[jira] [Updated] (CLOUDSTACK-4493) registerSSHKeyPair API doc contains wrong API response (private key)

Harikrishna Patnala (JIRA) Sun, 25 Aug 2013 23:20:08 -0700

     [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-4493?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Harikrishna Patnala updated CLOUDSTACK-4493:
--------------------------------------------

    Description: 
registerSSHKeyPair API returns only name and fingerprint of the ssh keypair 
(sets null to private key parameter).

Our API doc 
http://cloudstack.apache.org/docs/api/apidocs-4.1/user/registerSSHKeyPair.html
has an extra parameter private key in response which anyway we return null.

  Response Name :         Description
-------------------------------------------------
   fingerprint     :       Fingerprint of the public key
   name               :       Name of the keypair
   privatekey        :     Private key

This is because we use same response object for all ssh key pair related APIs.
In this case it is misleading and seems like CS API leaks implementation 
details.

  was:
registerSSHKeyPair API returns only name and fingerprint of the ssh keypair.
Our API doc 
http://cloudstack.apache.org/docs/api/apidocs-4.1/user/registerSSHKeyPair.html
has an extra parameter private key in response which anyway we return null.

This is because we use same response object for all ssh key pair related APIs.
In this case it is misleading and seems like CS API leaks implementation 
details.

    
> registerSSHKeyPair API doc contains wrong API response (private key)
> --------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-4493
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-4493
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: Doc, Management Server
>            Reporter: Harikrishna Patnala
>             Fix For: 4.2.1
>
>
> registerSSHKeyPair API returns only name and fingerprint of the ssh keypair 
> (sets null to private key parameter).
> Our API doc 
> http://cloudstack.apache.org/docs/api/apidocs-4.1/user/registerSSHKeyPair.html
> has an extra parameter private key in response which anyway we return null.
>   Response Name :       Description
> -------------------------------------------------
>    fingerprint           :       Fingerprint of the public key
>    name               :       Name of the keypair
>    privatekey        :           Private key
> This is because we use same response object for all ssh key pair related APIs.
> In this case it is misleading and seems like CS API leaks implementation 
> details.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Updated] (CLOUDSTACK-4493) registerSSHKeyPair API doc contains wrong API response (private key)

Reply via email to