From d5bb0685d11861351bdb135c09aa4c18e350d5fe Mon Sep 17 00:00:00 2001
From: MaxwellCaron <maxwell.caron1@gmail.com>
Date: Thu, 11 Dec 2025 13:28:09 -0800
Subject: [PATCH] Made the creator group get access to deployed pods

---
 internal/proxmox/pools.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/internal/proxmox/pools.go b/internal/proxmox/pools.go
index 1fb0482..d53513c 100644
--- a/internal/proxmox/pools.go
+++ b/internal/proxmox/pools.go
@@ -57,16 +57,22 @@ func (s *ProxmoxService) CreateNewPool(poolName string) error {
 }
 
 func (s *ProxmoxService) SetPoolPermission(poolName string, targetName string, isGroup bool) error {
+	realm := s.Config.Realm
+
+	groups := []string{fmt.Sprintf("%s-%s", s.Config.CreatorGroupName, realm)}
+	if isGroup {
+		groups = append(groups, fmt.Sprintf("%s-%s", targetName, realm))
+	}
+
 	reqBody := map[string]any{
 		"path":      fmt.Sprintf("/pool/%s", poolName),
 		"roles":     "PVEVMUser,PVEPoolUser",
 		"propagate": true,
+		"groups":    strings.Join(groups, ","),
 	}
 
-	if isGroup {
-		reqBody["groups"] = fmt.Sprintf("%s-%s", targetName, s.Config.Realm)
-	} else {
-		reqBody["users"] = fmt.Sprintf("%s@%s", targetName, s.Config.Realm)
+	if !isGroup {
+		reqBody["users"] = fmt.Sprintf("%s@%s", targetName, realm)
 	}
 
 	req := tools.ProxmoxAPIRequest{