[pve-devel] applied: [PATCH qemu-server] cloudinit: hide password on the api
Wolfgang Bumiller
w.bumiller at proxmox.com
Fri Mar 16 11:07:05 CET 2018
applied
On Thu, Mar 15, 2018 at 03:36:50PM +0100, Dominik Csapak wrote:
> since password is easily decrypted, hide it on the api
> if someone needs it, they can it directly from the config
>
> Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
> ---
> PVE/API2/Qemu.pm | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
> diff --git a/PVE/API2/Qemu.pm b/PVE/API2/Qemu.pm
> index b1c6896..06ce00c 100644
> --- a/PVE/API2/Qemu.pm
> +++ b/PVE/API2/Qemu.pm
> @@ -807,6 +807,11 @@ __PACKAGE__->register_method({
>
> delete $conf->{pending};
>
> + # hide cloudinit password
> + if ($conf->{cipassword}) {
> + $conf->{cipassword} = '**********';
> + }
> +
> return $conf;
> }});
>
> @@ -871,6 +876,13 @@ __PACKAGE__->register_method({
> $item->{value} = $conf->{$opt} if defined($conf->{$opt});
> $item->{pending} = $conf->{pending}->{$opt} if defined($conf->{pending}->{$opt});
> $item->{delete} = ($pending_delete_hash->{$opt} ? 2 : 1) if exists $pending_delete_hash->{$opt};
> +
> + # hide cloudinit password
> + if ($opt eq 'cipassword') {
> + $item->{value} = '**********' if defined($item->{value});
> + # the trailing space so that the pending string is different
> + $item->{pending} = '********** ' if defined($item->{pending});
> + }
> push @$res, $item;
> }
>
> @@ -880,6 +892,11 @@ __PACKAGE__->register_method({
> next if defined($conf->{$opt});
> my $item = { key => $opt };
> $item->{pending} = $conf->{pending}->{$opt};
> +
> + # hide cloudinit password
> + if ($opt eq 'cipassword') {
> + $item->{pending} = '**********' if defined($item->{pending});
> + }
> push @$res, $item;
> }
>
> --
> 2.11.0
More information about the pve-devel
mailing list