使用Terraform vSphere提供程序在VCenter上分配全局权限

Question

我试图弄清楚如何在Terraform和vSphere Provider中的vCenter中分配全局权限。

到目前为止，我有：

//== VSphere ==//
provider "vsphere" {
  user           = var.vsphere_username
  password       = var.vsphere_password
  vsphere_server = var.vsphere_server

  # If you have a self-signed cert
  allow_unverified_ssl = true
}

//== Example Role ==//
resource vsphere_role "example" {
  name = "Example Read"
  role_privileges = [
    "Datastore.Browse", 
    "Global.GlobalTag", 
    "Performance.ModifyIntervals"
  ]
}

//Taking syntax from terrafrom docs:
resource "vsphere_entity_permissions" p1 {

  # Is there a way to say "root/global" permission here?
  entity_id = data.vsphere_virtual_machine.vm1.id
  entity_type = "VirtualMachine"

  permissions {
    user_or_group = "mydomain\\my-group"
    propagate = true
    is_group = true
    role_id = vsphere_role.example.id
  }
}

目前有没有办法做到这一点？ 谢谢！

Answer 1

不，今天不可用。

全局权限通常由单独的基于SSO的API服务和SDK（与vSphere Web Services API中的标准，单一vCenter权限API服务）分开管理。不幸的是，Terraform和vSphere提供程序无法在幕后使用该单独的SDK。