit/modules/test_roles.py b/tests/unit/modules/test_roles.py new file mode 100644 index 00000000..3f7323f0 --- /dev/null +++ b/tests/unit/modules/test_roles.py @@ -0,0 +1,304 @@ +import json +from unittest.mock import Mock +from unittest.mock import patch + +import pytest +import saltext.vmware.modules.roles as security_roles +import saltext.vmware.utils.drift as drift +from pyVmomi import vim + + +def mock_with_name(name, *args, **kwargs): + # Can't mock name via constructor: https://docs.python.org/3/library/unittest.mock.html#mock-names-and-the-name-attribute + mock = Mock(*args, **kwargs) + mock.name = name + return mock + + +def mock_pyvmomi_role_object(roleId, name, label, new_privileges=[]): + """ + + .. code-block:: json + (vim.AuthorizationManager.Role) { + dynamicType = , + dynamicProperty = (vmodl.DynamicProperty) [], + roleId = 1101, + system = false, + name = 'SrmAdministrator', + info = (vim.Description) { + dynamicType = , + dynamicProperty = (vmodl.DynamicProperty) [], + label = 'SRM Administrator', + summary = 'SRM Administrator' + }, + privilege = (str) [ + 'Datastore.Replication.com.vmware.vcDr.Protect', + 'Datastore.Replication.com.vmware.vcDr.Unprotect', + 'Resource.com.vmware.vcDr.RecoveryUse', + 'StorageProfile.View', + 'System.Anonymous', + 'System.Read', + 'System.View', + ] + } + + Args: + name (str): role name + + Returns: + Mock: mock of role + """ + + privileges = [ + "VcDr.RecoveryHistoryManager.com.vmware.vcDr.Delete", + "VcDr.RecoveryHistoryManager.com.vmware.vcDr.ViewDeleted", + "VirtualMachine.Replication.com.vmware.vcDr.Protect", + "VirtualMachine.Replication.com.vmware.vcDr.Unprotect", + ] + + privileges += new_privileges + + return mock_with_name( + roleId=roleId, + system=False, + name=name, + info=Mock(label=label, summary=label), + privilege=privileges, + spec=vim.AuthorizationManager.Role, + ) + + +@pytest.fixture +def configure_loader_modules(): + return {security_roles: {}} + + +@pytest.fixture( + params=( + { + "old": [ + { + "role": "SRM Administrator", + "privileges": { + "SRM Protection": ["Stop", "Protect"], + "Recovery History": ["Delete History", "View Deleted Plans"], + "Recovery Plan": [ + "Configure commands", + "Create", + "Remove", + "Modify", + "Recovery", + "Reprotect", + "Test", + ], + "Protection Group": ["Assign to plan", "Create", "Modify"], + }, + } + ], + "update": [ + { + "role": "SRM Administrator", + "privileges": { + "SRM Protection": ["Stop", "Protect"], + "Recovery History": ["Delete History", "View Deleted Plans"], + "Recovery Plan": [ + "Configure commands", + "Create", + "Remove", + "Modify", + "Recovery", + ], + "Protection Group": [ + "Assign to plan", + "Create", + "Modify", + "Remove", + "Remove from plan", + ], + "Tasks": ["Create task", "Update task"], + }, + } + ], + "add": [ + { + "role": "Other Role", + "privileges": { + "SRM Protection": ["Stop", "Protect"], + "Recovery History": ["Delete History", "View Deleted Plans"], + "Protection Group": [ + "Assign to plan", + "Create", + "Modify", + "Remove", + "Remove from plan", + ], + }, + } + ], + "vmomi_old": mock_pyvmomi_role_object( + 1101, + "SrmAdministrator", + "SRM Administrator", + [ + "VcDr.ProtectionProfile.com.vmware.vcDr.AssignToRecoveryPlan", + "VcDr.ProtectionProfile.com.vmware.vcDr.Create", + "VcDr.ProtectionProfile.com.vmware.vcDr.Edit", + "VcDr.RecoveryProfile.com.vmware.vcDr.ConfigureServerCommands", + "VcDr.RecoveryProfile.com.vmware.vcDr.Create", + "VcDr.RecoveryProfile.com.vmware.vcDr.Delete", + "VcDr.RecoveryProfile.com.vmware.vcDr.Edit", + "VcDr.RecoveryProfile.com.vmware.vcDr.Failover", + "VcDr.RecoveryProfile.com.vmware.vcDr.Reprotect", + "VcDr.RecoveryProfile.com.vmware.vcDr.Run", + ], + ), + "vmomi_update": mock_pyvmomi_role_object( + 1101, + "SrmAdministrator", + "SRM Administrator", + [ + "VcDr.ProtectionProfile.com.vmware.vcDr.AssignToRecoveryPlan", + "VcDr.ProtectionProfile.com.vmware.vcDr.Create", + "VcDr.ProtectionProfile.com.vmware.vcDr.Edit", + "VcDr.ProtectionProfile.com.vmware.vcDr.Delete", + "VcDr.ProtectionProfile.com.vmware.vcDr.RemoveFromRecoveryPlan", + "VcDr.RecoveryProfile.com.vmware.vcDr.ConfigureServerCommands", + "VcDr.RecoveryProfile.com.vmware.vcDr.Create", + "VcDr.RecoveryProfile.com.vmware.vcDr.Delete", + "VcDr.RecoveryProfile.com.vmware.vcDr.Edit", + "VcDr.RecoveryProfile.com.vmware.vcDr.Failover", + "Task.Create", + "Task.Update", + ], + ), + "vmomi_add": mock_pyvmomi_role_object( + 1102, + "Other Role", + "Other Role", + [ + "VcDr.ProtectionProfile.com.vmware.vcDr.AssignToRecoveryPlan", + "VcDr.ProtectionProfile.com.vmware.vcDr.Create", + "VcDr.ProtectionProfile.com.vmware.vcDr.Edit", + "VcDr.ProtectionProfile.com.vmware.vcDr.Delete", + "VcDr.ProtectionProfile.com.vmware.vcDr.RemoveFromRecoveryPlan", + ], + ), + }, + ) +) +def mocked_roles_data(request, fake_service_instance): + fake_get_service_instance, _ = fake_service_instance + + privilege_descriptions = [] + privilege_group_descriptions = [] + privileges_list = [] + with open("tests/test_files/role-privilege-descriptions.json") as dfile: + descs = json.load(dfile) + for desc in descs: + privilege_descriptions.append(Mock(**desc)) + with open("tests/test_files/role-privilege-group-descriptions.json") as dfile: + descs = json.load(dfile) + for desc in descs: + privilege_group_descriptions.append(Mock(**desc)) + with open("tests/test_files/role-privileges.json") as dfile: + descs = json.load(dfile) + for desc in descs: + privileges_list.append(Mock(**desc)) + + vmomi_old = request.param["vmomi_old"] + vmomi_update = request.param["vmomi_update"] + vmomi_add = request.param["vmomi_add"] + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.description.privilege = ( + privilege_descriptions + ) + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.description.privilegeGroup = ( + privilege_group_descriptions + ) + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.privilegeList = ( + privileges_list + ) + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.roleList = [ + vmomi_old + ] + + def _add_mock(name, privIds): + assert name == vmomi_add.name + privileges = list(vmomi_add.privilege) + privileges.sort() + privIds.sort() + assert privileges == privIds + + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.AddAuthorizationRole = ( + _add_mock + ) + + def _update_mock(roleId, newName, privIds): + assert roleId == 1101 + assert newName == vmomi_update.name + privileges = list(vmomi_update.privilege) + privileges.sort() + privIds.sort() + assert privileges == privIds + + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.UpdateAuthorizationRole = ( + _update_mock + ) + + with patch("pyVmomi.vmodl.query.PropertyCollector.ObjectSpec", autospec=True) as fake_obj_spec: + yield request.param["old"], request.param["update"], request.param["add"] + + +def test_find_roles(mocked_roles_data, fake_service_instance): + _, service_instance = fake_service_instance + current_data, _, _ = mocked_roles_data + ret = security_roles.find( + role_name=current_data[0]["role"], + service_instance=service_instance, + profile="vcenter", + ) + # comparing 2 dict with '==' fails, because of inner lists with different orders, use drift.drift_report + assert drift.drift_report(ret[0], current_data[0]) == {} + + +def test_update_role(mocked_roles_data, fake_service_instance): + _, service_instance = fake_service_instance + old_role, update_role, _ = mocked_roles_data + + ret = security_roles.find( + role_name=old_role[0]["role"], + service_instance=service_instance, + profile="vcenter", + ) + # comparing 2 dict with '==' fails, because of inner lists with different orders, use drift.drift_report + assert drift.drift_report(ret[0], old_role[0]) == {} + + # update existing policy + ret = security_roles.save( + role_config=update_role[0], + service_instance=service_instance, + profile="vcenter", + ) + + assert ret["status"] == "updated" + + +def test_add_role(mocked_roles_data, fake_service_instance): + _, service_instance = fake_service_instance + old_role, _, add_role = mocked_roles_data + + ret = security_roles.find( + role_name=old_role[0]["role"], + service_instance=service_instance, + profile="vcenter", + ) + # comparing 2 dict with '==' fails, because of inner lists with different orders, use drift.drift_report + assert drift.drift_report(ret[0], old_role[0]) == {} + + # update existing policy + ret = security_roles.save( + role_config=add_role[0], + service_instance=service_instance, + profile="vcenter", + ) + + assert ret["status"] == "created" diff --git a/tests/unit/states/test_roles.py b/tests/unit/states/test_roles.py new file mode 100644 index 00000000..0ff95ddf --- /dev/null +++ b/tests/unit/states/test_roles.py @@ -0,0 +1,312 @@ +import json +from unittest.mock import Mock +from unittest.mock import patch + +import pytest +import saltext.vmware.states.roles as security_roles +import saltext.vmware.utils.drift as drift +from pyVmomi import vim + + +def mock_with_name(name, *args, **kwargs): + # Can't mock name via constructor: https://docs.python.org/3/library/unittest.mock.html#mock-names-and-the-name-attribute + mock = Mock(*args, **kwargs) + mock.name = name + return mock + + +def mock_pyvmomi_role_object(roleId, name, label, new_privileges=[]): + """ + + .. code-block:: json + (vim.AuthorizationManager.Role) { + dynamicType = , + dynamicProperty = (vmodl.DynamicProperty) [], + roleId = 1101, + system = false, + name = 'SrmAdministrator', + info = (vim.Description) { + dynamicType = , + dynamicProperty = (vmodl.DynamicProperty) [], + label = 'SRM Administrator', + summary = 'SRM Administrator' + }, + privilege = (str) [ + 'Datastore.Replication.com.vmware.vcDr.Protect', + 'Datastore.Replication.com.vmware.vcDr.Unprotect', + 'Resource.com.vmware.vcDr.RecoveryUse', + 'StorageProfile.View', + 'System.Anonymous', + 'System.Read', + 'System.View', + ] + } + + Args: + name (str): role name + + Returns: + Mock: mock of role + """ + + privileges = [ + "VcDr.RecoveryHistoryManager.com.vmware.vcDr.Delete", + "VcDr.RecoveryHistoryManager.com.vmware.vcDr.ViewDeleted", + "VirtualMachine.Replication.com.vmware.vcDr.Protect", + "VirtualMachine.Replication.com.vmware.vcDr.Unprotect", + ] + + privileges += new_privileges + + return mock_with_name( + roleId=roleId, + system=False, + name=name, + info=Mock(label=label, summary=label), + privilege=privileges, + spec=vim.AuthorizationManager.Role, + ) + + +@pytest.fixture +def configure_loader_modules(): + return {security_roles: {}} + + +@pytest.fixture( + params=( + { + "config_name": "Test case 1", + "old": [ + { + "role": "SRM Administrator", + "groups": [ + { + "group": "Recovery Plan", + "privileges": [ + "Configure commands", + "Create", + "Remove", + "Modify", + "Recovery", + "Reprotect", + "Test", + ], + }, + { + "group": "Protection Group", + "privileges": ["Assign to plan", "Create", "Modify"], + }, + ], + } + ], + "update": [ + { + "role": "SRM Administrator", + "groups": [ + { + "group": "Recovery Plan", + "privileges": [ + "Configure commands", + "Create", + "Remove", + "Modify", + "Recovery", + ], + }, + { + "group": "Protection Group", + "privileges": [ + "Assign to plan", + "Create", + "Modify", + "Remove", + "Remove from plan", + ], + }, + {"group": "Tasks", "privileges": ["Create task", "Update task"]}, + ], + } + ], + "add": [ + { + "role": "Other Role", + "groups": [{"group": "Tasks", "privileges": ["Create task", "Update task"]}], + } + ], + "drift_report": [ + { + "name": "Test case 1", + "changes": { + "SRM Administrator": { + "old": { + "privileges": { + "Tasks": [], + "Protection Group": ["Assign to plan", "Create", "Modify"], + "Recovery Plan": [ + "Configure commands", + "Create", + "Remove", + "Modify", + "Recovery", + "Reprotect", + "Test", + ], + } + }, + "new": { + "privileges": { + "Tasks": ["Create task", "Update task"], + "Protection Group": [ + "Assign to plan", + "Create", + "Modify", + "Remove", + "Remove from plan", + ], + "Recovery Plan": [ + "Configure commands", + "Create", + "Remove", + "Modify", + "Recovery", + ], + } + }, + } + }, + "result": None, + "comment": "", + } + ], + "vmomi_old": mock_pyvmomi_role_object( + 1101, + "SrmAdministrator", + "SRM Administrator", + [ + "VcDr.ProtectionProfile.com.vmware.vcDr.AssignToRecoveryPlan", + "VcDr.ProtectionProfile.com.vmware.vcDr.Create", + "VcDr.ProtectionProfile.com.vmware.vcDr.Edit", + "VcDr.RecoveryProfile.com.vmware.vcDr.ConfigureServerCommands", + "VcDr.RecoveryProfile.com.vmware.vcDr.Create", + "VcDr.RecoveryProfile.com.vmware.vcDr.Delete", + "VcDr.RecoveryProfile.com.vmware.vcDr.Edit", + "VcDr.RecoveryProfile.com.vmware.vcDr.Failover", + "VcDr.RecoveryProfile.com.vmware.vcDr.Reprotect", + "VcDr.RecoveryProfile.com.vmware.vcDr.Run", + ], + ), + "vmomi_update": mock_pyvmomi_role_object( + 1101, + "SrmAdministrator", + "SRM Administrator", + [ + "VcDr.ProtectionProfile.com.vmware.vcDr.AssignToRecoveryPlan", + "VcDr.ProtectionProfile.com.vmware.vcDr.Create", + "VcDr.ProtectionProfile.com.vmware.vcDr.Edit", + "VcDr.ProtectionProfile.com.vmware.vcDr.Delete", + "VcDr.ProtectionProfile.com.vmware.vcDr.RemoveFromRecoveryPlan", + "VcDr.RecoveryProfile.com.vmware.vcDr.ConfigureServerCommands", + "VcDr.RecoveryProfile.com.vmware.vcDr.Create", + "VcDr.RecoveryProfile.com.vmware.vcDr.Delete", + "VcDr.RecoveryProfile.com.vmware.vcDr.Edit", + "VcDr.RecoveryProfile.com.vmware.vcDr.Failover", + "Task.Create", + "Task.Update", + ], + ), + "vmomi_add": mock_pyvmomi_role_object( + 1102, "Other Role", "Other Role", ["Task.Create", "Task.Update"] + ), + }, + ) +) +def mocked_roles_data(request, fake_service_instance): + fake_get_service_instance, _ = fake_service_instance + + privilege_descriptions = [] + privilege_group_descriptions = [] + privileges_list = [] + with open("tests/test_files/role-privilege-descriptions.json") as dfile: + descs = json.load(dfile) + for desc in descs: + privilege_descriptions.append(Mock(**desc)) + with open("tests/test_files/role-privilege-group-descriptions.json") as dfile: + descs = json.load(dfile) + for desc in descs: + privilege_group_descriptions.append(Mock(**desc)) + with open("tests/test_files/role-privileges.json") as dfile: + descs = json.load(dfile) + for desc in descs: + privileges_list.append(Mock(**desc)) + + vmomi_old = request.param["vmomi_old"] + vmomi_update = request.param["vmomi_update"] + vmomi_add = request.param["vmomi_add"] + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.description.privilege = ( + privilege_descriptions + ) + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.description.privilegeGroup = ( + privilege_group_descriptions + ) + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.privilegeList = ( + privileges_list + ) + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.roleList = [ + vmomi_old + ] + + def _add_mock(name, privIds): + assert name == vmomi_add.name + privileges = list(vmomi_add.privilege) + privileges.sort() + privIds.sort() + assert privileges == privIds + + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.AddAuthorizationRole = ( + _add_mock + ) + + def _update_mock(roleId, newName, privIds): + assert roleId == 1101 + assert newName == vmomi_update.name + privileges = list(vmomi_update.privilege) + privileges.sort() + privIds.sort() + assert privileges == privIds + + fake_get_service_instance.return_value.RetrieveContent.return_value.authorizationManager.UpdateAuthorizationRole = ( + _update_mock + ) + + with patch("pyVmomi.vmodl.query.PropertyCollector.ObjectSpec", autospec=True) as fake_obj_spec: + yield request.param["config_name"], request.param["old"], request.param[ + "update" + ], request.param["add"], request.param["drift_report"] + + +@pytest.mark.parametrize("test_run", [True, False]) +def test_drift_report_roles(mocked_roles_data, fake_service_instance, test_run): + _, service_instance = fake_service_instance + config_name, _, update_role, _, drift_report = mocked_roles_data + + if not test_run: + if config_name == "Test case 1": + drift_report[0]["result"] = True + drift_report[0]["comment"] = { + update_role[0]["role"]: { + "status": "SUCCESS", + "message": f"Role '{update_role[0]['role']}' has been changed successfully.", + } + } + + with patch.dict(security_roles.__opts__, {"test": test_run}): + ret = security_roles.config( + name=config_name, + config=update_role, + service_instance=service_instance, + profile="vcenter", + ) + + # comparing 2 dict with '==' fails, because of inner lists with different orders, use drift.drift_report + assert drift.drift_report(ret, drift_report) == {}