vmware_object_role_permission: Parameter object_name also accepts paths

changelogs/fragments/2315-vmware_object_role_permission-path-as-object_name.yml

@@ -0,0 +1,2 @@
+minor_changes:
+  - vmware_object_role_permission - Allow passing a path as object_name to identify objects where the name is not unique

plugins/modules/vmware_object_role_permission.py

@@ -44,6 +44,8 @@
   object_name:
     description:
     - The object name to assigned permission.
+    - You can also pass the full path to the object if the name is not unique
+    - A path must include the root-folder for the object-type, see example
     type: str
     required: true
   object_type:
@@ -129,6 +131,18 @@
     object_name: services
     state: present
   delegate_to: localhost
+
+- name: Assign domain user to VM folder /Test-VMs/Webserver
+  community.vmware.vmware_object_role_permission:
+    hostname: "{{ vcenter_hostname }}"
+    username: "{{ vcenter_username }}"
+    password: "{{ vcenter_password }}"
+    validate_certs: false
+    role: Admin
+    principal: "vsphere.local\\Test-Webserver-Admin"
+    object_name: /vm/Test-VMs/Webserver
+    state: present
+  delegate_to: localhost
 '''
 
 RETURN = r'''
@@ -145,8 +159,10 @@
 
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils._text import to_native
-from ansible_collections.community.vmware.plugins.module_utils.vmware import PyVmomi, find_obj
+
+from ansible_collections.community.vmware.plugins.module_utils.vmware import PyVmomi, find_obj, compile_folder_path_for_object
 from ansible_collections.community.vmware.plugins.module_utils._argument_spec import base_argument_spec
+import os.path
 
 
 class VMwareObjectRolePermission(PyVmomi):
@@ -285,9 +301,19 @@ def get_object(self):
             getattr(vim, self.params['object_type'])
         except AttributeError:
             self.module.fail_json(msg="Object type %s is not valid." % self.params['object_type'])
-        self.current_obj = find_obj(content=self.content,
-                                    vimtype=[getattr(vim, self.params['object_type'])],
-                                    name=self.params['object_name'])
+
+        if self.params['object_name'].startswith('/'):
+            object_path_elements = os.path.split(self.params['object_name'])
+            all_objects_with_name = find_obj(content=self.content,
+                                             vimtype=[getattr(vim, self.params['object_type'])],
+                                             name=object_path_elements[1],
+                                             first=False)
+            found_obj = [obj for obj in all_objects_with_name if self.params['object_name'] == compile_folder_path_for_object(obj)]
+            self.current_obj = found_obj[0] if found_obj else None
+        else:
+            self.current_obj = find_obj(content=self.content,
+                                        vimtype=[getattr(vim, self.params['object_type'])],
+                                        name=self.params['object_name'])
 
         if self.current_obj is None:
             self.module.fail_json(

tests/integration/targets/vmware_object_role_permission/tasks/vmware_object_role_permission_tests.yml

@@ -233,6 +233,93 @@
         that:
           - unassing_user_vm_idempotency_result.changed is sameas false
 
+    # Here start to VM with path test
+    - name: Assign user to VM in subfolder with check_mode
+      vmware_object_role_permission:
+        role: Admin
+        principal: "{{ principal }}"
+        object_name: "/vm/{{ f0 }}/{{ virtual_machines.0 }}"
+        object_type: VirtualMachine
+        state: present
+      check_mode: true
+      register: assing_user_vm_check_mode_result
+
+    - name: Make sure if changed occurs
+      assert:
+        that:
+          - assing_user_vm_check_mode_result.changed is sameas true
+
+    - name: Assign user to VM in subfolder
+      vmware_object_role_permission:
+        role: Admin
+        principal: "{{ principal }}"
+        object_name: "/vm/{{ f0 }}/{{ virtual_machines.0 }}"
+        object_type: VirtualMachine
+        state: present
+      register: assing_user_vm_result
+
+    - name: Make sure if a user assigned to an object
+      assert:
+        that:
+          - assing_user_vm_result.changed is sameas true
+
+    - name: Assign user to VM in subfolder (idempotency check)
+      vmware_object_role_permission:
+        role: Admin
+        principal: "{{ principal }}"
+        object_name: "/vm/{{ f0 }}/{{ virtual_machines.0 }}"
+        object_type: VirtualMachine
+        state: present
+      register: assing_user_vm_idempotency_result
+
+    - name: Make sure if a user assigned of an object doesn't change
+      assert:
+        that:
+          - assing_user_vm_idempotency_result.changed is sameas false
+
+    - name: Unassign user from VM in subfolder with check_mode
+      vmware_object_role_permission:
+        role: Admin
+        principal: "{{ principal }}"
+        object_name: "/vm/{{ f0 }}/{{ virtual_machines.0 }}"
+        object_type: VirtualMachine
+        state: absent
+      check_mode: true
+      register: unassing_user_vm_check_mode_result
+
+    - name: Make sure if changed occurs
+      assert:
+        that:
+          - unassing_user_vm_check_mode_result.changed is sameas true
+
+    - name: Unassign user from VM in subfolder
+      vmware_object_role_permission:
+        role: Admin
+        principal: "{{ principal }}"
+        object_name: "/vm/{{ f0 }}/{{ virtual_machines.0 }}"
+        object_type: VirtualMachine
+        state: absent
+      register: unassing_user_vm_result
+
+    - name: Make sure if unassing a user from an object
+      assert:
+        that:
+          - unassing_user_vm_result.changed is sameas true
+
+    - name: Unassign user from VM in subfolder (idempotency check)
+      vmware_object_role_permission:
+        role: Admin
+        principal: "{{ principal }}"
+        object_name: "/vm/{{ f0 }}/{{ virtual_machines.0 }}"
+        object_type: VirtualMachine
+        state: absent
+      register: unassing_user_vm_idempotency_result
+
+    - name: Make sure if unassing a user from an object doesn't change
+      assert:
+        that:
+          - unassing_user_vm_idempotency_result.changed is sameas false
+
     # Here start to Datacenter test
     - name: Assign user to Datacenter with check_mode
       vmware_object_role_permission: