From eabd540910f1df9373850724632698a47f4359c6 Mon Sep 17 00:00:00 2001
From: Kiara Grouwstra <kiara@procolix.eu>
Date: Wed, 22 Oct 2025 13:01:25 +0200
Subject: [PATCH] restrict token roles

Signed-off-by: Kiara Grouwstra <kiara@procolix.eu>
---
 deployment/check/data-model-tf-proxmox/nixosTest.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/check/data-model-tf-proxmox/nixosTest.nix b/deployment/check/data-model-tf-proxmox/nixosTest.nix
index 6893c1fa..82057b4e 100644
--- a/deployment/check/data-model-tf-proxmox/nixosTest.nix
+++ b/deployment/check/data-model-tf-proxmox/nixosTest.nix
@@ -160,7 +160,7 @@ in
       pvesh create /pools --poolid Fediversity
       pvesh set /storage/local --content "vztmpl,rootdir,backup,snippets,import,iso,images" 1>/dev/null
       pvesh create /access/users/root@pam/token/mytoken --output-format json | jq -r .value
-      pvesh set /access/acl --path "/" --token "root@pam!mytoken" --roles "Administrator"
+      pvesh set /access/acl --path "/" --token "root@pam!mytoken" --roles "PVEVMAdmin PVEDatastoreAdmin PVESDNUser PVETemplateUser"
     """).strip()
 
     # skip indent for EOF