apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 11:52:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge release branch 4.11 to master

Browse Source 
* 4.11:
  comment on unencryption
  ui: fix create VPC dialog box failure when zone is SG enabled (#2704)
  CLOUDSTACK-10381: Fix password reset / reset ssh key with ConfigDrive
  isisnot=
  extra message
  debug message
  imports
  update without decrypt doesn't work
  set unsensitive attributes as not 'Secure'
  remove old config artifacts from update path
This commit is contained in:
Daan Hoogland 2018-06-12 07:41:09 +00:00
commit 3ff122d824
5 changed files with 116 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41100to41110.java
View File

@ -19,6 +19,11 @@
package com.cloud.upgrade.dao;
import com.cloud.hypervisor.Hypervisor;
import com.cloud.utils.crypt.DBEncryptionUtil;
import com.cloud.utils.exception.CloudRuntimeException;
import org.apache.log4j.Logger;
import java.io.InputStream;
import java.sql.Connection;
import java.sql.PreparedStatement;
@ -29,11 +34,6 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.apache.log4j.Logger;
import com.cloud.hypervisor.Hypervisor;
import com.cloud.utils.exception.CloudRuntimeException;
public class Upgrade41100to41110 implements DbUpgrade {
final static Logger LOG = Logger.getLogger(Upgrade41000to41100.class);
@ -66,6 +66,76 @@ public class Upgrade41100to41110 implements DbUpgrade {
@Override
public void performDataMigration(Connection conn) {
updateSystemVmTemplates(conn);
markUnnecessarySecureConfigsAsUnsecure(conn);
}
private void markUnnecessarySecureConfigsAsUnsecure(Connection conn) {
/*
* the following config items where added as 'Secure' in the past. For some this made sense but for the ones below,
* this makes no sense and is a inconvenience at best. The below method will
** retrieve,
** unencrypt,
** mark as 'Advanced' and then
** store the item
*/
String[] unsecureItems = new String[] {
"ldap.basedn",
"ldap.bind.principal",
"ldap.email.attribute",
"ldap.firstname.attribute",
"ldap.group.object",
"ldap.group.user.uniquemember",
"ldap.lastname.attribute",
"ldap.search.group.principle",
"ldap.truststore",
"ldap.user.object",
"ldap.username.attribute"
};
for (String name : unsecureItems) {
uncrypt(conn, name);
}
}
/**
* if encrypted, decrypt the ldap hostname and port and then update as they are not encrypted now.
*/
private void uncrypt(Connection conn, String name)
{
String value = null;
try (
PreparedStatement prepSelStmt = conn.prepareStatement("SELECT conf.category,conf.value FROM `cloud`.`configuration` conf WHERE conf.name= ?");
) {
prepSelStmt.setString(1,name);
try (
ResultSet resultSet = prepSelStmt.executeQuery();
) {
if (LOG.isInfoEnabled()) {
LOG.info("updating setting '" + name + "'");
}
if (resultSet.next()) {
if ("Secure".equals(resultSet.getString(1))) {
value = DBEncryptionUtil.decrypt(resultSet.getString(2));
try (
PreparedStatement prepUpdStmt= conn.prepareStatement("UPDATE `cloud`.`configuration` SET category = 'Advanced', value = ? WHERE name = ?" );
) {
prepUpdStmt.setString(1, value);
prepUpdStmt.setString(2, name);
prepUpdStmt.execute();
} catch (SQLException e) {
if (LOG.isInfoEnabled()) {
LOG.info("failed to update configuration item '" + name + "' with value '" + value + "'");
if (LOG.isDebugEnabled()) {
LOG.debug("no update because ", e);
}
}
}
}
}
}
} catch (SQLException e) {
throw new CloudRuntimeException("failed to update configuration item '" + name + "' with value '" + value + "'", e);
}
}
@SuppressWarnings("serial")

74
engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade421to430.java
View File

@ -23,9 +23,7 @@ import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Types;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import com.cloud.utils.crypt.DBEncryptionUtil;
@ -62,7 +60,6 @@ public class Upgrade421to430 implements DbUpgrade {
@Override
public void performDataMigration(Connection conn) {
encryptLdapConfigParams(conn);
encryptImageStoreDetails(conn);
upgradeMemoryOfSsvmOffering(conn);
}
@ -94,77 +91,6 @@ public class Upgrade421to430 implements DbUpgrade {
s_logger.debug("Done upgrading RAM for service offering of Secondary Storage VM to " + newRamSize);
}
private void encryptLdapConfigParams(Connection conn) {
String[][] ldapParams = { {"ldap.user.object", "inetOrgPerson", "Sets the object type of users within LDAP"},
{"ldap.username.attribute", "uid", "Sets the username attribute used within LDAP"}, {"ldap.email.attribute", "mail", "Sets the email attribute used within LDAP"},
{"ldap.firstname.attribute", "givenname", "Sets the firstname attribute used within LDAP"},
{"ldap.lastname.attribute", "sn", "Sets the lastname attribute used within LDAP"},
{"ldap.group.object", "groupOfUniqueNames", "Sets the object type of groups within LDAP"},
{"ldap.group.user.uniquemember", "uniquemember", "Sets the attribute for uniquemembers within a group"}};
String insertSql = "INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description) VALUES ('Secure', 'DEFAULT', 'management-server', ?, ?, "
+ "?) ON DUPLICATE KEY UPDATE category='Secure';";
try (PreparedStatement pstmt_insert_ldap_parameters = conn.prepareStatement(insertSql);){
for (String[] ldapParam : ldapParams) {
String name = ldapParam[0];
String value = ldapParam[1];
String desc = ldapParam[2];
String encryptedValue = DBEncryptionUtil.encrypt(value);
pstmt_insert_ldap_parameters.setString(1, name);
pstmt_insert_ldap_parameters.setBytes(2, encryptedValue.getBytes("UTF-8"));
pstmt_insert_ldap_parameters.setString(3, desc);
pstmt_insert_ldap_parameters.executeUpdate();
}
/**
* if encrypted, decrypt the ldap hostname and port and then update as they are not encrypted now.
*/
try (
PreparedStatement pstmt_ldap_hostname = conn.prepareStatement("SELECT conf.value FROM `cloud`.`configuration` conf WHERE conf.name='ldap.hostname'");
ResultSet resultSet_ldap_hostname = pstmt_ldap_hostname.executeQuery();
) {
String hostname = null;
String port;
int portNumber = 0;
if (resultSet_ldap_hostname.next()) {
hostname = DBEncryptionUtil.decrypt(resultSet_ldap_hostname.getString(1));
}
try (
PreparedStatement pstmt_ldap_port = conn.prepareStatement("SELECT conf.value FROM `cloud`.`configuration` conf WHERE conf.name='ldap.port'");
ResultSet resultSet_ldap_port = pstmt_ldap_port.executeQuery();
) {
if (resultSet_ldap_port.next()) {
port = DBEncryptionUtil.decrypt(resultSet_ldap_port.getString(1));
if (StringUtils.isNotBlank(port)) {
portNumber = Integer.parseInt(port);
}
}
if (StringUtils.isNotBlank(hostname)) {
try (PreparedStatement pstmt_insert_ldap_hostname_port = conn.prepareStatement("INSERT INTO `cloud`.`ldap_configuration`(hostname, port) VALUES(?,?)");) {
pstmt_insert_ldap_hostname_port.setString(1, hostname);
if (portNumber != 0) {
pstmt_insert_ldap_hostname_port.setInt(2, portNumber);
} else {
pstmt_insert_ldap_hostname_port.setNull(2, Types.INTEGER);
}
pstmt_insert_ldap_hostname_port.executeUpdate();
}
}
}
}
} catch (SQLException e) {
throw new CloudRuntimeException("Unable to insert ldap configuration values ", e);
} catch (UnsupportedEncodingException e) {
throw new CloudRuntimeException("Unable to insert ldap configuration values ", e);
}
s_logger.debug("Done encrypting ldap Config values");
}
private void encryptImageStoreDetails(Connection conn) {
s_logger.debug("Encrypting image store details");
try (

6
plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapConfiguration.java
View File

@ -88,7 +88,7 @@ public class LdapConfiguration implements Configurable{
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapBindPassword = new ConfigKey<String>(
"Advanced",
"Secure",
String.class,
"ldap.bind.password",
null,
@ -96,7 +96,7 @@ public class LdapConfiguration implements Configurable{
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapBindPrincipal = new ConfigKey<String>(
"Advanced",
"Secure",
String.class,
"ldap.bind.principal",
null,
@ -176,7 +176,7 @@ public class LdapConfiguration implements Configurable{
true,
ConfigKey.Scope.Domain);
private static final ConfigKey<String> ldapTrustStorePassword = new ConfigKey<String>(
"Advanced",
"Secure",
String.class,
"ldap.truststore.password",
null,

33
server/src/main/java/com/cloud/network/element/ConfigDriveNetworkElement.java
View File

@ -63,6 +63,7 @@ import com.cloud.storage.dao.GuestOSCategoryDao;
import com.cloud.storage.dao.GuestOSDao;
import com.cloud.storage.dao.VolumeDao;
import com.cloud.utils.component.AdapterBase;
import com.cloud.utils.crypt.DBEncryptionUtil;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.fsm.StateListener;
import com.cloud.utils.fsm.StateMachine2;
@ -212,7 +213,14 @@ public class ConfigDriveNetworkElement extends AdapterBase implements NetworkEle
if (vm != null && vm.getVirtualMachine().getState().equals(VirtualMachine.State.Running)) {
throw new CloudRuntimeException("VM should to stopped to reset password");
}
return canHandle(network.getTrafficType());
final boolean canHandle = canHandle(network.getTrafficType());
if (canHandle) {
storePasswordInVmDetails(vm);
}
return canHandle;
}
@Override
@ -223,7 +231,14 @@ public class ConfigDriveNetworkElement extends AdapterBase implements NetworkEle
if (vm != null && vm.getVirtualMachine().getState().equals(VirtualMachine.State.Running)) {
throw new CloudRuntimeException("VM should to stopped to reset password");
}
return canHandle(network.getTrafficType());
final boolean canHandle = canHandle(network.getTrafficType());
if (canHandle) {
storePasswordInVmDetails(vm);
}
return canHandle;
}
@Override
@ -237,6 +252,20 @@ public class ConfigDriveNetworkElement extends AdapterBase implements NetworkEle
return canHandle(network.getTrafficType());
}
/**
* Store password in vm details so it can be picked up during VM start.
*/
private void storePasswordInVmDetails(VirtualMachineProfile vm) {
final String password = (String) vm.getParameter(VirtualMachineProfile.Param.VmPassword);
final String password_encrypted = DBEncryptionUtil.encrypt(password);
final UserVmVO userVmVO = _userVmDao.findById(vm.getId());
_userVmDetailsDao.addDetail(vm.getId(), "password", password_encrypted, false);
userVmVO.setUpdateParameters(true);
_userVmDao.update(userVmVO.getId(), userVmVO);
}
@Override
public boolean verifyServicesCombination(Set<Service> services) {
return true;

11
ui/scripts/network.js
View File

@ -5199,10 +5199,13 @@
}
};
nuageDomainTemplateHandler(null, advZones[0].id);
args.$select.bind('click', nuageDomainTemplateHandler); //bind on both events click, change, change event of dropdown.
args.$select.bind('change', nuageDomainTemplateHandler);
args.$form.find("[rel=nuageusedomaintemplate]").find("input").attr('checked', false);
if (advZones && advZones.length > 0) {
nuageDomainTemplateHandler(null, advZones[0].id);
args.$select.bind('click', nuageDomainTemplateHandler); //bind on both events click, change, change event of dropdown.
args.$select.bind('change', nuageDomainTemplateHandler);
args.$form.find("[rel=nuageusedomaintemplate]").find("input").attr('checked', false);
}
args.response.success({
data: $.map(advZones, function(zone) {
return {