List users by their authentication source

[bernardodemarco]

Description

Currently, the listUsers API response supports the usersource attribute, which represents the authentication source of users, such as native, ldap, saml2 and saml2disabled. However, it is neither possible to filter users by their authentication source nor to view this attribute in the users' list view.

Therefore, this PR proposes to extend the listUsers API by introducing a new parameter called usersource, allowing callers to filter users by their authentication source. Furthermore, the UI has been enhanced to support this parameter in the search view and display the usersource attribute in the users' list view.

---

Fixes #9932

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI
• test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Screenshots (if appropriate):

How Has This Been Tested?

Through CloudMonkey

• Verified that all users are listed when the usersource parameter is omitted.

list users listall=true filter=account,username,usersource

(localcloud) 🐹 > list users listall=true filter=account,username,usersource
{
  "count": 9,
  "user": [
    {
      "account": "admin",
      "username": "admin",
      "usersource": "native"
    },
    {
      "account": "baremetal-system-account",
      "username": "baremetal-system-account",
      "usersource": "native"
    },
    {
      "account": "admin",
      "username": "admin-kubeadmin",
      "usersource": "native"
    },
    {
      "account": "euler",
      "username": "euler",
      "usersource": "ldap"
    },
    {
      "account": "tesla",
      "username": "tesla",
      "usersource": "ldap"
    },
    {
      "account": "boyle",
      "username": "boyle",
      "usersource": "ldap"
    },
    {
      "account": "gauss",
      "username": "gauss",
      "usersource": "ldap"
    },
    {
      "account": "saml-u1",
      "username": "saml-u1",
      "usersource": "saml2"
    },
    {
      "account": "saml-u2",
      "username": "saml-u2",
      "usersource": "saml2"
    }
  ]
}

• Verified that users are listed according to their source when the usersource parameter is specified.

list users listall=true filter=account,username,usersource usersource="ldap"

(localcloud) 🐲 > list users listall=true filter=account,username,usersource usersource="ldap"
{
  "count": 4,
  "user": [
    {
      "account": "euler",
      "username": "euler",
      "usersource": "ldap"
    },
    {
      "account": "tesla",
      "username": "tesla",
      "usersource": "ldap"
    },
    {
      "account": "boyle",
      "username": "boyle",
      "usersource": "ldap"
    },
    {
      "account": "gauss",
      "username": "gauss",
      "usersource": "ldap"
    }
  ]
}

• Verified that an error message is thrown when the usersource value is invalid.

list users listall=true filter=account,username,usersource usersource="notValid"

(localcloud) 🐄 > list users listall=true filter=account,username,usersource usersource="notValid"
🙈 Error: (HTTP 431, error code 4350) Invalid user source: notValid. Valid values are: native, ldap, saml2 and saml2disabled.

Through UI

• Verified that the usersource is displayed in the users' list view:

• Verified that the usersource search filter works as expected:

[bernardodemarco]

@blueorangutan package

[blueorangutan]

@bernardodemarco a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[codecov]

Codecov Report

Attention: Patch coverage is 31.25000% with 11 lines in your changes missing coverage. Please review.

Project coverage is 16.90%. Comparing base (91ab67c) to head (2c55244).
Report is 439 commits behind head on main.

Files with missing lines	Patch %	Lines
...loudstack/api/command/admin/user/ListUsersCmd.java	0.00%	10 Missing ⚠️
...ain/java/com/cloud/api/query/QueryManagerImpl.java	83.33%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #10115      +/-   ##
============================================
+ Coverage     16.06%   16.90%   +0.84%     
- Complexity    12864    12865       +1     
============================================
  Files          5642     5248     -394     
  Lines        493856   461509   -32347     
  Branches      59860    54150    -5710     
============================================
- Hits          79326    78031    -1295     
+ Misses       405749   374844   -30905     
+ Partials       8781     8634     -147     

Flag	Coverage Δ
uitests	?
unittests	16.90% <31.25%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11823

[DaanHoogland]

@blueorangutan test keepEnv

[blueorangutan]

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-11926)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 60615 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10115-t11926-kvm-ol8.zip
Smoke tests completed. 140 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_01_redundant_vpc_site2site_vpn	Failure	459.49	test_vpc_vpn.py

[kiranchavala]

@bernardodemarco Tested manually looks great

One small/minor ui issue I observed.

On the initial saml user creation, the user type is created as Native only on the refresh of the page the usertype changes to SAML

Navigate to account >users > add user > Authorize saml > the usertype is Native

Sample video recording

https://www.loom.com/share/5d014a8763434e7f89ca21f95cf60377?sid=3cd60c4a-628b-4532-ba2d-cdb799f85a22

[bernardodemarco]

On the initial saml user creation, the user type is created as Native only on the refresh of the page the usertype changes to SAML

@kiranchavala, thanks for testing. The bug should be resolved now. Could you please test it again and confirm?

[kiranchavala]

@blueorangutan package

[blueorangutan]

@kiranchavala a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11846

[JoaoJandre]

CLGTM

[kiranchavala]

LGTM, Tested manually Able to filter the users by their usertypes

[kiranchavala]

On the initial saml user creation, the user type is created as Native only on the refresh of the page the usertype changes to SAML

@kiranchavala, thanks for testing. The bug should be resolved now. Could you please test it again and confirm?

Thanks @bernardodemarco Issue is resolved