Merge branch 'main' of https://github.com/apache/cloudstack into support-list-policies

Author: Pearl1594

.pre-commit-config.yaml

@@ -48,6 +48,7 @@ repos:
         exclude: >
           (?x)
           ^scripts/vm/systemvm/id_rsa\.cloud$|
+          ^server/src/test/java/org/apache/cloudstack/network/ssl/CertServiceTest.java$|
           ^server/src/test/java/com/cloud/keystore/KeystoreTest\.java$|
           ^server/src/test/resources/certs/dsa_self_signed\.key$|
           ^server/src/test/resources/certs/non_root\.key$|
@@ -57,7 +58,8 @@ repos:
           ^server/src/test/resources/certs/rsa_self_signed\.key$|
           ^services/console-proxy/rdpconsole/src/test/doc/rdp-key\.pem$|
           ^systemvm/agent/certs/localhost\.key$|
-          ^systemvm/agent/certs/realhostip\.key$
+          ^systemvm/agent/certs/realhostip\.key$|
+          ^test/integration/smoke/test_ssl_offloading.py$
       - id: end-of-file-fixer
         exclude: \.vhd$
       - id: fix-byte-order-marker
@@ -75,7 +77,7 @@ repos:
         name: run codespell
         description: Check spelling with codespell
         args: [--ignore-words=.github/linters/codespell.txt]
-        exclude: ^systemvm/agent/noVNC/|^ui/package\.json$|^ui/package-lock\.json$|^ui/public/js/less\.min\.js$|^ui/public/locales/.*[^n].*\.json$
+        exclude: ^systemvm/agent/noVNC/|^ui/package\.json$|^ui/package-lock\.json$|^ui/public/js/less\.min\.js$|^ui/public/locales/.*[^n].*\.json$|^server/src/test/java/org/apache/cloudstack/network/ssl/CertServiceTest.java$|^test/integration/smoke/test_ssl_offloading.py$
   - repo: https://github.com/pycqa/flake8
     rev: 7.0.0
     hooks:

api/src/main/java/com/cloud/agent/api/to/LoadBalancerTO.java

@@ -71,7 +71,7 @@ public LoadBalancerTO(String uuid, String srcIp, int srcPort, String protocol, S
         this.destinations = new DestinationTO[destinations.size()];
         this.stickinessPolicies = null;
         this.sslCert = null;
-        this.lbProtocol = null;
+        this.lbProtocol = protocol;
         int i = 0;
         for (LbDestination destination : destinations) {
             this.destinations[i++] = new DestinationTO(destination.getIpAddress(), destination.getDestinationPortStart(), destination.isRevoked(), false);
@@ -205,6 +205,10 @@ public LbSslCert getSslCert() {
         return this.sslCert;
     }
 
+    public void setLbSslCert(LbSslCert sslCert) {
+        this.sslCert = sslCert;
+    }
+
     public String getSrcIpVlan() {
         return srcIpVlan;
     }

api/src/main/java/com/cloud/hypervisor/Hypervisor.java

@@ -31,20 +31,22 @@
 import static com.cloud.hypervisor.Hypervisor.HypervisorType.Functionality.DirectDownloadTemplate;
 import static com.cloud.hypervisor.Hypervisor.HypervisorType.Functionality.RootDiskSizeOverride;
 import static com.cloud.hypervisor.Hypervisor.HypervisorType.Functionality.VmStorageMigration;
+import static com.cloud.hypervisor.Hypervisor.HypervisorType.Functionality.VmStorageMigrationWithSnapshots;
 
 public class Hypervisor {
     public static class HypervisorType {
         public enum Functionality {
             DirectDownloadTemplate,
             RootDiskSizeOverride,
-            VmStorageMigration
+            VmStorageMigration,
+            VmStorageMigrationWithSnapshots
         }
 
         private static final Map<String, HypervisorType> hypervisorTypeMap = new LinkedHashMap<>();
         public static final HypervisorType None = new HypervisorType("None"); //for storage hosts
         public static final HypervisorType XenServer = new HypervisorType("XenServer", ImageFormat.VHD, EnumSet.of(RootDiskSizeOverride, VmStorageMigration));
         public static final HypervisorType KVM = new HypervisorType("KVM", ImageFormat.QCOW2, EnumSet.of(DirectDownloadTemplate, RootDiskSizeOverride, VmStorageMigration));
-        public static final HypervisorType VMware = new HypervisorType("VMware", ImageFormat.OVA, EnumSet.of(RootDiskSizeOverride, VmStorageMigration));
+        public static final HypervisorType VMware = new HypervisorType("VMware", ImageFormat.OVA, EnumSet.of(RootDiskSizeOverride, VmStorageMigration, VmStorageMigrationWithSnapshots));
         public static final HypervisorType Hyperv = new HypervisorType("Hyperv");
         public static final HypervisorType VirtualBox = new HypervisorType("VirtualBox");
         public static final HypervisorType Parralels = new HypervisorType("Parralels");

api/src/main/java/com/cloud/kubernetes/cluster/KubernetesCluster.java

@@ -60,6 +60,7 @@ enum State {
         Stopping("Resources for the Kubernetes cluster are being destroyed"),
         Stopped("All resources for the Kubernetes cluster are destroyed, Kubernetes cluster may still have ephemeral resource like persistent volumes provisioned"),
         Scaling("Transient state in which resources are either getting scaled up/down"),
+        ScalingStoppedCluster("Transient state in which the service offerings of stopped clusters are getting scaled"),
         Upgrading("Transient state in which cluster is getting upgraded"),
         Importing("Transient state in which additional nodes are added as worker nodes to a cluster"),
         RemovingNodes("Transient state in which additional nodes are removed from a cluster"),
@@ -93,8 +94,11 @@ enum State {
             s_fsm.addTransition(State.Running, Event.AutoscaleRequested, State.Scaling);
             s_fsm.addTransition(State.Running, Event.ScaleUpRequested, State.Scaling);
             s_fsm.addTransition(State.Running, Event.ScaleDownRequested, State.Scaling);
+            s_fsm.addTransition(State.Stopped, Event.ScaleUpRequested, State.ScalingStoppedCluster);
             s_fsm.addTransition(State.Scaling, Event.OperationSucceeded, State.Running);
             s_fsm.addTransition(State.Scaling, Event.OperationFailed, State.Alert);
+            s_fsm.addTransition(State.ScalingStoppedCluster, Event.OperationSucceeded, State.Stopped);
+            s_fsm.addTransition(State.ScalingStoppedCluster, Event.OperationFailed, State.Alert);
 
             s_fsm.addTransition(State.Running, Event.UpgradeRequested, State.Upgrading);
             s_fsm.addTransition(State.Upgrading, Event.OperationSucceeded, State.Running);

api/src/main/java/com/cloud/network/lb/LoadBalancingRulesService.java

@@ -106,7 +106,7 @@ LoadBalancer createPublicLoadBalancerRule(String xId, String name, String descri
 
     boolean applyLoadBalancerConfig(long lbRuleId) throws ResourceUnavailableException;
 
-    boolean assignCertToLoadBalancer(long lbRuleId, Long certId);
+    boolean assignCertToLoadBalancer(long lbRuleId, Long certId, boolean isForced);
 
     boolean removeCertFromLoadBalancer(long lbRuleId);
 

api/src/main/java/org/apache/cloudstack/api/command/user/loadbalancer/AssignCertToLoadBalancerCmd.java

@@ -27,6 +27,7 @@
 import org.apache.cloudstack.api.response.FirewallRuleResponse;
 import org.apache.cloudstack.api.response.SslCertResponse;
 import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.commons.lang3.BooleanUtils;
 
 import com.cloud.event.EventTypes;
 import com.cloud.exception.ConcurrentOperationException;
@@ -57,11 +58,17 @@ public class AssignCertToLoadBalancerCmd extends BaseAsyncCmd {
                description = "the ID of the certificate")
     Long certId;
 
+    @Parameter(name = ApiConstants.FORCED,
+            type = CommandType.BOOLEAN,
+            since = "4.22",
+            description = "Force assign the certificate. If there is a certificate assigned to the LB, it will be removed at first.")
+    private Boolean forced;
+
     @Override
     public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException,
         ResourceAllocationException, NetworkRuleConflictException {
         //To change body of implemented methods use File | Settings | File Templates.
-        if (_lbService.assignCertToLoadBalancer(getLbRuleId(), getCertId())) {
+        if (_lbService.assignCertToLoadBalancer(getLbRuleId(), getCertId(), isForced())) {
             SuccessResponse response = new SuccessResponse(getCommandName());
             this.setResponseObject(response);
         } else {
@@ -95,4 +102,19 @@ public Long getCertId() {
     public Long getLbRuleId() {
         return lbRuleId;
     }
+
+    public boolean isForced() {
+        return BooleanUtils.toBoolean(forced);
+    }
+
+    @Override
+    public String getSyncObjType() {
+        return BaseAsyncCmd.networkSyncObject;
+    }
+
+    @Override
+    public Long getSyncObjId() {
+        LoadBalancer lb = _entityMgr.findById(LoadBalancer.class, getLbRuleId());
+        return (lb != null)? lb.getNetworkId(): null;
+    }
 }

api/src/main/java/org/apache/cloudstack/api/command/user/loadbalancer/CreateLoadBalancerRuleCmd.java

@@ -33,6 +33,7 @@
 import org.apache.cloudstack.api.response.NetworkResponse;
 import org.apache.cloudstack.api.response.ZoneResponse;
 import org.apache.cloudstack.context.CallContext;
+import org.apache.commons.lang3.StringUtils;
 
 import com.cloud.dc.DataCenter;
 import com.cloud.dc.DataCenter.NetworkType;
@@ -112,7 +113,7 @@ public class CreateLoadBalancerRuleCmd extends BaseAsyncCreateCmd /*implements L
         + "rule will be created for. Required when public Ip address is not associated with any Guest network yet (VPC case)")
     private Long networkId;
 
-    @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "The protocol for the LB such as tcp, udp or tcp-proxy.")
+    @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "The protocol for the LB such as tcp, udp, tcp-proxy or ssl.")
     private String lbProtocol;
 
     @Parameter(name = ApiConstants.FOR_DISPLAY, type = CommandType.BOOLEAN, description = "an optional field, whether to the display the rule to the end user or not", since = "4.4", authorized = {RoleType.Admin})
@@ -253,7 +254,7 @@ public List<String> getSourceCidrList() {
     }
 
     public String getLbProtocol() {
-        return lbProtocol;
+        return StringUtils.trim(StringUtils.lowerCase(lbProtocol));
     }
 
     /////////////////////////////////////////////////////

api/src/main/java/org/apache/cloudstack/api/command/user/loadbalancer/RemoveCertFromLoadBalancerCmd.java

@@ -82,4 +82,15 @@ public long getEntityOwnerId() {
     public Long getLbRuleId() {
         return this.lbRuleId;
     }
+
+    @Override
+    public String getSyncObjType() {
+        return BaseAsyncCmd.networkSyncObject;
+    }
+
+    @Override
+    public Long getSyncObjId() {
+        LoadBalancer lb = _entityMgr.findById(LoadBalancer.class, getLbRuleId());
+        return (lb != null)? lb.getNetworkId(): null;
+    }
 }

core/src/main/java/com/cloud/agent/resource/virtualnetwork/facade/LoadBalancerConfigItem.java

@@ -56,6 +56,8 @@ public List<ConfigItem> generateConfig(final NetworkElementCommand cmd) {
         final String[] statRules = allRules[LoadBalancerConfigurator.STATS];
 
         final LoadBalancerRule loadBalancerRule = new LoadBalancerRule(configuration, tmpCfgFilePath, tmpCfgFileName, addRules, removeRules, statRules, routerIp);
+        final LoadBalancerRule.SslCertEntry[] sslCerts = cfgtr.generateSslCertEntries(command);
+        loadBalancerRule.setSslCerts(sslCerts);
 
         final List<LoadBalancerRule> rules = new LinkedList<LoadBalancerRule>();
         rules.add(loadBalancerRule);

core/src/main/java/com/cloud/agent/resource/virtualnetwork/model/LoadBalancerRule.java

@@ -25,13 +25,61 @@ public class LoadBalancerRule {
     private String[] configuration;
     private String tmpCfgFilePath;
     private String tmpCfgFileName;
+    private SslCertEntry[] sslCerts;
 
     private String[] addRules;
     private String[] removeRules;
     private String[] statRules;
 
     private String routerIp;
 
+    public static class SslCertEntry {
+        private String name;
+        private String cert;
+        private String key;
+        private String chain;
+        private String password;
+
+        public SslCertEntry(String name, String cert, String key, String chain, String password) {
+            this.name = name;
+            this.cert = cert;
+            this.key = key;
+            this.chain = chain;
+            this.password = password;
+        }
+
+        public void setName(String name) {
+            this.name = name;
+        }
+        public String getName() {
+            return name;
+        }
+        public void setCert(String cert) {
+            this.cert = cert;
+        }
+        public String getCert() {
+            return cert;
+        }
+        public void setKey(String key) {
+            this.key = key;
+        }
+        public String getKey() {
+            return key;
+        }
+        public void setChain(String chain) {
+            this.chain = chain;
+        }
+        public String getChain() {
+            return chain;
+        }
+        public void setPassword(String password) {
+            this.password = password;
+        }
+        public String getPassword() {
+            return password;
+        }
+    }
+
     public LoadBalancerRule() {
         // Empty constructor for (de)serialization
     }
@@ -101,4 +149,12 @@ public String getRouterIp() {
     public void setRouterIp(final String routerIp) {
         this.routerIp = routerIp;
     }
+
+    public SslCertEntry[] getSslCerts() {
+        return sslCerts;
+    }
+
+    public void setSslCerts(final SslCertEntry[] sslCerts) {
+        this.sslCerts = sslCerts;
+    }
 }