[pve-devel] [PATCH qemu-server] cloudinit: hide password on the api
Dominik Csapak
d.csapak at proxmox.com
Thu Mar 15 15:36:50 CET 2018
since password is easily decrypted, hide it on the api
if someone needs it, they can it directly from the config
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
PVE/API2/Qemu.pm | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
index b1c6896..06ce00c 100644
--- a/PVE/API2/Qemu.pm
+++ b/PVE/API2/Qemu.pm
@@ -807,6 +807,11 @@ __PACKAGE__->register_method({
delete $conf->{pending};
+ # hide cloudinit password
+ if ($conf->{cipassword}) {
+ $conf->{cipassword} = '**********';
+ }
+
return $conf;
}});
@@ -871,6 +876,13 @@ __PACKAGE__->register_method({
$item->{value} = $conf->{$opt} if defined($conf->{$opt});
$item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt});
$item->{delete} = ($pending_delete_hash->{$opt} ? 2 : 1) if exists $pending_delete_hash->{$opt};
+
+ # hide cloudinit password
+ if ($opt eq 'cipassword') {
+ $item->{value} = '**********' if defined($item->{value});
+ # the trailing space so that the pending string is different
+ $item->{pending} = '********** ' if defined($item->{pending});
+ }
push @$res, $item;
}
@@ -880,6 +892,11 @@ __PACKAGE__->register_method({
next if defined($conf->{$opt});
my $item = { key => $opt };
$item->{pending} = $conf->{pending}->{$opt};
+
+ # hide cloudinit password
+ if ($opt eq 'cipassword') {
+ $item->{pending} = '**********' if defined($item->{pending});
+ }
push @$res, $item;
}
--
2.11.0
More information about the pve-devel
mailing list