Giter VIP home page Giter VIP logo

Comments (2)

Luquor avatar Luquor commented on August 9, 2024

I have done further researches and tests:

  • If I am creating this resource file by using the username and the password of the said user, it works fine
  • If the resource file is created on another datastore (such as the default one called local) it doesn't work and give the same exact error but with the permission being about the said datastore (Reason: Permission check failed (/storage/local, Datastore.Audit|Datastore.AllocateSpace))

So this issue is not related to CephFS at all; it is more about API tokens' permissions. I created a custom role with all the permissions enabled for the user, so the permissions errors on Datastore.Audit/AllocateSpace is odd.

EDIT: I recreated my user but using CLI this time instead of creating it using Terraform, and there is no error, the instanciation of the resource file is working great. I give the following code block, maybe there are some error in the way I created my user

resource "proxmox_virtual_environment_user" "user" {
	user_id = "terraform@pve"
	password = "incrediblepassword"
	comment = "User managed by Terraform used to create token"	
	acl {
		path = "/"
		propagate = true
		role_id = "Administrator"
	}
}

resource "proxmox_virtual_environment_user_token" "token" {
	token_name = "terratoken"	
	user_id = proxmox_virtual_environment_user.user.user_id
}

output "token_value" {
	value = proxmox_virtual_environment_user_token.token.value
	sensitive =  true
}

EDIT²: I have try to create the user using the provider (same hcl code as before), but instead of creating the token with the provider, I created by hand. With that way it is working, so there might be something to dig down here.

from terraform-provider-proxmox.

Luquor avatar Luquor commented on August 9, 2024

Ok I found the issue. When I created the user, I did not set the privileges_separations. So by default the API token had restricted privileges.
Doesn't it makes more sense to implement this feature the other way around? Just like the behavior of Proxmox, where the privileges separation are false/deactivated by default.

from terraform-provider-proxmox.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.