[pve-devel] [PATCH qemu-server] fix: api: fix permission check for cloudinit drive update
Friedrich Weber
f.weber at proxmox.com
Mon Jul 24 13:46:10 CEST 2023
ping (patch still applies)
On 13/03/2023 13:56, Friedrich Weber wrote:
> Trying to regenerate a cloudinit drive as a non-root user via the API
> currently throws a Perl error, as reported in the forum [1]. This is
> due to a type mismatch in the permission check, where a string is
> passed but an array is expected.
>
> [1] https://forum.proxmox.com/threads/regenerate-cloudinit-by-put-api-return-500.124099/
>
> Signed-off-by: Friedrich Weber <f.weber at proxmox.com>
> ---
> To see if we have the same problem for other API endpoints, I ran:
> grep -r "['\"]perm['\"][^[]*]" .
> in my locally checked-out repos, but found only this single occurrence.
>
> PVE/API2/Qemu.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
> index 587bb22..0ea18eb 100644
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -1398,7 +1398,7 @@ __PACKAGE__->register_method({
> proxyto => 'node',
> description => "Regenerate and change cloudinit config drive.",
> permissions => {
> - check => ['perm', '/vms/{vmid}', 'VM.Config.Cloudinit'],
> + check => ['perm', '/vms/{vmid}', ['VM.Config.Cloudinit']],
> },
> parameters => {
> additionalProperties => 0,
More information about the pve-devel
mailing list