I am trying to figure out how to assign a global permission in vCenter with terraform and the vsphere provider.
So far I have:
//== VSphere ==//
provider "vsphere" {
user = var.vsphere_username
password = var.vsphere_password
vsphere_server = var.vsphere_server
# If you have a self-signed cert
allow_unverified_ssl = true
}
//== Example Role ==//
resource vsphere_role "example" {
name = "Example Read"
role_privileges = [
"Datastore.Browse",
"Global.GlobalTag",
"Performance.ModifyIntervals"
]
}
//Taking syntax from terrafrom docs:
resource "vsphere_entity_permissions" p1 {
# Is there a way to say "root/global" permission here?
entity_id = data.vsphere_virtual_machine.vm1.id
entity_type = "VirtualMachine"
permissions {
user_or_group = "mydomain\\my-group"
propagate = true
is_group = true
role_id = vsphere_role.example.id
}
}
Is there a way to do this currently? Thanks!
No, that isn't available today.
The global permissions are generally managed by a separate SSO-based API service and SDK from the standard, singular vCenter permissions API service that's part of the vSphere Web Services API. Unfortunately Terraform and the vSphere provider cannot work with that separate SDK under the covers.