API Permission - root only?

K

ksl28

Member
Aug 31, 2023
39
5
13
Hey,

Just installed version 1.0 of PDM, and I'm still happy with the ease of use and speed of the product :)

However, I wanted to test the API and ran into a permission issue with API tokens.

I have created an API token (root@pam!api-scraper) with Administrator role on path / with propagation enabled, but the `/pve/remotes` endpoint returns "permission check failed":
Code: 
$headers = @{
    'Authorization' = 'PDMAPIToken=root@pam!api-scraper:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
}

# This FAILS with "permission check failed"
Invoke-RestMethod -Uri "https://$pdmHost/api2/json/pve/remotes" -Headers $headers -SkipCertificateCheck -SkipHeaderValidation

# These WORK fine
Invoke-RestMethod -Uri "https://$pdmHost/api2/json/pve/remotes/$remote/qemu" -Headers $headers -SkipCertificateCheck -SkipHeaderValidation
Invoke-RestMethod -Uri "https://$pdmHost/api2/json/pve/remotes/$remote/qemu/123/config?state=active" -Headers $headers -SkipCertificateCheck -SkipHeaderValidation

Looking at the API viewer, `/pve/remotes` shows "Root only" as the required permission, while `/pve/remotes/{remote}/*` shows "Accessible by all authenticated users".
API Documentation

Is this intentional? Is there a way to grant API tokens access to list all remotes, or is this endpoint restricted to root@pam with password only?

For automation purposes, it would be great if API tokens could access this endpoint as well.

Thanks!
 
You must log in or register to reply here.
Top Bottom