launchpad-reviewers team mailing list archive

[Launchpad Bug Tracker <1034318@xxxxxxxxxxxxxxxxxx>]

** Branch linked: lp:ubuntu/raring-proposed/maas

-- 
You received this bug notification because you are a member of MAAS
Maintainers, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1034318

Title:
  API calls that return a node leak private data

Status in MAAS:
  Fix Released
Status in MAAS 1.2 series:
  Fix Committed
Status in MAAS 12.04-nocobbler series:
  Fix Committed
Status in MAAS trunk series:
  Fix Released
Status in “maas” package in Ubuntu:
  New
Status in “maas” source package in Precise:
  New
Status in “maas” source package in Quantal:
  New
Status in “maas” source package in Raring:
  New

Bug description:
  list_allocated, for example, as below.  This might not matter so much
  when we go single tenancy but I still can't see why API users should
  see power_parameters at all.

  "GET /api/1.0/nodes/?op=list_allocated&id=node-6026dfba-e11f-
  11e1-afe8-e4115b13819f HTTP/1.1" 200 696

  Vary: Authorization
  Content-Type: application/json; charset=utf-8

  [
      {
          "status": 6,
          "macaddress_set": [
              {
                  "resource_uri": "/api/1.0/nodes/node-6026dfba-e11f-11e1-afe8-e4115b13819f/macs/e4:11:5b:13:7b:36/",
                  "mac_address": "e4:11:5b:13:7b:36"
              }
          ],
          "power_parameters": {
              "power_address": "10.0.0.10",
              "power_pass": "password",
              "power_user": "admin"
          },
          "netboot": false,
          "hostname": "node7",
          "power_type": "ipmilan",
          "system_id": "node-6026dfba-e11f-11e1-afe8-e4115b13819f",
          "architecture": "amd64",
          "resource_uri": "/api/1.0/nodes/node-6026dfba-e11f-11e1-afe8-e4115b13819f/"
      }
  ]

To manage notifications about this bug go to:
https://bugs.launchpad.net/maas/+bug/1034318/+subscriptions