Skip to content

Resource: proxmox_acl

Manages ACLs on the Proxmox cluster.

ACLs are used to control access to resources in the Proxmox cluster. Each ACL consists of a path, a user, group or token, a role, and a flag to allow propagation of permissions.

Example Usage

resource "proxmox_virtual_environment_user" "operations_automation" {
  comment  = "Managed by Terraform"
  password = "a-strong-password"
  user_id  = "operations-automation@pve"
}

resource "proxmox_virtual_environment_role" "operations_monitoring" {
  role_id = "operations-monitoring"

  privileges = [
    "VM.GuestAgent.Audit",
  ]
}

resource "proxmox_acl" "operations_automation_monitoring" {
  user_id = proxmox_virtual_environment_user.operations_automation.user_id
  role_id = proxmox_virtual_environment_role.operations_monitoring.role_id

  path      = "/vms/1234"
  propagate = true
}

Schema

Required

  • path (String) Access control path
  • role_id (String) The role to apply

Optional

  • group_id (String) The group the ACL should apply to (mutually exclusive with token_id and user_id)
  • propagate (Boolean) Allow to propagate (inherit) permissions.
  • token_id (String) The token the ACL should apply to (mutually exclusive with group_id and user_id)
  • user_id (String) The user the ACL should apply to (mutually exclusive with group_id and token_id)

Read-Only

  • id (String) The unique identifier of this resource.

Import

Import is supported using the following syntax:

#!/usr/bin/env sh
# ACL can be imported using its unique identifier, e.g.: {path}?{group|user@realm|user@realm!token}?{role}
terraform import proxmox_acl.operations_automation_monitoring /?monitor@pve?operations-monitoring