ansible-for-nsxt icon indicating copy to clipboard operation
ansible-for-nsxt copied to clipboard

Published 20 hours ago verified publisher icon vmware

Principal Identity creation failing

Open laidbackware opened this issue 4 years ago • 2 comments

The principal identity module has switch to use the api call /api/v1/trust-management/principal-identities/with-certificate, which has a description of "Create a Principal Identity with a new, unused, certificate."

This will add the certificate and create the principal identity in a single action. The issue is that the module is checking to see whether there is a pre-existing certificate with the name provided and fails if it already exists. The API does not take a certificate name anymore, so the check should be removed and the documentation updated.

The module is also not idempotent, so can only be run once successfully. It would be far better if the module checks to see of the object exists and is the same as what is being requested. It could then pass if no change and fail if a change is requested.

laidbackware avatar Jul 24 '20 13:07 laidbackware

Internal bug created to track this.

madhukark avatar Jul 27 '20 20:07 madhukark

any update on this? unable to create principal users still.

Foyman1973 avatar Jun 07 '22 16:06 Foyman1973

Closing as the following code works no problem.

    - name: Register a TKGI Super User
      vmware.ansible_for_nsxt.nsxt_principal_identities:
        hostname: "{{ nsxt.manager.hostname }}"
        username: "{{ nsxt.manager.username }}"
        password: "{{ nsxt.manager.password }}"
        validate_certs: false
        display_name: "{{ item.display_name }}"
        name: "{{ item.display_name }}"
        node_id: "node-1"
        role: "{{ item.role }}"
        certificate_pem_file: "{{ tmp_dir }}/{{ item.display_name }}.pem"
        state: "present"
      register: pi_result
      loop: "{{ nsxt.principal_identities }}"```

laidbackware avatar May 25 '23 13:05 laidbackware