-
Notifications
You must be signed in to change notification settings - Fork 8
/
vsphere-roles.tf
285 lines (283 loc) · 9.74 KB
/
vsphere-roles.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
resource "vsphere_entity_permissions" "avi_folder" {
count = var.create_roles ? 1 : 0
entity_id = vsphere_folder.avi.id
entity_type = "Folder"
permissions {
user_or_group = var.vsphere_avi_user == null ? var.vsphere_user : var.vsphere_avi_user
propagate = true
is_group = false
role_id = var.configure_nsx_cloud.enabled ? vsphere_role.nsx_avi_folder[0].id : vsphere_role.avi_folder[0].id
}
lifecycle {
ignore_changes = [permissions]
}
}
resource "vsphere_entity_permissions" "avi_root" {
count = var.create_roles && var.configure_nsx_cloud.enabled == false ? 1 : 0
entity_id = data.vsphere_folder.root.id
entity_type = "Folder"
permissions {
user_or_group = var.vsphere_avi_user == null ? var.vsphere_user : var.vsphere_avi_user
propagate = true
is_group = false
role_id = vsphere_role.avi_root[0].id
}
lifecycle {
ignore_changes = [permissions]
}
}
resource "vsphere_role" "avi_root" {
count = var.create_roles && var.configure_nsx_cloud.enabled == false ? 1 : 0
name = "avi_root"
role_privileges = [
"ContentLibrary.AddLibraryItem",
"ContentLibrary.DeleteLibraryItem",
"ContentLibrary.UpdateLibraryItem",
"ContentLibrary.UpdateSession",
"Datastore.AllocateSpace",
"Network.Assign",
"Host.Config.Network",
"VirtualMachine.Config.AddNewDisk",
"VirtualMachine.Config.AdvancedConfig",
"Resource.AssignVMToPool",
"VApp.Import"
]
}
resource "vsphere_role" "avi_folder" {
count = var.create_roles && var.configure_nsx_cloud.enabled == false ? 1 : 0
name = "avi_folder"
role_privileges = [
"Datacenter.IpPoolConfig",
"Datacenter.IpPoolReleaseIp",
"Datacenter.IpPoolQueryAllocations",
"Datastore.Browse",
"Datastore.DeleteFile",
"Datastore.FileManagement",
"Datastore.AllocateSpace",
"Datastore.Config",
"Datastore.UpdateVirtualMachineFiles",
"Datastore.UpdateVirtualMachineMetadata",
"Network.Move",
"Network.Delete",
"Network.Config",
"Network.Assign",
"DVSwitch.Create",
"DVSwitch.Modify",
"DVSwitch.HostOp",
"DVSwitch.PolicyOp",
"DVSwitch.PortConfig",
"DVSwitch.PortSetting",
"DVSwitch.ResourceManagement",
"DVPortgroup.Create",
"DVPortgroup.Modify",
"DVPortgroup.PolicyOp",
"DVPortgroup.ScopeOp",
"DVPortgroup.Ipfix",
"DVPortgroup.Delete",
"Host.Inventory.AddStandaloneHost",
"Host.Inventory.CreateCluster",
"Host.Inventory.AddHostToCluster",
"Host.Inventory.RemoveHostFromCluster",
"Host.Inventory.MoveCluster",
"Host.Inventory.RenameCluster",
"Host.Inventory.DeleteCluster",
"Host.Inventory.EditCluster",
"Host.Inventory.MoveHost",
"Host.Inventory.ManageClusterLifecyle",
"Host.Config.SystemManagement",
"Host.Config.AutoStart",
"Host.Config.HyperThreading",
"Host.Config.Memory",
"Host.Config.Network",
"Host.Config.Resources",
"Host.Config.Settings",
"Host.Config.Power",
"Host.Config.Image",
"Host.Local.InstallAgent",
"Host.Local.ManageUserGroups",
"Host.Local.CreateVM",
"Host.Local.ReconfigVM",
"Host.Local.DeleteVM",
"Host.Cim.CimInteraction",
"VirtualMachine.Inventory.Create",
"VirtualMachine.Inventory.CreateFromExisting",
"VirtualMachine.Inventory.Register",
"VirtualMachine.Inventory.Delete",
"VirtualMachine.Inventory.Unregister",
"VirtualMachine.Inventory.Move",
"VirtualMachine.Interact.PowerOn",
"VirtualMachine.Interact.PowerOff",
"VirtualMachine.Interact.Suspend",
"VirtualMachine.Interact.SuspendToMemory",
"VirtualMachine.Interact.Reset",
"VirtualMachine.Interact.Pause",
"VirtualMachine.Interact.AnswerQuestion",
"VirtualMachine.Interact.ConsoleInteract",
"VirtualMachine.Interact.DeviceConnection",
"VirtualMachine.Interact.SetCDMedia",
"VirtualMachine.Interact.SetFloppyMedia",
"VirtualMachine.Interact.ToolsInstall",
"VirtualMachine.Interact.GuestControl",
"VirtualMachine.Interact.DefragmentAllDisks",
"VirtualMachine.Interact.CreateSecondary",
"VirtualMachine.Interact.TurnOffFaultTolerance",
"VirtualMachine.Interact.MakePrimary",
"VirtualMachine.Interact.TerminateFaultTolerantVM",
"VirtualMachine.Interact.DisableSecondary",
"VirtualMachine.Interact.EnableSecondary",
"VirtualMachine.Interact.Record",
"VirtualMachine.Interact.Replay",
"VirtualMachine.Interact.Backup",
"VirtualMachine.Interact.CreateScreenshot",
"VirtualMachine.Interact.PutUsbScanCodes",
"VirtualMachine.Interact.SESparseMaintenance",
"VirtualMachine.Interact.DnD",
"VirtualMachine.GuestOperations.Query",
"VirtualMachine.GuestOperations.Modify",
"VirtualMachine.GuestOperations.Execute",
"VirtualMachine.GuestOperations.QueryAliases",
"VirtualMachine.GuestOperations.ModifyAliases",
"VirtualMachine.Config.Rename",
"VirtualMachine.Config.Annotation",
"VirtualMachine.Config.AddExistingDisk",
"VirtualMachine.Config.AddNewDisk",
"VirtualMachine.Config.RemoveDisk",
"VirtualMachine.Config.RawDevice",
"VirtualMachine.Config.HostUSBDevice",
"VirtualMachine.Config.CPUCount",
"VirtualMachine.Config.Memory",
"VirtualMachine.Config.AddRemoveDevice",
"VirtualMachine.Config.EditDevice",
"VirtualMachine.Config.Settings",
"VirtualMachine.Config.Resource",
"VirtualMachine.Config.UpgradeVirtualHardware",
"VirtualMachine.Config.ResetGuestInfo",
"VirtualMachine.Config.ToggleForkParent",
"VirtualMachine.Config.AdvancedConfig",
"VirtualMachine.Config.DiskLease",
"VirtualMachine.Config.SwapPlacement",
"VirtualMachine.Config.DiskExtend",
"VirtualMachine.Config.ChangeTracking",
"VirtualMachine.Config.QueryUnownedFiles",
"VirtualMachine.Config.ReloadFromPath",
"VirtualMachine.Config.QueryFTCompatibility",
"VirtualMachine.Config.MksControl",
"VirtualMachine.Config.ManagedBy",
"VirtualMachine.State.CreateSnapshot",
"VirtualMachine.State.RevertToSnapshot",
"VirtualMachine.State.RemoveSnapshot",
"VirtualMachine.State.RenameSnapshot",
"VirtualMachine.Hbr.ConfigureReplication",
"VirtualMachine.Hbr.ReplicaManagement",
"VirtualMachine.Hbr.MonitorReplication",
"VirtualMachine.Provisioning.Customize",
"VirtualMachine.Provisioning.Clone",
"VirtualMachine.Provisioning.PromoteDisks",
"VirtualMachine.Provisioning.CreateTemplateFromVM",
"VirtualMachine.Provisioning.DeployTemplate",
"VirtualMachine.Provisioning.CloneTemplate",
"VirtualMachine.Provisioning.MarkAsTemplate",
"VirtualMachine.Provisioning.MarkAsVM",
"VirtualMachine.Provisioning.ReadCustSpecs",
"VirtualMachine.Provisioning.ModifyCustSpecs",
"VirtualMachine.Provisioning.DiskRandomAccess",
"VirtualMachine.Provisioning.DiskRandomRead",
"VirtualMachine.Provisioning.FileRandomAccess",
"VirtualMachine.Provisioning.GetVmFiles",
"VirtualMachine.Provisioning.PutVmFiles",
"VirtualMachine.Namespace.Management",
"VirtualMachine.Namespace.Query",
"VirtualMachine.Namespace.ModifyContent",
"VirtualMachine.Namespace.ReadContent",
"VirtualMachine.Namespace.Event",
"VirtualMachine.Namespace.EventNotify",
"Task.Create",
"Task.Update",
"Performance.ModifyIntervals",
"VApp.ResourceConfig",
"VApp.InstanceConfig",
"VApp.ApplicationConfig",
"VApp.ManagedByConfig",
"VApp.Export",
"VApp.Import",
"VApp.PullFromUrls",
"VApp.ExtractOvfEnvironment",
"VApp.AssignVM",
"VApp.AssignResourcePool",
"VApp.AssignVApp",
"VApp.Clone",
"VApp.Create",
"VApp.Delete",
"VApp.Unregister",
"VApp.Move",
"VApp.PowerOn",
"VApp.PowerOff",
"VApp.Suspend",
"VApp.Rename"
]
}
resource "vsphere_role" "nsx_avi_global" {
count = var.create_roles && var.configure_nsx_cloud.enabled ? 1 : 0
name = "AviRole- Global"
role_privileges = [
"ContentLibrary.AddLibraryItem",
"ContentLibrary.DeleteLibraryItem",
"ContentLibrary.UpdateLibraryItem",
"ContentLibrary.UpdateSession",
"Datastore.AllocateSpace",
"Datastore.DeleteFile",
"Network.Assign",
"Network.Delete",
"VApp.Import",
"VirtualMachine.Config.AddNewDisk"
]
}
resource "vsphere_role" "nsx_avi_folder" {
count = var.create_roles && var.configure_nsx_cloud.enabled ? 1 : 0
name = "AviRole-Folder"
role_privileges = [
"Folder.Create",
"Network.Delete",
"Network.Assign",
"Resource.AssignVMToPool",
"Task.Create",
"Task.Update",
"VApp.AssignVM",
"VApp.AssignResourcePool",
"VApp.AssignVApp",
"VApp.Create",
"VApp.Delete",
"VApp.Export",
"VApp.Import",
"VApp.PowerOff",
"VApp.PowerOn",
"VApp.ApplicationConfig",
"VApp.InstanceConfig",
"VirtualMachine.Config.AddExistingDisk",
"VirtualMachine.Config.AddNewDisk",
"VirtualMachine.Config.AddRemoveDevice",
"VirtualMachine.Config.AdvancedConfig",
"VirtualMachine.Config.CPUCount",
"VirtualMachine.Config.Memory",
"VirtualMachine.Config.Settings",
"VirtualMachine.Config.Resource",
"VirtualMachine.Config.MksControl",
"VirtualMachine.Config.DiskExtend",
"VirtualMachine.Config.EditDevice",
"VirtualMachine.Config.RemoveDisk",
"VirtualMachine.Inventory.Create",
"VirtualMachine.Inventory.Delete",
"VirtualMachine.Inventory.Register",
"VirtualMachine.Inventory.Unregister",
"VirtualMachine.Interact.DeviceConnection",
"VirtualMachine.Interact.ToolsInstall",
"VirtualMachine.Interact.PowerOff",
"VirtualMachine.Interact.PowerOn",
"VirtualMachine.Interact.Reset",
"VirtualMachine.Provisioning.DiskRandomAccess",
"VirtualMachine.Provisioning.FileRandomAccess",
"VirtualMachine.Provisioning.DiskRandomRead",
"VirtualMachine.Provisioning.DeployTemplate",
"VirtualMachine.Provisioning.MarkAsVM"
]
}