[PVE-User] Question about defining Proxmox ACLs with Ansible

Musee Ullah lae at lae.is
Fri Oct 13 04:25:51 CEST 2017


Hi guys,

I have a quick question regarding people's preferences when defining
ACLs. Right now, I have a feature branch open to define them in the
following manner:

pve_acls:
  - path: /
    roles: [ "Administrator" ]
    groups: [ "Admins" ]
  - path: /pools/testpool
    roles: [ "PVEAdmin" ]
    users:
      - pveapi at pve
    groups:
      - test_users

Since /access/acl (how you would add ACLs to Proxmox using the API)
accepts multiple values for roles, groups and users, I figured I'd
accept a list for all of them, but this feels a bit clunky to me. The
ACLs themselves are stored on a per-user/per-group/per-role basis
internally within Proxmox, too. Does anyone who might consider using
this Ansible role prefer to define ACLs differently from what I
currently have? e.g. instead of the above:

pve_acls:
  - path: /
    role: Administrator
    group: Admins
  - path: /pools/testpool
    role: PVEAdmin
    user: pveapi at pve
  - path: /pools/testpool
    role: PVEAdmin
    group: test_users

I'd appreciate anyone's thoughts on this - I'm looking to release this
soon.

In case you want to check out the specifics, the PR is at https://githu
b.com/lae/ansible-role-proxmox/pull/21.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20171012/acf4ab4a/attachment.sig>


More information about the pve-user mailing list