Bug #38486: Power on/shutdown reported successful even if user is not authorized (BMC with Redfish provider) - Smart Proxy - Foreman

Actions

Copy link

Bug #38486

open

Power on/shutdown reported successful even if user is not authorized (BMC with Redfish provider)

Added by Francesco Di Nucci 28 days ago.

Status:

New

Priority:

Normal

Assignee:

Category:

BMC

Target version:

Difficulty:

Triaged:

Bugzilla link:

Pull request:

Fixed in Releases:

Found in Releases:

Foreman - 3.13.1, Foreman - 3.14.0

Red Hat JIRA:

Description

Using BMC with Redfish provider, even if the user is not authorized to perform power operations, the request is reported as successful

Created an iDRAC9 user with 0x00000001 privileges
Added the BMC credentials to the host on Foreman, power status is read correctly
Trying to power on/shut down the host, Foreman reports Success alert:Power has been set to "Off"/"On" successfully
In reality nothing happens, the host is still on/off as before

Proxy log


proxy.log: [I] Started GET /bmc/10.99.5.177/chassis/power/status bmc_provider=Redfish
proxy.log: [I] Finished GET /bmc/10.99.5.177/chassis/power/status with 200 (1657.06 ms)
proxy.log: [I] Started PUT /bmc/10.99.5.177/chassis/power/off 
proxy.log: [I] Finished PUT /bmc/10.99.5.177/chassis/power/off with 200 (1636.06 ms)

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Foreman » Smart Proxy

Custom queries

Bug #38486

Power on/shutdown reported successful even if user is not authorized (BMC with Redfish provider)