shwstppr commented on PR #8973:
URL: https://github.com/apache/cloudstack/pull/8973#issuecomment-2134446434

   @DaanHoogland this is not only limited to webhooks feature. Other API too 
have params that have authorized key defined. Though I didn't get change to 
take logs/cmk output for them.
   
![image](https://github.com/apache/cloudstack/assets/153340/d2ff50ad-280b-41e2-9a04-bd3644a22b9e)
   eg: `listBuckets` API has admin-only param objectstorageid but currently it 
is shown to a normal user as well (though the user won't be able to use that).
   ```
   (local) 🐱 > set username user
   (local) 🐱 > sync
   Discovered 320 APIs
   (local) 🐱 > list buckets -h
   listBuckets: Lists all Buckets.
   API Params               Type     Description
   ==========               ====     ===========
   account                  string   list resources by account. Must be used w
                                     ith the domainId parameter.
   domainid                 uuid     list only resources belonging to the doma
                                     in specified
   id                       uuid     the ID of the bucket
   ids                      list     the IDs of the Buckets, mutually exclusiv
                                     e with id
   isrecursive              boolean  defaults to false, but if true, lists all
                                      resources from the parent specified by 
                                     the domainId till leaves.
   keyword                  string   List by keyword
   listall                  boolean  If set to false, list only resources belo
                                     nging to the command's caller; if set to
                                      true - list resources that the caller i
                                     s authorized to see. Default value is fa
                                     lse. Resources dedicated to a project ar
                                     e listed only if using the projectid par
                                     ameter.
   name                     string   the name of the bucket
   objectstorageid          uuid     the ID of the object storage pool, availa
                                     ble to ROOT admin only
   page                     integer  
   pagesize                 integer  
   projectid                uuid     list objects by project; if projectid=-1 
                                     lists All VMs
   tags                     map      List resources by tags (key/value pairs)
   ``` 
   
   Webhooks feature is targetted for 4.20 and I feel this improvement can also 
be added in 4.19 branch hence a separate PR.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to