community.vmware icon indicating copy to clipboard operation
community.vmware copied to clipboard

Published 20 hours ago verified publisher icon ansible-collections

vmware_object_role_permission is unable to find specified subfolders

Open bucklo opened this issue 3 years ago • 7 comments

SUMMARY

vmware_object_role_permission is unable to find specified VM subfolders. I have a VM catalog structure similar to the following:

prod
  - prod/linux
  - prod/windows
test
  - test/linux
  - test/windows

The parent folders prod and test works as expected but I am unable to apply permissions to the subfolders. I have tried using a similar syntax to the parent_folder parameter in the vcenter_folder module.

ISSUE TYPE
  • Bug Report
COMPONENT NAME

vmware_object_role_permission

ANSIBLE VERSION
ansible 2.9.7
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['~/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /bin/ansible
   python version = 3.6.8 (default, May  6 2020, 12:04:35) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
CONFIGURATION
DEPRECATION_WARNINGS(/etc/ansible/ansible.cfg) = False
OS / ENVIRONMENT

VMware vCenter 7.0.1 RHEL 7.9

STEPS TO REPRODUCE

When specifying the folders prod or test as following the module works as expected.

    - name: Assign roles
      vmware_object_role_permission:
        <<: *login_info
        role: Admin
        principal: testuser
        object_name: test
        object_type: Folder
        recursive: no
        state: present
      delegate_to: localhost

But when specifying a subfolder as following, we're unable to find the folder in question.

    - name: Assign roles
      vmware_object_role_permission:
        <<: *login_info
        role: Admin
        principal: testuser
        object_name: prod/linux
        object_type: Folder
        recursive: no
        state: present
      delegate_to: localhost

Output:

fatal: [vcenter.example.com -> localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "group": null,
            "hostname": "vcenter.example.com",
            "object_name": "test/linux",
            "object_type": "Folder",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "principal": "testuser",
            "proxy_host": null,
            "proxy_port": null,
            "recursive": false,
            "role": "Admin",
            "state": "present",
            "username": "[email protected]",
            "validate_certs": false
        }
    },
    "msg": "Specified object prod/linux of type Folder was not found."
}

If I specify the subfolder name directly, for example linux, the result will be successfully applied to one of the subfolders, but not the other.

EXPECTED RESULTS

The permissions to be applied to the specified subfolder.

ACTUAL RESULTS
"msg": "Specified object test/linux of type Folder was not found."

bucklo avatar Feb 09 '21 15:02 bucklo

Files identified in the description:

  • [plugins/modules/vmware_object_role_permission.py](https://github.com/['ansible-collections/amazon.aws', 'ansible-collections/community.aws', 'ansible-collections/community.vmware']/blob/main/plugins/modules/vmware_object_role_permission.py)

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot avatar Feb 09 '21 15:02 ansibullbot

cc @Akasurde @Tomorrow9 @goneri @kryptsi @lparkes @pgbidkar @vmwjoseph @warthog9 click here for bot help

ansibullbot avatar Feb 09 '21 15:02 ansibullbot

@bucklo Thanks for reporting this. vmware_object_role_permission module does not have logic to search subfolder / nested folders.

There are two ways to solve this

  1. implement logic to find the folder with the given parent folder
  2. implement logic to find the folder using managed object id (moid)

@mariolenz @goneri @sky-joker @Tomorrow9 What do you think is a good strategy over here?

Akasurde avatar Feb 18 '21 09:02 Akasurde

@Akasurde

umm...
I wonder if No1 is better easy for people to understand?

If No2, will you feel like adding a moid parameter to the module?

- name: example
  vmware_object_role_permission:
  (snip)
    object_moid: "{{ moid }}"
  (snip)

sky-joker avatar Feb 23 '21 14:02 sky-joker

Finding a folder bit cumbersome in my opinion (no 1). I like the idea of using vmware_folder_info to get moid and applying that in vmware_object_role_permission.

Akasurde avatar Feb 23 '21 14:02 Akasurde

Finding a folder bit cumbersome in my opinion (no 1). I like the idea of using vmware_folder_info to get moid and applying that in vmware_object_role_permission.

Okay, I agree with you.

sky-joker avatar Feb 23 '21 14:02 sky-joker

I just ran into this same issue. I have 3 folders with the same name buried in various subfolders and with the current module I can't control which one it modified permissions on.

I see a PR to add in a moid parameter which would work, or if we could add a folder path that would be more readable, such as: object_name: Windows_Servers\Site1\AD

MallocArray avatar Jul 29 '22 16:07 MallocArray