This is an automated email from the ASF dual-hosted git repository.
weizhou pushed a commit to branch 4.18
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.18 by this push:
new bf9c71430b6 CKS: check access when get kubernetescluster config (#7854)
bf9c71430b6 is described below
commit bf9c71430b648f1e8a025084cbb8b737557aad8c
Author: Wei Zhou <[email protected]>
AuthorDate: Mon Aug 14 10:02:20 2023 +0200
CKS: check access when get kubernetescluster config (#7854)
---
.../java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java | 2 ++
1 file changed, 2 insertions(+)
diff --git
a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 0c07268b82f..f0fa335d22c 100644
---
a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++
b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -1285,6 +1285,8 @@ public class KubernetesClusterManagerImpl extends
ManagerBase implements Kuberne
if (kubernetesCluster == null) {
throw new InvalidParameterValueException("Invalid Kubernetes
cluster ID specified");
}
+ Account caller = CallContext.current().getCallingAccount();
+ accountManager.checkAccess(caller,
SecurityChecker.AccessType.OperateEntry, false, kubernetesCluster);
KubernetesClusterConfigResponse response = new
KubernetesClusterConfigResponse();
response.setId(kubernetesCluster.getUuid());
response.setName(kubernetesCluster.getName());
