Hello!
I'm looking for neat way, to allow given user/token to perform only one particular action: to shutdown a node and shutdown/start a VM.
The only way I came up with, it using SSH and adding a command-specific SSH key to the
Unfortunately, that means, that the client needs to have SSH capabilities, which complicates things - I'm looking for a way to do this over REST API. Is there a way?
edit: huh, I just noticed the
I'm looking for neat way, to allow given user/token to perform only one particular action: to shutdown a node and shutdown/start a VM.
The only way I came up with, it using SSH and adding a command-specific SSH key to the
/root/.ssh/authorized_keys, something like command="shutdown" ssh-ed25519 UNIQUE_SSH_KEY (+2 others for VM startup/shutdown). Then I could give only those specific SSH key to the client.Unfortunately, that means, that the client needs to have SSH capabilities, which complicates things - I'm looking for a way to do this over REST API. Is there a way?
edit: huh, I just noticed the
Sys.PowerMgmt role in man pveum. Case closed
Last edited: