#!/bin/bash
#
#
tfR=TofuUser
tfU=tofuer
tk=tofu

pveum role add "${tfR}" -privs "\
  Datastore.Allocate \
  Datastore.AllocateSpace \
  Datastore.Audit \
  Pool.Allocate \
  Pool.Audit \
  Sys.Audit \
  Sys.Console \
  Sys.Modify \
  Sys.Syslog \
  VM.Allocate \
  VM.Audit \
  VM.Clone \
  VM.Config.CDROM \
  VM.Config.Cloudinit \
  VM.Config.CPU \
  VM.Config.Disk \
  VM.Config.HWType \
  VM.Config.Memory \
  VM.Config.Network \
  VM.Config.Options \
  VM.Console \
  VM.Migrate \
  VM.GuestAgent.Audit \
  VM.GuestAgent.FileRead \
  VM.GuestAgent.FileWrite \
  VM.GuestAgent.FileSystemMgmt \
  VM.GuestAgent.Unrestricted \
  VM.PowerMgmt \
  Mapping.Audit \
  Mapping.Use \
  SDN.Audit \
  SDN.Use"


pveum user add "${tfU}@pve" --password 'Azerty1+-'

pveum aclmod / -user "${tfU}@pve" -role "${tfR}"

pveum user token add "${tfU}@pve" "$tk" -expire 0 -privsep 0 -comment "Tofu token"|tee "tk-${tk}.txt"