Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for import of r/vsphere_role #1822

Merged
merged 3 commits into from
Feb 8, 2023
Merged

feat: add support for import of r/vsphere_role #1822

merged 3 commits into from
Feb 8, 2023

Conversation

YoanaStoyanova
Copy link
Contributor

@YoanaStoyanova YoanaStoyanova commented Jan 19, 2023
edited by tenthirtyam
Loading

Description

Adds support for import of r/vsphere_role.

Not: vSphere system roles are blocked from import as these can not be modified or deleted; however, each can be returned in d/vsphere_role.

Acceptance tests

  • Have you added an acceptance test for the functionality being added?
  • Have you run the acceptance tests on this branch?

Output from acceptance testing:

$ make testacc TESTARGS="-run=TestAccResourceVsphereRole"
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor') -v -run=TestAccResourceVsphereRole -timeout 240m
?       github.com/hashicorp/terraform-provider-vsphere [no test files]
=== RUN   TestAccResourceVsphereRole_createRole
--- PASS: TestAccResourceVsphereRole_createRole (12.47s)
=== RUN   TestAccResourceVsphereRole_addPrivilege
--- PASS: TestAccResourceVsphereRole_addPrivilege (7.54s)
=== RUN   TestAccResourceVsphereRole_removePrivilege
--- PASS: TestAccResourceVsphereRole_removePrivilege (7.55s)
PASS

Release Note

Release note for CHANGELOG:

Enhancement:

Adds support for import of r/vsphere_role. GH-1822

References

Closes #1735

@hashicorp-cla
Copy link

hashicorp-cla commented Jan 19, 2023
edited
Loading

CLA assistant check
All committers have signed the CLA.

@github-actions github-actions bot added provider Type: Provider size/m Relative Sizing: Medium labels Jan 19, 2023
tenthirtyam
tenthirtyam reviewed Jan 19, 2023
View reviewed changes
Copy link
Collaborator

@tenthirtyam tenthirtyam left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An update to website/docs/r/vsphere_role.html.markdown with the import method should be included.

@tenthirtyam tenthirtyam added the area/iam Area: Identity and Access label Jan 19, 2023
@tenthirtyam tenthirtyam added this to the Backlog milestone Jan 19, 2023
@tenthirtyam tenthirtyam changed the title Add support for role importing feat: add support for import of r/vsphere_role Jan 19, 2023
@tenthirtyam
Copy link
Collaborator

tenthirtyam commented Jan 20, 2023
edited
Loading

Note
Submitted by Yoana Stoyanova, vSphere Product Engineering at VMware

@tenthirtyam tenthirtyam modified the milestones: Backlog, v2.3.0 Jan 20, 2023
@github-actions github-actions bot added documentation Type: Documentation size/l Relative Sizing: Large labels Jan 23, 2023
@tenthirtyam tenthirtyam self-requested a review January 23, 2023 13:33
@tenthirtyam tenthirtyam removed the size/m Relative Sizing: Medium label Jan 23, 2023
tenthirtyam
tenthirtyam requested changes Jan 23, 2023
View reviewed changes
Copy link
Collaborator

@tenthirtyam tenthirtyam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One very minor docs suggestion.

website/docs/r/vsphere_role.html.markdown Outdated Show resolved Hide resolved
tenthirtyam
tenthirtyam reviewed Jan 23, 2023
View reviewed changes
Copy link
Collaborator

@tenthirtyam tenthirtyam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test Results: Import of Existing Role

main.tf:

##################################################################################
# VERSIONS
##################################################################################

terraform {
  required_providers {
    vsphere = {
      source  = "local/hashicorp/vsphere"
      version = ">= 2.3.0"
    }
  }
  required_version = ">= 1.3.6"
}

##################################################################################
# VARIABLES
##################################################################################

# Credentials

variable "vsphere_server" {
  type        = string
  description = "The fully qualified domain name or IP address of the vCenter Server instance. (e.g. sfo-m01-vc01.sfo.rainpole.io)"
}

variable "vsphere_username" {
  type        = string
  description = "The username to login to the vCenter Server instance. (e.g. [email protected])"
  sensitive   = true
}

variable "vsphere_password" {
  type        = string
  description = "The password for the login to the vCenter Server instance."
  sensitive   = true
}

variable "vsphere_insecure" {
  type        = bool
  description = "Set to true for self-signed certificates."
  default     = false
}

# Roles

variable "packer_vsphere_role" {
  type        = string
  description = "The name for the HashiCorp Packer to VMware vSphere custom role."
}

variable "packer_vsphere_privileges" {
  type        = list(string)
  description = "The vSphere privledges for the HashiCorp Packer to VMware vSphere custom role."
}

##################################################################################
# PROVIDERS
##################################################################################

provider "vsphere" {
  vsphere_server       = var.vsphere_server
  user                 = var.vsphere_username
  password             = var.vsphere_password
  allow_unverified_ssl = var.vsphere_insecure
}

##################################################################################
# RESOURCES
##################################################################################

resource "vsphere_role" "packer-vsphere" {
  name            = var.packer_vsphere_role
  role_privileges = var.packer_vsphere_privileges
}

terraform.tfvars:

##################################################################################
# VARIABLES
##################################################################################

# Credentials

vsphere_server   = "m01-vc01.rainpole.io"
vsphere_username = "[email protected]"
vsphere_password = "************"
vsphere_insecure = true

# Roles

packer_vsphere_role = "Packer to vSphere Integration Role"

packer_vsphere_privileges = [
  "System.Anonymous",
  "System.Read",
  "System.View",
  "ContentLibrary.AddLibraryItem",
  "ContentLibrary.UpdateLibraryItem",
  "Cryptographer.Access",
  "Cryptographer.Encrypt",
  "Datastore.AllocateSpace",
  "Datastore.Browse",
  "Datastore.FileManagement",
  "Host.Config.SystemManagement",
  "Network.Assign",
  "Resource.AssignVMToPool",
  "VApp.Export",
  "VirtualMachine.Config.AddNewDisk",
  "VirtualMachine.Config.AddRemoveDevice",
  "VirtualMachine.Config.AdvancedConfig",
  "VirtualMachine.Config.Annotation",
  "VirtualMachine.Config.CPUCount",
  "VirtualMachine.Config.EditDevice",
  "VirtualMachine.Config.Memory",
  "VirtualMachine.Config.Resource",
  "VirtualMachine.Config.Settings",
  "VirtualMachine.Interact.DeviceConnection",
  "VirtualMachine.Interact.PowerOff",
  "VirtualMachine.Interact.PowerOn",
  "VirtualMachine.Interact.PutUsbScanCodes",
  "VirtualMachine.Interact.SetCDMedia",
  "VirtualMachine.Interact.SetFloppyMedia",
  "VirtualMachine.Inventory.Create",
  "VirtualMachine.Inventory.CreateFromExisting",
  "VirtualMachine.Inventory.Delete",
  "VirtualMachine.Provisioning.CreateTemplateFromVM",
  "VirtualMachine.Provisioning.MarkAsTemplate",
  "VirtualMachine.Provisioning.MarkAsVM",
  "VirtualMachine.State.CreateSnapshot"
]
terraform init                

Initializing the backend...

Initializing provider plugins...
- Finding local/hashicorp/vsphere versions matching ">= 2.3.0"...
- Installing local/hashicorp/vsphere v2.3.0...
- Installed local/hashicorp/vsphere v2.3.0 (unauthenticated)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.


│ Warning: Incomplete lock file information for providers

│ Due to your customized provider installation methods, Terraform was forced to calculate lock file checksums locally for the following providers:
│   - local/hashicorp/vsphere

│ The current .terraform.lock.hcl file only includes checksums for darwin_amd64, so Terraform running on another platform will fail to install these providers.

│ To calculate additional checksums for another platform, run:
│   terraform providers lock -platform=linux_amd64
│ (where linux_amd64 is the platform to generate)


Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

packer-examples-for-vsphere/terraform/vsphere-role on  v22.12-mac [✘!?] terraform import vsphere_role.packer-vsphere 1878255259
vsphere_role.packer-vsphere: Importing from ID "1878255259"...
vsphere_role.packer-vsphere: Import prepared!
  Prepared vsphere_role for import
vsphere_role.packer-vsphere: Refreshing state... [id=1878255259]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

Terraform State:

{
  "version": 4,
  "terraform_version": "1.3.7",
  "serial": 1,
  "lineage": "0862efa2-40c0-c31d-f0d1-b14739f2556a",
  "outputs": {},
  "resources": [
    {
      "mode": "managed",
      "type": "vsphere_role",
      "name": "packer-vsphere",
      "provider": "provider[\"local/hashicorp/vsphere\"]",
      "instances": [
        {
          "schema_version": 0,
          "attributes": {
            "id": "1878255259",
            "label": "Packer to vSphere Integration Role",
            "name": "Packer to vSphere Integration Role",
            "role_privileges": [
              "ContentLibrary.AddLibraryItem",
              "ContentLibrary.UpdateLibraryItem",
              "Cryptographer.Access",
              "Cryptographer.Encrypt",
              "Datastore.AllocateSpace",
              "Datastore.Browse",
              "Datastore.FileManagement",
              "Host.Config.SystemManagement",
              "Network.Assign",
              "Resource.AssignVMToPool",
              "VApp.Export",
              "VirtualMachine.Config.AddNewDisk",
              "VirtualMachine.Config.AddRemoveDevice",
              "VirtualMachine.Config.AdvancedConfig",
              "VirtualMachine.Config.Annotation",
              "VirtualMachine.Config.CPUCount",
              "VirtualMachine.Config.EditDevice",
              "VirtualMachine.Config.Memory",
              "VirtualMachine.Config.Resource",
              "VirtualMachine.Config.Settings",
              "VirtualMachine.Interact.DeviceConnection",
              "VirtualMachine.Interact.PowerOff",
              "VirtualMachine.Interact.PowerOn",
              "VirtualMachine.Interact.PutUsbScanCodes",
              "VirtualMachine.Interact.SetCDMedia",
              "VirtualMachine.Interact.SetFloppyMedia",
              "VirtualMachine.Inventory.Create",
              "VirtualMachine.Inventory.CreateFromExisting",
              "VirtualMachine.Inventory.Delete",
              "VirtualMachine.Provisioning.CreateTemplateFromVM",
              "VirtualMachine.Provisioning.MarkAsTemplate",
              "VirtualMachine.Provisioning.MarkAsVM",
              "VirtualMachine.State.CreateSnapshot"
            ]
          },
          "sensitive_attributes": [],
          "private": "eyJzY2hlbWFfdmVyc2lvbiI6IjAifQ=="
        }
      ]
    }
  ],
  "check_results": null
}

tenthirtyam
tenthirtyam reviewed Jan 23, 2023
View reviewed changes
Copy link
Collaborator

@tenthirtyam tenthirtyam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Results for a System Role: Expected

terraform import vsphere_role.no-access -5
vsphere_role.no-access: Importing from ID "-5"...

│ Error: error specified role with id -5 is a system role. System roles are not supported for this operation

YoanaStoyanova and others added 3 commits February 7, 2023 19:36
@YoanaStoyanova @appilon
Add support for role importing
c0df05f 
Signed-off-by: Yoana Stoyanova <[email protected]>
@YoanaStoyanova @appilon
Forbid importing of system roles
31379a0 
System roles can't be modified or deleted.
It doesn't make sense to make such roles importable.
Data about system roles can be retrieved through
vsphere_role data source.

Signed-off-by: Yoana Stoyanova <[email protected]>
@appilon
Fix test error message regexp
8f1e20d
appilon
appilon approved these changes Feb 8, 2023
View reviewed changes
Copy link
Contributor

@appilon appilon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just had to fix the error message in the acctest

@appilon appilon merged commit 2242659 into hashicorp:main Feb 8, 2023
@github-actions
Copy link

github-actions bot commented Feb 9, 2023

This functionality has been released in v2.3.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@appilon appilon appilon approved these changes

@tenthirtyam tenthirtyam tenthirtyam approved these changes

Assignees

@YoanaStoyanova YoanaStoyanova

Labels
area/iam Area: Identity and Access documentation Type: Documentation provider Type: Provider size/l Relative Sizing: Large
Projects
None yet
Milestone
v2.3.0
Development

Successfully merging this pull request may close these issues.

Add support for import of r/vsphere_role
4 participants
@YoanaStoyanova @hashicorp-cla @tenthirtyam @appilon