[PVE-User] Question about defining Proxmox ACLs with Ansible
Musee Ullah
lae at lae.is
Fri Oct 13 04:25:51 CEST 2017
Hi guys,
I have a quick question regarding people's preferences when defining
ACLs. Right now, I have a feature branch open to define them in the
following manner:
pve_acls:
- path: /
roles: [ "Administrator" ]
groups: [ "Admins" ]
- path: /pools/testpool
roles: [ "PVEAdmin" ]
users:
- pveapi at pve
groups:
- test_users
Since /access/acl (how you would add ACLs to Proxmox using the API)
accepts multiple values for roles, groups and users, I figured I'd
accept a list for all of them, but this feels a bit clunky to me. The
ACLs themselves are stored on a per-user/per-group/per-role basis
internally within Proxmox, too. Does anyone who might consider using
this Ansible role prefer to define ACLs differently from what I
currently have? e.g. instead of the above:
pve_acls:
- path: /
role: Administrator
group: Admins
- path: /pools/testpool
role: PVEAdmin
user: pveapi at pve
- path: /pools/testpool
role: PVEAdmin
group: test_users
I'd appreciate anyone's thoughts on this - I'm looking to release this
soon.
In case you want to check out the specifics, the PR is at https://githu
b.com/lae/ansible-role-proxmox/pull/21.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20171012/acf4ab4a/attachment.sig>
More information about the pve-user
mailing list