Question: What is the JSON syntax using API to add a group to filesystem acl?
Step 1
Show the current ACL of WinShare1
PS C:\Users\david> $AclProperties = @{
path = $datasetMntPath
simplified = $true
resolve_ids = $false
}
$AclPropertiesJson = $AclProperties | ConvertTo-Json
$AclPropertiesJson
$AclPropertiesResponse = Invoke-TrueNASAPI -method Post -url "filesystem/getacl" -body $AclPropertiesJson
$AclPropertiesResponse
$AclPropertiesResponse.acl | Format-Table -AutoSize
{
"simplified": true,
"path": "/mnt/testzpool1/WinShare1",
"resolve_ids": false
}
acl : {@{tag=owner@; id=-1; perms=; flags=; type=ALLOW}, @{tag=group@; id=-1; perms=; flags=; type=ALLOW}, @{tag=GROUP; id=545; perms=; flags=; type=ALLOW}, @{tag=GROUP; id=544; perms=; flags=; type=ALLOW}}
trivial : False
uid : 0
gid : 0
path : /mnt/testzpool1/WinShare1
nfs41_flags : @{protected=False; defaulted=False; autoinherit=False}
acltype : NFS4
tag id perms flags type
--- -- ----- ----- ----
owner@ -1 @{BASIC=FULL_CONTROL} @{BASIC=INHERIT} ALLOW
group@ -1 @{BASIC=MODIFY} @{BASIC=INHERIT} ALLOW
GROUP 545 @{BASIC=MODIFY} @{BASIC=INHERIT} ALLOW
GROUP 544 @{BASIC=FULL_CONTROL} @{BASIC=INHERIT} ALLOW
Step 2
manaully removed the two built-in groups (545 and 555)
and add group 3000
results
PS C:\Users\david> $AclProperties = @{
path = $datasetMntPath
simplified = $true
resolve_ids = $false
}
$AclPropertiesJson = $AclProperties | ConvertTo-Json
$AclPropertiesJson
$AclPropertiesResponse = Invoke-TrueNASAPI -method Post -url "filesystem/getacl" -body $AclPropertiesJson
$AclPropertiesResponse
$AclPropertiesResponse.acl | Format-Table -AutoSize
{
"simplified": true,
"path": "/mnt/testzpool1/WinShare1",
"resolve_ids": false
}
acl : {@{tag=owner@; id=-1; perms=; flags=; type=ALLOW}, @{tag=group@; id=-1; perms=; flags=; type=ALLOW}, @{tag=GROUP; id=3000; perms=; flags=; type=ALLOW}}
trivial : False
uid : 0
gid : 0
path : /mnt/testzpool1/WinShare1
nfs41_flags : @{protected=False; defaulted=False; autoinherit=False}
acltype : NFS4
tag id perms flags type
--- -- ----- ----- ----
owner@ -1 @{BASIC=FULL_CONTROL} @{BASIC=INHERIT} ALLOW
group@ -1 @{BASIC=MODIFY} @{BASIC=INHERIT} ALLOW
GROUP 3000 @{BASIC=FULL_CONTROL} @{BASIC=INHERIT} ALLOW
Step 3
manually remove group 3000
(skipping output)
Step 4
add group 3000 using the api (failed)
error
error : [EINVAL] filesystem_acl.dacl: Result does not match specified schema: [EINVAL] nfs4_acl: Not a list
[EINVAL] posix1e_acl: Not a list
PS C:\Users\david> $AclPayload =@{
"path" = "/mnt/testzpool1/WinShare1"
"uid" = $null
"gid" = $null
"dacl" = @{
"nfs4_acl" = @(
@{
"type" = "ALLOW"
"flags" = "FULL_CONTROL"
"who" = "GROUP@3000"
}
)
"posix1e_acl" = @() # Ensure posix1e_acl is an empty list
}
"acltype" = "NFS4"
}
$AclPayloadJson = $AclPayload | ConvertTo-Json -Depth 100
$AclPayloadJson
$AclSetResponseID = Invoke-TrueNASAPI -method Post -url "filesystem/setacl" -body $AclPayloadJson
$AclSetResponseID
$joburl = "core/get_jobs/?id=" + $AclSetResponseID
Invoke-TrueNASAPI -method Get -url $jobUrl
{
"dacl": {
"posix1e_acl": [
],
"nfs4_acl": [
{
"flags": "FULL_CONTROL",
"who": "GROUP@3000",
"type": "ALLOW"
}
]
},
"path": "/mnt/testzpool1/WinShare1",
"acltype": "NFS4",
"gid": null,
"uid": null
}
3143
id : 3143
method : filesystem.setacl
arguments : {@{dacl=; path=/mnt/testzpool1/WinShare1; acltype=NFS4; gid=; uid=}}
transient : False
description :
abortable : False
logs_path :
logs_excerpt :
progress : @{percent=0; description=; extra=}
result :
error : [EINVAL] filesystem_acl.dacl: Result does not match specified schema: [EINVAL] nfs4_acl: Not a list
[EINVAL] posix1e_acl: Not a list
exception : Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/middlewared/job.py", line 469, in run
await self.future
File "/usr/lib/python3/dist-packages/middlewared/job.py", line 513, in __run_body
rv = await self.middleware.run_in_thread(self.method, *args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1324, in run_in_thread
return await self.run_in_executor(self.thread_pool_executor, method, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1321, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/concurrent/futures/thread.py", line 58, in run
result = self.fn(*self.args, **self.kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/schema/processor.py", line 190, in nf
args, kwargs = clean_and_validate_args(args, kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/schema/processor.py", line 180, in clean_and_validate_args
verrors.check()
File "/usr/lib/python3/dist-packages/middlewared/service_exception.py", line 70, in check
raise self
middlewared.service_exception.ValidationErrors: [EINVAL] filesystem_acl.dacl: Result does not match specified schema: [EINVAL] nfs4_acl: Not a list
[EINVAL] posix1e_acl: Not a list
exc_info : @{repr=ValidationErrors(); type=VALIDATION; extra=System.Object[]}
state : FAILED
time_started : @{$date=1713152506000}
time_finished : @{$date=1713152506000}
credentials : @{type=API_KEY; data=}