Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vcd_catalog_access_control does not give the required rights for users #1287

Closed
scmi410 opened this issue Jun 27, 2024 · 4 comments
Closed

vcd_catalog_access_control does not give the required rights for users #1287

scmi410 opened this issue Jun 27, 2024 · 4 comments
Assignees
@dataclouder

Comments

@scmi410
Copy link

scmi410 commented Jun 27, 2024

Terraform Version

Terraform v1.5.7
on linux_amd64

Affected Resource(s)

Please list the resources as a list, for example:

  • vcd_catalog
  • vcd_catalog_access_control

Terraform Configuration Files

resource "vcd_catalog" "ubuntu-cloud-images" {
  org                = "my-org"
  name               = "ubuntu-cloud-images"
  delete_recursive   = "true"
  delete_force       = "true"
}

resource "vcd_catalog_access_control" "ubuntu-cloud-images" {
  org                            = "my-org"
  catalog_id                     = vcd_catalog.ubuntu-cloud-images.id
  shared_with_everyone           = false
  read_only_shared_with_all_orgs = true

  shared_with {
    user_id      = "urn:vcloud:user:93e4d0a7-b120-40ed-a5ed-baf2caad7b45"
    access_level = "Change"
  }
}

Debug Output

If necessary, logs can be provided

Expected Behavior

The catalog should be created in VCD with the user included.

Actual Behavior

The catalog is created in VCD, but without including the user.

vcd_catalog_access_control

Steps to Reproduce

create a resource vcs_catalog with code above

User Access rights

Org admin
@dataclouder
Copy link
Contributor

Hi
Thanks for your report. I ran some tests. The behavior that you describe happens only when you have in the same resource read_only_shared_with_all_orgs = true and shared_with.
Fixing it is possible, but I am nit sure we can do it for the current release.
To help us evaluate the importance of this issue, could you describe a use case where this configuration would be important?

@scmi410
Copy link
Author

scmi410 commented Jul 1, 2024

Hi dataclouder,

shure, we are looking to create a catalog that distributes its vApp templates across all organizations. The goal is to keep these templates up-to-date automatically, potentially through a GitHub Action.
The interaction between the GitHub Action and the VCD ought to be executed by a user who holds only the essential permissions to update the templates. This guarantees that the procedure is secure and complies with the principle of least privilege.

Let me know if you need any additional information.

This was referenced Jul 3, 2024
Merged
Merged
@dataclouder
Copy link
Contributor

Addressed in #1291

@Didainius
Copy link
Collaborator

Both PRs are merged and are set for 3.14.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dataclouder dataclouder

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dataclouder @Didainius @scmi410