From 07fda3b39548d0199e762586bb1bd0174dc538f0 Mon Sep 17 00:00:00 2001
From: Rohit Yadav <rohit.yadav@shapeblue.com>
Date: Wed, 5 Jul 2017 00:18:51 +0530
Subject: [PATCH] CLOUDSTACK-9983: Hide credentials in listClusters response

This removes username and passwords details from the listClusters
response. The details are usually seen in VMware environments only.
With dynamic roles features, the listClusters API may be provided
to a read-only root-admin user role/type which should not be able to get
the credentials.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 .../apache/cloudstack/api/response/ClusterResponse.java   | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/api/src/org/apache/cloudstack/api/response/ClusterResponse.java b/api/src/org/apache/cloudstack/api/response/ClusterResponse.java
index 754baa26776..d6ae70fd7a7 100644
--- a/api/src/org/apache/cloudstack/api/response/ClusterResponse.java
+++ b/api/src/org/apache/cloudstack/api/response/ClusterResponse.java
@@ -208,6 +208,12 @@ public class ClusterResponse extends BaseResponse {
         if (details == null) {
             return;
         }
-        this.resourceDetails = new HashMap<>(details);
+        resourceDetails = new HashMap<>(details);
+        if (resourceDetails.containsKey("username")) {
+            resourceDetails.remove("username");
+        }
+        if (resourceDetails.containsKey("password")) {
+            resourceDetails.remove("password");
+        }
     }
 }