* API modifications for passwordchangerequired
* ui login flow for passwordchangerequired
* add passwordchangerequired in listUsers API response, it will be used in UI to render reset password form
* cleanup redundant LOGIN_SOURCE and limiting apis for first time login
* address copilot comments
* allow enforcing password change for all role types and update reset pwd flow for passwordchangerequired
* address review comments
* add unit tests
* cleanup ispasswordchangerequired from user_view
* address review comments
* 1. Allow enforcing password change while creating user
2. Admin can enforce password change on next login with out resetting password
* address review comment, add unit test
* improve code coverage
* fix pre-commit license issue
* 1. allow enter key to submit change password form
2. hide force password reset for disabled/locked user in ui
* 1. throw exception when force reset password is done for locked/disabled user/account
2. ui validation on current and new password being same
3. allow enforce change password for add user until saml is not enabled
* allow oauth login to skip force password change
* Allow copy of templates from secondary storages of other zone when adding a new secondary storage
* Add API param and UI changes on add secondary storage page
* Make copy template across zones non blocking
* Code fixes
* unused imports
* Add copy template flag in zone wizard and remove NFS checks
* Fix UI
* Label fixes
* code optimizations
* code refactoring
* missing changes
* Combine template copy and download into a single asynchronous operation
* unused import and fixed conflicts
* unused code
* update config message
* Fix configuration setting value on add secondary storage page
* Removed unused code
* Update unit tests
* Implement SSVM storage network IP to API response and GUI details tab
* remove network mention from attribute name
* remove network from serialized name
* fix parameter name in the UI
* added auto refresh button for vm metrics
* refactored getStartDate method and fixed auto refresh date period not being update
* switch variables from var to const
This PR introduces several configuration settings using which an operator can mark certain cryptographic algorithms and parameters as excluded or obsolete for VPN Customer Gateway creation for Site-to-Site VPN.
Cloud providers following modern security frameworks (e.g., ISO 27001/27017) are required to enforce and communicate approved cryptographic standards. CloudStack currently accepts several weak or deprecated algorithms without guidance to users. This PR closes that gap by giving operators explicit control over what is disallowed vs discouraged, improving security posture without breaking existing deployments.
These settings are:
1. vpn.customer.gateway.excluded.encryption.algorithms
2. vpn.customer.gateway.excluded.hashing.algorithms
3. vpn.customer.gateway.excluded.ike.versions
4. vpn.customer.gateway.excluded.dh.group
5. vpn.customer.gateway.obsolete.encryption.algorithms
6. vpn.customer.gateway.obsolete.hashing.algorithms
7. vpn.customer.gateway.obsolete.ike.versions
8. vpn.customer.gateway.obsolete.dh.group
* pre-commit: add oxipng a lossless PNG compression optimizer
"Lossless compression is a data compression technique where the original data can be perfectly
reconstructed from the compressed data. In essence, no information is lost during compression
and decompression, making it ideal for situations where data integrity is critical"
https://en.wikipedia.org/wiki/Lossless_compressionhttps://github.com/oxipng/oxipnghttps://github.com/oxipng/oxipng?tab=readme-ov-file#git-integration-via-pre-commit
Ran pre-commit here locally and it compressed the images on first run.
So we have less data for some images with the same quality.
Less data means less to download etc and saves bandwidth.
* Fix up from code review
* Fix import VM tasks pagination
* Fix UI for pagination and proper listing
* Fixes and improvements
* Polish UI
* Restore config.json
* Fix state on parameter description
* Support creation of PV(persistent volumes) in CloudStack projects
* add support for snapshot APIs for project role
* Add support to setup csi driver on k8s cluster creation
* fix deploy script
* update response
* fix table name
* fix linter
* show if csi driver is setup in cluster
* delete pvs whose reclaim policy is delete when cluster is destroyed
* update ref
* move changes to 4.22
* fix variables
* fix eof
* add createCrossZoneInstnaceEnabled to BackupOfferingResponse
* show use IP Address from Backup button when orignal instance is expunged
* Fix NPE in takeBackup if the vm template is deleted.
* Add since to Cross zone instance creation in BackupOfferingResponse.java
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
* Store and show Guest os type in the backup metadata
* show warning in create instance from backup form if guest os type is different
* show warning in create instance from backup form if guest os type is different
* backupvmexpunged -> isbackupvmexpunged
* review comments
* fix npe
* improve err msg
* err msg
---------
Co-authored-by: Suresh Kumar Anaparti <sureshkumar.anaparti@gmail.com>
Pearl Dsilva
Manoj Kumar
Daan Hoogland
Imvedansh
Wei Zhou
Abhishek Kumar
Vishesh
Suresh Kumar Anaparti
Harikrishna
Erik Böck
Vitor Hugo Homem Marzarotto
Abhisar Sinha
dahn
John Bampton
Nicolas Vazquez