[GH-ISSUE #180] Setting ACL with UpdateACL couldn't work #44

New issue

Closed

opened 2026-03-03 15:29:51 +03:00 by kerem · 1 comment

kerem commented 2026-03-03 15:29:51 +03:00

Owner

Copy link

Originally created by @ybizeul on GitHub (Nov 24, 2024).
Original GitHub issue: https://github.com/luthermonson/go-proxmox/issues/180

I was trying to use func (c *Client) UpdateACL(ctx context.Context, acl ACL) error to add ACLs to a Pool.

Something like :

	var acl pmx.ACL

	acl = pmx.ACL{
		RoleID:    "PVEPoolAdmin",
		UGID:      fmt.Sprintf("%s@domain.com", pool),
		Propagate: true,
		Path:      fmt.Sprintf("/pool/%s", pool),
		Type:      "user",
	}

	s, err := json.Marshal(acl)
	slog.Info(string(s))

	err = p.client.UpdateACL(context.Background(), acl)
	if err != nil {
		slog.Error("Error updating acl", slog.String("acl", fmt.Sprintf("%+v", acl)), slog.String("error", err.Error()))
	}

It seems that can't be used, and is being sent as-is to /access/acl, without proper lowercase on map keys (see missing key in tags at github.com/luthermonson/go-proxmox@5617b30530/types.go (L1266)), and it wouldn't work any ways because the proper way to update ACLs would be :

I ended up doing this, which works fine :

	acl := struct {
		Path      string `json:"path"`
		Roles     string `json:"roles"`
		Users     string `json:"users"`
		Propagate bool   `json:"propagate"`
	}{
		Path:      fmt.Sprintf("/pool/%s", pool),
		Roles:     "PVEVMAdmin,PVEPoolAdmin",
		Users:     fmt.Sprintf("%s@domain.com", pool),
		Propagate: true,
	}

	err = p.client.Put(context.Background(), "/access/acl", acl, nil)
	if err != nil {
		slog.Error("Error updating ACL", slog.String("acl", fmt.Sprintf("%+v", acl)), slog.String("error", err.Error()))
	}

Maybe I'm doing something wrong, using a wrong API version somehow ?

Originally created by @ybizeul on GitHub (Nov 24, 2024). Original GitHub issue: https://github.com/luthermonson/go-proxmox/issues/180 I was trying to use `func (c *Client) UpdateACL(ctx context.Context, acl ACL) error` to add ACLs to a Pool. Something like : ``` var acl pmx.ACL acl = pmx.ACL{ RoleID: "PVEPoolAdmin", UGID: fmt.Sprintf("%s@domain.com", pool), Propagate: true, Path: fmt.Sprintf("/pool/%s", pool), Type: "user", } s, err := json.Marshal(acl) slog.Info(string(s)) err = p.client.UpdateACL(context.Background(), acl) if err != nil { slog.Error("Error updating acl", slog.String("acl", fmt.Sprintf("%+v", acl)), slog.String("error", err.Error())) } ``` It seems that can't be used, and is being sent as-is to `/access/acl`, without proper lowercase on map keys (see missing key in tags at https://github.com/luthermonson/go-proxmox/blob/5617b3053067e6079e38ade88c042187a245ae75/types.go#L1266), and it wouldn't work any ways because the proper way to update ACLs would be :  I ended up doing this, which works fine : ``` acl := struct { Path string `json:"path"` Roles string `json:"roles"` Users string `json:"users"` Propagate bool `json:"propagate"` }{ Path: fmt.Sprintf("/pool/%s", pool), Roles: "PVEVMAdmin,PVEPoolAdmin", Users: fmt.Sprintf("%s@domain.com", pool), Propagate: true, } err = p.client.Put(context.Background(), "/access/acl", acl, nil) if err != nil { slog.Error("Error updating ACL", slog.String("acl", fmt.Sprintf("%+v", acl)), slog.String("error", err.Error())) } ``` Maybe I'm doing something wrong, using a wrong API version somehow ?

kerem closed this issue 2026-03-03 15:29:51 +03:00

kerem commented 2026-03-03 15:29:52 +03:00

Author

Owner

Copy link

@linuxdaemon commented on GitHub (Jul 14, 2025):

Looks like there's 2 problems here, the ACLOptions type seems to be what should be sent for UpdateACL, and both the ACLOptions and ACL structs are missing the json field name overrides in the json tag.

I just ran into this issue as well

<!-- gh-comment-id:3070852889 --> @linuxdaemon commented on GitHub (Jul 14, 2025): Looks like there's 2 problems here, the ACLOptions type seems to be what should be sent for UpdateACL, and both the ACLOptions and ACL structs are missing the json field name overrides in the `json` tag. I just ran into this issue as well

kerem referenced this issue 2026-03-03 15:30:11 +03:00

[PR #44] [MERGED] split integration out into their own dir to allow for unit testing #97

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

fix-storage

more-coverage

group-tests

codecov

v0.4.1

v0.4.0

v0.3.2

v0.3.1

v0.3.0

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.1

v0.1.0

v0.0.0-beta6

v0.0.0-beta5

v0.0.0-beta4

v0.0.0-beta3

v0.0.0-beta2

v0.0.0-beta1

v0.0.0-alpha10

v0.0.0-alpha9

v0.0.0-alpha8

v0.0.0-alpha7

v0.0.0-alpha6

v0.0.0-alpha5

v0.0.0-alpha4

v0.0.0-alpha3

v0.0.0-alpha2

v0.0.0-alpha1

tests

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/go-proxmox#44

No description provided.