eks-anywhere icon indicating copy to clipboard operation
eks-anywhere copied to clipboard

Published 20 hours ago • verified publisher icon aws

Add validate session permission for vcenter global role

Open vivek-koppuru opened this issue 2 years ago • 2 comments

Issue #, if available:

Description of changes: After working with a user on this, we found out that missing the Sessions.ValidateSession permission results in the capv caching mechanism for sessions to not work, resulting in new sessions to be created all the time. This results in the session limit being breached if there are a lot of nodes running in the vcenter environment.

Error observed in capv logs:

E0921 19:13:06.002439       1 session.go:124] session "msg"="error checking if session is active" "error"="ServerFaultCode: Permission to perform this operation was denied." "datacenter"="Datacenter" "server"="10.61.250.74"

Testing (if applicable): Tested manually creating a cluster and running a create with the validation

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

vivek-koppuru avatar Sep 21 '22 21:09 vivek-koppuru

Codecov Report

Merging #3416 (e2e4184) into main (1314346) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #3416   +/-   ##
=======================================
  Coverage   64.85%   64.85%           
=======================================
  Files         352      352           
  Lines       28397    28397           
=======================================
  Hits        18418    18418           
  Misses       8666     8666           
  Partials     1313     1313

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov[bot] avatar Sep 21 '22 21:09 codecov[bot]

/approve

vivek-koppuru avatar Sep 21 '22 21:09 vivek-koppuru

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vivek-koppuru

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment

eks-distro-bot avatar Sep 21 '22 21:09 eks-distro-bot

/cherry-pick release-0.11

vivek-koppuru avatar Sep 21 '22 21:09 vivek-koppuru

@vivek-koppuru: once the present PR merges, I will cherry-pick it on top of release-0.11 in a new PR and assign it to you.

In response to this:

/cherry-pick release-0.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

eks-distro-pr-bot avatar Sep 21 '22 21:09 eks-distro-pr-bot

@vivek-koppuru: new pull request created: #3417

In response to this:

/cherry-pick release-0.11

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

eks-distro-pr-bot avatar Sep 21 '22 21:09 eks-distro-pr-bot