apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '4.16' into main

Browse Source
This commit is contained in:
Suresh Kumar Anaparti 2022-02-10 10:57:29 +05:30
commit 850714c1fc
No known key found for this signature in database
GPG Key ID: D7CEAE3A9E71D0AA
22 changed files with 159 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/src/main/java/com/cloud/network/vpn/RemoteAccessVpnService.java
View File

@ -43,6 +43,8 @@ public interface RemoteAccessVpnService {
List<? extends VpnUser> listVpnUsers(long vpnOwnerId, String userName); List<? extends VpnUser> listVpnUsers(long vpnOwnerId, String userName);
boolean applyVpnUsers(long vpnOwnerId, String userName, boolean forRemove) throws ResourceUnavailableException;
boolean applyVpnUsers(long vpnOwnerId, String userName) throws ResourceUnavailableException; boolean applyVpnUsers(long vpnOwnerId, String userName) throws ResourceUnavailableException;
Pair<List<? extends RemoteAccessVpn>, Integer> searchForRemoteAccessVpns(ListRemoteAccessVpnsCmd cmd); Pair<List<? extends RemoteAccessVpn>, Integer> searchForRemoteAccessVpns(ListRemoteAccessVpnsCmd cmd);

5
api/src/main/java/org/apache/cloudstack/api/command/user/ssh/ListSSHKeyPairsCmd.java
View File

@ -40,6 +40,8 @@ public class ListSSHKeyPairsCmd extends BaseListProjectAndAccountResourcesCmd {
///////////////////////////////////////////////////// /////////////////////////////////////////////////////
//////////////// API parameters ///////////////////// //////////////// API parameters /////////////////////
///////////////////////////////////////////////////// /////////////////////////////////////////////////////
@Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = SSHKeyPairResponse.class, description = "the ID of the ssh keypair")
private Long id;
@Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "A key pair name to look for") @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "A key pair name to look for")
private String name; private String name;
@ -50,6 +52,9 @@ public class ListSSHKeyPairsCmd extends BaseListProjectAndAccountResourcesCmd {
///////////////////////////////////////////////////// /////////////////////////////////////////////////////
/////////////////// Accessors /////////////////////// /////////////////// Accessors ///////////////////////
///////////////////////////////////////////////////// /////////////////////////////////////////////////////
public Long getId() {
return id;
}
public String getName() { public String getName() {
return name; return name;

3
api/src/main/java/org/apache/cloudstack/api/command/user/vpn/RemoveVpnUserCmd.java
View File

@ -120,9 +120,8 @@ public class RemoveVpnUserCmd extends BaseAsyncCmd {
} }
boolean appliedVpnUsers = false; boolean appliedVpnUsers = false;
try { try {
appliedVpnUsers = _ravService.applyVpnUsers(ownerId, userName); appliedVpnUsers = _ravService.applyVpnUsers(ownerId, userName, true);
} catch (ResourceUnavailableException ex) { } catch (ResourceUnavailableException ex) {
String errorMessage = String.format("Failed to refresh VPN user=[%s] due to resource unavailable. VPN owner id=[%s].", userName, ownerId); String errorMessage = String.format("Failed to refresh VPN user=[%s] due to resource unavailable. VPN owner id=[%s].", userName, ownerId);
s_logger.error(errorMessage, ex); s_logger.error(errorMessage, ex);

6
api/src/main/java/org/apache/cloudstack/api/response/SSHKeyPairResponse.java
View File

@ -21,8 +21,12 @@ import com.google.gson.annotations.SerializedName;
import org.apache.cloudstack.api.ApiConstants; import org.apache.cloudstack.api.ApiConstants;
import com.cloud.serializer.Param; import com.cloud.serializer.Param;
import org.apache.cloudstack.api.BaseResponseWithAnnotations; import com.cloud.user.SSHKeyPair;
import org.apache.cloudstack.api.BaseResponseWithAnnotations;
import org.apache.cloudstack.api.EntityReference;
@EntityReference(value = SSHKeyPair.class)
public class SSHKeyPairResponse extends BaseResponseWithAnnotations { public class SSHKeyPairResponse extends BaseResponseWithAnnotations {
@SerializedName(ApiConstants.ID) @SerializedName(ApiConstants.ID)

12
client/pom.xml
View File

@ -564,6 +564,11 @@
<artifactId>bcpkix-jdk15on</artifactId> <artifactId>bcpkix-jdk15on</artifactId>
<version>${cs.bcprov.version}</version> <version>${cs.bcprov.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
<version>${cs.bcprov.version}</version>
</dependency>
</dependencies> </dependencies>
<configuration> <configuration>
<supportedPackagings> <supportedPackagings>
@ -751,6 +756,12 @@
<overWrite>false</overWrite> <overWrite>false</overWrite>
<outputDirectory>${project.build.directory}/lib</outputDirectory> <outputDirectory>${project.build.directory}/lib</outputDirectory>
</artifactItem> </artifactItem>
<artifactItem>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
<overWrite>false</overWrite>
<outputDirectory>${project.build.directory}/lib</outputDirectory>
</artifactItem>
</artifactItems> </artifactItems>
</configuration> </configuration>
</execution> </execution>
@ -786,6 +797,7 @@
<exclude>org.apache.geronimo.specs:geronimo-javamail_1.4_spec</exclude> <exclude>org.apache.geronimo.specs:geronimo-javamail_1.4_spec</exclude>
<exclude>org.bouncycastle:bcprov-jdk15on</exclude> <exclude>org.bouncycastle:bcprov-jdk15on</exclude>
<exclude>org.bouncycastle:bcpkix-jdk15on</exclude> <exclude>org.bouncycastle:bcpkix-jdk15on</exclude>
<exclude>org.bouncycastle:bctls-jdk15on</exclude>
<exclude>mysql:mysql-connector-java</exclude> <exclude>mysql:mysql-connector-java</exclude>
</excludes> </excludes>
</artifactSet> </artifactSet>

20
framework/db/src/main/java/com/cloud/utils/db/GenericDaoBase.java
View File

@ -56,6 +56,7 @@ import javax.persistence.Enumerated;
import javax.persistence.Table; import javax.persistence.Table;
import javax.persistence.TableGenerator; import javax.persistence.TableGenerator;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import com.cloud.utils.DateUtil; import com.cloud.utils.DateUtil;
@ -878,7 +879,7 @@ public abstract class GenericDaoBase<T, ID extends Serializable> extends Compone
for (final Field field : clazz.getDeclaredFields()) { for (final Field field : clazz.getDeclaredFields()) {
sql.append(_table).append(".").append(DbUtil.getColumnName(field, overrides)).append(" = ? AND "); sql.append(_table).append(".").append(DbUtil.getColumnName(field, overrides)).append(" = ? AND ");
} }
sql.delete(sql.length() - 4, sql.length()); removeAndClause(sql);
} }
return sql.toString(); return sql.toString();
@ -1262,10 +1263,11 @@ public abstract class GenericDaoBase<T, ID extends Serializable> extends Compone
@DB() @DB()
protected void addJoins(StringBuilder str, Collection<JoinBuilder<SearchCriteria<?>>> joins) { protected void addJoins(StringBuilder str, Collection<JoinBuilder<SearchCriteria<?>>> joins) {
boolean hasWhereClause = true;
int fromIndex = str.lastIndexOf("WHERE"); int fromIndex = str.lastIndexOf("WHERE");
if (fromIndex == -1) { if (fromIndex == -1) {
fromIndex = str.length(); fromIndex = str.length();
str.append(" WHERE "); hasWhereClause = false;
} else { } else {
str.append(" AND "); str.append(" AND ");
} }
@ -1287,13 +1289,19 @@ public abstract class GenericDaoBase<T, ID extends Serializable> extends Compone
.append(" "); .append(" ");
str.insert(fromIndex, onClause); str.insert(fromIndex, onClause);
String whereClause = join.getT().getWhereClause(); String whereClause = join.getT().getWhereClause();
if ((whereClause != null) && !"".equals(whereClause)) { if (StringUtils.isNotEmpty(whereClause)) {
if (!hasWhereClause) {
str.append(" WHERE ");
hasWhereClause = true;
}
str.append(" (").append(whereClause).append(") AND"); str.append(" (").append(whereClause).append(") AND");
} }
fromIndex += onClause.length(); fromIndex += onClause.length();
} }
str.delete(str.length() - 4, str.length()); if (hasWhereClause) {
removeAndClause(str);
}
for (JoinBuilder<SearchCriteria<?>> join : joins) { for (JoinBuilder<SearchCriteria<?>> join : joins) {
if (join.getT().getJoins() != null) { if (join.getT().getJoins() != null) {
@ -1302,6 +1310,10 @@ public abstract class GenericDaoBase<T, ID extends Serializable> extends Compone
} }
} }
private void removeAndClause(StringBuilder sql) {
sql.delete(sql.length() - 4, sql.length());
}
@Override @Override
@DB() @DB()
public List<T> search(final SearchCriteria<T> sc, final Filter filter) { public List<T> search(final SearchCriteria<T> sc, final Filter filter) {

9
plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/DirectVifDriver.java
View File

@ -19,6 +19,7 @@
package com.cloud.hypervisor.kvm.resource; package com.cloud.hypervisor.kvm.resource;
import org.apache.commons.compress.utils.Sets;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libvirt.LibvirtException; import org.libvirt.LibvirtException;
@ -47,12 +48,8 @@ public class DirectVifDriver extends VifDriverBase {
public LibvirtVMDef.InterfaceDef plug(NicTO nic, String guestOsType, String nicAdapter, Map<String, String> extraConfig) throws InternalErrorException, LibvirtException { public LibvirtVMDef.InterfaceDef plug(NicTO nic, String guestOsType, String nicAdapter, Map<String, String> extraConfig) throws InternalErrorException, LibvirtException {
LibvirtVMDef.InterfaceDef intf = new LibvirtVMDef.InterfaceDef(); LibvirtVMDef.InterfaceDef intf = new LibvirtVMDef.InterfaceDef();
if (nic.getType() == Networks.TrafficType.Guest) { if (Sets.newHashSet(Networks.TrafficType.Guest,
Integer networkRateKBps = (nic.getNetworkRateMbps() != null && nic.getNetworkRateMbps().intValue() != -1) ? nic.getNetworkRateMbps().intValue() * 128 : 0; Networks.TrafficType.Public).contains(nic.getType())) {
intf.defDirectNet(_libvirtComputingResource.getNetworkDirectDevice(), null, nic.getMac(), getGuestNicModel(guestOsType, nicAdapter),
_libvirtComputingResource.getNetworkDirectSourceMode(), networkRateKBps);
} else if (nic.getType() == Networks.TrafficType.Public) {
Integer networkRateKBps = (nic.getNetworkRateMbps() != null && nic.getNetworkRateMbps().intValue() != -1) ? nic.getNetworkRateMbps().intValue() * 128 : 0; Integer networkRateKBps = (nic.getNetworkRateMbps() != null && nic.getNetworkRateMbps().intValue() != -1) ? nic.getNetworkRateMbps().intValue() * 128 : 0;
intf.defDirectNet(_libvirtComputingResource.getNetworkDirectDevice(), null, nic.getMac(), getGuestNicModel(guestOsType, nicAdapter), intf.defDirectNet(_libvirtComputingResource.getNetworkDirectDevice(), null, nic.getMac(), getGuestNicModel(guestOsType, nicAdapter),
_libvirtComputingResource.getNetworkDirectSourceMode(), networkRateKBps); _libvirtComputingResource.getNetworkDirectSourceMode(), networkRateKBps);

5
plugins/integrations/kubernetes-service/pom.xml
View File

@ -126,6 +126,11 @@
<artifactId>bcprov-jdk15on</artifactId> <artifactId>bcprov-jdk15on</artifactId>
<version>${cs.bcprov.version}</version> <version>${cs.bcprov.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
<version>${cs.bcprov.version}</version>
</dependency>
<dependency> <dependency>
<groupId>joda-time</groupId> <groupId>joda-time</groupId>
<artifactId>joda-time</artifactId> <artifactId>joda-time</artifactId>

11
pom.xml
View File

@ -123,7 +123,7 @@
<cs.axiom.version>1.2.8</cs.axiom.version> <cs.axiom.version>1.2.8</cs.axiom.version>
<cs.axis.version>1.4</cs.axis.version> <cs.axis.version>1.4</cs.axis.version>
<cs.batik.version>1.14</cs.batik.version> <cs.batik.version>1.14</cs.batik.version>
<cs.bcprov.version>1.64</cs.bcprov.version> <cs.bcprov.version>1.70</cs.bcprov.version>
<cs.cglib.version>3.3.0</cs.cglib.version> <cs.cglib.version>3.3.0</cs.cglib.version>
<cs.checkstyle-lib.version>8.18</cs.checkstyle-lib.version> <cs.checkstyle-lib.version>8.18</cs.checkstyle-lib.version>
<cs.cxf.version>3.2.14</cs.cxf.version> <cs.cxf.version>3.2.14</cs.cxf.version>
@ -145,7 +145,7 @@
<cs.jaxb.version>2.3.0</cs.jaxb.version> <cs.jaxb.version>2.3.0</cs.jaxb.version>
<cs.jaxws.version>2.3.2-1</cs.jaxws.version> <cs.jaxws.version>2.3.2-1</cs.jaxws.version>
<cs.jersey-client.version>2.26</cs.jersey-client.version> <cs.jersey-client.version>2.26</cs.jersey-client.version>
<cs.jetty.version>9.4.36.v20210114</cs.jetty.version> <cs.jetty.version>9.4.44.v20210927</cs.jetty.version>
<cs.jetty-maven-plugin.version>9.4.27.v20200227</cs.jetty-maven-plugin.version> <cs.jetty-maven-plugin.version>9.4.27.v20200227</cs.jetty-maven-plugin.version>
<cs.jna.version>5.5.0</cs.jna.version> <cs.jna.version>5.5.0</cs.jna.version>
<cs.joda-time.version>2.10.9</cs.joda-time.version> <cs.joda-time.version>2.10.9</cs.joda-time.version>
@ -554,6 +554,11 @@
<artifactId>bcprov-jdk15on</artifactId> <artifactId>bcprov-jdk15on</artifactId>
<version>${cs.bcprov.version}</version> <version>${cs.bcprov.version}</version>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
<version>${cs.bcprov.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.codehaus.groovy</groupId> <groupId>org.codehaus.groovy</groupId>
<artifactId>groovy-all</artifactId> <artifactId>groovy-all</artifactId>
@ -664,7 +669,7 @@
<dependency> <dependency>
<groupId>xerces</groupId> <groupId>xerces</groupId>
<artifactId>xercesimpl</artifactId> <artifactId>xercesimpl</artifactId>
<version>2.12.0</version> <version>${cs.xercesImpl.version}</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>xml-apis</groupId> <groupId>xml-apis</groupId>

2
scripts/storage/secondary/setup-sysvm-tmplt
View File

@ -45,6 +45,8 @@ if [[ ! $@ =~ ^\-.+ ]]; then
fi fi
OPTERR=0 OPTERR=0
DISKSPACE=2120000 #free disk space required in kilobytes
while getopts 'h:f:d:u::'# OPTION while getopts 'h:f:d:u::'# OPTION
do do
case $OPTION in case $OPTION in

58
server/src/main/java/com/cloud/network/vpn/RemoteAccessVpnManagerImpl.java
View File

@ -16,16 +16,16 @@
// under the License. // under the License.
package com.cloud.network.vpn; package com.cloud.network.vpn;
import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.stream.Collectors;
import javax.inject.Inject; import javax.inject.Inject;
import javax.naming.ConfigurationException; import javax.naming.ConfigurationException;
import org.apache.log4j.Logger;
import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.acl.SecurityChecker.AccessType;
import org.apache.cloudstack.api.command.user.vpn.ListRemoteAccessVpnsCmd; import org.apache.cloudstack.api.command.user.vpn.ListRemoteAccessVpnsCmd;
import org.apache.cloudstack.api.command.user.vpn.ListVpnUsersCmd; import org.apache.cloudstack.api.command.user.vpn.ListVpnUsersCmd;
@ -33,6 +33,8 @@ import org.apache.cloudstack.context.CallContext;
import org.apache.cloudstack.framework.config.ConfigKey; import org.apache.cloudstack.framework.config.ConfigKey;
import org.apache.cloudstack.framework.config.Configurable; import org.apache.cloudstack.framework.config.Configurable;
import org.apache.cloudstack.framework.config.dao.ConfigurationDao; import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
import org.apache.commons.collections.CollectionUtils;
import org.apache.log4j.Logger;
import com.cloud.configuration.Config; import com.cloud.configuration.Config;
import com.cloud.domain.DomainVO; import com.cloud.domain.DomainVO;
@ -91,9 +93,6 @@ import com.cloud.utils.db.TransactionCallbackWithException;
import com.cloud.utils.db.TransactionStatus; import com.cloud.utils.db.TransactionStatus;
import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.net.NetUtils; import com.cloud.utils.net.NetUtils;
import java.lang.reflect.InvocationTargetException;
import java.util.stream.Collectors;
import org.apache.commons.collections.CollectionUtils;
public class RemoteAccessVpnManagerImpl extends ManagerBase implements RemoteAccessVpnService, Configurable { public class RemoteAccessVpnManagerImpl extends ManagerBase implements RemoteAccessVpnService, Configurable {
private final static Logger s_logger = Logger.getLogger(RemoteAccessVpnManagerImpl.class); private final static Logger s_logger = Logger.getLogger(RemoteAccessVpnManagerImpl.class);
@ -138,6 +137,24 @@ public class RemoteAccessVpnManagerImpl extends ManagerBase implements RemoteAcc
int _pskLength; int _pskLength;
SearchBuilder<RemoteAccessVpnVO> VpnSearch; SearchBuilder<RemoteAccessVpnVO> VpnSearch;
private List<RemoteAccessVpnVO> getValidRemoteAccessVpnForAccount(long accountId) {
List<RemoteAccessVpnVO> vpns = _remoteAccessVpnDao.findByAccount(accountId);
if (CollectionUtils.isNotEmpty(vpns)) {
List<RemoteAccessVpnVO> validVpns = new ArrayList<>();
for (RemoteAccessVpnVO vpn : vpns) {
if (vpn.getNetworkId() != null) {
Network network = _networkMgr.getNetwork(vpn.getNetworkId());
if (!Network.State.Implemented.equals(network.getState())) {
continue;
}
}
validVpns.add(vpn);
}
vpns = validVpns;
}
return vpns;
}
@Override @Override
@DB @DB
public RemoteAccessVpn createRemoteAccessVpn(final long publicIpId, String ipRange, boolean openFirewall, final Boolean forDisplay) throws NetworkRuleConflictException { public RemoteAccessVpn createRemoteAccessVpn(final long publicIpId, String ipRange, boolean openFirewall, final Boolean forDisplay) throws NetworkRuleConflictException {
@ -499,19 +516,36 @@ public class RemoteAccessVpnManagerImpl extends ManagerBase implements RemoteAcc
} }
} }
@DB
private boolean removeVpnUserWithoutRemoteAccessVpn(long vpnOwnerId, String userName) {
VpnUserVO vpnUser = _vpnUsersDao.findByAccountAndUsername(vpnOwnerId, userName);
if (vpnUser == null) {
s_logger.error(String.format("VPN user not found with ownerId: %d and username: %s", vpnOwnerId, userName));
return false;
}
if (!State.Revoke.equals(vpnUser.getState())) {
s_logger.error(String.format("VPN user with ownerId: %d and username: %s is not in revoked state, current state: %s", vpnOwnerId, userName, vpnUser.getState()));
return false;
}
return _vpnUsersDao.remove(vpnUser.getId());
}
@DB @DB
@Override @Override
public boolean applyVpnUsers(long vpnOwnerId, String userName) throws ResourceUnavailableException { public boolean applyVpnUsers(long vpnOwnerId, String userName, boolean forRemove) throws ResourceUnavailableException {
Account caller = CallContext.current().getCallingAccount(); Account caller = CallContext.current().getCallingAccount();
Account owner = _accountDao.findById(vpnOwnerId); Account owner = _accountDao.findById(vpnOwnerId);
_accountMgr.checkAccess(caller, null, true, owner); _accountMgr.checkAccess(caller, null, true, owner);
s_logger.debug(String.format("Applying VPN users for %s.", owner.toString())); s_logger.debug(String.format("Applying VPN users for %s.", owner.toString()));
List<RemoteAccessVpnVO> vpns = _remoteAccessVpnDao.findByAccount(vpnOwnerId); List<RemoteAccessVpnVO> vpns = getValidRemoteAccessVpnForAccount(vpnOwnerId);
if (CollectionUtils.isEmpty(vpns)) { if (CollectionUtils.isEmpty(vpns)) {
s_logger.debug(String.format("Unable to add VPN user due to there are no remote access VPNs configured on %s to apply VPN user.", owner.toString())); if (forRemove) {
return false; return removeVpnUserWithoutRemoteAccessVpn(vpnOwnerId, userName);
}
s_logger.warn(String.format("Unable to apply VPN user due to there are no remote access VPNs configured on %s to apply VPN user.", owner.toString()));
return true;
} }
RemoteAccessVpnVO vpnTemp = null; RemoteAccessVpnVO vpnTemp = null;
@ -597,6 +631,12 @@ public class RemoteAccessVpnManagerImpl extends ManagerBase implements RemoteAcc
return success; return success;
} }
@DB
@Override
public boolean applyVpnUsers(long vpnOwnerId, String userName) throws ResourceUnavailableException {
return applyVpnUsers(vpnOwnerId, userName, false);
}
@Override @Override
public Pair<List<? extends VpnUser>, Integer> searchForVpnUsers(ListVpnUsersCmd cmd) { public Pair<List<? extends VpnUser>, Integer> searchForVpnUsers(ListVpnUsersCmd cmd) {
String username = cmd.getUsername(); String username = cmd.getUsername();

7
server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
View File

@ -17,10 +17,10 @@
package com.cloud.projects; package com.cloud.projects;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Optional; import java.util.Optional;
import java.util.Random;
import java.util.TimeZone; import java.util.TimeZone;
import java.util.UUID; import java.util.UUID;
import java.util.concurrent.Executors; import java.util.concurrent.Executors;
@ -106,6 +106,8 @@ import org.apache.commons.lang3.BooleanUtils;
public class ProjectManagerImpl extends ManagerBase implements ProjectManager, Configurable { public class ProjectManagerImpl extends ManagerBase implements ProjectManager, Configurable {
public static final Logger s_logger = Logger.getLogger(ProjectManagerImpl.class); public static final Logger s_logger = Logger.getLogger(ProjectManagerImpl.class);
private static final SecureRandom secureRandom = new SecureRandom();
@Inject @Inject
private DomainDao _domainDao; private DomainDao _domainDao;
@Inject @Inject
@ -1349,10 +1351,9 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager, C
public static String generateToken(int length) { public static String generateToken(int length) {
String charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; String charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
Random rand = new Random(System.currentTimeMillis());
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
for (int i = 0; i < length; i++) { for (int i = 0; i < length; i++) {
int pos = rand.nextInt(charset.length()); int pos = secureRandom.nextInt(charset.length());
sb.append(charset.charAt(pos)); sb.append(charset.charAt(pos));
} }
return sb.toString(); return sb.toString();

5
server/src/main/java/com/cloud/server/ManagementServerImpl.java
View File

@ -4189,6 +4189,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
@Override @Override
public Pair<List<? extends SSHKeyPair>, Integer> listSSHKeyPairs(final ListSSHKeyPairsCmd cmd) { public Pair<List<? extends SSHKeyPair>, Integer> listSSHKeyPairs(final ListSSHKeyPairsCmd cmd) {
final Long id = cmd.getId();
final String name = cmd.getName(); final String name = cmd.getName();
final String fingerPrint = cmd.getFingerprint(); final String fingerPrint = cmd.getFingerprint();
final String keyword = cmd.getKeyword(); final String keyword = cmd.getKeyword();
@ -4208,6 +4209,10 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
final SearchCriteria<SSHKeyPairVO> sc = sb.create(); final SearchCriteria<SSHKeyPairVO> sc = sb.create();
_accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria); _accountMgr.buildACLSearchCriteria(sc, domainId, isRecursive, permittedAccounts, listProjectResourcesCriteria);
if (id != null) {
sc.addAnd("id", SearchCriteria.Op.EQ, id);
}
if (name != null) { if (name != null) {
sc.addAnd("name", SearchCriteria.Op.EQ, name); sc.addAnd("name", SearchCriteria.Op.EQ, name);
} }

3
server/src/main/java/com/cloud/storage/StorageManagerImpl.java
View File

@ -2819,6 +2819,9 @@ public class StorageManagerImpl extends ManagerBase implements StorageManager, C
Pair<String, Long> storeUrlAndId = new Pair<>(url, store.getId()); Pair<String, Long> storeUrlAndId = new Pair<>(url, store.getId());
for (HypervisorType hypervisorType : hypSet) { for (HypervisorType hypervisorType : hypSet) {
try { try {
if (HypervisorType.Simulator == hypervisorType) {
continue;
}
String templateName = getValidTemplateName(zoneId, hypervisorType); String templateName = getValidTemplateName(zoneId, hypervisorType);
Pair<Hypervisor.HypervisorType, String> hypervisorAndTemplateName = Pair<Hypervisor.HypervisorType, String> hypervisorAndTemplateName =
new Pair<>(hypervisorType, templateName); new Pair<>(hypervisorType, templateName);

23
server/src/main/java/com/cloud/storage/snapshot/SnapshotManagerImpl.java
View File

@ -308,11 +308,12 @@ public class SnapshotManagerImpl extends MutualExclusiveIdsManagerBase implement
} }
} }
DataStoreRole dataStoreRole = getDataStoreRole(snapshot, _snapshotStoreDao, dataStoreMgr); DataStoreRole dataStoreRole = getDataStoreRole(snapshot);
SnapshotInfo snapshotInfo = snapshotFactory.getSnapshot(snapshotId, dataStoreRole); SnapshotInfo snapshotInfo = snapshotFactory.getSnapshot(snapshotId, dataStoreRole);
if (snapshotInfo == null) { if (snapshotInfo == null) {
throw new CloudRuntimeException("snapshot:" + snapshotId + " not exist in data store"); throw new CloudRuntimeException(String.format("snapshot %s [%s] does not exists in data store", snapshot.getName(), snapshot.getUuid()));
} }
SnapshotStrategy snapshotStrategy = _storageStrategyFactory.getSnapshotStrategy(snapshot, SnapshotOperation.REVERT); SnapshotStrategy snapshotStrategy = _storageStrategyFactory.getSnapshotStrategy(snapshot, SnapshotOperation.REVERT);
@ -587,7 +588,7 @@ public class SnapshotManagerImpl extends MutualExclusiveIdsManagerBase implement
return false; return false;
} }
DataStoreRole dataStoreRole = getDataStoreRole(snapshotCheck, _snapshotStoreDao, dataStoreMgr); DataStoreRole dataStoreRole = getDataStoreRole(snapshotCheck);
SnapshotDataStoreVO snapshotStoreRef = _snapshotStoreDao.findBySnapshot(snapshotId, dataStoreRole); SnapshotDataStoreVO snapshotStoreRef = _snapshotStoreDao.findBySnapshot(snapshotId, dataStoreRole);
@ -1238,15 +1239,11 @@ public class SnapshotManagerImpl extends MutualExclusiveIdsManagerBase implement
try { try {
postCreateSnapshot(volume.getId(), snapshotId, payload.getSnapshotPolicyId()); postCreateSnapshot(volume.getId(), snapshotId, payload.getSnapshotPolicyId());
DataStoreRole dataStoreRole = getDataStoreRole(snapshot, _snapshotStoreDao, dataStoreMgr); DataStoreRole dataStoreRole = getDataStoreRole(snapshot);
SnapshotDataStoreVO snapshotStoreRef = _snapshotStoreDao.findBySnapshot(snapshotId, dataStoreRole); SnapshotDataStoreVO snapshotStoreRef = _snapshotStoreDao.findBySnapshot(snapshotId, dataStoreRole);
if (snapshotStoreRef == null) { if (snapshotStoreRef == null) {
// The snapshot was not backed up to secondary. Find the snap on primary throw new CloudRuntimeException(String.format("Could not find snapshot %s [%s] on [%s]", snapshot.getName(), snapshot.getUuid(), snapshot.getLocationType()));
snapshotStoreRef = _snapshotStoreDao.findBySnapshot(snapshotId, DataStoreRole.Primary);
if (snapshotStoreRef == null) {
throw new CloudRuntimeException("Could not find snapshot");
}
} }
UsageEventUtils.publishUsageEvent(EventTypes.EVENT_SNAPSHOT_CREATE, snapshot.getAccountId(), snapshot.getDataCenterId(), snapshotId, snapshot.getName(), null, null, UsageEventUtils.publishUsageEvent(EventTypes.EVENT_SNAPSHOT_CREATE, snapshot.getAccountId(), snapshot.getDataCenterId(), snapshotId, snapshot.getName(), null, null,
snapshotStoreRef.getPhysicalSize(), volume.getSize(), snapshot.getClass().getName(), snapshot.getUuid()); snapshotStoreRef.getPhysicalSize(), volume.getSize(), snapshot.getClass().getName(), snapshot.getUuid());
@ -1332,8 +1329,8 @@ public class SnapshotManagerImpl extends MutualExclusiveIdsManagerBase implement
} }
} }
private DataStoreRole getDataStoreRole(Snapshot snapshot, SnapshotDataStoreDao snapshotStoreDao, DataStoreManager dataStoreMgr) { private DataStoreRole getDataStoreRole(Snapshot snapshot) {
SnapshotDataStoreVO snapshotStore = snapshotStoreDao.findBySnapshot(snapshot.getId(), DataStoreRole.Primary); SnapshotDataStoreVO snapshotStore = _snapshotStoreDao.findBySnapshot(snapshot.getId(), DataStoreRole.Primary);
if (snapshotStore == null) { if (snapshotStore == null) {
return DataStoreRole.Image; return DataStoreRole.Image;
@ -1346,7 +1343,7 @@ public class SnapshotManagerImpl extends MutualExclusiveIdsManagerBase implement
if (mapCapabilities != null) { if (mapCapabilities != null) {
String value = mapCapabilities.get(DataStoreCapabilities.STORAGE_SYSTEM_SNAPSHOT.toString()); String value = mapCapabilities.get(DataStoreCapabilities.STORAGE_SYSTEM_SNAPSHOT.toString());
Boolean supportsStorageSystemSnapshots = new Boolean(value); Boolean supportsStorageSystemSnapshots = Boolean.valueOf(value);
if (supportsStorageSystemSnapshots) { if (supportsStorageSystemSnapshots) {
return DataStoreRole.Primary; return DataStoreRole.Primary;
@ -1354,7 +1351,7 @@ public class SnapshotManagerImpl extends MutualExclusiveIdsManagerBase implement
} }
StoragePoolVO storagePoolVO = _storagePoolDao.findById(storagePoolId); StoragePoolVO storagePoolVO = _storagePoolDao.findById(storagePoolId);
if ((storagePoolVO.getPoolType() == StoragePoolType.RBD || storagePoolVO.getPoolType() == StoragePoolType.PowerFlex) && !BackupSnapshotAfterTakingSnapshot.value()) { if (storagePoolVO.getPoolType() == StoragePoolType.RBD) {
return DataStoreRole.Primary; return DataStoreRole.Primary;
} }

4
services/console-proxy/rdpconsole/pom.xml
View File

@ -48,6 +48,10 @@
<groupId>org.bouncycastle</groupId> <groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId> <artifactId>bcprov-jdk15on</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
</dependency>
<dependency> <dependency>
<groupId>com.sun.xml.security</groupId> <groupId>com.sun.xml.security</groupId>
<artifactId>xml-security-impl</artifactId> <artifactId>xml-security-impl</artifactId>

21
services/console-proxy/rdpconsole/src/main/java/streamer/bco/BcoSocketWrapperImpl.java
View File

@ -17,12 +17,13 @@
package streamer.bco; package streamer.bco;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.ServerOnlyTlsAuthentication;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsClientProtocol;
import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.tls.DefaultTlsClient;
import org.bouncycastle.tls.ServerOnlyTlsAuthentication;
import org.bouncycastle.tls.TlsAuthentication;
import org.bouncycastle.tls.TlsClientProtocol;
import org.bouncycastle.tls.TlsServerCertificate;
import org.bouncycastle.tls.crypto.impl.bc.BcTlsCrypto;
import streamer.Direction; import streamer.Direction;
import streamer.Event; import streamer.Event;
import streamer.SocketWrapperImpl; import streamer.SocketWrapperImpl;
@ -60,18 +61,18 @@ public class BcoSocketWrapperImpl extends SocketWrapperImpl {
try { try {
SecureRandom secureRandom = new SecureRandom(); bcoSslSocket = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream());
bcoSslSocket = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), secureRandom);
bcoSslSocket.connect(new DefaultTlsClient() { bcoSslSocket.connect(new DefaultTlsClient(new BcTlsCrypto(new SecureRandom())) {
@Override @Override
public TlsAuthentication getAuthentication() throws IOException { public TlsAuthentication getAuthentication() throws IOException {
return new ServerOnlyTlsAuthentication() { return new ServerOnlyTlsAuthentication() {
@Override @Override
public void notifyServerCertificate(final Certificate certificate) throws IOException { public void notifyServerCertificate(final TlsServerCertificate certificate) throws IOException {
try { try {
if (sslState != null) { if (sslState != null) {
sslState.serverCertificateSubjectPublicKeyInfo = certificate.getCertificateAt(0).getSubjectPublicKeyInfo().getEncoded(); sslState.serverCertificateSubjectPublicKeyInfo =
certificate.getCertificate().getCertificateAt(0).getEncoded();
} }
} catch (IOException e) { } catch (IOException e) {
throw new RuntimeException("Cannot get server public key.", e); throw new RuntimeException("Cannot get server public key.", e);

4
test/integration/smoke/test_kubernetes_supported_versions.py
View File

@ -94,7 +94,9 @@ class TestKubernetesSupportedVersion(cloudstackTestCase):
#Waits for management to come up in 5 mins, when it's up it will continue #Waits for management to come up in 5 mins, when it's up it will continue
timeout = time.time() + 300 timeout = time.time() + 300
while time.time() < timeout: while time.time() < timeout:
if cls.isManagementUp() is True: return if cls.isManagementUp() is True:
time.sleep(30)
return
time.sleep(5) time.sleep(5)
return cls.fail("Management server did not come up, failing") return cls.fail("Management server did not come up, failing")

2
ui/src/components/view/InfoCard.vue
View File

@ -605,7 +605,7 @@
<div v-for="item in $route.meta.related" :key="item.path"> <div v-for="item in $route.meta.related" :key="item.path">
<router-link <router-link
v-if="$router.resolve('/' + item.name).route.name !== '404'" v-if="$router.resolve('/' + item.name).route.name !== '404'"
:to="{ path: '/' + item.name + '?' + item.param + '=' + (item.value ? resource[item.value] : item.param === 'account' ? resource.name + '&domainid=' + resource.domainid : resource.id) }"> :to="{ path: '/' + item.name + '?' + item.param + '=' + (item.value ? resource[item.value] : item.param === 'account' ? resource.name + '&domainid=' + resource.domainid : item.param === 'keypair' ? resource.name : resource.id) }">
<a-button style="margin-right: 10px" :icon="$router.resolve('/' + item.name).route.meta.icon" > <a-button style="margin-right: 10px" :icon="$router.resolve('/' + item.name).route.meta.icon" >
{{ $t('label.view') + ' ' + $t(item.title) }} {{ $t('label.view') + ' ' + $t(item.title) }}
</a-button> </a-button>

1
ui/src/views/network/CreateIsolatedNetworkForm.vue
View File

@ -344,7 +344,6 @@ export default {
var params = { var params = {
zoneid: this.selectedZone.id, zoneid: this.selectedZone.id,
guestiptype: 'Isolated', guestiptype: 'Isolated',
supportedServices: 'SourceNat',
state: 'Enabled' state: 'Enabled'
} }
if (isAdminOrDomainAdmin() && this.selectedDomain.id !== '-1') { // domain is visible only for admins if (isAdminOrDomainAdmin() && this.selectedDomain.id !== '-1') { // domain is visible only for admins

9
ui/src/views/network/CreateNetwork.vue
View File

@ -17,7 +17,7 @@
<template> <template>
<a-spin :spinning="loading" class="form-layout"> <a-spin :spinning="loading" class="form-layout">
<a-tabs defaultActiveKey="1" :animated="false" v-if="!loading"> <a-tabs :default-active-key="defaultNetworkTypeTabKey" :animated="false" v-if="!loading">
<a-tab-pane :tab="$t('label.isolated')" key="1" v-if="isAdvancedZoneWithoutSGAvailable"> <a-tab-pane :tab="$t('label.isolated')" key="1" v-if="isAdvancedZoneWithoutSGAvailable">
<CreateIsolatedNetworkForm <CreateIsolatedNetworkForm
:loading="loading" :loading="loading"
@ -68,7 +68,7 @@ export default {
}, },
data () { data () {
return { return {
isAdvancedZoneWithoutSGAvailable: true, isAdvancedZoneWithoutSGAvailable: false,
defaultNetworkTypeTabKey: '1', defaultNetworkTypeTabKey: '1',
loading: false, loading: false,
actionZones: [], actionZones: [],
@ -79,14 +79,17 @@ export default {
const promises = [] const promises = []
promises.push(this.fetchActionZoneData()) promises.push(this.fetchActionZoneData())
Promise.all(promises).then(() => { Promise.all(promises).then(() => {
this.isAdvancedZoneWithoutSGAvailable = false
this.defaultNetworkTypeTabKey = '2'
for (const i in this.actionZones) { for (const i in this.actionZones) {
const zone = this.actionZones[i] const zone = this.actionZones[i]
if (zone.networktype === 'Advanced' && zone.securitygroupsenabled !== true) { if (zone.networktype === 'Advanced' && zone.securitygroupsenabled !== true) {
this.isAdvancedZoneWithoutSGAvailable = true this.isAdvancedZoneWithoutSGAvailable = true
this.defaultNetworkTypeTabKey = '1'
return return
} }
} }
this.isAdvancedZoneWithoutSGAvailable = false
}) })
}, },
methods: { methods: {

4
utils/pom.xml
View File

@ -70,6 +70,10 @@
<groupId>org.bouncycastle</groupId> <groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId> <artifactId>bcpkix-jdk15on</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bctls-jdk15on</artifactId>
</dependency>
<dependency> <dependency>
<groupId>com.jcraft</groupId> <groupId>com.jcraft</groupId>
<artifactId>jsch</artifactId> <artifactId>jsch</artifactId>