[
https://issues.apache.org/jira/browse/CLOUDSTACK-7958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15969154#comment-15969154
]
ASF GitHub Bot commented on CLOUDSTACK-7958:
--------------------------------------------
Github user wido commented on a diff in the pull request:
https://github.com/apache/cloudstack/pull/2046#discussion_r111589656
--- Diff: server/src/com/cloud/api/ApiServlet.java ---
@@ -290,6 +292,17 @@ void processRequestInContext(final HttpServletRequest
req, final HttpServletResp
CallContext.register(accountMgr.getSystemUser(),
accountMgr.getSystemAccount());
}
+ if (CallContext.current().getCallingAccount().getType() ==
Account.ACCOUNT_TYPE_ADMIN) {
+ s_logger.debug("CIDRs from which Admin accounts are
allowed to perform API calls " + adminCidrs);
--- End diff --
You suggest setting this to TRACE instead of debug?
> Limit user login to specific subnets
> ------------------------------------
>
> Key: CLOUDSTACK-7958
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7958
> Project: CloudStack
> Issue Type: New Feature
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: API, Management Server
> Affects Versions: Future
> Reporter: Wido den Hollander
> Assignee: Wido den Hollander
> Priority: Minor
> Fix For: Future
>
>
> When exposing the API there is a potential danger that a user gets his hands
> on a account with Admin privileges and does bad things to a cloud.
> It would be a useful feature if we could limit certain accounts/users to
> specific subnets.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
