* Mark VMs in error state when expunge fails during destroy operation
* fetch volume by external id (used by external plugins)
* review comments
* Update reorder hosts log to DEBUG, log line is too verbose to have on as INFO
* Add support to clone existing offerings and update them
* add support for vpc & backup offerings to be cloned
* fix capability list and mapping of params
* Add support to clone network and vpc offering with the right parameters
* make fields non mandatory for clone offerings APIs
* Add UI support for cloning Compute and System Service offerings
* remove unnecessary changes
* fix license and pre-ccommit issues
* Add UI support to clone disk and network offering
* vpc & backup offering clone api
* add unit tests
* fix pre-commit checks
* increase test coverage
* combine add/clone disk/compute offering forms
* update license
* fix unit tests
* fix test failures
* fix test failure - unnecessary stubbings
* pre-commit check failure
* add recently added domain id for bkp offering to be inherited in clone operation
* extract common code wrt service capability in network & vpc offering in add/clone operations
* add some checks to prevent networkmode change when provider is nsx/netris from the source networkmode
* address copilot comments
* address comments
* combine check
* use appropriate zoneId during clone bkp offering
* add check
* fix issue with test
* remove unused imports
* prevent creating a bkp offering of a bkp repo that already exists
* extend clone disk and service offerings to domain admins
* 4.22:
Fix issue when restoring backup after migration of volume (#12549)
Usage: Heartbeat should not schedule usage job when a job is already running (#12616)
Allow limit queries without random ordering (#12598)
engine/schema: fix cluster/zone settings with encrypted values (#12626)
Fix injection of preset variables into the JS interpreter (#12515)
Fix issue with multiple KVM Host entries in host table (#12589)
Add a Prometheus metric to track host certificate expiry (#12613)
ssvm: delete temp directory while deleting entity download url (#12562)
* API modifications for passwordchangerequired
* ui login flow for passwordchangerequired
* add passwordchangerequired in listUsers API response, it will be used in UI to render reset password form
* cleanup redundant LOGIN_SOURCE and limiting apis for first time login
* address copilot comments
* allow enforcing password change for all role types and update reset pwd flow for passwordchangerequired
* address review comments
* add unit tests
* cleanup ispasswordchangerequired from user_view
* address review comments
* 1. Allow enforcing password change while creating user
2. Admin can enforce password change on next login with out resetting password
* address review comment, add unit test
* improve code coverage
* fix pre-commit license issue
* 1. allow enter key to submit change password form
2. hide force password reset for disabled/locked user in ui
* 1. throw exception when force reset password is done for locked/disabled user/account
2. ui validation on current and new password being same
3. allow enforce change password for add user until saml is not enabled
* allow oauth login to skip force password change
* api,server: allow configuring repetitive alerts
Fixes#6613
Introduces support for configuring additional alert types that can be published repeatedly, beyond the default set.
Operators can now use the dynamic configuration `alert.allowed.repetitive.types` to specify a comma-separated list of alert type names that should be allowed for repetitive publication.
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* add tests
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* fix
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* test fix
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* allow repetition for custom alerts
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* remove refactoring
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
---------
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
* use findByIdIncludingRemoved for volume retrieval in snapshot policy validation
* add unit tests
* add cleanup for orphan snapshot policies
* delete snapshot policies when expunging volumes
* update orphan cleanup to remove policies for volumes that are in expunged state or null
---------
Co-authored-by: Daman Arora <daman.arora@shapeblue.com>
* 4.22:
fix install path for systemvm templates when introducing new sec storage (#11605)
fix Sensitive Data Exposure Through Exception Logging in OVM Hypervis… (#12032)
Fix snapshot physical size after migration (#12166)
ConfigDrive: use file absolute path instead of canonical path to create ISO (#11623)
Add log for null templateVO (#12406)
snapshot: fix listSnapshots for volume which got delete and whose storage pool got deleted (#12433)
Notify user if template upgrade is not required (#12483)
Fix: proper permissions for systemvm template registrations on hardened systems (#12098)
Allow modification of user vm details if user.vm.readonly.details is empty (#10456)
NPE fix while deleting storage pool when pool has detached volumes (#12451)
* NPE fix while deleting storage pool when pool has detached volumes
* review
* unit tests
* Added log for volumes not attached to any VMs
* update filter, log and test
* updated volume dao method names returning non destroyed volumes
* build fix
---------
Co-authored-by: dahn <daan@onecht.net>
* Add support for dedicating backup offerings to domains
* Add tests and UI support and update response params
* add license header
* exclude backupofferingdetailsvo from sonar
* fix pre-commit checks - missing / extra EOF line
* add test
* EOF
* filter backup offerings by domain id
* add unit tests
* add more unit tests and remove response file from code coverage check
* update checks
* address review comments: extract common code, fix tests
* added bean definition
* address comments
* add unit tests to increase coverage
* pre-commit check failure fix
* address merge issue
* allow updating backup offering when only domain id is modified
This PR introduces several configuration settings using which an operator can mark certain cryptographic algorithms and parameters as excluded or obsolete for VPN Customer Gateway creation for Site-to-Site VPN.
Cloud providers following modern security frameworks (e.g., ISO 27001/27017) are required to enforce and communicate approved cryptographic standards. CloudStack currently accepts several weak or deprecated algorithms without guidance to users. This PR closes that gap by giving operators explicit control over what is disallowed vs discouraged, improving security posture without breaking existing deployments.
These settings are:
1. vpn.customer.gateway.excluded.encryption.algorithms
2. vpn.customer.gateway.excluded.hashing.algorithms
3. vpn.customer.gateway.excluded.ike.versions
4. vpn.customer.gateway.excluded.dh.group
5. vpn.customer.gateway.obsolete.encryption.algorithms
6. vpn.customer.gateway.obsolete.hashing.algorithms
7. vpn.customer.gateway.obsolete.ike.versions
8. vpn.customer.gateway.obsolete.dh.group
Suresh Kumar Anaparti
Nicolas Vazquez
Pearl Dsilva
Klaus de Freitas Dornsbach
dahn
Daan Hoogland
Manoj Kumar
Abhisar Sinha
Wei Zhou
Abhishek Kumar
Bernardo De Marco Gonçalves
Daman Arora
Erik Böck
Fabricio Duarte