VIPerms

0.0.6

Public/Get-VIGlobalPermission.ps1

                                function Get-VIGlobalPermission {

    <#

    .SYNOPSIS

    Get one or more global permissions.

    .DESCRIPTION

    Return information relating to one or more global permissions. This is not very performant as it literally

    parses the html from the response of the vSphere MOB to get the information. This appears to be the

    only way to achieve this currently as there is no public API available for vSphere global permissions. 

    .PARAMETER SkipCertificateCheck

    Skip certificate verification.

    .EXAMPLE

    Get-VIGlobalPermission

    Principal                                                            PrincipalType Role            Propagate

    ---------                                                            ------------- ----            ---------

    VSPHERE.LOCAL\vpxd-extension-b2df90b0-1e03-11e6-b844-005056bf2aaa    User          Admin           true

    VSPHERE.LOCAL\vpxd-b2df90b0-1e03-11e6-b844-005056bf2aaa              User          Admin           true

    VSPHERE.LOCAL\vsphere-webclient-b2df90b0-1e03-11e6-b844-005056bf2aaa User          Admin           true

    VSPHERE.LOCAL\Administrators                                         Group         Admin           true

    VSPHERE.LOCAL\Administrator                                          User          Admin           true

    #>

    param(

        [Parameter(

            Position = 0,

            Mandatory = $false

        )]

        [Switch] $SkipCertificateCheck

    )

    try {

        $ProPref = $ProgressPreference

        $ProgressPreference = "SilentlyContinue"

        if ($SkipCertificateCheck -or $Global:VIPerms.SkipCertificateCheck) {

            Set-CertPolicy -SkipCertificateCheck

        }

        $VIRoles = Get-VIMobRole

        Invoke-Login

        $Uri = ("https://$($Global:VIPerms.Server)/invsvc/mob3/?moid=authorizationService&" +

                "method=AuthorizationService.GetGlobalAccessControlList")

        $Body = "vmware-session-nonce=$($Global:VIPerms.SessionNonce)"

        $Params = @{

            Uri = $Uri

            WebSession = $Global:VIPerms.WebSession

            Method = "POST"

            Body = $Body

        }

        $Res = Invoke-WebRequest @Params

        $RoleLookup = @{}

        foreach ($VIRole in $VIRoles) {

            $RoleLookup."$($VIRole.Id)" = $VIRole.Name

        }

        $Table = $Res.ParsedHtml.body.getElementsByTagName("table")[3]

        $Td = $Table.getElementsByTagName("tr")[4].getElementsByTagName("td")[2]

        $Li = $Td.getElementsByTagName("ul")[0].getElementsByTagName("li")

        foreach ($Item in $Li) {

            if ($Item.innerHTML.StartsWith("<TABLE")) {

                $PrinTable = $Item.getElementsByTagName(

                    "tr")[3].getElementsByTagName("td")[2].getElementsByTagName("table")[0]

                $Principal = $PrinTable.getElementsByTagName("tr")[4].getElementsByTagName("td")[2].innerText

                $IsGroup = $PrinTable.getElementsByTagName("tr")[3].getElementsByTagName("td")[2].innerText

                $PrincipalType = switch ($IsGroup) {

                    $true {"Group"}

                    $false {"User"}

                }

                $Role = $Item.getElementsByTagName("tr")[10].getElementsByTagName("li")[0].innerText

                $Propagate = $Item.getElementsByTagName("tr")[9].getElementsByTagName("td")[2].innerText

                [PSCustomObject] @{

                    Principal = $Principal

                    PrincipalType = $PrincipalType

                    Role = $RoleLookup.$($Role)

                    Propagate = $Propagate

                }

            }

        }

        Invoke-Logoff

        if ($SkipCertificateCheck -or $Global:VIPerms.SkipCertificateCheck) {

            Set-CertPolicy -ResetToDefault

        }

        $ProgressPreference = $ProPref

    } catch {

        $Err = $_

        throw $Err

    }

}