[
https://issues.apache.org/jira/browse/CLOUDSTACK-9983?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16097177#comment-16097177
]
ASF subversion and git services commented on CLOUDSTACK-9983:
-------------------------------------------------------------
Commit 07fda3b39548d0199e762586bb1bd0174dc538f0 in cloudstack's branch
refs/heads/4.9 from [[email protected]]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=07fda3b ]
CLOUDSTACK-9983: Hide credentials in listClusters response
This removes username and passwords details from the listClusters
response. The details are usually seen in VMware environments only.
With dynamic roles features, the listClusters API may be provided
to a read-only root-admin user role/type which should not be able to get
the credentials.
Signed-off-by: Rohit Yadav <[email protected]>
> Don't return username/password details in the listClusters response
> -------------------------------------------------------------------
>
> Key: CLOUDSTACK-9983
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9983
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Fix For: Future, 4.10.1.0, 4.9.3.0
>
>
> The listClusters API response may contain VMware dc username/password as part
> of its details. The response should not expose this details.
> https://github.com/apache/cloudstack/pull/2166
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
