Allow users to send requests from CMK using POST requests. #161
Merged
yadvr merged 7 commits intoapache:mainfrom Jul 14, 2025
Merged
Allow users to send requests from CMK using POST requests. #161yadvr merged 7 commits intoapache:mainfrom
yadvr merged 7 commits intoapache:mainfrom
Conversation
added 2 commits
February 28, 2025 16:17
shwstppr
reviewed
Mar 26, 2025
Contributor
shwstppr
left a comment
shwstppr
left a comment
There was a problem hiding this comment.
code looks okay, a couple of comments added
shwstppr
reviewed
Apr 8, 2025
Contributor
shwstppr
left a comment
shwstppr
left a comment
There was a problem hiding this comment.
@kevin-lii build is failing. Can you please check?
Contributor
Author
|
Sorry about the delay but should fix the issues with this PR |
14 tasks
kiranchavala
approved these changes
Jun 10, 2025
Member
kiranchavala
left a comment
kiranchavala
left a comment
There was a problem hiding this comment.
LGTM
On Existing release of cmk
- Enabled the global setting "enforce.post.requests.and.timestamps” to true
Getting exception
(test2) 🐱 > create volume name=testvolume4 diskofferingid=6eba93c8-bfc5-45fb-8620-e108b71d1f4a zoneid=932cfb3e-be7e-4d6f-8730-3b0f520c58bf
🙈 Error: (HTTP 400, error code 9999) State changing command createVolume needs to be sent using POST request
After building the cmk based on the pr
-
Build the new cmk after cloning the repo
-
Able to execute the CMK calls without any issue
shwstppr
added a commit
to shwstppr/cloudstack-cloudmonkey
that referenced
this pull request
Aug 26, 2025
PR apache#161 introduced `postrequest` config but there was no way to update that config other than updating the config file. This PR fixes the behaviour. Also adds a log to highlight what HTTP method is used. Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
shwstppr
added a commit
that referenced
this pull request
Aug 26, 2025
PR #161 introduced `postrequest` config but there was no way to update that config other than updating the config file. This PR fixes the behaviour. Also adds a log to highlight what HTTP method is used. Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Currently, CMK only allows for POST requests and this is a security concern since GET requests may leak the values of the query parameters.
Types of changes
[] Breaking change (fix or feature that would cause existing functionality to change)
[] New feature (non-breaking change which adds functionality)
[] Bug fix (non-breaking change which fixes an issue)
[] Enhancement (improves an existing feature and functionality)
[] Cleanup (Code refactoring and cleanup, that may add test cases)
[] build/CI
[] test (unit or integration test code)
[X] Feature/Enhancement Scale
[] Major
[X] Minor
How Has This Been Tested?
This was tested by manually building CMK and using a proxy to confirm that POST requests are being sent by CMK when the configuration value is set.