rbvmomi icon indicating copy to clipboard operation
rbvmomi copied to clipboard

Published 20 hours ago verified publisher icon vmware-archive

Update ServiceInstance.rb

Open iarebatman opened this issue 10 years ago • 6 comments

Related 'bug': http://projects.theforeman.org/issues/5006. Not sure this is the proper approach to fixing the solution, but it allows us to properly retrieve the datacenter in our environment. Feedback welcome.

iarebatman avatar Apr 02 '14 14:04 iarebatman

As this is just a convenience method, I would rather add a new method called find_datacenter_by_searchindex or something

cdickmann avatar Apr 02 '14 14:04 cdickmann

I have no issue with doing that - could you comment on the method in which I get the datacenter though? I'm worried about datacenters nested in folders and such - I don't really have a way to test that what I changed still works for those cases.

On Wed, Apr 2, 2014 at 9:58 AM, cdickmann [email protected] wrote:

As this is just a convenience method, I would rather add a new method called find_datacenter_by_searchindex or something

Reply to this email directly or view it on GitHubhttps://github.com/vmware/rbvmomi/pull/37#issuecomment-39340463 .

iarebatman avatar Apr 02 '14 15:04 iarebatman

Thats my point. If you just add a new method, it is not a big deal if it has a bug in some cases. I have larger deployments, so if you tell me what to test, I can test it.

cdickmann avatar Apr 02 '14 15:04 cdickmann

Alright, well I've already moved it to a new method. I believe the important thing to test in this case would be: Given: A path such as /A/B/C/DEV_DATACENTER, where DEV_DATACENTER is the datacenter and A, B, and C are nested folders. When: find_datacenter_by_searchindex is called with the path parameter set to DEV_DATACENTER That: A valid instance of DEV_DATACENTER is returned to the caller.

On Wed, Apr 2, 2014 at 10:30 AM, cdickmann [email protected] wrote:

Thats my point. If you just add a new method, it is not a big deal if it has a bug in some cases. I have larger deployments, so if you tell me what to test, I can test it.

Reply to this email directly or view it on GitHubhttps://github.com/vmware/rbvmomi/pull/37#issuecomment-39344660 .

iarebatman avatar Apr 02 '14 15:04 iarebatman

Oops, I'm dealing with the same bug in https://github.com/vmware/rbvmomi/pull/39.

But it looks both our patches are wrong. Instead of changing find_datacenter method, or introducing find_datacenter_working_edition one, we'll probably have to fix this bug right within traverse method of RbVmomi::VIM::Folder class.

mkuzmin avatar May 06 '14 18:05 mkuzmin

Well, I think I've figured this issue out. This is not a bug, but a misconfiguration of our vCenter instances. VMware could design vCenter permission model better, and maybe its web services API could be improved. But anyway, there is nothing to fix in rbvmomi.

When you grant permissions on specifiс datacenters, users implicitly get read-only permissions on all upper-level folders. And this is enough for vShere Client to work properly. But vSphere Web Services API (that's used by rbvmomi) requires to have these permissions granted explicitly on a root folder, and all nested folders in a datacenter hierarchy. Permissions

Pay attention to Propogate to Child Objects option. If you hide some datacenters from your users, then it should be unchecked, otherwise users get access to all other items. But if you are using nested folders, then the permission should be individually applied to each folder.

This should not affect security anyhow, your users already have these permissions anyway.

mkuzmin avatar May 08 '14 19:05 mkuzmin