I partially agree. I do agree that I shouldn't have to crawl the API, nor
do I want to. I'd like to have something similar to the metadata service
that can provide only designated data to a request, much like how
openstack/aws do it.
Ie you can get _your_ instance id, network information, etc but you can't
ask about neighbors'
On Wed, Mar 1, 2017 at 10:04 AM, Sven Kieske <s.kieske(a)mittwald.de> wrote:
On 01/03/17 16:53, Marc Young wrote:
> What feels hacky is that I have so little information about the VM i'm
> running from within that I'd have a hard time crawling the API enough to
> know the information I got was about the VM I'm testing against. Per my
> later email the ID in /var/lib/cloud/data/instance-id is not the same
that
> I'd need to hit the REST API to describe
I'm glad that this is this way.
From a security standpoint, this would be an information leak, which
enables third party users from inside the vm to attack the ovirt system.
So if you implement new features in this area, I would be very very
careful.
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +495772 293100
F: +495772 293333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
_______________________________________________
Devel mailing list
Devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel