[SOLVED] /cluster/resources restrictions

[g0ha]

Hi! Noted something strange: accoding to description: Required permission: Accessible by all authenticated users.
But then not privileged user reads this, it gets

[{'type': 'node', 'status': 'online', 'id': 'node/pve2', 'level': '', 'node': 'pve2'}]

while admin gets normal output like this:

[{'level': '', 'maxdisk': 1156651548672, 'id': 'node/pve2', 'status': 'online', 'maxmem': 67537231872, 'node': 'pve2', 'mem': 50636570624, 'disk': 952084463616, 'cpu': 0.128563482956082, 'type': 'node', 'maxcpu': 16, 'uptime': 5277733}]

If this some buggy, please fix description of method of permission, or permission itself. Or, please, tell the correct permission schema for this method.

 

[t.lamprecht]

Hi.

It is accessible by all users, but one will naturally only get resources returned for which the credentials used have at least audit privileges.

If this some buggy, please fix description of method of permission, or permission itself. Or, please, tell the correct permission schema for this method.

The description is correct, though, the API call is accessible by all users - no user will get an authentication/permission error.

What is your actual problem?

 

[g0ha]

Thanks for answer, i want to get maxmem, mem, disk and cpu counters from under unpriveleged user, what permissions i shoud give to user?

 

[t.lamprecht]

Thanks for answer, i want to get maxmem, mem, disk and cpu counters from under unpriveleged user, what permissions i shoud give to user?

For what resources you want them to be able to get this? As said, for every resource they need to have the Audit permission for that one.

If that user needs to see the maxmem, etc. for a VM, then they need to get permissions on /vms/VMID (replace VMID with the actual one) with a role that provides the VM.Audit privilege.

If they should get it for a node then the permission path is /node/NODENAME and the privilege is Sys.Audit

And so on.

 

[g0ha]

Thanks, question closed