Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to use vmware_object_role_permission on multiple VM folders of the same name #1217

Open
itaytalmi opened this issue Feb 5, 2022 · 2 comments · May be fixed by #2315
Open

Unable to use vmware_object_role_permission on multiple VM folders of the same name #1217

itaytalmi opened this issue Feb 5, 2022 · 2 comments · May be fixed by #2315
Labels
bug This issue/PR relates to a bug needs_triage Needs a first human triage before being processed. python3

Comments

@itaytalmi
Copy link

itaytalmi commented Feb 5, 2022
edited
Loading

SUMMARY
ISSUE TYPE
  • Bug Report
COMPONENT NAME

vmware_object_role_permission

ANSIBLE VERSION
$ ansible --version

ansible [core 2.12.2]
  config file = None
  configured module search path = ['/Users/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /Users/user/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.10 (main, Jan 15 2022, 11:48:04) [Clang 13.0.0 (clang-1300.0.29.3)]
  jinja version = 3.0.3
  libyaml = True
COLLECTION VERSION
$ ansible-galaxy collection list community.vmware

# /Users/user/.ansible/collections/ansible_collections
Collection       Version
---------------- -------
community.vmware 2.0.0
CONFIGURATION
$ ansible-galaxy collection list community.vmware

# /Users/user/.ansible/collections/ansible_collections
Collection       Version
---------------- -------
community.vmware 2.0.0
OS / ENVIRONMENT

OS: macOS Monterey 12.2 / Linux Ubuntu 20.04.3 LTS (Focal Fossa)
VMware vCenter Server version: 7.0.2.00100 (Update 3b, build number 18901211)

STEPS TO REPRODUCE

I have multiple VM folders of the same names, in multiple locations in the vSphere inventory tree.

For example:

example-datacenter/
└── environments
    ├── dev
    │   └── nsx_alb_service_engines
    └── test
        └── nsx_alb_service_engines

I need to assign a user/role to all nsx_alb_service_engines folders (in the above example, I have them under different environments, e.g. dev and test), and I'm using the vmware_object_role_permission module.

Here is a minimal test-case to reproduce this issue:

- hosts: localhost
  connection: local
  gather_facts: no
  vars:
    vcenter_hostname: my-vcenter.example.domain
    vcenter_username: administrator@vsphere.local
    vcenter_password: VMware1!
    object_type: Folder
    object_name: nsx_alb_service_engines
    role_name: tkg-nsxalb-folder
    user: example.domain\tkg-nsxalb-admin
  tasks:
    - name: Assign user and role to VM folder
      community.vmware.vmware_object_role_permission:
        hostname: "{{ vcenter_hostname }}"
        username: "{{ vcenter_username }}"
        password: "{{ vcenter_password }}"
        validate_certs: no
        role: "{{ role_name }}"
        principal: "{{ user }}"
        object_type: "{{ object_type }}"
        object_name: "{{ object_name }}"
        recursive: yes
        state: present
      delegate_to: localhost

You can set the vars for your environment, then run ansible-playbook playbook.yml to execute it.

EXPECTED RESULTS

The vmware_object_role_permission module has the object_name parameter, which seems to only accept object names, and doesn't support object paths.

I have also tried specifying the full paths of the folders (e.g. /example-datacenter/vm/environments/dev/nsx_alb_service_engines) because I know that the Terraform provider does support it, but this Ansible module doesn't seem to accept it. I got the following error message:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Specified object /example-datacenter/vm/environments/dev/nsx_alb_service_engines of type Folder was not found."}

So I tried to just specify the folder name (e.g. nsx_alb_service_engines) and the playbook run was successful, but the user/role was applied only to one of the nsx_alb_service_engines folders.

ACTUAL RESULTS

When specifying the full paths of the folder and ran ansible-playbook playbook.yml -vvvv, I got:

...
fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "group": null,
            "hostname": "my-vcenter.example.domain",
            "object_name": "/example-datacenter/vm/environments/dev/nsx_alb_service_engines",
            "object_type": "Folder",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "principal": "example.domain\tkg-nsxalb-admin",
            "proxy_host": null,
            "proxy_port": null,
            "recursive": true,
            "role": "tkg-nsxalb-folder",
            "state": "present",
            "username": "administrator@vsphere.local",
            "validate_certs": false
        }
    },
    "msg": "Specified object /example-datacenter/vm/environments/dev/nsx_alb_service_engines of type Folder was not found."
}

And without verbose:

PLAY [localhost] *************************************************************************************************************************************************************************************

TASK [Assign user and role to VM folder] *************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Specified object /Demo-Datacenter/vm/environments/dev/nsx_alb_service_engines of type Folder was not found."}

PLAY RECAP *******************************************************************************************************************************************************************************************
localhost

When specifying the folder name (e.g. nsx_alb_service_engines) and running ansible-playbook playbook.yml -vvvv, I got:

ok: [localhost] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "group": null,
            "hostname": "my-vcenter.example.domain",
            "object_name": "nsx_alb_service_engines",
            "object_type": "Folder",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "principal": "example.domain\tkg-nsxalb-admin",
            "proxy_host": null,
            "proxy_port": null,
            "recursive": true,
            "role": "tkg-nsxalb-folder",
            "state": "present",
            "username": "administrator@vsphere.local",
            "validate_certs": false
        }
    }
}

And without verbose:

PLAY [localhost] *************************************************************************************************************************************************************************************

TASK [Assign user and role to VM folder] *************************************************************************************************************************************************************
ok: [localhost]

PLAY RECAP *******************************************************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

However, as I mentioned, using the object name, the module only handles one of those folders... I can't seem to figure out how to apply it on multiple folders.
@ansibullbot
Copy link

Files identified in the description:
None

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

@ansibullbot ansibullbot added bug This issue/PR relates to a bug needs_triage Needs a first human triage before being processed. python3 labels Feb 5, 2022
@jboisdequin
Copy link

Any updates in this fix?

@Fleege Fleege linked a pull request Feb 13, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue/PR relates to a bug needs_triage Needs a first human triage before being processed. python3
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

vmware_object_role_permission: Parameter object_name also accepts paths Fleege/community.vmware
3 participants
@jboisdequin @itaytalmi @ansibullbot