In Part 10, we are going to take a look at local user management for the VAMI interface. By default, only the root local user exists but customers have the option of creating additional accounts. In vSphere 6.5, the VAMI has been enhanced to support different roles such as Admin, Operator and SuperAdmin. You can refer to the VAMI documentation on what each of the roles provides.
VAMI UI Area of Focus
There is not a VAMI UI for user management, this is currently only available using the VAMI REST APIs.
VAMI APIs Used
- GET /appliance/techpreview/localaccounts/user
- POST /appliance/techpreview/localaccounts/user
- DELETE /appliance/techpreview/localaccounts/user/{user-id}
PowerCLI Function
Sample Output
To retrieve all VAMI users, use the Get-VAMIUser function. By default, your system will probably only have the root user unless you have already added additional VAMI users.
To create a new user, we will use the New-VAMIUser which requires a few input parameter that should be pretty self explanatory. The role parameter can be one of three values: admin, operator or superAdmin as defined in the VAMI documentation.
Here is an example of creating a new user called lamw:
New-VAMIUser -name lamw -fullname "William Lam" -role "operator" -email "*protected email*" -password "VMware1!"
If we now re-run our Get-VAMIUser command, we should see the new user that we had just created.
To remove a VAMI user, you simply use the Remove-VAMIUser and specify the name of the user you wish to remove. Below is an example of deleting the user we had just created.
One thing to note is that when using the Connect-CisServer cmdlet to interact with the VAMI REST API, it currently does not support connecting with local VAMI users, only SSO users. This is a limitation with the PowerCLI implementation and does not affect direct use of the VAMI REST API or using it through other SDKs. This is something that will be resolved in a future update of PowerCLI, so something to keep in mind as I was scratching my head when trying to use a local user to authenticate.
- Exploring new VCSA VAMI API w/PowerCLI: Part 1
- Exploring new VCSA VAMI API w/PowerCLI: Part 2
- Exploring new VCSA VAMI API w/PowerCLI: Part 3
- Exploring new VCSA VAMI API w/PowerCLI: Part 4
- Exploring new VCSA VAMI API w/PowerCLI: Part 5
- Exploring new VCSA VAMI API w/PowerCLI: Part 6
- Exploring new VCSA VAMI API w/PowerCLI: Part 7
- Exploring new VCSA VAMI API w/PowerCLI: Part 8
- Exploring new VCSA VAMI API w/PowerCLI: Part 9
- Exploring new VCSA VAMI API w/PowerCLI: Part 10
bigbluemike says
Hi William,
love your site. I am trying to make myself familiar with VAMI Rest API. I am trying to create a PowerCLI script where I can modify the update URL on vSphere 6.7U1 VCSA /appliance/update/policy. I am taking your example of New-VAMIUser as an example to get me started. Can you explain $userAPI.Help.add.config.CreateExample() ? I can not find CreateExample() documented anywhere. I also don't understand the Help.add part. Where is that coming from? You also use $userAPI.add($createSpec), where is the method add coming from? Can you point me to documentation/API Explorer where these are documented? I am trying to make sense of it.
Thank you very much!
Mike
vMan says
Thank you Mr Lam!! this has been very helpful for some work I am doing.
Unfortunately it appears a few of these functions no longer work on 7.0.0 as they have changed the CisService from com.vmware.appliance.techpreview.localaccounts.user to com.vmware.appliance.local_accounts.
I have proposed some updates to Get-VAMIUser, New-VAMIUser & Remove-VAMIUser but will also look at updating all the other "techpreview" in the future.
For those interested if its not merged into the master see: https://github.com/lamw/PowerCLI-Example-Scripts/compare/master...vmanch:patch-1