search

ansible-collections / community.vmware

Ansible Collection for VMware
GNU General Public License v3.0
352 stars 336 forks source link

Unable to use vmware_object_role_permission on multiple VM folders of the same name #1217

Open itaytalmi opened 2 years ago

itaytalmi commented 2 years ago
SUMMARY
ISSUE TYPE
COMPONENT NAME

vmware_object_role_permission

ANSIBLE VERSION
$ ansible --version

ansible [core 2.12.2]
  config file = None
  configured module search path = ['/Users/user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.9/site-packages/ansible
  ansible collection location = /Users/user/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/local/bin/ansible
  python version = 3.9.10 (main, Jan 15 2022, 11:48:04) [Clang 13.0.0 (clang-1300.0.29.3)]
  jinja version = 3.0.3
  libyaml = True
COLLECTION VERSION
$ ansible-galaxy collection list community.vmware

# /Users/user/.ansible/collections/ansible_collections
Collection       Version
---------------- -------
community.vmware 2.0.0
CONFIGURATION
$ ansible-galaxy collection list community.vmware

# /Users/user/.ansible/collections/ansible_collections
Collection       Version
---------------- -------
community.vmware 2.0.0
OS / ENVIRONMENT

OS: macOS Monterey 12.2 / Linux Ubuntu 20.04.3 LTS (Focal Fossa) VMware vCenter Server version: 7.0.2.00100 (Update 3b, build number 18901211)

STEPS TO REPRODUCE

I have multiple VM folders of the same names, in multiple locations in the vSphere inventory tree.

For example:

example-datacenter/
└── environments
    ├── dev
    │   └── nsx_alb_service_engines
    └── test
        └── nsx_alb_service_engines

I need to assign a user/role to all nsx_alb_service_engines folders (in the above example, I have them under different environments, e.g. dev and test), and I'm using the vmware_object_role_permission module.

Here is a minimal test-case to reproduce this issue:

- hosts: localhost
  connection: local
  gather_facts: no
  vars:
    vcenter_hostname: my-vcenter.example.domain
    vcenter_username: administrator@vsphere.local
    vcenter_password: VMware1!
    object_type: Folder
    object_name: nsx_alb_service_engines
    role_name: tkg-nsxalb-folder
    user: example.domain\tkg-nsxalb-admin
  tasks:
    - name: Assign user and role to VM folder
      community.vmware.vmware_object_role_permission:
        hostname: "{{ vcenter_hostname }}"
        username: "{{ vcenter_username }}"
        password: "{{ vcenter_password }}"
        validate_certs: no
        role: "{{ role_name }}"
        principal: "{{ user }}"
        object_type: "{{ object_type }}"
        object_name: "{{ object_name }}"
        recursive: yes
        state: present
      delegate_to: localhost

You can set the vars for your environment, then run ansible-playbook playbook.yml to execute it.

EXPECTED RESULTS

The vmware_object_role_permission module has the object_name parameter, which seems to only accept object names, and doesn't support object paths.

I have also tried specifying the full paths of the folders (e.g. /example-datacenter/vm/environments/dev/nsx_alb_service_engines) because I know that the Terraform provider does support it, but this Ansible module doesn't seem to accept it. I got the following error message:

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Specified object /example-datacenter/vm/environments/dev/nsx_alb_service_engines of type Folder was not found."}

So I tried to just specify the folder name (e.g. nsx_alb_service_engines) and the playbook run was successful, but the user/role was applied only to one of the nsx_alb_service_engines folders.

ACTUAL RESULTS

When specifying the full paths of the folder and ran ansible-playbook playbook.yml -vvvv, I got:

...
fatal: [localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "group": null,
            "hostname": "my-vcenter.example.domain",
            "object_name": "/example-datacenter/vm/environments/dev/nsx_alb_service_engines",
            "object_type": "Folder",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "principal": "example.domain\tkg-nsxalb-admin",
            "proxy_host": null,
            "proxy_port": null,
            "recursive": true,
            "role": "tkg-nsxalb-folder",
            "state": "present",
            "username": "administrator@vsphere.local",
            "validate_certs": false
        }
    },
    "msg": "Specified object /example-datacenter/vm/environments/dev/nsx_alb_service_engines of type Folder was not found."
}

And without verbose:

PLAY [localhost] *************************************************************************************************************************************************************************************

TASK [Assign user and role to VM folder] *************************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Specified object /Demo-Datacenter/vm/environments/dev/nsx_alb_service_engines of type Folder was not found."}

PLAY RECAP *******************************************************************************************************************************************************************************************
localhost

When specifying the folder name (e.g. nsx_alb_service_engines) and running ansible-playbook playbook.yml -vvvv, I got:

ok: [localhost] => {
    "changed": false,
    "invocation": {
        "module_args": {
            "group": null,
            "hostname": "my-vcenter.example.domain",
            "object_name": "nsx_alb_service_engines",
            "object_type": "Folder",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "principal": "example.domain\tkg-nsxalb-admin",
            "proxy_host": null,
            "proxy_port": null,
            "recursive": true,
            "role": "tkg-nsxalb-folder",
            "state": "present",
            "username": "administrator@vsphere.local",
            "validate_certs": false
        }
    }
}

And without verbose:

PLAY [localhost] *************************************************************************************************************************************************************************************

TASK [Assign user and role to VM folder] *************************************************************************************************************************************************************
ok: [localhost]

PLAY RECAP *******************************************************************************************************************************************************************************************
localhost                  : ok=1    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0

However, as I mentioned, using the object name, the module only handles one of those folders... I can't seem to figure out how to apply it on multiple folders.

ansibullbot commented 2 years ago

Files identified in the description: None

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

jboisdequin commented 1 year ago

Any updates in this fix?