summaryrefslogtreecommitdiff
path: root/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch
diff options
context:
space:
mode:
Diffstat (limited to 'RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch')
-rw-r--r--RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch26
1 files changed, 26 insertions, 0 deletions
diff --git a/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch b/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch
new file mode 100644
index 0000000..5f2027a
--- /dev/null
+++ b/RHEL-25256-fence_vmware_rest-detect-user-sufficient-rights.patch
@@ -0,0 +1,26 @@
+From fc7d7c4baef64f510bd3332c9f008d3e1128dc7b Mon Sep 17 00:00:00 2001
+From: Peter Varkoly <varkoly@suse.com>
+Date: Sun, 11 Feb 2024 09:13:51 +0100
+Subject: [PATCH] fence_vmware_rest : monitoring is not detecting if the API
+ user has sufficient right to manage the fence device. The call
+ https://{api_host}/api/vcenter/vm is subject to permission checks. If the
+ delivered list is empty the user has no rights.
+
+---
+ agents/vmware_rest/fence_vmware_rest.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/agents/vmware_rest/fence_vmware_rest.py b/agents/vmware_rest/fence_vmware_rest.py
+index 378771863..9dc9a12f4 100644
+--- a/agents/vmware_rest/fence_vmware_rest.py
++++ b/agents/vmware_rest/fence_vmware_rest.py
+@@ -60,6 +60,9 @@ def get_list(conn, options):
+ else:
+ fail(EC_STATUS)
+
++ if options.get("--original-action") == "monitor" and not res["value"]:
++ logging.error("API user does not have sufficient rights to manage the power status.")
++ fail(EC_STATUS)
+ for r in res["value"]:
+ outlets[r["name"]] = ("", state[r["power_state"]])
+
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-20 12:10:08 +0000