oracle/oci-ansible-modules

Generating inventory throws : TypeError: 'NoneType' object is not iterable

psaddi opened this issue · 2 comments

psaddi commented

I have the following policies setup for a group 'G', which contains all users that will running a utility that will get all inventories from tenancy

Allow group G to inspect compartments in tenancy
Allow group G to inspect all-resources in tenancy

Somehow that doesn't seem to be enough. I am forced to also add

Allow group G to read instances-family in compartment C1
Allow group G to read instances-family in compartment C1

Again, if I change the above policies to

Allow group G to inspect instances-family in compartment C1
Allow group G to inspect instances-family in compartment C1

Anytime it builds the inv for a compute in a compartment where I don't have read verb it breaks with this trace. So should we change the documentation official policy to COMPARTMENT_READ instead of COMPARTMENT_INSPECT

Traceback (most recent call last):
File "./custom_oci_inventory.py", line 408, in init
self.build_inventory()
File "./custom_oci_inventory.py", line 1222, in build_inventory
pool.map(
File "/usr/lib/python3.8/multiprocessing/pool.py", line 364, in map
return self._map_async(func, iterable, mapstar, chunksize).get()
File "/usr/lib/python3.8/multiprocessing/pool.py", line 771, in get
raise self._value
File "/usr/lib/python3.8/multiprocessing/pool.py", line 125, in worker
result = (True, func(*args, **kwds))
File "/usr/lib/python3.8/multiprocessing/pool.py", line 48, in mapstar
return list(map(*args))
File "./custom_oci_inventory.py", line 1045, in build_inventory_for_instance
for key in instance.metadata:
TypeError: 'NoneType' object is not iterable

manojmeda commented

@psaddi From the documentation

You must have COMPARTMENT_INSPECT
permission on the root compartment for this script to be able to get all the compartments. But when compartment_ocid
is specified, the inventory is generated only for the specific compartment and you need COMPARTMENT_INSPECT permission
only on the compartment specified.

So this permission is only needed so that the script can fetch the compartment(s) details. And yes apart from this you need read permission on instances on the requested compartments so that we can fetch the instance details.

NOTE: This inventory script and the modules are deprecated in favour of new oci ansible collection (https://github.com/oracle/oci-ansible-collection). We will not be making any changes to this repo at this time. I would suggest you to use the new collection. You can check https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/ansiblegetstarted.htm on how to get started with the new collection. We will update the documentation of the plugin (https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/ansibleinventoryintro.htm) in the new collection to make it clear.

bsushant-athena commented

We have updated the documentation in the v.2.16.0 release.