From 401d3cdc9e2c2b0b5c6df2e72f2850cb458e5549 Mon Sep 17 00:00:00 2001
From: Julian Brost <julian.brost@icinga.com>
Date: Mon, 5 Jul 2021 15:09:54 +0200
Subject: [PATCH] Remove passwords from API

IdoMysqlConnection, IdoPgsqlConnection, IcingaDB, and ElasticsearchWriter
require passwords in their configuration to authenticate against external
services. This commit ensures that these can no longer be accessed using the
API.
---
 lib/db_ido_mysql/idomysqlconnection.ti | 2 +-
 lib/db_ido_pgsql/idopgsqlconnection.ti | 2 +-
 lib/icingadb/icingadb.ti               | 2 +-
 lib/perfdata/elasticsearchwriter.ti    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/db_ido_mysql/idomysqlconnection.ti b/lib/db_ido_mysql/idomysqlconnection.ti
index ad5139703..681148fb3 100644
--- a/lib/db_ido_mysql/idomysqlconnection.ti
+++ b/lib/db_ido_mysql/idomysqlconnection.ti
@@ -21,7 +21,7 @@ class IdoMysqlConnection : DbConnection
 	[config] String user {
 		default {{{ return "icinga"; }}}
 	};
-	[config] String password {
+	[config, no_user_view, no_user_modify] String password {
 		default {{{ return "icinga"; }}}
 	};
 	[config] String database {
diff --git a/lib/db_ido_pgsql/idopgsqlconnection.ti b/lib/db_ido_pgsql/idopgsqlconnection.ti
index 90ca84ecd..bc4deffd6 100644
--- a/lib/db_ido_pgsql/idopgsqlconnection.ti
+++ b/lib/db_ido_pgsql/idopgsqlconnection.ti
@@ -20,7 +20,7 @@ class IdoPgsqlConnection : DbConnection
 	[config] String user {
 		default {{{ return "icinga"; }}}
 	};
-	[config] String password {
+	[config, no_user_view, no_user_modify] String password {
 		default {{{ return "icinga"; }}}
 	};
 	[config] String database {
diff --git a/lib/icingadb/icingadb.ti b/lib/icingadb/icingadb.ti
index f6e593a9a..ebc69e8a6 100644
--- a/lib/icingadb/icingadb.ti
+++ b/lib/icingadb/icingadb.ti
@@ -18,7 +18,7 @@ class IcingaDB : ConfigObject
 		default {{{ return 6380; }}}
 	};
 	[config] String path;
-	[config] String password;
+	[config, no_user_view, no_user_modify] String password;
 	[config] int db_index;
 };
 
diff --git a/lib/perfdata/elasticsearchwriter.ti b/lib/perfdata/elasticsearchwriter.ti
index 87a7ea321..a072220de 100644
--- a/lib/perfdata/elasticsearchwriter.ti
+++ b/lib/perfdata/elasticsearchwriter.ti
@@ -24,7 +24,7 @@ class ElasticsearchWriter : ConfigObject
 		default {{{ return false; }}}
 	};
 	[config] String username;
-	[config] String password;
+	[config, no_user_view, no_user_modify] String password;
 
 	[config] bool enable_tls {
 		default {{{ return false; }}}