NoPermission if the root folder has multiple datacenters but current vsphere credential can only access the datacenter we want

[Rocking80]

NoPermission reported if the root folder has multiple datacenters but current vsphere credential can only access the datacenter we want to create folder or virtual machines.

Terraform Version

Terraform v0.10.1

Affected Resource(s)

• terraform-provider-vsphere

Terraform Configuration Files

provider "vsphere" {
    user = "${var.vsphere_user}"
    password = "${var.vsphere_password}"
    vsphere_server = "${var.vsphere_server}"
    allow_unverified_ssl = true
    client_debug = true
}

# Create a folder
resource "vsphere_folder" "terraform" {
    datacenter = "DC_DEMO"
    path = "terraform"
}

Debug Output

https://gist.github.com/Rocking80/54d427e7ff090c489d96995e5b29afe1#file-nopermission-txt

Expected Behavior

The vsphere_folder resource should be created successfully.

Actual Behavior

The vsphere_folder resource was not created. And "NoPermission" reported on the console.

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

1. terraform apply

Fix

I have looked the code, and made following change, then the issue is fixed (test pass).
Because according to company rule, I am not able to create pull request here, so just create an issue here. Hope you guys can fix the issue. And please note other places which using finder.Datacenter will also fail in this vsphere configuration.

git diff vsphere/resource_vsphere_folder.go
diff --git a/vsphere/resource_vsphere_folder.go b/vsphere/resource_vsphere_folder.go
index 1a39eb9..b18fdc1 100644
--- a/vsphere/resource_vsphere_folder.go
+++ b/vsphere/resource_vsphere_folder.go
@@ -74,7 +74,7 @@ func createFolder(client *govmomi.Client, f *folder) error {

        finder := find.NewFinder(client.Client, true)

-       dc, err := finder.Datacenter(context.TODO(), f.datacenter)
+       dc, err := getDatacenter(client, f.datacenter)
        if err != nil {
                return fmt.Errorf("error %s", err)
        }

[vancluever]

Hey @Rocking80 - thank you for the report and the snippet of code that is the problem! We will look into fixing it ASAP.

[vancluever]

Hey @Rocking80 - I unfortunately can't reproduce this. Here are the steps I carried out:

• Create new DC
• Add a permission for "no access" to the DC for my user
• Try to run TF and create a folder in the DC I still have access to

This passes.

If it is not much trouble, would you please try your issue again with a custom built provider binary to see that resolves the issue for you? This can help us confirm that the issue will be fixed in the next release.

Thanks!

[Rocking80]

Hey @vancluever , I rebuild the binary from latest code and tested again, the good news is the issue doesn't occur any more. Thanks for tracking this.

[vancluever]

Glad to hear it fixes the issue @Rocking80! Keep an eye out for the new release tomorrow.