mirror of https://github.com/apache/cloudstack.git
Compare commits
8 Commits
1c6ad43779
...
4f78967b32
| Author | SHA1 | Date |
|---|---|---|
Edward-x
|
4f78967b32 | |
Daman Arora
|
bce3e54a7e | |
Nicolas Vazquez
|
6a9835904c | |
|
Nicolas Vazquez
|
6846619a6f | |
Vishesh
|
d1eb2822d9 | |
chenyoulong20g@ict.ac.cn
|
7460a5c452 | |
|
chenyoulong20g@ict.ac.cn
|
eb30bb532f | |
|
chenyoulong20g@ict.ac.cn
|
26a4aa8166 |
|
|
@ -78,6 +78,7 @@ public class UpdateNetworkOfferingCmd extends BaseCmd {
|
|||
|
||||
@Parameter(name = ApiConstants.DOMAIN_ID,
|
||||
type = CommandType.STRING,
|
||||
length = 4096,
|
||||
description = "The ID of the containing domain(s) as comma separated string, public for public offerings")
|
||||
private String domainIds;
|
||||
|
||||
|
|
|
|||
|
|
@ -75,6 +75,7 @@ public class UpdateDiskOfferingCmd extends BaseCmd {
|
|||
@Parameter(name = ApiConstants.ZONE_ID,
|
||||
type = CommandType.STRING,
|
||||
description = "The ID of the containing zone(s) as comma separated string, all for all zones offerings",
|
||||
length = 4096,
|
||||
since = "4.13")
|
||||
private String zoneIds;
|
||||
|
||||
|
|
|
|||
|
|
@ -69,6 +69,7 @@ public class UpdateServiceOfferingCmd extends BaseCmd {
|
|||
@Parameter(name = ApiConstants.ZONE_ID,
|
||||
type = CommandType.STRING,
|
||||
description = "The ID of the containing zone(s) as comma separated string, all for all zones offerings",
|
||||
length = 4096,
|
||||
since = "4.13")
|
||||
private String zoneIds;
|
||||
|
||||
|
|
|
|||
|
|
@ -65,6 +65,7 @@ public class UpdateVPCOfferingCmd extends BaseAsyncCmd {
|
|||
@Parameter(name = ApiConstants.ZONE_ID,
|
||||
type = CommandType.STRING,
|
||||
description = "The ID of the containing zone(s) as comma separated string, all for all zones offerings",
|
||||
length = 4096,
|
||||
since = "4.13")
|
||||
private String zoneIds;
|
||||
|
||||
|
|
|
|||
|
|
@ -31,4 +31,6 @@ public interface VMScheduledJobDao extends GenericDao<VMScheduledJobVO, Long> {
|
|||
int expungeJobsForSchedules(List<Long> scheduleId, Date dateAfter);
|
||||
|
||||
int expungeJobsBefore(Date currentTimestamp);
|
||||
|
||||
VMScheduledJobVO findByScheduleAndTimestamp(long scheduleId, Date scheduledTimestamp);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -39,6 +39,8 @@ public class VMScheduledJobDaoImpl extends GenericDaoBase<VMScheduledJobVO, Long
|
|||
|
||||
private final SearchBuilder<VMScheduledJobVO> expungeJobForScheduleSearch;
|
||||
|
||||
private final SearchBuilder<VMScheduledJobVO> scheduleAndTimestampSearch;
|
||||
|
||||
static final String SCHEDULED_TIMESTAMP = "scheduled_timestamp";
|
||||
|
||||
static final String VM_SCHEDULE_ID = "vm_schedule_id";
|
||||
|
|
@ -58,6 +60,11 @@ public class VMScheduledJobDaoImpl extends GenericDaoBase<VMScheduledJobVO, Long
|
|||
expungeJobForScheduleSearch.and(VM_SCHEDULE_ID, expungeJobForScheduleSearch.entity().getVmScheduleId(), SearchCriteria.Op.IN);
|
||||
expungeJobForScheduleSearch.and(SCHEDULED_TIMESTAMP, expungeJobForScheduleSearch.entity().getScheduledTime(), SearchCriteria.Op.GTEQ);
|
||||
expungeJobForScheduleSearch.done();
|
||||
|
||||
scheduleAndTimestampSearch = createSearchBuilder();
|
||||
scheduleAndTimestampSearch.and(VM_SCHEDULE_ID, scheduleAndTimestampSearch.entity().getVmScheduleId(), SearchCriteria.Op.EQ);
|
||||
scheduleAndTimestampSearch.and(SCHEDULED_TIMESTAMP, scheduleAndTimestampSearch.entity().getScheduledTime(), SearchCriteria.Op.EQ);
|
||||
scheduleAndTimestampSearch.done();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -92,4 +99,12 @@ public class VMScheduledJobDaoImpl extends GenericDaoBase<VMScheduledJobVO, Long
|
|||
sc.setParameters(SCHEDULED_TIMESTAMP, date);
|
||||
return expunge(sc);
|
||||
}
|
||||
|
||||
@Override
|
||||
public VMScheduledJobVO findByScheduleAndTimestamp(long scheduleId, Date scheduledTimestamp) {
|
||||
SearchCriteria<VMScheduledJobVO> sc = scheduleAndTimestampSearch.create();
|
||||
sc.setParameters(VM_SCHEDULE_ID, scheduleId);
|
||||
sc.setParameters(SCHEDULED_TIMESTAMP, scheduledTimestamp);
|
||||
return findOneBy(sc);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -162,7 +162,13 @@ public class VMSchedulerImpl extends ManagerBase implements VMScheduler, Configu
|
|||
}
|
||||
|
||||
Date scheduledDateTime = Date.from(ts.toInstant());
|
||||
VMScheduledJobVO scheduledJob = new VMScheduledJobVO(vmSchedule.getVmId(), vmSchedule.getId(), vmSchedule.getAction(), scheduledDateTime);
|
||||
VMScheduledJobVO scheduledJob = vmScheduledJobDao.findByScheduleAndTimestamp(vmSchedule.getId(), scheduledDateTime);
|
||||
if (scheduledJob != null) {
|
||||
logger.trace("Job is already scheduled for schedule {} at {}", vmSchedule, scheduledDateTime);
|
||||
return scheduledDateTime;
|
||||
}
|
||||
|
||||
scheduledJob = new VMScheduledJobVO(vmSchedule.getVmId(), vmSchedule.getId(), vmSchedule.getAction(), scheduledDateTime);
|
||||
try {
|
||||
vmScheduledJobDao.persist(scheduledJob);
|
||||
ActionEventUtils.onScheduledActionEvent(User.UID_SYSTEM, vm.getAccountId(), actionEventMap.get(vmSchedule.getAction()),
|
||||
|
|
|
|||
|
|
@ -218,18 +218,19 @@ export const notifierPlugin = {
|
|||
if (error.response.status) {
|
||||
msg = `${i18n.global.t('message.request.failed')} (${error.response.status})`
|
||||
}
|
||||
if (error.message) {
|
||||
desc = error.message
|
||||
}
|
||||
if (error.response.headers && 'x-description' in error.response.headers) {
|
||||
if (error.response.headers?.['x-description']) {
|
||||
desc = error.response.headers['x-description']
|
||||
}
|
||||
if (desc === '' && error.response.data) {
|
||||
} else if (error.response.data) {
|
||||
const responseKey = _.findKey(error.response.data, 'errortext')
|
||||
if (responseKey) {
|
||||
desc = error.response.data[responseKey].errortext
|
||||
} else if (typeof error.response.data === 'string') {
|
||||
desc = error.response.data
|
||||
}
|
||||
}
|
||||
if (!desc && error.message) {
|
||||
desc = error.message
|
||||
}
|
||||
}
|
||||
let countNotify = store.getters.countNotify
|
||||
countNotify++
|
||||
|
|
|
|||
|
|
@ -638,11 +638,7 @@ export default {
|
|||
this.$emit('refresh-data')
|
||||
this.closeAction()
|
||||
}).catch(e => {
|
||||
this.$notification.error({
|
||||
message: this.$t('message.upload.failed'),
|
||||
description: `${this.$t('message.upload.template.failed.description')} - ${e}`,
|
||||
duration: 0
|
||||
})
|
||||
this.$notifyError(e)
|
||||
})
|
||||
},
|
||||
fetchCustomHypervisorName () {
|
||||
|
|
|
|||
|
|
@ -23,6 +23,8 @@ import java.io.File;
|
|||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
|
|
@ -40,6 +42,23 @@ public class SshHelper {
|
|||
private static final int DEFAULT_CONNECT_TIMEOUT = 180000;
|
||||
private static final int DEFAULT_KEX_TIMEOUT = 60000;
|
||||
private static final int DEFAULT_WAIT_RESULT_TIMEOUT = 120000;
|
||||
private static final String MASKED_VALUE = "*****";
|
||||
|
||||
private static final Pattern[] SENSITIVE_COMMAND_PATTERNS = new Pattern[] {
|
||||
Pattern.compile("(?i)(\\s+-p\\s+['\"])([^'\"]*)(['\"])"),
|
||||
Pattern.compile("(?i)(\\s+-p\\s+)([^\\s]+)"),
|
||||
Pattern.compile("(?i)(\\s+-p=['\"])([^'\"]*)(['\"])"),
|
||||
Pattern.compile("(?i)(\\s+-p=)([^\\s]+)"),
|
||||
Pattern.compile("(?i)(--password=['\"])([^'\"]*)(['\"])"),
|
||||
Pattern.compile("(?i)(--password=)([^\\s]+)"),
|
||||
Pattern.compile("(?i)(--password\\s+['\"])([^'\"]*)(['\"])"),
|
||||
Pattern.compile("(?i)(--password\\s+)([^\\s]+)"),
|
||||
Pattern.compile("(?i)(\\s+-u\\s+['\"][^,'\":]+[,:])([^'\"]*)(['\"])"),
|
||||
Pattern.compile("(?i)(\\s+-u\\s+[^\\s,:]+[,:])([^\\s]+)"),
|
||||
Pattern.compile("(?i)(\\s+-s\\s+['\"])([^'\"]*)(['\"])"),
|
||||
Pattern.compile("(?i)(\\s+-s\\s+)([^\\s]+)"),
|
||||
|
||||
};
|
||||
|
||||
protected static Logger LOGGER = LogManager.getLogger(SshHelper.class);
|
||||
|
||||
|
|
@ -292,12 +311,15 @@ public class SshHelper {
|
|||
|
||||
if (sess.getExitStatus() == null) {
|
||||
// Exit status is NOT available. Returning failure result.
|
||||
LOGGER.error(String.format("SSH execution of command %s has no exit status set. Result output: %s", command, result));
|
||||
LOGGER.error(String.format("SSH execution of command %s has no exit status set. Result output: %s",
|
||||
sanitizeForLogging(command), sanitizeForLogging(result)));
|
||||
return new Pair<Boolean, String>(false, result);
|
||||
}
|
||||
|
||||
if (sess.getExitStatus() != null && sess.getExitStatus().intValue() != 0) {
|
||||
LOGGER.error(String.format("SSH execution of command %s has an error status code in return. Result output: %s", command, result));
|
||||
LOGGER.error(String.format(
|
||||
"SSH execution of command %s has an error status code in return. Result output: %s",
|
||||
sanitizeForLogging(command), sanitizeForLogging(result)));
|
||||
return new Pair<Boolean, String>(false, result);
|
||||
}
|
||||
return new Pair<Boolean, String>(true, result);
|
||||
|
|
@ -366,4 +388,47 @@ public class SshHelper {
|
|||
throw new SshException(msg);
|
||||
}
|
||||
}
|
||||
|
||||
private static String sanitizeForLogging(String value) {
|
||||
if (value == null) {
|
||||
return null;
|
||||
}
|
||||
String masked = maskSensitiveValue(value);
|
||||
String cleaned = com.cloud.utils.StringUtils.cleanString(masked);
|
||||
if (StringUtils.isBlank(cleaned)) {
|
||||
return masked;
|
||||
}
|
||||
return cleaned;
|
||||
}
|
||||
|
||||
private static String maskSensitiveValue(String value) {
|
||||
String masked = value;
|
||||
for (Pattern pattern : SENSITIVE_COMMAND_PATTERNS) {
|
||||
masked = replaceWithMask(masked, pattern);
|
||||
}
|
||||
return masked;
|
||||
}
|
||||
|
||||
private static String replaceWithMask(String value, Pattern pattern) {
|
||||
Matcher matcher = pattern.matcher(value);
|
||||
if (!matcher.find()) {
|
||||
return value;
|
||||
}
|
||||
|
||||
StringBuffer buffer = new StringBuffer();
|
||||
do {
|
||||
StringBuilder replacement = new StringBuilder();
|
||||
replacement.append(matcher.group(1));
|
||||
if (matcher.groupCount() >= 3) {
|
||||
replacement.append(MASKED_VALUE);
|
||||
replacement.append(matcher.group(matcher.groupCount()));
|
||||
} else {
|
||||
replacement.append(MASKED_VALUE);
|
||||
}
|
||||
matcher.appendReplacement(buffer, Matcher.quoteReplacement(replacement.toString()));
|
||||
} while (matcher.find());
|
||||
|
||||
matcher.appendTail(buffer);
|
||||
return buffer.toString();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ package com.cloud.utils.ssh;
|
|||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
|
@ -140,4 +141,63 @@ public class SshHelperTest {
|
|||
|
||||
Mockito.verify(conn).openSession();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sanitizeForLoggingMasksShortPasswordFlag() throws Exception {
|
||||
String command = "/opt/cloud/bin/script -v 10.0.0.1 -p superSecret";
|
||||
String sanitized = invokeSanitizeForLogging(command);
|
||||
|
||||
Assert.assertTrue("Sanitized command should retain flag", sanitized.contains("-p *****"));
|
||||
Assert.assertFalse("Sanitized command should not contain original password", sanitized.contains("superSecret"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sanitizeForLoggingMasksQuotedPasswordFlag() throws Exception {
|
||||
String command = "/opt/cloud/bin/script -v 10.0.0.1 -p \"super Secret\"";
|
||||
String sanitized = invokeSanitizeForLogging(command);
|
||||
|
||||
Assert.assertTrue("Sanitized command should retain quoted flag", sanitized.contains("-p *****"));
|
||||
Assert.assertFalse("Sanitized command should not contain original password",
|
||||
sanitized.contains("super Secret"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sanitizeForLoggingMasksLongPasswordAssignments() throws Exception {
|
||||
String command = "tool --password=superSecret";
|
||||
String sanitized = invokeSanitizeForLogging(command);
|
||||
|
||||
Assert.assertTrue("Sanitized command should retain assignment", sanitized.contains("--password=*****"));
|
||||
Assert.assertFalse("Sanitized command should not contain original password", sanitized.contains("superSecret"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sanitizeForLoggingMasksUsernamePasswordPairs() throws Exception {
|
||||
String command = "/opt/cloud/bin/vpn_l2tp.sh -u alice,topSecret";
|
||||
String sanitized = invokeSanitizeForLogging(command);
|
||||
|
||||
Assert.assertTrue("Sanitized command should retain username and mask password",
|
||||
sanitized.contains("-u alice,*****"));
|
||||
Assert.assertFalse("Sanitized command should not contain original password", sanitized.contains("topSecret"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sanitizeForLoggingMasksUsernamePasswordPairsWithColon() throws Exception {
|
||||
String command = "curl -u alice:topSecret https://example.com";
|
||||
String sanitized = invokeSanitizeForLogging(command);
|
||||
|
||||
Assert.assertTrue("Sanitized command should retain username and mask password",
|
||||
sanitized.contains("-u alice:*****"));
|
||||
Assert.assertFalse("Sanitized command should not contain original password", sanitized.contains("topSecret"));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void sanitizeForLoggingHandlesNullValues() throws Exception {
|
||||
Assert.assertNull(invokeSanitizeForLogging(null));
|
||||
}
|
||||
|
||||
private String invokeSanitizeForLogging(String value) throws Exception {
|
||||
Method method = SshHelper.class.getDeclaredMethod("sanitizeForLogging", String.class);
|
||||
method.setAccessible(true);
|
||||
return (String) method.invoke(null, value);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue