I partially agree. I do agree that I shouldn't have to crawl the API, nor do I want to. I'd like to have something similar to the metadata service that can provide only designated data to a request, much like how openstack/aws do it. Ie you can get _your_ instance id, network information, etc but you can't ask about neighbors'
On Wed, Mar 1, 2017 at 10:04 AM, Sven Kieske <[email protected]> wrote: > On 01/03/17 16:53, Marc Young wrote: > > What feels hacky is that I have so little information about the VM i'm > > running from within that I'd have a hard time crawling the API enough to > > know the information I got was about the VM I'm testing against. Per my > > later email the ID in /var/lib/cloud/data/instance-id is not the same > that > > I'd need to hit the REST API to describe > > I'm glad that this is this way. > > From a security standpoint, this would be an information leak, which > enables third party users from inside the vm to attack the ovirt system. > > So if you implement new features in this area, I would be very very > careful. > > -- > Mit freundlichen Grüßen / Regards > > Sven Kieske > > Systemadministrator > Mittwald CM Service GmbH & Co. KG > Königsberger Straße 6 > 32339 Espelkamp > T: +495772 293100 > F: +495772 293333 > https://www.mittwald.de > Geschäftsführer: Robert Meyer > St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen > Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen > > > _______________________________________________ > Devel mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/devel >
_______________________________________________ Devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/devel
