SDN VNet permissions. Invalid ACL path

[Malte513]

Hello everyone.

I'm trying to restrict permissions to certain VNets. In the Proxmox API Viewer the ACL paths are listed as /sdn/vnets and /sdn/vnets/{vnet}, but if I try to set these permissions I always get the error 400 Parameter verification failed. path: invalid ACL path '/sdn/vnets'.
I'm using proxmox 8.0.4.

Is this a bug or am I doing something wrong. If this is a bug, is there some workaround?

 

[fabian]

thanks, and no, this is a bug that's already fixed in git but still needs to be released in package form it seems.

 

[Malte513]

Thank you.

 

[fabian]

will be fixed in libpve-network-perl 0.8.2, which should hit the public repos in a few days!

edit: already on pvetest

 

[Malte513]

I updated and restarted all nodes . They now all run libpve-network-perl 0.8.2, but unfortunately I still get the same error message.

Do I need to do something else?

 

[fabian]

yes, the ACL paths are different now:

https://git.proxmox.com/?p=pve-network.git;a=commitdiff;h=d7c1620043a8ed3492bb085c33974a5e3466e0cc
https://pve.proxmox.com/wiki/Roadmap#Proxmox_VE_8.0

• SDN.Use is required on a bridge/vnet (or its zone) in order to configure it in a guest vNIC.
  • use /sdn/zones/localnetwork or /sdn/zones/localnetwork/<bridge> to allow usage of all or specific local bridges.
  • use /sdn/zones/<zone> or /sdn/zones/<zone>/<bridge> to allow usage of all or specific vnets in a given SDN zone.

 

[Malte513]

Thank you it works now.
But another Bug I found is in the ipam permission. It's the same as above for /sdn/ipams.
I now use a workaround via propagating it via the /sdn path and just blocking the access for everything else explicitly.

 

[fabian]

thanks for the report! I'll fix those up as well (there's a few more missing)..

 

[fabian]

https://lists.proxmox.com/pipermail/pve-devel/2023-November/059861.html