Certificate and VM hostname validation improvements#10051
Conversation
|
@blueorangutan package |
|
@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## 4.19 #10051 +/- ##
============================================
- Coverage 15.13% 15.12% -0.01%
Complexity 11266 11266
============================================
Files 5408 5408
Lines 473890 473900 +10
Branches 57787 57791 +4
============================================
- Hits 71704 71697 -7
- Misses 394183 394202 +19
+ Partials 8003 8001 -2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11727 |
sureshanaparti
force-pushed
the
certificate-and-vm-hostname-validation-improvements
branch
from
95c2f76 to
e0c707c
Compare
|
@blueorangutan package |
|
@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11845 |
kiranchavala
left a comment
kiranchavala
left a comment
There was a problem hiding this comment.
LGTM
Executed the API “uploadtemplatedirectdownloadcertificate" by providing an invalid name value
https://cloudstack.apache.org/api/apidocs-4.18/apis/listTemplateDirectDownloadCertificates.html
For example
Invalid name with
greater than 63 chars
should not start or end with '-'
should only contain alpha numeric
example:
(localcloud) 🐱 > upload templatedirectdownloadcertificate hypervisor=KVM name=-kiran certificate="MIIF7zCCA9egAwIBAgIUcC+POP+CQ6CUMfeMJqelQO/zSxAwDQYJKoZIhvcNAQELBQAwgYYxCzAJBgNVBAYTAlhYMRIwEAYDVQQIDAlTdGF0ZU5hbWUxETAPBgNVBAcMCENpdHlOYW1lMRQwEgYDVQQKDAtDb21wYW55TmFtZTEbMBkGA1UECwwSQ29tcGFueVNlY3Rpb25OYW1lMR0wGwYDVQQDDBRDb21tb25OYW1lT3JIb3N0bmFtZTAeFw0yNDEyMTkwNjQ5MjRaFw0zNDEyMTcwNjQ5MjRaMIGGMQswCQYDVQQGEwJYWDESMBAGA1UECAwJU3RhdGVOYW1lMREwDwYDVQQHDAhDaXR5TmFtZTEUMBIGA1UECgwLQ29tcGFueU5hbWUxGzAZBgNVBAsMEkNvbXBhbnlTZWN0aW9uTmFtZTEdMBsGA1UEAwwUQ29tbW9uTmFtZU9ySG9zdG5hbWUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCxSaia77e0mHOQLEW6hQyEft0Il1cejoLLGk3jUxNqW6G6OZT0OoJVUhErpnYmM3DU6z6c6Yv9qU7nN3TCkJtsCwJuKuyQY1nfTXOsFrgaDSF6cpsb3uion1u+ZhQ3DRW/VQcytwZd+kymeziIryiiFSQGSe+hjb+8masAViS5QhFQJDIGkiuG1WCTk9ov/EMDVsS8sdaWBIM82KpfC733JgTC5ObrxCvVuuB3RQGEDXzNGomO1HZUzOTJQI+OVG5ziWD9Oys2SPfs7IfNd7UfNwedix1zMiMQShfgS0wfQW80Lt9RH5WV9KgT3hh+J9edZd8yRdukSom0dr/4LEdWyrz20UZ7LWUFWnnjjmoc/Imti27MNcTNkmK4EexBaqFVHdN8TI+EU6SFmL6BVJUZGva/l21ZnO4DUnKAPV1l2WV79RlNyjavMEkxwR3BHlDUVogdMuf//uxjk8PUacpGH2UYBqlouPMW1qyq2WRV6IdUAbtRt/xKMe9FaFMY4ubFiYjNT5H6LxnysBboA0Eij6gQzrVzFRu10T72AMn0dfSZ6KEgaHMPZwQhJoa9eypW4oGESY43MtmHk3RtXoTDvic3EcivZVrRqydhvPIUnT/19DnpV4YkZ7u2rI+vRQ8/OZ7YfoIvGXuto3e9kZHVCghibUh9Ng40WKppVTcXxwIDAQABo1MwUTAdBgNVHQ4EFgQUSm5OwGtfZsSBvTvLF9lhNv3Pka4wHwYDVR0jBBgwFoAUSm5OwGtfZsSBvTvLF9lhNv3Pka4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAjGTX9QG0Z89ALBeuJaLfdQ/6FTUjTJCtt/aN4mVhHyxq5TL4rQMVb2wWtUUbvvmVktu31sc+YBerIIQ/n/1a5ZidsUBaKwXIgPHF5mIDV9/oSGSAxo1kX7PHy0kM42dEPnkSeoMabAeYV0F2cLkzm/Y1aX+8AX4R1G+2FcwMfLOfXVZi8rZXR1fkZ4Mr01rNseJJ60fJlBtOPV0ege9E4p27mLZLJd1xp07hHzJAfRM8P4Emkn4smLX0GhsB2H87s3canXWO3Wnh1nJgRmJ2SUhKf3WaWV8vMx9h4i2J73WKaf/6UUPw7LtOsEt11In0WUse27NcfEMeFzGBny24c6NC6kBZ0KUP+9p4hb3cKYzIWr/6tZ+Bz5V2Qvv00ryGw2o5frtMOAnJOG7rh0tO4nIJfy4tKgNMXXTERFikbuRVfurmFlibRzWDhLdRXq8FFgQuF7TXP4ljwwvwMHniGRkXdPwj6rXUBOiugCjlcui/eRvJCvITJjla4BIOwtXGIWveZ4BOPoooQlWte5ntnJuuXGYOkbozeP/P2LKM4pF4zKbdSbbrssJIc+drLUPe2K4WpChOHUDH8JUxZFHVAlzW2gKEOINwiI4yTCAFeiwZ/K8I8gyqb9hysd6dgsIDWkW+rXudoIyYy9o28QtXglKz2N/kkBKnGmW75geX/4E=" zoneid=5e86fe3c-ea4d-47ee-af4e-79095601ce1d
🙈 Error: (HTTP 530, error code 9999) The provided certificate name is invalid, please provide a valid name
Executed the api call
https://cloudstack.apache.org/api/apidocs-4.18/apis/listTemplateDirectDownloadCertificates.html
(localcloud) 🐱 > list templatedirectdownloadcertificates listall=true
The failed certificates were not present
|
@blueorangutan test |
|
@kiranchavala a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests |
|
[SF] Trillian test result (tid-11944)
|
yadvr
deleted the
certificate-and-vm-hostname-validation-improvements
branch
* 4.20: VR: apply iptables rules when add/remove static routes (#10064) Certificate and VM hostname validation improvements (#10051) set ulimit for server according to redhat spec (#10040) kvm-storage: provide isVMMigrate information to storage plugins (#10093) Allow config drive deletion of migrated VM, on host maintenance (#10045) linstor: improve heartbeat check with also asking linstor (#10105) server: simplify role change validation (#9173) UI: create VPC network offering with conserve mode (#10082) server: fix typo removeaccessvpn in VirtualRouterElement (#10086) UI: remove duplicated Instance Name in Public IP details page (#10087) UI: Fixes in the Usage UI (#10000) SAML2: add cookie with HttpOnly too #10013 (#10047) ui: Allow font-awesome icon usage and optimise icon size inconsistency (#9744)
* Certificate and VM hostname validation improvements * Improve certificate name validation and some code/log improvements
6 participants
Description
This PR improves the Certificate and VM hostname validations, during direct download certificate setup and VM IP address check.
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
Tested upload templatedirectdownloadcertificate with valid and invalid names.
How did you try to break this feature and the system with this change?