"Error: ServerFaultCode: NoPermission" when cloning `r/virtual_machine`

[henryx]

Community Guidelines

• [X] I have read and agree to the HashiCorp Community Guidelines .
• [ ] Vote on this issue by adding a 👍 reaction to the original issue initial description to help the maintainers prioritize.
• [ ] Do not leave "+1" or other comments that do not add relevant information or questions.
• [ ] If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Terraform

v1.2.8

Terraform Provider

v2.2.0

VMware vSphere

v7.0.2.00400

Description

According to https://github.com/hashicorp/terraform-provider-vsphere/issues/974#issuecomment-591956362 assignation of profile Profile-driven storage view to user permits cloning of VM from template, but this works only on 1.15.0. From 1.16.0, it doesn't work anymore

Affected Resources or Data Sources

resource/vsphere_virtual_machine

Terraform Configuration

Sample to reproduce the problem is the snippet in official documentation: https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/virtual_machine#creating-a-virtual-machine-from-a-template

Debug Output

https://gist.github.com/henryx/36ca98b3f1b95d98eb16c798f6e4b4ee

Panic Output

No response

Expected Behavior

Machine is cloned from template

Actual Behavior

vsphere_virtual_machine.vm-cloned: Refreshing state... [id=4215d500-2f37-711b-fd36-ad32754165db]
╷
│ Error: ServerFaultCode: NoPermission
│
│   with vsphere_virtual_machine.vm-cloned,
│   on main.tf line 56, in resource "vsphere_virtual_machine" "vm-cloned":
│   56: resource "vsphere_virtual_machine" "vm-cloned" {
│
╵

Steps to Reproduce

• Create a Vsphere user wich doesn't have administrative rights.
• Assign it rights to manage VMs and templates.
• Assign it Profile-driven storage view right.
• Create (or load) a template in Vshpere
• Execute a terraform file which clone the template

Environment Details

No response

Screenshots

No response

References

#GH-974

[github-actions[bot]]

Hello, henryx! 🖐

Thank you for submitting an issue for this provider. The issue will now enter into the issue lifecycle.

If you want to contribute to this project, please review the contributing guidelines and information on submitting pull requests.

[tenthirtyam]

Please provide a gist with the output from v2.2.0 as well as the specific privileges and scope assigned to the users context.

Ryan Johnson Senior Staff Solutions Architect | Product Engineering @ VMware, Inc.

[tenthirtyam]

Also, please refer to https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs#notes-on-required-privileges to ensure that the additional required privileges are also provided.

[tenthirtyam]

For general questions, we recommend reaching out to the community forum for greater visibility. The GitHub issue tracker is only watched by a small group of maintainers and collaborators and is typically reserved for bug reports and enhancement request. You will typically have more success finding assistance on the forum.

If you find the forum to be more helpful or if you've found the answer to your question elsewhere, please comment and close the issue. If there is no further activity on this question within the next 30 days it will be closed.

Ryan Johnson Senior Staff Solutions Architect | Product Engineering @ VMware, Inc.

[henryx]

I'm sorry if I haven't replied before. This is the Gist with debug log using provider at v2.2.0 : https://gist.github.com/henryx/c4ac6f3eeea5014a574b73fcb5735992

[tenthirtyam]

Have you enabled Storage Profile > View for the account at the vCenter Server root object?

[henryx]

Yes, is enabled

[tenthirtyam]

Do the privileges applied also include swap placement?

[henryx]

Yes, user have permission to locate swap placement

[tenthirtyam]

Could you provide the specific list of privileges provider to the account and the placement and propagation of the permissions. That would aid in any issue reproduction.

[henryx]

Sadly, I'm not able to view the list of permissions in VSphere cluster

[tenthirtyam]

Without this additional information it will be difficult to assist in investigating the root cause and reproduce the issue.

Ryan Johnson Senior Staff Solutions Architect | Product Engineering @ VMware, Inc.

[github-actions[bot]]

Marking this issue as stale due to inactivity in the past 180 days. This helps us focus on the active issues. If this issue is reproducible with the latest version of the provider, please comment. If this issue receives no comments in the next 30 days it will automatically be closed. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions[bot]]

Marking this issue as stale due to inactivity in the past 180 days. This helps us focus on the active issues. If this issue is reproducible with the latest version of the provider, please comment. If this issue receives no comments in the next 30 days it will automatically be closed. If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.