Software Development Kit (SDK) and API Discussions
Software Development Kit (SDK) and API Discussions
Add and modify CIFS user-specific directories.
Problem with the information of the pre-progressed user being added to the next user's progress
function ConnectSecurityNaDirectoryII{
param(
[String]$UserName,
[String]$DomainUserName,
[String]$FullVolumeUser,
[String]$NaUser,
[String]$NaPassWord,
[String]$IPAddress,
[String]$VServer,
[String]$ModulePath
)
$username = "$NaUser"
$password = "$NaPassWord"
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr
import-module $ModulePath
Connect-NcController $IPAddress -cred $cred -vserver $VServer
$User = $UserName
$Account = $DomainUserName
$Path = $FullVolumeUser.Substring(4,$FullVolumeUser.Length-4)
New-NcFileDirectorySecurityNtfs -SecurityDescriptor $User -VserverContext vs01
Get-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor $User -VserverContext vs01 | Remove-NcFileDirectorySecurityNtfsDacl
Add-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor $User -Account $Account -AccessType Allow -Rights Full_Control -VserverContext vs01
Add-NcFileDirectorySecurityPolicyTask -Name $User -path $Path -SecurityType ntfs -VserverContext vs01 -NtfsSecurityDescriptor $User
Set-NcFileDirectorySecurity -Name $User -VserverContext vs01
Remove-NcFileDirectorySecurityPolicy -Name $User -VserverContext vs01
Remove-NcFileDirectorySecurityNtfs -SecurityDescriptor $User -VserverContext vs01
#세션종료
$Global:CurrentNcController = $null
}
Hello @hyunminlee,
I don't have the context around how this function is being used, so I can't really test it to verify that it's working correctly.
function ConnectSecurityNaDirectoryII { param( [String]$UserName, [String]$DomainUserName, [String]$FullVolumeUser, [String]$NaUser, [String]$NaPassWord, [String]$IPAddress, [String]$VServer, [String]$ModulePath ) Begin { Import-Module DataONTAP # no need to wrap the username and passwords in quotes to convert them to # strings. PoSh will do this automatically. $username = $NaUser $password = $NaPassWord # no need for the ToCharArray call. See this URL for more ways to do auth: # https://practical-admin.com/blog/netapp-powershell-toolkit-authentication/ $securePassword = ConvertTo-SecureString -String $password -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential $username,$securePassword # connect to the controller Connect-NcController $IPAddress -Credential $cred -Vserver $VServer } Process { $User = $UserName $Account = $DomainUserName $Path = $FullVolumeUser.Substring(4,$FullVolumeUser.Length-4) # create the directory New-NcFileDirectorySecurityNtfs -SecurityDescriptor $User -VserverContext $VServer # remove the default permissions Get-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor $User -VserverContext $VServer | Remove-NcFileDirectorySecurityNtfsDacl # add custom permissions Add-NcFileDirectorySecurityNtfsDacl -SecurityDescriptor $User -Account $Account -AccessType Allow -Rights Full_Control -VserverContext $VServer Add-NcFileDirectorySecurityPolicyTask -Name $User -path $Path -SecurityType ntfs -VserverContext $VServer -NtfsSecurityDescriptor $User Set-NcFileDirectorySecurity -Name $User -VserverContext $VServer Remove-NcFileDirectorySecurityPolicy -Name $User -VserverContext $VServer Remove-NcFileDirectorySecurityNtfs -SecurityDescriptor $User -VserverContext $VServer } End { # remove the stored controller $Global:CurrentNcController = $null } }
I made some changes to the function, in particular using the Begin, Process, and End methods for pipeline processing. These apply when using the pipeline to execute the same function multiple times. For example:
$users = @("a", "b", "c") $users | Do-MyCustomFunction
When this is executed, the PowerShell pipeline will execute the Begin section once (at the start), then each iteration (for each element of the $users array) will execute the Process section, with the End section being executed once as the final thing before going on to the next step in the pipeline.
This is very important when doing resource (and time) intensive operations like loading a module and connecting to the ONTAP controller.
Which brings me to my first question: why bother loading the module and then connecting + disconnecting from the cluster as a part of the function? Presumably this is called as a part of a larger script, why not have the Import-Module and Connect-NcController functionality outside of the function so that the function only needs the relevant information?
All of that being said, and regardless of the above, how are you executing your function? Can you give me the code (or a snippet) for the script which executes the function? That may help to determine why variables from the previous loop iteration are not being reset.
Andrew
Is there a way to log through the corresponding powershall execution within storage?