Commit Graph

110 Commits

Author SHA1 Message Date
Fabricio Duarte e335605738 Quota UI rework 2026-06-18 10:07:10 -03:00
Abhishek Kumar a1959f2dc2
backup: veeam kvm integration (#12991)
This PR introduces the initial implementation of Veeam integration support for KVM in CloudStack by adding a UHAPI-compatible server and image server components.

Veeam Backup & Replication interacts with virtualization platforms using its Universal Hypervisor API (UHAPI). To enable backup and restore workflows for CloudStack-managed KVM environments, this change introduces a UHAPI server that exposes CloudStack resources through a UHAPI-compatible interface.

In addition to the control plane APIs, an image server component is introduced to handle the data transfer operations required during backup and restore workflows.


The integration consists of two main components:

1. UHAPI Server (Control Plane) named CloudStack Veeam Control Service

A lightweight UHAPI server runs inside the CloudStack management server and exposes endpoints under:

/ovirt-engine
    - /api - For APIs
    - /sso - For authentication
    - /services/pki-resource - For certificates

This server provides inventory discovery APIs required by Veeam and translates CloudStack resources into the structures expected by UHAPI.

The server:

- exposes infrastructure inventory
- handles authentication and session tokens
- maps CloudStack resources to UHAPI-compatible representations


2. Image Server (Data Plane) named CloudStack Image Service

A separate image server component is introduced to handle backup and restore data transfer operations.

This component:

- serves disk image data during backup
- receives image data during restore operations
- exposes endpoints used by Veeam worker components
- integrates with CloudStack storage to read and write VM disk data

The separation between both these components server ensures that:

- metadata APIs and control operations remain lightweight
- bulk image transfer operations are handled independently

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Abhisar Sinha <63767682+abh1sar@users.noreply.github.com>
Co-authored-by: abh1sar <abhisar.sinha@gmail.com>
Co-authored-by: Wei Zhou <weizhou@apache.org>
2026-06-08 08:47:00 +02:00
Fabricio Duarte 3f6866d70a
Refactor Quota balance (#12961) 2026-05-26 10:36:04 -03:00
Fabricio Duarte 67b849f3ef Merge release branch 4.22 to main
* 4.22:
      VM Deployment using snapshot in new zone (#13178)
      Change exception treatment on incremental snapshot wait (#12665)
      Move checkRoleEscalation outside DB transaction in createAccount (#13044)
      Fix/flasharray delete rename destroy patch conflict (#13049)
      Fix VPC network offerings listing in isolated network creation form (#12645)
      systemvm: accept ipv6 established/related return traffic (#13173)
      update debian change log
      Updating pom.xml version numbers for release 4.22.2.0-SNAPSHOT
      Updating pom.xml version numbers for release 4.22.1.0
      Update suse15 packaging spec, use qemu-ovmf-x86_64 package instead of edk2-ovmf for agent (#13133)
      Change disk-only VM snapshot removal message (#11182)
      Update mysql java connector version to 8.4.0 (matching version for MySQL 8.4) (#12640)
      adaptive: honor user-provided capacityBytes when provider stats are unavailable (#13059)
      Flexibilize public IP selection (#11076)
2026-05-22 10:37:13 -03:00
Davi Torres 3c1f03144f
Add null check for ApiKeyPair in getUserByApiKey (#12938)
Co-authored-by: dahn <daan.hoogland@gmail.com>
Co-authored-by: Bernardo De Marco Gonçalves <bernardomg2004@gmail.com>
2026-05-19 17:29:50 -03:00
Nicolas Vazquez ca4645320e
Move checkRoleEscalation outside DB transaction in createAccount (#13044)
Co-authored-by: Aaron Chung <aaron_chung@apple.com>
2026-05-19 17:23:27 -03:00
Daan Hoogland 82bfa9fb3f Merge branch '4.22' 2026-04-14 14:50:44 +02:00
Manoj Kumar b196e97cc3
Prevent deletion of account and domain if either of them has deleted protected instance (#12901) 2026-04-10 15:51:22 +02:00
julien-vaz 4f93ba888c
Refactor Quota Summary API (#10505)
* Refactor Quota Summary API

* Fixes imports

* Fix QuotaServiceImplTest

* Update plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaSummaryCmd.java

Co-authored-by: Fabricio Duarte <fabricio.duarte.jr@gmail.com>

* Fix QuotaSummaryCmd

* Remove unnecessary imports

* Remove unused createQuotaSummaryResponse declarations

* Remove unnecessary imports

* Update plugins/database/quota/src/main/java/org/apache/cloudstack/api/command/QuotaSummaryCmd.java

Co-authored-by: dahn <daan.hoogland@gmail.com>

* Fix QuotaSummaryCmd

* Fix QuotaResponseBuilderImplTest

* Refactor test

* Fix QuotaSummaryCmd

* Fix projectid behavior

* Simplify QuotaSummary and deprecate listall

* Fix createQuotaSummaryResponse

* Remove unused import

* Apply suggestions + some adjustments

* Remove duplicated check

* Fix checkstyle

* Adjust entity owner

* Remove unused method + fix tests

* Add missing @ACL to some parameters

* Adjust how the parameters behave

* Allow domain admins and users to use keyword

* Address reviews

---------

Co-authored-by: Julien Hervot de Mattos Vaz <julien.vaz@scclouds.com.br>
Co-authored-by: Fabricio Duarte <fabricio.duarte.jr@gmail.com>
Co-authored-by: dahn <daan.hoogland@gmail.com>
2026-03-31 20:29:30 -03:00
Klaus de Freitas Dornsbach 74af9b9875
API key pair restructure (#9504)
Co-authored-by: Bernardo De Marco Gonçalves <bernardomg2004@gmail.com>
2026-03-09 14:20:17 +01:00
Suresh Kumar Anaparti a8bd02f8ba
Merge branch '4.22' 2026-02-26 11:12:20 +05:30
Suresh Kumar Anaparti b74f21b967
Merge branch '4.20' into 4.22 2026-02-26 11:11:41 +05:30
dahn da7ac80dc4
prevent user.uuid from being regenerated on each operation by reading it from the DB (#12632) 2026-02-23 11:12:13 +01:00
Manoj Kumar c79b33c1fb
Allow enforcing password change for a user after reset by admin (root/domain) (#12294)
* API modifications for passwordchangerequired

* ui login flow for passwordchangerequired

* add passwordchangerequired in listUsers API response, it will be used in UI to render reset password form

* cleanup redundant LOGIN_SOURCE and limiting apis for first time login

* address copilot comments

* allow enforcing password change for all role types and update reset pwd flow for passwordchangerequired

* address review comments

* add unit tests

* cleanup ispasswordchangerequired from user_view

* address review comments

* 1. Allow enforcing password change while creating user
2. Admin can enforce password change on next login with out resetting password

* address review comment, add unit test

* improve code coverage

* fix pre-commit license issue

* 1. allow enter key to submit change password form
2. hide force password reset for disabled/locked user in ui

* 1. throw exception when force reset password is done for locked/disabled user/account
2. ui validation on current and new password being same
3. allow enforce change password for add user until saml is not enabled

* allow oauth login to skip force password change
2026-02-16 16:01:42 +05:30
Erik Böck 416568a373
Fix typo in finalyzeAccountId (#11990)
* Fix typo in finalyzeAccountId

* fix tests
2026-01-27 16:17:14 +05:30
Pearl Dsilva 8b2f1f19c2
Support dedicating backup offerings to domains (#12194)
* Add support for dedicating backup offerings to domains

* Add tests and UI support and update response params

* add license header

* exclude backupofferingdetailsvo from sonar

* fix pre-commit checks - missing / extra EOF line

* add test

* EOF

* filter backup offerings by domain id

* add unit tests

* add more unit tests and remove response file from code coverage check

* update checks

* address review comments: extract common code, fix tests

* added bean definition

* address comments

* add unit tests to increase coverage

* pre-commit check failure fix

* address merge issue

* allow updating backup offering when only domain id is modified
2026-01-19 14:21:47 +05:30
Daan Hoogland 55ab7c5589 Merge branch '4.20' into 4.22 2025-12-22 13:23:37 +01:00
vladimirpetrov b394b5ba74
Fix terms, typos and grammar mistakes in the API, error messages, events, etc. (#7857)
This PR aligns the use of terminology, renaming VM / virtual machine references to 'Instance' and also capitalising the terms Templates, Network, Snapshot, User, Account in CloudStack APIs, error and log messages, events, tooltips, etc. Many typos, grammar and spelling mistakes were fixed, also terms like IPv4, VPN, VPC, etc. were properly capitalised. Some error messages were cleaned for better readability. The test cases, expecting some exception strings were adjusted accordingly.

Here is the wiki page, describing the changes in details:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Object+Naming+and+Title+Case+Convention

---------

Co-authored-by: Manoj Kumar <manojkr.itbhu@gmail.com>
Co-authored-by: Harikrishna <harikrishna.patnala@gmail.com>
2025-12-22 15:18:58 +05:30
Wei Zhou 8936e4c535
api:rename RegisterCmd.java => RegisterUserKeyCmd.java (#12259) 2025-12-18 11:53:00 +01:00
Daan Hoogland 7aba434dc4 merge forward 4.20 to 4.22 LTS 2025-12-16 11:19:04 +01:00
Abhishek Kumar e1c48c3adc
server,ui: prevent role change for default accounts (#11761)
* server,ui: prevent role change for default accounts

Fixes #10931

Role for default accounts shouldn't be changed. Appropriate error should be returned by the server and UI should not present option for them.

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>

* Update server/src/main/java/com/cloud/user/AccountManagerImpl.java

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-12-12 13:42:26 +01:00
Daan Hoogland 5f63e8493c Merge branch '4.20' 2025-10-07 15:12:53 +02:00
Wei Zhou c631d6a480
CKS: generate a random UUID as password of CKS user in project (#11639) 2025-10-01 08:47:58 +02:00
Wei Zhou b46e29dc67
Improvement: SSL offloading with Virtual Router (#11468)
* SSL offloading with Virtual Router

* PR11468: fix pre-commit errors

* PR11468: api->getAPI/postAPI in UI

* SSL: add smoke tests for VPC in user project

* PR11468: address Daan's comments

* Fix test/integration/smoke/test_ssl_offloading.py

* SSL: remove ssl certificates when clean up account

* SSL offloading: add unit tests

* SSL offloading: UI fixes part 1

* SSL offloading: UI changes part 2

* SSL offloading: add more unit tests

* SSL offloading: more unit tests 3

* SSL offloading: wrong check

* SSL offloading: more and more unit tests

* SSL offloading: add testUpdateLoadBalancerRule5
2025-09-11 16:37:18 +05:30
Wei Zhou ca0c3530ad
utils: add UuidUtils.nameUUIDFromBytes (#11136)
* utils: add UuidUtils.nameUUIDFromBytes

* Fix PR 13922
2025-09-01 08:10:31 +02:00
Daan Hoogland 0b3959221b Merge branch '4.20' 2025-07-29 16:50:55 +02:00
dahn 4111061d29
list only own zones for resource admin (#11087)
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
2025-07-24 09:26:57 +02:00
Pearl Dsilva 875223c5b4 Merge branch '4.20' of https://github.com/apache/cloudstack 2025-06-11 17:11:41 +05:30
Harikrishna Patnala bef86aff82 Skip verification of privileges on project accounts 2025-05-28 16:13:01 +05:30
Daan Hoogland 650b5ec3da Merge branch '4.20' 2025-05-27 18:18:39 +02:00
Nicolas Vazquez d5fbd07b9f Adding privilege checks on user and account operations
Co-authored-by: Harikrishna <harikrishna.patnala@gmail.com>
2025-05-27 20:08:16 +05:30
Abhishek Kumar 19d6b979af cks: create separate service account in project
A separate service account will be created and added in the project, if
not exist already, when a Kubernetes cluster is deployed in a project.
This account will have a role with limited API access.

Cleanup clusters on owner account cleanup, delete service account
if needed

When the owner account of k8s clusters is deleted, while its node VMs
get expunged, the cluster entry in DB remain present. This fixes the
issue by cleaning up all clusters for the account deleted.

Project k8s service account will be deleted on account cleanup or when
there is no active k8s cluster remaining

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
2025-05-27 20:08:12 +05:30
Suresh Kumar Anaparti 9cf9966dfe Keep same/consistent auth time for valid & invalid users 2025-05-27 20:06:56 +05:30
dahn aa4718a301
Fix merge error: use new method of getting scoped vars (#10751) 2025-04-18 11:20:26 +02:00
Daan Hoogland d7765343ef Merge branch '4.19' into 4.20 2025-04-17 15:40:10 +02:00
Rene Glover f13cf597a2
4.19 fix saml account selector (#10311) 2025-04-14 12:59:43 +02:00
Daan Hoogland 4f3e8e8c5a Merge branch '4.19' into 4.20 2025-02-12 15:00:51 +01:00
Rene Glover 3337f425ff
Primera pure patches & various small fixes (#10132)
Co-authored-by: GLOVER RENE <rg9975@cs419-mgmtserver.rg9975nprd.app.ecp.att.com>
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
2025-02-07 13:19:34 +01:00
Abhishek Kumar ae2ffbe40b Merge remote-tracking branch 'apache/4.19' into 4.20 2025-01-31 16:54:22 +05:30
Bernardo De Marco Gonçalves c70e4e29be
fix npe on account creation (#10274) 2025-01-30 15:52:36 +01:00
Abhishek Kumar b93589b5bd
server: reset 2fa user configuration on incomplete setup (#10247)
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
2025-01-30 15:51:04 +01:00
Daan Hoogland 9f594c9699 Merge branch '4.19' into 4.20 2025-01-20 11:53:32 +01:00
Bernardo De Marco Gonçalves 796bd4f72c
Clean up network permissions on account deletion (#10176) 2025-01-15 17:38:20 +01:00
Vishesh a4224e58cc
Improve logging to include more identifiable information (#9873)
* Improve logging to include more identifiable information for kvm plugin

* Update logging for scaleio plugin

* Improve logging to include more identifiable information for default volume storage plugin

* Improve logging to include more identifiable information for agent managers

* Improve logging to include more identifiable information for Listeners

* Replace ids with objects or uuids


* Improve logging to include more identifiable information for engine

* Improve logging to include more identifiable information for server

* Fixups in engine

* Improve logging to include more identifiable information for plugins

* Improve logging to include more identifiable information for Cmd classes

* Fix toString method for StorageFilterTO.java
2025-01-06 16:42:37 +05:30
Daan Hoogland b7f0aac519 Merge branch '4.19' into 4.20 2024-12-20 14:34:39 +01:00
Abhishek Kumar 8639ba8b01
server: simplify role change validation (#9173)
Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Co-authored-by: dahn <daan.hoogland@gmail.com>
2024-12-14 20:26:32 +01:00
Daan Hoogland 5ee61c226a Merge branch '4.19' into 4.20 2024-12-04 13:04:18 +01:00
Bernardo De Marco Gonçalves 52584d93dc
Prevent password updates for SAML and LDAP users (#9999) 2024-12-04 11:17:27 +01:00
Fabricio Duarte ef1a58d837
Remove user from project before deletion (#10008)
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
2024-12-04 08:06:22 +01:00
Abhisar Sinha d17de834a5
Disable API Key Access for users, accounts and domains (#9741)
* cli changes to update user/account, list by apikeyaccess, domain level setting

* UI changes for updating user/account and searchfilter in listview

* make the api parameters and setting accessible only to root admin

* revert changes to ui/package-lock.json

* minor changes to description strings

* UT for ApiServer and AccountManagerImpl classes

* fix pre-commit failure

* Added a constant for the string System

* UT for searchForUsers and searchForAccounts

* Fix marvin test error

* Update schema to use idempotent add column

* Fix `updateTemplatePermission` when the UI is set to a language other than English (#9766)

* Fix updateTemplatePermission UI in non-english language

* Improve fix

---------

Co-authored-by: Lucas Martins <lucas.martins@scclouds.com.br>

* Added user name uuid to logging

* Add events when api key access is changed via api or config setting

* fix the userid for api key access update event

* Fix ut failure after event logging

* Convert drop down to radio-button in edit user and account

* Add ApiKeyAccess status in User InfoCard for Users if Api key is generated

* Return apiKeyAccess in user and account response only for Root Admin

* fixed noredist build failure

* Show apikeyaccess on the left panel in the user view for root admins as well

* don't show divider if apiKeyAccess is not shown to user

* Fix events generated to set Username, Account and Domain of the caller correctly

* cli changes to update user/account, list by apikeyaccess, domain level setting

* UI changes for updating user/account and searchfilter in listview

* make the api parameters and setting accessible only to root admin

* revert changes to ui/package-lock.json

* minor changes to description strings

* UT for ApiServer and AccountManagerImpl classes

* fix pre-commit failure

* Added a constant for the string System

* UT for searchForUsers and searchForAccounts

* Fix marvin test error

* Update schema to use idempotent add column

* Added user name uuid to logging

* Add events when api key access is changed via api or config setting

* fix the userid for api key access update event

* Fix ut failure after event logging

* Convert drop down to radio-button in edit user and account

* Add ApiKeyAccess status in User InfoCard for Users if Api key is generated

* Return apiKeyAccess in user and account response only for Root Admin

* fixed noredist build failure

* Show apikeyaccess on the left panel in the user view for root admins as well

* don't show divider if apiKeyAccess is not shown to user

* Fix events generated to set Username, Account and Domain of the caller correctly

* Added DB upgrade path from 42000 to 42010

---------

Co-authored-by: Daan Hoogland <daan@onecht.net>
Co-authored-by: Lucas Martins <56271185+lucas-a-martins@users.noreply.github.com>
Co-authored-by: Lucas Martins <lucas.martins@scclouds.com.br>
2024-12-03 12:10:54 +05:30