community.vmware
community.vmware copied to clipboard
vmware_object_role_permission is unable to find specified subfolders
SUMMARY
vmware_object_role_permission is unable to find specified VM subfolders. I have a VM catalog structure similar to the following:
prod
- prod/linux
- prod/windows
test
- test/linux
- test/windows
The parent folders prod and test works as expected but I am unable to apply permissions to the subfolders. I have tried using a similar syntax to the parent_folder parameter in the vcenter_folder module.
ISSUE TYPE
- Bug Report
COMPONENT NAME
vmware_object_role_permission
ANSIBLE VERSION
ansible 2.9.7
config file = /etc/ansible/ansible.cfg
configured module search path = ['~/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3.6/site-packages/ansible
executable location = /bin/ansible
python version = 3.6.8 (default, May 6 2020, 12:04:35) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
CONFIGURATION
DEPRECATION_WARNINGS(/etc/ansible/ansible.cfg) = False
OS / ENVIRONMENT
VMware vCenter 7.0.1 RHEL 7.9
STEPS TO REPRODUCE
When specifying the folders prod or test as following the module works as expected.
- name: Assign roles
vmware_object_role_permission:
<<: *login_info
role: Admin
principal: testuser
object_name: test
object_type: Folder
recursive: no
state: present
delegate_to: localhost
But when specifying a subfolder as following, we're unable to find the folder in question.
- name: Assign roles
vmware_object_role_permission:
<<: *login_info
role: Admin
principal: testuser
object_name: prod/linux
object_type: Folder
recursive: no
state: present
delegate_to: localhost
Output:
fatal: [vcenter.example.com -> localhost]: FAILED! => {
"changed": false,
"invocation": {
"module_args": {
"group": null,
"hostname": "vcenter.example.com",
"object_name": "test/linux",
"object_type": "Folder",
"password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"port": 443,
"principal": "testuser",
"proxy_host": null,
"proxy_port": null,
"recursive": false,
"role": "Admin",
"state": "present",
"username": "[email protected]",
"validate_certs": false
}
},
"msg": "Specified object prod/linux of type Folder was not found."
}
If I specify the subfolder name directly, for example linux
, the result will be successfully applied to one of the subfolders, but not the other.
EXPECTED RESULTS
The permissions to be applied to the specified subfolder.
ACTUAL RESULTS
"msg": "Specified object test/linux of type Folder was not found."
Files identified in the description:
- [
plugins/modules/vmware_object_role_permission.py
](https://github.com/['ansible-collections/amazon.aws', 'ansible-collections/community.aws', 'ansible-collections/community.vmware']/blob/main/plugins/modules/vmware_object_role_permission.py)
If these files are inaccurate, please update the component name
section of the description or use the !component
bot command.
cc @Akasurde @Tomorrow9 @goneri @kryptsi @lparkes @pgbidkar @vmwjoseph @warthog9 click here for bot help
@bucklo Thanks for reporting this. vmware_object_role_permission
module does not have logic to search subfolder / nested folders.
There are two ways to solve this
- implement logic to find the folder with the given parent folder
- implement logic to find the folder using managed object id (moid)
@mariolenz @goneri @sky-joker @Tomorrow9 What do you think is a good strategy over here?
@Akasurde
umm...
I wonder if No1 is better easy for people to understand?
If No2, will you feel like adding a moid parameter to the module?
- name: example
vmware_object_role_permission:
(snip)
object_moid: "{{ moid }}"
(snip)
Finding a folder bit cumbersome in my opinion (no 1). I like the idea of using vmware_folder_info
to get moid and applying that in vmware_object_role_permission.
Finding a folder bit cumbersome in my opinion (no 1). I like the idea of using vmware_folder_info to get moid and applying that in vmware_object_role_permission.
Okay, I agree with you.
I just ran into this same issue. I have 3 folders with the same name buried in various subfolders and with the current module I can't control which one it modified permissions on.
I see a PR to add in a moid parameter which would work, or if we could add a folder path that would be more readable, such as: object_name: Windows_Servers\Site1\AD