- fence_ibm_vpc: refresh bearer-token if token data is corrupt, and

avoid edge-case of writing empty token file Resolves: RHEL-83520
2025-03-17 12:34:56 +01:00 · 2025-03-17 12:34:56 +01:00 · 1b21632c8d
commit 1b21632c8d
parent 5feb9b89b7
2 changed files with 46 additions and 1 deletions
--- a/RHEL-83520-fence_ibm_vpc-refresh-bearer-token.patch
+++ b/RHEL-83520-fence_ibm_vpc-refresh-bearer-token.patch
@ -0,0 +1,38 @@
+From 293b3961149f680ead9028e6719c405957abc6b7 Mon Sep 17 00:00:00 2001
+From: Oyvind Albrigtsen <oalbrigt@redhat.com>
+Date: Thu, 13 Mar 2025 16:40:30 +0100
+Subject: [PATCH] fence_ibm_vpc: refresh bearer-token in connect() if token
+ data is corrupt, and avoid edge-case of writing empty token file
+
+---
+ agents/ibm_vpc/fence_ibm_vpc.py | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/agents/ibm_vpc/fence_ibm_vpc.py b/agents/ibm_vpc/fence_ibm_vpc.py
+index 035a3235a..efda5eed7 100755
+--- a/agents/ibm_vpc/fence_ibm_vpc.py
+++ b/agents/ibm_vpc/fence_ibm_vpc.py
+@@ -105,6 +105,8 @@ def get_bearer_token(conn, options):
+ 			except Exception as e:
+ 				logging.error("Failed: Unable to authenticate: {}".format(e))
+ 				fail(EC_LOGIN_DENIED)
+			if len(token) < 1:
+				fail(EC_LOGIN_DENIED)
+ 			file_obj.write(token)
+ 	finally:
+ 		os.umask(oldumask)
+@@ -152,6 +154,14 @@ def connect(opt):
+ 	# set auth token for later requests
+ 	conn = set_bearer_token(conn, bearer_token)
+ 
+	try:
+		command = "instances?version=2021-05-25&generation=2&limit=1"
+		res = send_command(conn, opt, command)
+	except Exception as e:
+		logging.warning("Failed to login/connect. Updating bearer-token.")
+		bearer_token = get_bearer_token(conn, opt)
+		conn = set_bearer_token(conn, bearer_token)
+
+ 	return conn
+ 
+ def disconnect(conn):
--- a/fence-agents.spec
+++ b/fence-agents.spec
@ -13,7 +13,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.16.0
-Release: 5%{?alphatag:.%{alphatag}}%{?dist}
+Release: 6%{?alphatag:.%{alphatag}}%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.0-or-later
 URL: https://github.com/ClusterLabs/fence-agents
 Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
@ -106,6 +106,7 @@ Patch5: ha-cloud-support-google.patch
 Patch6: bundled-kubevirt.patch
 Patch7: bundled-pycurl.patch
 Patch8: bundled-suds.patch
+Patch9: RHEL-83520-fence_ibm_vpc-refresh-bearer-token.patch

 %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs drac5 eaton_snmp emerson eps hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti
 %ifarch x86_64
@ -223,6 +224,7 @@ BuildRequires: %{systemd_units}
 %patch -p1 -P 6
 %patch -p1 -P 7
 %patch -p1 -P 8
+%patch -p1 -P 9

 # prevent compilation of something that won't get used anyway
 sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac
@ -1182,6 +1184,11 @@ are located on corosync cluster nodes.
 %endif

 %changelog
+* Mon Mar 17 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.16.0-6
+- fence_ibm_vpc: refresh bearer-token if token data is corrupt, and
+  avoid edge-case of writing empty token file
+  Resolves: RHEL-83520
+
 * Mon Feb  3 2025 Oyvind Albrigtsen <oalbrigt@redhat.com> - 4.16.0-5
 - fence_azure_arm: use azure-identity instead of msrestazure, which has
  been deprecated