[
https://issues.apache.org/jira/browse/CLOUDSTACK-7958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15969025#comment-15969025
]
ASF GitHub Bot commented on CLOUDSTACK-7958:
--------------------------------------------
Github user DaanHoogland commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/2046#discussion_r111568764
--- Diff: api/src/org/apache/cloudstack/config/ApiServiceConfiguration.java
---
@@ -28,6 +28,8 @@
"API end point. Can be used by CS components/services deployed
remotely, for sending CS API requests", true);
public static final ConfigKey<Long> DefaultUIPageSize = new
ConfigKey<Long>("Advanced", Long.class, "default.ui.page.size", "20",
"The default pagesize to be used by UI and other clients when
making list* API calls", true, ConfigKey.Scope.Global);
+ public static final ConfigKey<String> ManagementAdminCidr = new
ConfigKey<String>("Advanced", String.class, "management.admin.cidr",
+ "0.0.0.0/0,::/0", "Comma separated list of IPv4/IPv6 CIDRs
from which Admin accounts can perform API calls", true, ConfigKey.Scope.Global);
--- End diff --
argument for this default: backwards compatible
argument against: inherent security risk
> Limit user login to specific subnets
> ------------------------------------
>
> Key: CLOUDSTACK-7958
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7958
> Project: CloudStack
> Issue Type: New Feature
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API, Management Server
> Affects Versions: Future
> Reporter: Wido den Hollander
> Assignee: Wido den Hollander
> Priority: Minor
> Fix For: Future
>
>
> When exposing the API there is a potential danger that a user gets his hands
> on a account with Admin privileges and does bad things to a cloud.
> It would be a useful feature if we could limit certain accounts/users to
> specific subnets.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
