* Add support to clone existing offerings and update them
* add support for vpc & backup offerings to be cloned
* fix capability list and mapping of params
* Add support to clone network and vpc offering with the right parameters
* make fields non mandatory for clone offerings APIs
* Add UI support for cloning Compute and System Service offerings
* remove unnecessary changes
* fix license and pre-ccommit issues
* Add UI support to clone disk and network offering
* vpc & backup offering clone api
* add unit tests
* fix pre-commit checks
* increase test coverage
* combine add/clone disk/compute offering forms
* update license
* fix unit tests
* fix test failures
* fix test failure - unnecessary stubbings
* pre-commit check failure
* add recently added domain id for bkp offering to be inherited in clone operation
* extract common code wrt service capability in network & vpc offering in add/clone operations
* add some checks to prevent networkmode change when provider is nsx/netris from the source networkmode
* address copilot comments
* address comments
* combine check
* use appropriate zoneId during clone bkp offering
* add check
* fix issue with test
* remove unused imports
* prevent creating a bkp offering of a bkp repo that already exists
* extend clone disk and service offerings to domain admins
* API modifications for passwordchangerequired
* ui login flow for passwordchangerequired
* add passwordchangerequired in listUsers API response, it will be used in UI to render reset password form
* cleanup redundant LOGIN_SOURCE and limiting apis for first time login
* address copilot comments
* allow enforcing password change for all role types and update reset pwd flow for passwordchangerequired
* address review comments
* add unit tests
* cleanup ispasswordchangerequired from user_view
* address review comments
* 1. Allow enforcing password change while creating user
2. Admin can enforce password change on next login with out resetting password
* address review comment, add unit test
* improve code coverage
* fix pre-commit license issue
* 1. allow enter key to submit change password form
2. hide force password reset for disabled/locked user in ui
* 1. throw exception when force reset password is done for locked/disabled user/account
2. ui validation on current and new password being same
3. allow enforce change password for add user until saml is not enabled
* allow oauth login to skip force password change
* Allow copy of templates from secondary storages of other zone when adding a new secondary storage
* Add API param and UI changes on add secondary storage page
* Make copy template across zones non blocking
* Code fixes
* unused imports
* Add copy template flag in zone wizard and remove NFS checks
* Fix UI
* Label fixes
* code optimizations
* code refactoring
* missing changes
* Combine template copy and download into a single asynchronous operation
* unused import and fixed conflicts
* unused code
* update config message
* Fix configuration setting value on add secondary storage page
* Removed unused code
* Update unit tests
* Implement SSVM storage network IP to API response and GUI details tab
* remove network mention from attribute name
* remove network from serialized name
* fix parameter name in the UI
* added auto refresh button for vm metrics
* refactored getStartDate method and fixed auto refresh date period not being update
* switch variables from var to const
This PR introduces several configuration settings using which an operator can mark certain cryptographic algorithms and parameters as excluded or obsolete for VPN Customer Gateway creation for Site-to-Site VPN.
Cloud providers following modern security frameworks (e.g., ISO 27001/27017) are required to enforce and communicate approved cryptographic standards. CloudStack currently accepts several weak or deprecated algorithms without guidance to users. This PR closes that gap by giving operators explicit control over what is disallowed vs discouraged, improving security posture without breaking existing deployments.
These settings are:
1. vpn.customer.gateway.excluded.encryption.algorithms
2. vpn.customer.gateway.excluded.hashing.algorithms
3. vpn.customer.gateway.excluded.ike.versions
4. vpn.customer.gateway.excluded.dh.group
5. vpn.customer.gateway.obsolete.encryption.algorithms
6. vpn.customer.gateway.obsolete.hashing.algorithms
7. vpn.customer.gateway.obsolete.ike.versions
8. vpn.customer.gateway.obsolete.dh.group
* pre-commit: add oxipng a lossless PNG compression optimizer
"Lossless compression is a data compression technique where the original data can be perfectly
reconstructed from the compressed data. In essence, no information is lost during compression
and decompression, making it ideal for situations where data integrity is critical"
https://en.wikipedia.org/wiki/Lossless_compressionhttps://github.com/oxipng/oxipnghttps://github.com/oxipng/oxipng?tab=readme-ov-file#git-integration-via-pre-commit
Ran pre-commit here locally and it compressed the images on first run.
So we have less data for some images with the same quality.
Less data means less to download etc and saves bandwidth.
* Fix up from code review
* Fix import VM tasks pagination
* Fix UI for pagination and proper listing
* Fixes and improvements
* Polish UI
* Restore config.json
* Fix state on parameter description
* Support creation of PV(persistent volumes) in CloudStack projects
* add support for snapshot APIs for project role
* Add support to setup csi driver on k8s cluster creation
* fix deploy script
* update response
* fix table name
* fix linter
* show if csi driver is setup in cluster
* delete pvs whose reclaim policy is delete when cluster is destroyed
* update ref
* move changes to 4.22
* fix variables
* fix eof
Suresh Kumar Anaparti
Nicolas Vazquez
Pearl Dsilva
Daman Arora
GaOrtiga
Manoj Kumar
Daan Hoogland
Imvedansh
Wei Zhou
Abhishek Kumar
Vishesh
Harikrishna
Erik Böck
Vitor Hugo Homem Marzarotto
Abhisar Sinha
dahn
John Bampton