vmware · marcosdiez · Sep 2, 2025 · Sep 2, 2025 · Sep 3, 2025
diff --git a/plugins/modules/nsxt_fabric_compute_managers.py b/plugins/modules/nsxt_fabric_compute_managers.py
@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 # -*- coding: utf-8 -*-
 #
 # Copyright 2018 VMware, Inc.
@@ -99,6 +99,24 @@
                         this flag should be set as true. This is specific to TKGS. NSX-T 3.0 only"
         required: false
         type: bool
+    access_level_for_oidc:
+        description: "Specifies the access level for the OIDC provider
+                        Only makes sense if set_as_oidc_provider = true.
+
+                        Valid values are: LIMITED and FULL
+
+                        FULL means Full Access to NSX (required for vSphere for Kubernetes and vSphere Lifecycle Manager)
+
+                        LIMITED means Limited Access to NSX (required for vSphere Lifecycle Manager)"
+        required: false
+        type: str
+    create_service_account:
+        description: "Specifies whether service account is created or not on compute manager
+                    Enable this flag to create service account user on compute manager. This is
+                    required by features such as vSphere Lifecycle Manager for authentication with
+                    vAPIs from nsx."
+    required: false
+    type: bool
     state:
         choices:
             - present
@@ -108,7 +126,7 @@
                       'absent' is used to delete resource."
         required: true
 
-    
+
 '''
 
 EXAMPLES = '''
@@ -233,8 +251,16 @@ def check_for_update(module, manager_url, mgr_username, mgr_password, validate_c
         existing_compute_manager['credential']['thumbprint'] != compute_manager_with_ids['credential']['thumbprint'] or \
         existing_compute_manager['origin_type'] != compute_manager_with_ids['origin_type']:
         return True
-    if existing_compute_manager.__contains__('set_as_oidc_provider') and compute_manager_with_ids.__contains__('set_as_oidc_provider') and \
-        existing_compute_manager['set_as_oidc_provider'] != compute_manager_with_ids['set_as_oidc_provider']:
+
+    if existing_compute_manager.__contains__('set_as_oidc_provider') and compute_manager_with_ids.__contains__('set_as_oidc_provider'):
+        if existing_compute_manager['set_as_oidc_provider'] != compute_manager_with_ids['set_as_oidc_provider']:
+            return True
+        if existing_compute_manager.__contains__('access_level_for_oidc') and compute_manager_with_ids.__contains__('access_level_for_oidc'):
+            if existing_compute_manager['access_level_for_oidc'] != compute_manager_with_ids['access_level_for_oidc']:
+                return True
+
+    if existing_compute_manager.__contains__('create_service_account') and compute_manager_with_ids.__contains__('create_service_account') and \
+        existing_compute_manager['create_service_account'] != compute_manager_with_ids['create_service_account']:
         return True
     return False
 
@@ -253,6 +279,8 @@ def main():
                     description=dict(required=False, type='str'),
                     server=dict(required=True, type='str'),
                     set_as_oidc_provider=dict(required=False, type='bool'),
+                    access_level_for_oidc=dict(required=False, choices=['FULL', 'LIMITED']),
+                    create_service_account=dict(required=False, type='bool'),
                     state=dict(required=True, choices=['present', 'absent']))
 
   module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True)
@@ -325,4 +353,4 @@ def main():
 
 
 if __name__ == '__main__':
-    main()
+    main()
diff --git a/plugins/modules/nsxt_manager_auto_deployment.py b/plugins/modules/nsxt_manager_auto_deployment.py
@@ -62,7 +62,7 @@
                       'present' is used to create or update resource.
                       'absent' is used to delete resource."
         required: true
-    
+
 '''
 
 EXAMPLES = '''
@@ -82,13 +82,19 @@
           root_password: "Admin!23Admin"
         deployment_config:
           placement_type: VsphereClusterNodeVMDeploymentConfig
-          vc_id: "7503e86e-c502-46fc-8d91-45a06d314d88"
+          vc_name: "TheOnlyvCenter"
+          vc_username: "vcenter-username"
+          vc_password: "vcenter-password"
           management_network: "network-44"
           ignore_ssl_verification: True
           disk_provisioning: "LAZY_ZEROED_THICK"
           hostname: "manager-2"
           compute: "domain-c49"
           storage: "datastore-43"
+          enable_ssh: true
+          allow_ssh_root_login: true
+          search_domains:
+            contoso.com
           default_gateway_addresses:
           - 10.112.203.253
           management_port_subnets:
@@ -270,12 +276,12 @@ def inject_vcenter_info(module, manager_url, mgr_username, mgr_password, validat
       if deployment_config.__contains__('host'):
         host_id = deployment_request['deployment_config'].pop('host', None)
         deployment_request['deployment_config']['host_id'] = host_id
- 
+
       cluster_id = deployment_request['deployment_config'].pop('compute', None)
       storage_id = deployment_request['deployment_config'].pop('storage', None)
       management_network_id = deployment_request['deployment_config'].pop('management_network', None)
       deployment_request['deployment_config'].pop('ignore_ssl_verification', None)
- 
+
       deployment_request['deployment_config']['compute_id'] = cluster_id
       deployment_request['deployment_config']['storage_id'] = storage_id
       deployment_request['deployment_config']['management_network_id'] = management_network_id