cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-7958) Limit user login to specific subnets
Date Fri, 14 Apr 2017 15:31:41 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-7958?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15969154#comment-15969154
] 

ASF GitHub Bot commented on CLOUDSTACK-7958:
--------------------------------------------

Github user wido commented on a diff in the pull request:

    https://github.com/apache/cloudstack/pull/2046#discussion_r111589656
  
    --- Diff: server/src/com/cloud/api/ApiServlet.java ---
    @@ -290,6 +292,17 @@ void processRequestInContext(final HttpServletRequest req, final
HttpServletResp
                     CallContext.register(accountMgr.getSystemUser(), accountMgr.getSystemAccount());
                 }
     
    +            if (CallContext.current().getCallingAccount().getType() == Account.ACCOUNT_TYPE_ADMIN)
{
    +                s_logger.debug("CIDRs from which Admin accounts are allowed to perform
API calls " + adminCidrs);
    --- End diff --
    
    You suggest setting this to TRACE instead of debug?


> Limit user login to specific subnets
> ------------------------------------
>
>                 Key: CLOUDSTACK-7958
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-7958
>             Project: CloudStack
>          Issue Type: New Feature
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API, Management Server
>    Affects Versions: Future
>            Reporter: Wido den Hollander
>            Assignee: Wido den Hollander
>            Priority: Minor
>             Fix For: Future
>
>
> When exposing the API there is a potential danger that a user gets his hands on a account
with Admin privileges and does bad things to a cloud.
> It would be a useful feature if we could limit certain accounts/users to specific subnets.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message