The new Cloud Services module in PowerCLI 12 introduces cmdlets for easy user management automation of the VMware Cloud Services Platform. This will let you use PowerCLI to manage users for services such as VMware Cloud on AWS.
The new cmdlets in the CloudServices module are:
In addition, the New-VcsOAuthSecurityContext cmdlet has been transferred over from the VMCmodule to CloudServices module.
Let’s walk through how to use these within your own the VMware Cloud Services Platform Organization.
Connect to your Organization
The first cmdlet creates a new connection to a specific organization – Connect-Vcs. You can establish a connection by an ApiToken. You can generate an Api Token from the VMC client My Account –> Api Tokens -> Generate Token.
You can also create an OAuth app from the VMware Cloud Services Platform: Organization -> OAuth Apps -> Create App -> Server to server app -> Create
Give your app a name and description, and do not forget to assign the appropriate organization and service roles.
The application will generate a clientId and clientSecret which you can use to establish an OAuth security context.
Note that connecting via a Server to server app is also available in VMC module.
Invite a new user to join your Organization
The next cmdlet is the New-VcsUserInvitation. You can create user invitation by specifying user’s email address and the organization roles which the user will have. You can also specify the service roles, but this parameter is optional. You can list available organization and service roles using the Get-VcsOrganizationRole and Get-VcsServiceRole cmdlets.
Using Get-VcsOrganizationRole we get all organization roles and by Get-VcsServiceRole we get all available roles for Aws services. The user invitation is created for user with email firstname.lastname@example.org with the specified organization and service roles. An email will be sent to the email address with a link for a confirmation. When the user confirms the invitation is no longer available, but a new user is created. Note that if you send an invitation to a user that is already registered no invitation will be send, but the user will be directly added to the organization.
List available user invitations
If you want to review user invitations that you have created or just check if a user is already invited Get-VcsUserInvitation is the right cmdlet for the purpose.
In our case the only pending user invitation is the one we have just created.
List available users
When a user accepts an invitation, the invitation is removed, and it turns into a user account. You can easily check existing users by using Get-VcsUser cmdlet.
By executing this command, we retrieved all available users whose names starts with “A”.
Remove user invitation
You can remove a user invitation or group of user invitations by using the Remove-VcsUserInvitation cmdlet as shown in the example below.
You also can remove users from the organization.
We can get the user(s) which we want to remove using the Get-VcsUser cmdlet and then pass them to the Remove-VcsUser cmdlet.
With this quick overview, you should hopefully be able to automate user management for your VMware Cloud services, including especially VMware Cloud on AWS.