Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vsphere_entity_permissions - global permissions preventing removing root folder permissions #1400

Open
slarimore02 opened this issue May 4, 2021 · 8 comments
Open

vsphere_entity_permissions - global permissions preventing removing root folder permissions #1400

slarimore02 opened this issue May 4, 2021 · 8 comments
Labels
acknowledged Status: Issue or Pull Request Acknowledged area/iam Area: Identity and Access bug Type: Bug needs-triage Status: Issue Needs Triage
Milestone
Backlog

Comments

@slarimore02
Copy link

Terraform Version

Terraform v0.15.1

vSphere Provider Version

1.26.0

Affected Resource(s)

  • vsphere_entity_permissions

Terraform Configuration Files

terraform {
  required_version = ">= 0.13.6"

  required_providers {
    vsphere = {
      source  = "hashicorp/vsphere"
      version = "~> 1.26.0"
    }
  }
}
provider "vsphere" {
  user                 = var.vsphere_user
  password             = var.vsphere_password
  vsphere_server       = var.vsphere_server
  allow_unverified_ssl = true
}

data "vsphere_folder" "root" {
  path = "/"
}
resource "vsphere_entity_permissions" "avi_root" {
  entity_id = data.vsphere_folder.root.id
  entity_type = "Folder"
  
  permissions {
    user_or_group = var.vsphere_avi_user
    propagate = true
    is_group = false
    role_id = vsphere_role.avi_root.id
  }
  lifecycle {
    ignore_changes = [ permissions ]
  }
}
resource "vsphere_role" "avi_root" {
  name = "avi_root"
  role_privileges = [
    "Datastore.AllocateSpace", 
    "Network.Assign", 
    "Host.Config.Network", 
    "VirtualMachine.Config.AddNewDisk", 
    "VirtualMachine.Config.AdvancedConfig", 
    "Resource.AssignVMToPool", 
    "VApp.Import"  
  ]
}

Debug Output

https://gist.github.com/slarimore02/dadd86f45cad33bda0905200ce177d84

Expected Behavior

When running terraform destroy the vsphere_entity_permissions resource should be removed for the root vSphere folder. The provider should only remove/create permissions defined in the vsphere_entity_permissions resource not existing Global Permissions.

Actual Behavior

When running terraform destroy the vsphere_entity_permissions resource is not deleted. The root folder inherits all of the users/permissions defined in the Global Permissions and the provider cannot find those additional permissions to remove.

The error below is returned:

Error: error while deleting permission for the user/group VSPHERE.LOCAL\Administrator ServerFaultCode: The object or item referred to could not be found.

Steps to Reproduce

  1. terraform apply
  2. list inherited global permissions with terraform show
  3. terraform destroy.

Important Factoids

vSphere version 7.0.0.10100

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
@slarimore02 slarimore02 added the bug Type: Bug label May 4, 2021
@pezhore
Copy link

pezhore commented May 17, 2021

Adding to this, I think the permissions are removed on non-root folders as well.

@eric-gunn
Copy link

This has been a pain point for us, too.

@tenthirtyam
Copy link
Collaborator

An update based on my expereince with this issue.

Terraform Version

>= 1.0.0

vSphere Provider Version:

>= 2.0.0

terraform {
  required_providers {
    vsphere = {
      source  = "hashicorp/vsphere"
      version = ">= 2.0.0"
    }
  }
  required_version = ">= 1.0.0"
}

Affected Resource(s)

vsphere_entity_permissions

Terraform Configuration Files

##################################################################################
# VERSIONS
##################################################################################

terraform {
  required_providers {
    vsphere = {
      source  = "hashicorp/vsphere"
      version = ">= 2.0.0"
    }
  }
  required_version = ">= 1.0.0"
}

##################################################################################
# PROVIDERS
##################################################################################

provider "vsphere" {
  vsphere_server       = var.vsphere_server
  user                 = var.vsphere_username
  password             = var.vsphere_password
  allow_unverified_ssl = var.vsphere_insecure
}

##################################################################################
# VARIABLES
##################################################################################

# Credentials

variable "vsphere_server" {}

variable "vsphere_username" {
  sensitive   = true
}

variable "vsphere_password" {
  sensitive   = true
}

variable "vsphere_insecure" {}

vsphere_server   = "sfo-m01-vc01.rainpole.io"

vsphere_username = "[email protected]"

vsphere_password = "***********!"

vsphere_insecure = false

# Reduce Service Account Permissions

variable "vsphere_folder_path" {}
variable "vsphere_entity_type" {}

vsphere_folder_path    = "/"
vsphere_entity_type    = "Folder"

variable "vra_vsphere_user" {}
variable "vra_vsphere_role_label" {}

vra_vsphere_user       = "RAINPOLE\\svc-vra-vsphere"
vra_vsphere_role_label = "No access"

variable "vro_vsphere_user" {}
variable "vro_vsphere_role_label" {}

vro_vsphere_user       = "RAINPOLE\\svc-vro-vsphere"
vro_vsphere_role_label = "No access"

##################################################################################
# DATA
##################################################################################

data "vsphere_folder" "this" {
  path = var.vsphere_folder_path
}

data "vsphere_role" "vra_vsphere_role" {
  label = var.vra_vsphere_role_label
}

data "vsphere_role" "vro_vsphere_role" {
  label = var.vro_vsphere_role_label
}

##################################################################################
# RESOURCES
##################################################################################

resource "vsphere_entity_permissions" "vra_vsphere_user" {
  entity_id   = data.vsphere_folder.this.id
  entity_type = var.vsphere_entity_type
  permissions {
    user_or_group = var.vra_vsphere_user
    role_id       = data.vsphere_role.vra_vsphere_role.id
    is_group      = false
    propagate     = true
  }
}

resource "vsphere_entity_permissions" "vro_vsphere_user" {
  entity_id   = data.vsphere_folder.this.id
  entity_type = var.vsphere_entity_type
  permissions {
    user_or_group = var.vro_vsphere_user
    role_id       = data.vsphere_role.vro_vsphere_role.id
    is_group      = false
    propagate     = true
  }
}

When applying the plan I see that 2 permissions will change....

PS D:\Terraform\vsphere-global-permissions> terraform plan
vsphere_entity_permissions.vro_vsphere_user: Refreshing state... [id=group-d1]
vsphere_entity_permissions.vra_vsphere_user: Refreshing state... [id=group-d1]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # vsphere_entity_permissions.vra_vsphere_user will be updated in-place
  ~ resource "vsphere_entity_permissions" "vra_vsphere_user" {
        id          = "group-d1"
        # (2 unchanged attributes hidden)

      ~ permissions {
          ~ role_id       = "-562474839" -> "-5"
            # (3 unchanged attributes hidden)
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "802812196" -> null
          - user_or_group = "RAINPOLE\\svc-vrli-vsphere" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-5" -> null
          - user_or_group = "RAINPOLE\\svc-vro-vsphere" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "1823778329" -> null
          - user_or_group = "RAINPOLE\\svc-vrops-mpsd" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "1823778329" -> null
          - user_or_group = "RAINPOLE\\svc-vrops-vsan" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1007234473" -> null
          - user_or_group = "RAINPOLE\\svc-vrops-vsphere" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-974337264" -> null
          - user_or_group = "RAINPOLE\\svc-vrslcm-vsphere" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "RAINPOLE\\ug-vc-admins" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\Administrator" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\Administrators" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "11" -> null
          - user_or_group = "VSPHERE.LOCAL\\AutoUpdate" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1937985690" -> null
          - user_or_group = "VSPHERE.LOCAL\\NsxAdministrators" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "42755698" -> null
          - user_or_group = "VSPHERE.LOCAL\\NsxAuditors" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1379913370" -> null
          - user_or_group = "VSPHERE.LOCAL\\NsxViAdministrators" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1006" -> null
          - user_or_group = "VSPHERE.LOCAL\\RegistryAdministrators" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\SDDCAdmins" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\svc-sfo-m01-nsx01-sfo-m01-vc01" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\svc-sfo-w01-nsx01-sfo-w01-vc01" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-974337264" -> null
          - user_or_group = "VSPHERE.LOCAL\\svc-vrslcm-vsphere" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1002" -> null
          - user_or_group = "VSPHERE.LOCAL\\SyncUsers" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "-7" -> null
          - user_or_group = "VSPHERE.LOCAL\\TrustedAdmins" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\vpxd-3654cf7c-6db4-43a5-bd82-c9b05fc78fd0" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\vpxd-a6f76a8e-7bf4-465c-a013-d9b6814676db" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\vpxd-extension-3654cf7c-6db4-43a5-bd82-c9b05fc78fd0" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\vpxd-extension-a6f76a8e-7bf4-465c-a013-d9b6814676db" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-562474839" -> null
          - user_or_group = "VSPHERE.LOCAL\\vra-svc-d4deab82-b6b2-40e2-9b0a-8f99dd0a3527" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "1003" -> null
          - user_or_group = "VSPHERE.LOCAL\\vsphere-webclient-3654cf7c-6db4-43a5-bd82-c9b05fc78fd0" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "1003" -> null
          - user_or_group = "VSPHERE.LOCAL\\vsphere-webclient-a6f76a8e-7bf4-465c-a013-d9b6814676db" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1003" -> null
          - user_or_group = "VSPHERE.LOCAL\\vSphereClientSolutionUsers" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1004" -> null
          - user_or_group = "VSPHERE.LOCAL\\WorkloadStorage" -> null
        }
    }

  # vsphere_entity_permissions.vro_vsphere_user will be updated in-place
  ~ resource "vsphere_entity_permissions" "vro_vsphere_user" {
        id          = "group-d1"
        # (2 unchanged attributes hidden)

      ~ permissions {
          ~ role_id       = "-562474839" -> "-5"
          ~ user_or_group = "RAINPOLE\\svc-vra-vsphere" -> "RAINPOLE\\svc-vro-vsphere"
            # (2 unchanged attributes hidden)
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "802812196" -> null
          - user_or_group = "RAINPOLE\\svc-vrli-vsphere" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-5" -> null
          - user_or_group = "RAINPOLE\\svc-vro-vsphere" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "1823778329" -> null
          - user_or_group = "RAINPOLE\\svc-vrops-mpsd" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "1823778329" -> null
          - user_or_group = "RAINPOLE\\svc-vrops-vsan" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1007234473" -> null
          - user_or_group = "RAINPOLE\\svc-vrops-vsphere" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-974337264" -> null
          - user_or_group = "RAINPOLE\\svc-vrslcm-vsphere" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "RAINPOLE\\ug-vc-admins" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\Administrator" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\Administrators" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "11" -> null
          - user_or_group = "VSPHERE.LOCAL\\AutoUpdate" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1937985690" -> null
          - user_or_group = "VSPHERE.LOCAL\\NsxAdministrators" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "42755698" -> null
          - user_or_group = "VSPHERE.LOCAL\\NsxAuditors" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1379913370" -> null
          - user_or_group = "VSPHERE.LOCAL\\NsxViAdministrators" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1006" -> null
          - user_or_group = "VSPHERE.LOCAL\\RegistryAdministrators" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\SDDCAdmins" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\svc-sfo-m01-nsx01-sfo-m01-vc01" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\svc-sfo-w01-nsx01-sfo-w01-vc01" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-974337264" -> null
          - user_or_group = "VSPHERE.LOCAL\\svc-vrslcm-vsphere" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1002" -> null
          - user_or_group = "VSPHERE.LOCAL\\SyncUsers" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "-7" -> null
          - user_or_group = "VSPHERE.LOCAL\\TrustedAdmins" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\vpxd-3654cf7c-6db4-43a5-bd82-c9b05fc78fd0" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\vpxd-a6f76a8e-7bf4-465c-a013-d9b6814676db" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\vpxd-extension-3654cf7c-6db4-43a5-bd82-c9b05fc78fd0" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-1" -> null
          - user_or_group = "VSPHERE.LOCAL\\vpxd-extension-a6f76a8e-7bf4-465c-a013-d9b6814676db" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "-562474839" -> null
          - user_or_group = "VSPHERE.LOCAL\\vra-svc-d4deab82-b6b2-40e2-9b0a-8f99dd0a3527" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "1003" -> null
          - user_or_group = "VSPHERE.LOCAL\\vsphere-webclient-3654cf7c-6db4-43a5-bd82-c9b05fc78fd0" -> null
        }
      - permissions {
          - is_group      = false -> null
          - propagate     = true -> null
          - role_id       = "1003" -> null
          - user_or_group = "VSPHERE.LOCAL\\vsphere-webclient-a6f76a8e-7bf4-465c-a013-d9b6814676db" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1003" -> null
          - user_or_group = "VSPHERE.LOCAL\\vSphereClientSolutionUsers" -> null
        }
      - permissions {
          - is_group      = true -> null
          - propagate     = true -> null
          - role_id       = "1004" -> null
          - user_or_group = "VSPHERE.LOCAL\\WorkloadStorage" -> null
        }
    }

Plan: 0 to add, 2 to change, 0 to destroy.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if
you run "terraform apply" now.

However, when applied, it completes but with an erroneous error for another role and permission....

Plan: 0 to add, 2 to change, 0 to destroy.
vsphere_entity_permissions.vra_vsphere_user: Modifying... [id=group-d1]
vsphere_entity_permissions.vro_vsphere_user: Modifying... [id=group-d1]
╷
│ Error: error while deleting permission for the user/group RAINPOLE\svc-vrli-vsphere ServerFaultCode: The object or item referred to could not be found.
│
│   with vsphere_entity_permissions.vra_vsphere_user,
│   on main.tf line 32, in resource "vsphere_entity_permissions" "vra_vsphere_user":
│   32: resource "vsphere_entity_permissions" "vra_vsphere_user" {
│
╵
╷
│ Error: error while deleting permission for the user/group RAINPOLE\svc-vra-vsphere ServerFaultCode: The object or item referred to could not be found.
│
│   with vsphere_entity_permissions.vro_vsphere_user,
│   on main.tf line 43, in resource "vsphere_entity_permissions" "vro_vsphere_user":
│   43: resource "vsphere_entity_permissions" "vro_vsphere_user" {
│
╵

The results are corrects and the users are set to the "No access" role.

image

However, if I re-apply the plan, the first of the two returns to the Global Permissions settings but the second is skipped. If applied a tird time, it resets to te correct state. And additioanal runs flip between the two.

image

Next, if I run a terraform destroy, it will remove the state as excepted but with additional errrors as mentioned in the initial summary of this issue.

Plan: 0 to add, 0 to change, 2 to destroy.
vsphere_entity_permissions.vro_vsphere_user: Destroying... [id=group-d1]
vsphere_entity_permissions.vra_vsphere_user: Destroying... [id=group-d1]
╷
│ Error: error while deleting permission for the user/group RAINPOLE\svc-vrli-vsphere ServerFaultCode: The object or item referred to could not be found.
│
│
╵
╷
│ Error: error while deleting permission for the user/group RAINPOLE\svc-vra-vsphere ServerFaultCode: The object or item referred to could not be found.
│

image

cc @sumitAgrawal007

Ryan

@andyanfieldroad
Copy link

I'm also experiencing this issue. Has anyone found a fix or workaround?

@tenthirtyam tenthirtyam added needs-triage Status: Issue Needs Triage acknowledged Status: Issue or Pull Request Acknowledged labels Feb 5, 2022
@tenthirtyam tenthirtyam changed the title vsphere_entity_permissions - global permissions preventing removing root folder permissions vsphere_entity_permissions - global permissions preventing removing root folder permissions Feb 5, 2022
@tenthirtyam tenthirtyam mentioned this issue Feb 19, 2022
Closed
@tenthirtyam tenthirtyam added the area/iam Area: Identity and Access label Feb 22, 2022
@tenthirtyam tenthirtyam added this to the v2.2.0 milestone Feb 24, 2022
@tenthirtyam tenthirtyam modified the milestones: v2.2.0, v2.3.0 Apr 7, 2022
@steenblik steenblik mentioned this issue Nov 14, 2022
Open
@tenthirtyam tenthirtyam modified the milestones: v2.3.0, v2.4.0 Nov 28, 2022
@dipeshsharma
Copy link

This bug has been open for almost two years now. Just wondering how people are working around this without a fix in place?

@slarimore02
Copy link
Author

Manually cleaning up the role (or through some other automation) and then removing the role/vsphere_entity_permissions from the terraform state: terraform state rm vsphere_entity_permissions.avi_root vsphere_role.avi_root

@pezhore
Copy link

pezhore commented Feb 28, 2023

This bug has been open for almost two years now. Just wondering how people are working around this without a fix in place?

My team has just stopped trying to use this resource - we look at alternative methods of provisioning access.

@tenthirtyam
Copy link
Collaborator

This bug has been open for almost two years now. Just wondering how people are working around this without a fix in place?

My team has just stopped trying to use this resource - we look at alternative methods of provisioning access.

There are underlying issues with the implementation that require further development efforts on this resource (and other IAM-related items). However, there are upstream dependencies \that would need to be exposed by govmomi. On the VMware side (this provider is maintained by HashiCorp) we are looking to contribute these features/fixes in the future based on prioritization.

Ryan Johnson
Senior Staff Solutions Architect | Product Engineering @ VMware, Inc.

@tenthirtyam tenthirtyam modified the milestones: v2.4.0, v2.5.0 May 4, 2023
@tenthirtyam tenthirtyam modified the milestones: v2.5.0, v2.6.0 Oct 9, 2023
@tenthirtyam tenthirtyam modified the milestones: v2.6.0, v2.7.0 Nov 10, 2023
@tenthirtyam tenthirtyam mentioned this issue Dec 5, 2023
Open
4 tasks
@tenthirtyam tenthirtyam modified the milestones: v2.7.0, Backlog Jan 23, 2024
@tenthirtyam tenthirtyam added the enhancement Type: Enhancement label Jan 15, 2025
@tenthirtyam tenthirtyam removed the enhancement Type: Enhancement label Jan 15, 2025
@skt-mmisuth skt-mmisuth mentioned this issue Jan 15, 2025
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
acknowledged Status: Issue or Pull Request Acknowledged area/iam Area: Identity and Access bug Type: Bug needs-triage Status: Issue Needs Triage
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
6 participants
@andyanfieldroad @pezhore @tenthirtyam @eric-gunn @dipeshsharma @slarimore02