[pdm-devel] [PATCH datacenter-manager] server: remotes: add acls to PBS API token on token creation
Thomas Lamprecht
t.lamprecht at proxmox.com
Fri Sep 26 11:56:19 CEST 2025
Am 26.09.25 um 08:33 schrieb Christian Ebner:
> PBS requires the token to have a role for a given ACL path to allow
> access to the corresponding sub-resource. In order to provide the
> token created by the remote add wizard the necessary permissions,
> adapt the client code so it also performs the additional API calls.
>
> Adapt the internal API such that there is additional type checking
> instead of using plain strings and extend it such that multiple acls
> can be set if required, to be future prove.
As discussed off list, this was replaced by a similar implementation
I had already prepared locally [0], it differs mostly in:
- setting the admin role to /, not just a audit role, which is not
that useful for the PDM, that way it's also closer to what PVE
does through disabling privilege separation completely (not available
for PBS).
- use an actual type not a serde json Value assembled on the fly.
Thanks nonetheless, this was also helpful to me to cross-check.
[0]; https://git.proxmox.com/?p=proxmox-datacenter-manager.git;a=commitdiff;h=4369771b00173048666c269749c0a61faff83352
More information about the pdm-devel
mailing list