What vSphere permissions are required

armsby · August 19, 2024, 7:43pm

I am trying to create a non admin user who is allowed to create VMs it should be limited to a specific folder in a Data center, with specific data storage and vlans,

I can deploy the OVA from the vSphere client with this user but when I try using terraform I get an error like this

2024-08-19T17:20:54.686Z [INFO]  provider.terraform-provider-vsphere: 2024/08/19 17:20:54  [DEBUG] start deploying from ovf/ova Template: timestamp=2024-08-19T17:20:54.686Z
2024-08-19T17:20:54.692Z [ERROR] provider.terraform-provider-vsphere: Response contains error diagnostic: diagnostic_detail="" tf_rpc=ApplyResourceChange @caller=/home/runner/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto tf_provider_addr=provider tf_req_id=b6ef6f63-2a26-539e-f6ac-4c2529cc96f6 diagnostic_severity=ERROR diagnostic_summary="error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied." tf_proto_version=5.6 tf_resource_type=vsphere_virtual_machine timestamp=2024-08-19T17:20:54.691Z
2024-08-19T17:20:54.693Z [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-08-19T17:20:54.693Z [ERROR] vertex "module.create_vsphere_vm.vsphere_virtual_machine.worker_vm_per_host[\"2\"]" error: error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied.
2024-08-19T17:20:54.699Z [INFO]  provider.terraform-provider-vsphere: 2024/08/19 17:20:54  [DEBUG] start deploying from ovf/ova Template: timestamp=2024-08-19T17:20:54.699Z
2024-08-19T17:20:54.700Z [INFO]  provider.terraform-provider-vsphere: 2024/08/19 17:20:54  [DEBUG] start deploying from ovf/ova Template: timestamp=2024-08-19T17:20:54.700Z
2024-08-19T17:20:54.701Z [INFO]  provider.terraform-provider-vsphere: 2024/08/19 17:20:54  [DEBUG] start deploying from ovf/ova Template: timestamp=2024-08-19T17:20:54.701Z
2024-08-19T17:20:54.702Z [ERROR] provider.terraform-provider-vsphere: Response contains error diagnostic: tf_proto_version=5.6 tf_provider_addr=provider tf_req_id=92a17429-53ce-c7db-1768-3a97597bef00 tf_resource_type=vsphere_virtual_machine diagnostic_summary="error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied." @caller=/home/runner/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto diagnostic_severity=ERROR tf_rpc=ApplyResourceChange diagnostic_detail="" timestamp=2024-08-19T17:20:54.702Z
2024-08-19T17:20:54.703Z [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-08-19T17:20:54.703Z [ERROR] vertex "module.create_vsphere_vm.vsphere_virtual_machine.worker_vm_per_host[\"1\"]" error: error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied.
2024-08-19T17:20:54.703Z [ERROR] provider.terraform-provider-vsphere: Response contains error diagnostic: diagnostic_severity=ERROR diagnostic_summary="error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied." tf_proto_version=5.6 tf_rpc=ApplyResourceChange @caller=/home/runner/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/diag/diagnostics.go:58 tf_provider_addr=provider tf_resource_type=vsphere_virtual_machine tf_req_id=9b4714cc-1a4c-a514-194f-8c5d761ae32e @module=sdk.proto diagnostic_detail="" timestamp=2024-08-19T17:20:54.703Z
2024-08-19T17:20:54.704Z [ERROR] provider.terraform-provider-vsphere: Response contains error diagnostic: diagnostic_severity=ERROR diagnostic_detail="" tf_proto_version=5.6 tf_req_id=4c21bc7a-ca7f-ca2d-d8fc-ba56ad06a24f @caller=/home/runner/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto tf_rpc=ApplyResourceChange diagnostic_summary="error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied." tf_provider_addr=provider tf_resource_type=vsphere_virtual_machine timestamp=2024-08-19T17:20:54.704Z
2024-08-19T17:20:54.704Z [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-08-19T17:20:54.704Z [ERROR] vertex "module.create_vsphere_vm.vsphere_virtual_machine.controlplane_vm_per_host[\"1\"]" error: error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied.
2024-08-19T17:20:54.705Z [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-08-19T17:20:54.705Z [ERROR] vertex "module.create_vsphere_vm.vsphere_virtual_machine.controlplane_vm_per_host[\"2\"]" error: error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied.
2024-08-19T17:20:54.733Z [INFO]  provider.terraform-provider-vsphere: 2024/08/19 17:20:54  [DEBUG] start deploying from ovf/ova Template: timestamp=2024-08-19T17:20:54.733Z
2024-08-19T17:20:54.733Z [INFO]  provider.terraform-provider-vsphere: 2024/08/19 17:20:54  [DEBUG] start deploying from ovf/ova Template: timestamp=2024-08-19T17:20:54.733Z
2024-08-19T17:20:54.736Z [ERROR] provider.terraform-provider-vsphere: Response contains error diagnostic: diagnostic_summary="error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied." diagnostic_severity=ERROR tf_proto_version=5.6 tf_req_id=679bb9c8-2f11-c357-fbb3-0dc32a3ff697 tf_rpc=ApplyResourceChange tf_resource_type=vsphere_virtual_machine @caller=/home/runner/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto diagnostic_detail="" tf_provider_addr=provider timestamp=2024-08-19T17:20:54.736Z
2024-08-19T17:20:54.736Z [ERROR] provider.terraform-provider-vsphere: Response contains error diagnostic: diagnostic_detail="" diagnostic_summary="error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied." tf_provider_addr=provider tf_resource_type=vsphere_virtual_machine @caller=/home/runner/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto tf_proto_version=5.6 tf_req_id=f7bea89f-bfa9-b3a1-d514-dc5a6e022944 diagnostic_severity=ERROR tf_rpc=ApplyResourceChange timestamp=2024-08-19T17:20:54.736Z
2024-08-19T17:20:54.737Z [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-08-19T17:20:54.737Z [ERROR] vertex "module.create_vsphere_vm.vsphere_virtual_machine.worker_vm_per_host[\"0\"]" error: error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied.
2024-08-19T17:20:54.737Z [DEBUG] State storage *statemgr.Filesystem declined to persist a state snapshot
2024-08-19T17:20:54.737Z [ERROR] vertex "module.create_vsphere_vm.vsphere_virtual_machine.controlplane_vm_per_host[\"0\"]" error: error while importing ovf/ova template, ServerFaultCode: Permission to perform this operation was denied.

I have not been able to locate what permission im missing as deploying the same OVA from the web interfaces works,

Does anyone know what the minimum permissions I need to give the user?

Topic		Replies	Views
Error when apply terraform configuration Terraform Providers	0	634	December 2, 2021
vSphere Provider - Deploy vCloud Appliance from OVA Terraform Providers vsphere	2	1803	March 18, 2022
Terraform vsphere provider permissions required Terraform Providers	0	1585	February 8, 2023
Error cloning virtual machine VMware	2	434	September 9, 2024
Terraform vSphere - "datacenter\vm" is appeared twice in folder path, as a result the path is neither found nor created Terraform Providers vsphere	1	1132	March 10, 2023

What vSphere permissions are required

Related topics