iops view rights

[maloy45]

In Cloud Director 10.5 and higher, you can disable IOPS viewing rights for tenants
iops policy is enabled and inherited from provider vdc
If you push a role to tenants without "iops view", then terraform will not be able to create a VM

[dataclouder]

Hi!
Thanks for reporting an issue.
To help me understand the problem, please provide the HCL of the VM creation that an Organization administrator without the right "Organization vDC Disk: View IOPS" cannot create using Terraform while it is able to do in the UI.
As you state the problem, I am not able to reproduce the failure.

[maloy45]

I'm using terraform version:
terraform version
Terraform v1.8.4

• provider registry.terraform.io/vmware/vcd v3.12.1

I did some more tests
my account in cloud director has "org admin" rights without "view disk iops" and "edit disk iops"

When deploying a VM from a template using terraform I get an error:
The plugin encountered an error, and failed to respond to the plugin.(*GRPCProvider).ApplyResourceChange call. The plugin logs may contain more details.
Stack trace from the terraform-provider-vcd_v3.12.1 plugin:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x100ebdae0]

goroutine 43 [running]:
github.com/vmware/terraform-provider-vcd/v3/vcd.updateTemplateInternalDisks(0x1400019d680, {0x1012fca20?, 0x140004f0f50?}, {0x14000728840, 0x14000190b08})
github.com/vmware/terraform-provider-vcd/v3/vcd/resource_vcd_vapp_vm_tools.go:678 +0x320
github.com/vmware/terraform-provider-vcd/v3/vcd.createVmFromImage(0x1400019d680, {0x1012fca20, 0x140004f0f50}, {0x100ef46b9, 0x6}, {0x100effb87, 0x10})
github.com/vmware/terraform-provider-vcd/v3/vcd/resource_vcd_vapp_vm.go:1272 +0x14b0
github.com/vmware/terraform-provider-vcd/v3/vcd.genericResourceVmCreate(0x1400019d680, {0x1012fca20, 0x140004f0f50}, {0x100ef46b9, 0x6})
github.com/vmware/terraform-provider-vcd/v3/vcd/resource_vcd_vapp_vm.go:823 +0x1ac
github.com/vmware/terraform-provider-vcd/v3/vcd.resourceVcdStandaloneVmCreate({0x10130fca0?, 0x140004e9260?}, 0x1400019d680, {0x1012fca20, 0x140004f0f50})
github.com/vmware/terraform-provider-vcd/v3/vcd/resource_vcd_vm.go:34 +0xc8
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0x140002f1180, {0x10130fca0, 0x140004e9260}, 0x1400019d680, {0x1012fca20, 0x140004f0f50})
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:778 +0xe4
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0x140002f1180, {0x10130fca0, 0x140004e9260}, 0x14000726ea0, 0x1400019cd80, {0x1012fca20, 0x140004f0f50})
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:909 +0x884
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0x140000edbd8, {0x10130fca0?, 0x140004e90e0?}, 0x14000096050)
github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:1074 +0xaa4
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0x140004661e0, {0x10130fca0?, 0x140004e8300?}, 0x14000554000)
github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:859 +0x3d0
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0x1012be520, 0x140004661e0}, {0x10130fca0, 0x140004e8300}, 0x1400019c080, 0x0)
github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:503 +0x1c0
google.golang.org/grpc.(*Server).processUnaryRPC(0x14000266000, {0x10130fca0, 0x140004e8270}, {0x101315980, 0x140003f31e0}, 0x14000420000, 0x1400046df50, 0x1019f35f8, 0x0)
google.golang.org/[email protected]/server.go:1372 +0xb40
google.golang.org/grpc.(*Server).handleStream(0x14000266000, {0x101315980, 0x140003f31e0}, 0x14000420000)
google.golang.org/[email protected]/server.go:1783 +0xc00
google.golang.org/grpc.(*Server).serveStreams.func2.1()
google.golang.org/[email protected]/server.go:1016 +0x5c
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 23
google.golang.org/[email protected]/server.go:1027 +0x124

Error: The terraform-provider-vcd_v3.12.1 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

My manifest:
resource "vcd_vm" "my_vm" {
name = "my_vm_test_01"
vapp_template_id = data.vcd_catalog_vapp_template.template.id
memory = var.ram
cpus = var.cpu
org = var.org
vdc = var.vdc

override_template_disk {
bus_type = "paravirtual"
size_in_mb = "16384"
bus_number = 0
unit_number = 0
storage_profile = var.vcd_storage_policy
}
}

If you remove the override block then everything works.
With normal "org admin" where "view disk iops" and "edit disk iops" is enabled, the same override block works correctly

[adambarreiro]

Hi @maloy45,

I'll resume checking this issue. Just to be sure, does it still happen when the VCD provider is version 3.13.0?

Thanks in advance.

[maloy45]

Thank you for your patience.

I have tested this issue with the VCD provider version 3.13.0, and unfortunately, the problem still persists.
Error: The terraform-provider-vcd_v3.13.0 plugin crashed!

To recap how to reproduce the issue:

Remove the "View Disk IOPS" rights from the "Organization Administrator" role.
Deploy a VM from a template using Terraform with the override_template_disk block.
I am happy to provide additional information or assist with further steps if needed.