search

ansible-collections / community.vmware

Ansible Collection for VMware
GNU General Public License v3.0
344 stars 336 forks source link

vmware_object_role_permission is unable to find specified subfolders #650

Open bucklo opened 3 years ago

bucklo commented 3 years ago
SUMMARY

vmware_object_role_permission is unable to find specified VM subfolders. I have a VM catalog structure similar to the following:

prod
  - prod/linux
  - prod/windows
test
  - test/linux
  - test/windows

The parent folders prod and test works as expected but I am unable to apply permissions to the subfolders. I have tried using a similar syntax to the parent_folder parameter in the vcenter_folder module.

ISSUE TYPE
COMPONENT NAME

vmware_object_role_permission

ANSIBLE VERSION
ansible 2.9.7
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['~/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.6/site-packages/ansible
  executable location = /bin/ansible
   python version = 3.6.8 (default, May  6 2020, 12:04:35) [GCC 4.8.5 20150623 (Red Hat 4.8.5-39)]
CONFIGURATION
DEPRECATION_WARNINGS(/etc/ansible/ansible.cfg) = False
OS / ENVIRONMENT

VMware vCenter 7.0.1 RHEL 7.9

STEPS TO REPRODUCE

When specifying the folders prod or test as following the module works as expected.

    - name: Assign roles
      vmware_object_role_permission:
        <<: *login_info
        role: Admin
        principal: testuser
        object_name: test
        object_type: Folder
        recursive: no
        state: present
      delegate_to: localhost

But when specifying a subfolder as following, we're unable to find the folder in question.

    - name: Assign roles
      vmware_object_role_permission:
        <<: *login_info
        role: Admin
        principal: testuser
        object_name: prod/linux
        object_type: Folder
        recursive: no
        state: present
      delegate_to: localhost

Output:

fatal: [vcenter.example.com -> localhost]: FAILED! => {
    "changed": false,
    "invocation": {
        "module_args": {
            "group": null,
            "hostname": "vcenter.example.com",
            "object_name": "test/linux",
            "object_type": "Folder",
            "password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "port": 443,
            "principal": "testuser",
            "proxy_host": null,
            "proxy_port": null,
            "recursive": false,
            "role": "Admin",
            "state": "present",
            "username": "ansible@vsphere.local",
            "validate_certs": false
        }
    },
    "msg": "Specified object prod/linux of type Folder was not found."
}

If I specify the subfolder name directly, for example linux, the result will be successfully applied to one of the subfolders, but not the other.

EXPECTED RESULTS

The permissions to be applied to the specified subfolder.

ACTUAL RESULTS
"msg": "Specified object test/linux of type Folder was not found."
ansibullbot commented 3 years ago

Files identified in the description:

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 3 years ago

cc @Akasurde @Tomorrow9 @goneri @kryptsi @lparkes @pgbidkar @vmwjoseph @warthog9 click here for bot help

Akasurde commented 3 years ago

@bucklo Thanks for reporting this. vmware_object_role_permission module does not have logic to search subfolder / nested folders.

There are two ways to solve this

  1. implement logic to find the folder with the given parent folder
  2. implement logic to find the folder using managed object id (moid)

@mariolenz @goneri @sky-joker @Tomorrow9 What do you think is a good strategy over here?

sky-joker commented 3 years ago

@Akasurde

umm...
I wonder if No1 is better easy for people to understand?

If No2, will you feel like adding a moid parameter to the module? 

- name: example
  vmware_object_role_permission:
  (snip)
    object_moid: "{{ moid }}"
  (snip)
Akasurde commented 3 years ago

Finding a folder bit cumbersome in my opinion (no 1). I like the idea of using vmware_folder_info to get moid and applying that in vmware_object_role_permission.

sky-joker commented 3 years ago

Finding a folder bit cumbersome in my opinion (no 1). I like the idea of using vmware_folder_info to get moid and applying that in vmware_object_role_permission.

Okay, I agree with you.

MallocArray commented 2 years ago

I just ran into this same issue. I have 3 folders with the same name buried in various subfolders and with the current module I can't control which one it modified permissions on.

I see a PR to add in a moid parameter which would work, or if we could add a folder path that would be more readable, such as: object_name: Windows_Servers\Site1\AD