[pve-devel] [PATCH qemu-server] fix: api: fix permission check for cloudinit drive update

Friedrich Weber f.weber at proxmox.com
Mon Mar 13 13:56:25 CET 2023

Trying to regenerate a cloudinit drive as a non-root user via the API
currently throws a Perl error, as reported in the forum [1]. This is
due to a type mismatch in the permission check, where a string is
passed but an array is expected.

[1] https://forum.proxmox.com/threads/regenerate-cloudinit-by-put-api-return-500.124099/

Signed-off-by: Friedrich Weber <f.weber at proxmox.com>
 To see if we have the same problem for other API endpoints, I ran:
    grep -r "['\"]perm['\"][^[]*]" .
 in my locally checked-out repos, but found only this single occurrence.

 PVE/API2/Qemu.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index 587bb22..0ea18eb 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -1398,7 +1398,7 @@ __PACKAGE__->register_method({
     proxyto => 'node',
     description => "Regenerate and change cloudinit config drive.",
     permissions => {
-	check => ['perm', '/vms/{vmid}', 'VM.Config.Cloudinit'],
+	check => ['perm', '/vms/{vmid}', ['VM.Config.Cloudinit']],
     parameters => {
 	additionalProperties => 0,

More information about the pve-devel mailing list