Power password is returned to UI
Bug #1938754 reported by
Huw Wilkins
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
MAAS |
Invalid
|
High
|
Unassigned |
Bug Description
In the configuration tab for machine/kvm we display the power parameters which include the power password.
At the moment we mask the password in a password field, but really this is just a plain text password that can be easily seen.
Does the API need to return the password? If not maybe we should consider removing that from the response. In that case it would be good to return a flag for whether there is a password set so we can indicate that in the UI.
Changed in maas: | |
status: | Confirmed → Triaged |
importance: | Undecided → High |
milestone: | none → next |
tags: | added: sts |
To post a comment you must log in.
Previously, with libvirt, we actually showed the power password if you edited the configuration. Now it seems to be masked. What I'm not clear on is whether we intended the password to be shown when editing a machine configuration, or whether it's just an oversight. Not sure this is a bug, it might be a feature change. Moving to incomplete, suggesting that Huw send an e-mail to Adam Collard to determine our original intent.