[pve-devel] applied: [PATCH qemu-server] cloudinit: hide password on the api

Wolfgang Bumiller w.bumiller at proxmox.com
Fri Mar 16 11:07:05 CET 2018


applied

On Thu, Mar 15, 2018 at 03:36:50PM +0100, Dominik Csapak wrote:
> since password is easily decrypted, hide it on the api
> if someone needs it, they can it directly from the config
> 
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
>  PVE/API2/Qemu.pm | 17 +++++++++++++++++
>  1 file changed, 17 insertions(+)
> 
> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
> index b1c6896..06ce00c 100644
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -807,6 +807,11 @@ __PACKAGE__->register_method({
>  
>  	delete $conf->{pending};
>  
> +	# hide cloudinit password
> +	if ($conf->{cipassword}) {
> +	    $conf->{cipassword} = '**********';
> +	}
> +
>  	return $conf;
>      }});
>  
> @@ -871,6 +876,13 @@ __PACKAGE__->register_method({
>  	    $item->{value} = $conf->{$opt} if defined($conf->{$opt});
>  	    $item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt});
>  	    $item->{delete} = ($pending_delete_hash->{$opt} ? 2 : 1) if exists $pending_delete_hash->{$opt};
> +
> +	    # hide cloudinit password
> +	    if ($opt eq 'cipassword') {
> +		$item->{value} = '**********' if defined($item->{value});
> +		# the trailing space so that the pending string is different
> +		$item->{pending} = '********** ' if defined($item->{pending});
> +	    }
>  	    push @$res, $item;
>  	}
>  
> @@ -880,6 +892,11 @@ __PACKAGE__->register_method({
>  	    next if defined($conf->{$opt});
>  	    my $item = { key => $opt };
>  	    $item->{pending} = $conf->{pending}->{$opt};
> +
> +	    # hide cloudinit password
> +	    if ($opt eq 'cipassword') {
> +		$item->{pending} = '**********' if defined($item->{pending});
> +	    }
>  	    push @$res, $item;
>  	}
>  
> -- 
> 2.11.0



More information about the pve-devel mailing list