Symptoms:
When assigning a new role to a User or Group in the NSX Manager, it fails with error: Invalid Parameter(s) referencing a NSX-T Logical Switch.
NSX Manager logs:
2019-03-25 16:36:50.313 GMT WARN http-nio-127.0.0.1-7441-exec-7 RemoteInvocationTraceInterceptor:88 - Processing of VsmHttpInvokerServiceExporter remote call resulted in fatal exception: com.vmware.vshield.vsm.usermgmt.facade.UserMgmtFacade.addUserRole InvalidParameterException: core-services:408:Invalid Parameter(s) - network-o2364.
at com.vmware.vshield.vsm.usermgmt.utils.UserMgmtUtils.validateResource(UserMgmtUtils.java:266)
at com.vmware.vshield.vsm.usermgmt.utils.UserMgmtUtils.validateRole(UserMgmtUtils.java:237)
at com.vmware.vshield.vsm.usermgmt.service.UserMgmtServiceImpl.addRoleToVcUserOrGroup(UserMgmtServiceImpl.java:324)
at com.vmware.vshield.vsm.usermgmt.service.UserMgmtServiceImpl.addVcUserRole_aroundBody24(UserMgmtServiceImpl.java:316)
at com.vmware.vshield.vsm.usermgmt.service.UserMgmtServiceImpl$AjcClosure25.run(UserMgmtServiceImpl.java:1)
at org.aspectj.runtime.reflect.JoinPointImpl.proceed(JoinPointImpl.java:149)
at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.secureCheck(VsmSecuredAspect.java:134)
at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.ajc$inlineAccessMethod$com_vmware_vshield_vsm_aspects_security_VsmSecuredAspect$com_vmware_vshield_vsm_aspects_security_VsmSecuredAspect$secureCheck(VsmSecuredAspect.java:1)
at com.vmware.vshield.vsm.aspects.security.VsmSecuredAspect.secure(VsmSecuredAspect.java:66)
at com.vmware.vshield.vsm.usermgmt.service.UserMgmtServiceImpl.addVcUserRole_aroundBody26(UserMgmtServiceImpl.java:315)
at com.vmware.vshield.vsm.usermgmt.service.UserMgmtServiceImpl$AjcClosure27.run(UserMgmtServiceImpl.java:1)
at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96cproceed(AbstractTransactionAspect.aj:66)
at org.springframework.transaction.aspectj.AbstractTransactionAspect$AbstractTransactionAspect$1.proceedWithInvocation(AbstractTransactionAspect.aj:72)
at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:282)
at org.springframework.transaction.aspectj.AbstractTransactionAspect.ajc$around$org_springframework_transaction_aspectj_AbstractTransactionAspect$1$2a73e96c(AbstractTransactionAspect.aj:70)
This issue only affects the following roles:
- Security Engineers
- Security Administrator
- Auditor