community.vmware icon indicating copy to clipboard operation
community.vmware copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

Unable to use vmware_object_role_permission on multiple VM folders of the same name

Open itaytalmi opened this issue 3 years ago • 2 comments

SUMMARY
ISSUE TYPE
  • Bug Report
COMPONENT NAME

vmware_object_role_permission

ANSIBLE VERSION
$ ansible --version

ansible [core 2.12.2]
  config file = None
  configured module search path = ['/Users/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /Users/user/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.10 (main, Jan 15 2022, 11:48:04) [Clang 13.0.0 (clang-1300.0.29.3)]
  jinja version = 3.0.3
  libyaml = True
COLLECTION VERSION
$ ansible-galaxy collection list community.vmware

# /Users/user/.ansible/collections/ansible_collections
Collection       Version
---------------- -------
community.vmware 2.0.0
CONFIGURATION
$ ansible-galaxy collection list community.vmware

# /Users/user/.ansible/collections/ansible_collections
Collection       Version
---------------- -------
community.vmware 2.0.0
OS / ENVIRONMENT

OS: macOS Monterey 12.2 / Linux Ubuntu 20.04.3 LTS (Focal Fossa) VMware vCenter Server version: 7.0.2.00100 (Update 3b, build number 18901211)

STEPS TO REPRODUCE

I have multiple VM folders of the same names, in multiple locations in the vSphere inventory tree.

For example:

example-datacenter/
└── environments
    ├── dev
    │   └── nsx_alb_service_engines
    └── test
        └── nsx_alb_service_engines

I need to assign a user/role to all nsx_alb_service_engines folders (in the above example, I have them under different environments, e.g. dev and test), and I'm using the vmware_object_role_permission module.

Here is a minimal test-case to reproduce this issue:

- hosts: localhost
  connection: local
  gather_facts: no
  vars:
    vcenter_hostname: my-vcenter.example.domain
    vcenter_username: [email protected]
    vcenter_password: VMware1!
    object_type: Folder
    object_name: nsx_alb_service_engines
    role_name: tkg-nsxalb-folder
    user: example.domain\tkg-nsxalb-admin
  tasks:
    - name: Assign user and role to VM folder
      community.vmware.vmware_object_role_permission:
        hostname: "{{ vcenter_hostname }}"
        username: "{{ vcenter_username }}"
        password: "{{ vcenter_password }}"
        validate_certs: no
        role: "{{ role_name }}"
        principal: "{{ user }}"
        object_type: "{{ object_type }}"
        object_name: "{{ object_name }}"
        recursive: yes
        state: present
      delegate_to: localhost

You can set the vars for your environment, then run ansible-playbook playbook.yml to execute it.

EXPECTED RESULTS

The vmware_object_role_permission module has the object_name parameter, which seems to only accept object names, and doesn't support object paths.

I have also tried specifying the full paths of the folders (e.g. /example-datacenter/vm/environments/dev/nsx_alb_service_engines) because I know that the Terraform provider does support it, but this Ansible module doesn't seem to accept it. I got the following error message:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Specified object /example-datacenter/vm/environments/dev/nsx_alb_service_engines of type Folder was not found."}

So I tried to just specify the folder name (e.g. nsx_alb_service_engines) and the playbook run was successful, but the user/role was applied only to one of the nsx_alb_service_engines folders.

ACTUAL RESULTS

When specifying the full paths of the folder and ran ansible-playbook playbook.yml -vvvv, I got:

...
fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "group": null,
            "hostname": "my-vcenter.example.domain",
            "object_name": "/example-datacenter/vm/environments/dev/nsx_alb_service_engines",
            "object_type": "Folder",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "principal": "example.domain\tkg-nsxalb-admin",
            "proxy_host": null,
            "proxy_port": null,
            "recursive": true,
            "role": "tkg-nsxalb-folder",
            "state": "present",
            "username": "[email protected]",
            "validate_certs": false
        }
    },
    "msg": "Specified object /example-datacenter/vm/environments/dev/nsx_alb_service_engines of type Folder was not found."
}

And without verbose:

PLAY [localhost] *************************************************************************************************************************************************************************************

TASK [Assign user and role to VM folder] *************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Specified object /Demo-Datacenter/vm/environments/dev/nsx_alb_service_engines of type Folder was not found."}

PLAY RECAP *******************************************************************************************************************************************************************************************
localhost

When specifying the folder name (e.g. nsx_alb_service_engines) and running ansible-playbook playbook.yml -vvvv, I got:

ok: [localhost] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "group": null,
            "hostname": "my-vcenter.example.domain",
            "object_name": "nsx_alb_service_engines",
            "object_type": "Folder",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "principal": "example.domain\tkg-nsxalb-admin",
            "proxy_host": null,
            "proxy_port": null,
            "recursive": true,
            "role": "tkg-nsxalb-folder",
            "state": "present",
            "username": "[email protected]",
            "validate_certs": false
        }
    }
}

And without verbose:

PLAY [localhost] *************************************************************************************************************************************************************************************

TASK [Assign user and role to VM folder] *************************************************************************************************************************************************************
ok: [localhost]

PLAY RECAP *******************************************************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

However, as I mentioned, using the object name, the module only handles one of those folders... I can't seem to figure out how to apply it on multiple folders.

itaytalmi avatar Feb 05 '22 10:02 itaytalmi

Files identified in the description: None

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot avatar Feb 05 '22 10:02 ansibullbot

Any updates in this fix?

jboisdequin avatar Oct 27 '23 07:10 jboisdequin