This is an automated email from the ASF dual-hosted git repository.
bhaisaab pushed a commit to branch 4.9
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.9 by this push:
new 07fda3b CLOUDSTACK-9983: Hide credentials in listClusters response
07fda3b is described below
commit 07fda3b39548d0199e762586bb1bd0174dc538f0
Author: Rohit Yadav <[email protected]>
AuthorDate: Wed Jul 5 00:18:51 2017 +0530
CLOUDSTACK-9983: Hide credentials in listClusters response
This removes username and passwords details from the listClusters
response. The details are usually seen in VMware environments only.
With dynamic roles features, the listClusters API may be provided
to a read-only root-admin user role/type which should not be able to get
the credentials.
Signed-off-by: Rohit Yadav <[email protected]>
---
api/src/org/apache/cloudstack/api/response/ClusterResponse.java | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/api/src/org/apache/cloudstack/api/response/ClusterResponse.java
b/api/src/org/apache/cloudstack/api/response/ClusterResponse.java
index 754baa2..d6ae70f 100644
--- a/api/src/org/apache/cloudstack/api/response/ClusterResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/ClusterResponse.java
@@ -208,6 +208,12 @@ public class ClusterResponse extends BaseResponse {
if (details == null) {
return;
}
- this.resourceDetails = new HashMap<>(details);
+ resourceDetails = new HashMap<>(details);
+ if (resourceDetails.containsKey("username")) {
+ resourceDetails.remove("username");
+ }
+ if (resourceDetails.containsKey("password")) {
+ resourceDetails.remove("password");
+ }
}
}
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
