terraformvspherevcenter

Assign global permission on VCenter with Terraform vSphere provider


I am trying to figure out how to assign a global permission in vCenter with terraform and the vsphere provider.

So far I have:

//== VSphere ==//
provider "vsphere" {
  user           = var.vsphere_username
  password       = var.vsphere_password
  vsphere_server = var.vsphere_server

  # If you have a self-signed cert
  allow_unverified_ssl = true
}

//== Example Role ==//
resource vsphere_role "example" {
  name = "Example Read"
  role_privileges = [
    "Datastore.Browse", 
    "Global.GlobalTag", 
    "Performance.ModifyIntervals"
  ]
}

//Taking syntax from terrafrom docs:
resource "vsphere_entity_permissions" p1 {

  # Is there a way to say "root/global" permission here?
  entity_id = data.vsphere_virtual_machine.vm1.id
  entity_type = "VirtualMachine"

  permissions {
    user_or_group = "mydomain\\my-group"
    propagate = true
    is_group = true
    role_id = vsphere_role.example.id
  }
}

Is there a way to do this currently? Thanks!


Solution

  • No, that isn't available today.

    The global permissions are generally managed by a separate SSO-based API service and SDK from the standard, singular vCenter permissions API service that's part of the vSphere Web Services API. Unfortunately Terraform and the vSphere provider cannot work with that separate SDK under the covers.