winterhazel commented on code in PR #13149:
URL: https://github.com/apache/cloudstack/pull/13149#discussion_r3320265882
##########
server/src/main/java/com/cloud/user/AccountManagerImpl.java:
##########
@@ -3320,6 +3320,10 @@ private Boolean isAccessingKeypairSuperset(ApiKeyPair
accessedKeyPair, BaseCmd c
return Boolean.TRUE;
}
ApiKeyPair accessingKeyPair = apiKeyPairService.findByApiKey(apiKey);
+ if (accessingKeyPair == null) {
+ logger.warn("Unable to find API key pair for the accessing API
key: {}", apiKey);
+ return Boolean.TRUE;
Review Comment:
I think that it is better to return `false` here instead. Could you have a
look @bernardodemarco?
This method validates whether the keypair being used is a superset of the
keypair being accessed. `true` is returned when an `apiKey` is not being used
to call the API, which makes sense as this check is not necessary in this case.
However, as a keypair is being used here, I think that it would make more sense
to either inform that it is not a superset, as we could not obtain the key to
confirm, or throw a runtime exception.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
