[
https://issues.apache.org/jira/browse/CLOUDSTACK-1555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13595821#comment-13595821
]
Kishan Kavala commented on CLOUDSTACK-1555:
-------------------------------------------
listRegion api is available to all users and not just admin. api/secret key
should not be visible to end user.
api/secret key can be removed altogether. Each DB is expected to have same
account data including keys. Each region can get admin keys from user table in
local DB
> AWS Regions - userapikey and usersecretkey parameters are not returned in the
> response of addRegion, updateRegion , listRegion api calls..
> ------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-1555
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1555
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: Management Server
> Affects Versions: 4.1.0
> Environment: Latest build from 4.1
> Reporter: Sangeetha Hariharan
> Assignee: Kishan Kavala
> Priority: Critical
> Fix For: 4.1.0
>
>
> userapikey and usersecretkey parameters are not returned in the response of
> addRegion, updateRegion , listRegion api calls.
> 2013-03-06 20:50:08,456 INFO [cloud.api.ApiServer] (catalina-exec-11:null)
> (userId=2 accountId=2 sessionId=E95B6E236FDA7706736FF23E72CB07D7)
> 10.217.252.128 -- GET command=addRegion&
> id=1&name=region1&endpoint=http://10.223.131.202:8080/client/&userapikey=jne_oosNAJtGpaW1U8ovFmLICPoHFDi0VjGsPCkL_FQhnqTt6ARVQQc5eoKmvJNnTTEVSQMkf17JLI2JnCYLQ&usersecretkey=P3VIZycVs
> rGnkjZGwWVSC2MxCO686FPnJshvovq5v6M9HY2MieFbkQzIDo574FWsAI0vBB3C3Kt0io73ysimJw&response=json&sessionkey=SljMQGGmtCajGAH2nYhjli%2BZVMo%3D
> 200 { "addregionresponse" : { "region" : {"id
> ":1,"name":"region1","endpoint":"http://10.223.131.202:8080/client/"} } }
> 013-03-06 12:39:47,521 INFO [cloud.api.ApiServer] (catalina-exec-24:null)
> (userId=2 accountId=2 sessionId=6FD26C1BD785EC13863FE6515F844A61)
> 10.217.252.128 -- GET command=updateRegion&id=1&
> userapikey=jne_oosNAJtGpaW1U8ovFmLICPoHFDi0VjGsPCkL_FQhnqTt6ARVQQc5eoKmvJNnTTEVSQMkf17JLI2JnCYLQ&usersecretkey=P3VIZycVsrGnkjZGwWVSC2MxCO686FPnJshvovq5v6M9HY2MieFbkQzIDo574FWsAI0vBB3C3Kt0io7
> 3ysimJw&response=json&sessionkey=MCtVuPmdMpLPzE9JHigN%2FiHnWBY%3D 200 {
> "updateregionresponse" : { "region" :
> {"id":1,"name":"Local","endpoint":"http://localhost:8080/client/api"} } }
> 2013-03-06 12:41:33,933 INFO [cloud.api.ApiServer] (catalina-exec-6:null)
> (userId=2 accountId=2 sessionId=6FD26C1BD785EC13863FE6515F844A61)
> 10.217.252.128 -- GET command=listRegions&respons
> e=json&sessionkey=MCtVuPmdMpLPzE9JHigN%2FiHnWBY%3D 200 {
> "listregionsresponse" : { "count":1 ,"region" : [
> {"id":1,"name":"Local","endpoint":"http://localhost:8080/client/api"} ] } }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
