Console access enhancements

[nvazquez]

Description

This PR creates a new API createConsoleEndpoint to create VM console URL allowing it to connect using other UI implementations. To avoid reply attacks, the console access is enhanced to use a one time token per session

New configuration added:

• consoleproxy.extra.security.validation.enabled: Enable/disable extra security validation for console proxy using a token

Documentation PR: apache/cloudstack-documentation#284

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Tested on KVM env

[acs-robot]

Found UI changes, kicking a new UI QA build
@blueorangutan ui

[blueorangutan]

@acs-robot a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.

[blueorangutan]

UI build: ✔️
Live QA URL: http://qa.cloudstack.cloud:8080/client/pr/6577 (SL-JID-2044)

[nvazquez]

@blueorangutan package

[acs-robot]

Found UI changes, kicking a new UI QA build
@blueorangutan ui

[blueorangutan]

@nvazquez a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✖️ el7 ✖️ el8 ✖️ debian ✖️ suse15. SL-JID 3979

[nvazquez]

@blueorangutan package

[acs-robot]

Found UI changes, kicking a new UI QA build
@blueorangutan ui

[blueorangutan]

@nvazquez a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔️ el7 ✔️ el8 ✔️ debian ✔️ suse15. SL-JID 3981

[nvazquez]

@blueorangutan test

[blueorangutan]

@nvazquez a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[codecov]

Codecov Report

Merging #6577 (42e4497) into main (152a274) will increase coverage by 4.54%.
The diff coverage is 4.49%.

@@             Coverage Diff              @@
##               main    #6577      +/-   ##
============================================
+ Coverage      5.87%   10.41%   +4.54%     
- Complexity     3933     6690    +2757     
============================================
  Files          2454     2455       +1     
  Lines        242633   243131     +498     
  Branches      37970    38062      +92     
============================================
+ Hits          14246    25316   +11070     
+ Misses       226811   214649   -12162     
- Partials       1576     3166    +1590     

Impacted Files	Coverage Δ
.../main/java/com/cloud/capacity/CapacityManager.java	100.00% <ø> (+100.00%)	⬆️
...ud/consoleproxy/AgentBasedConsoleProxyManager.java	0.00% <0.00%> (ø)
...ain/java/com/cloud/consoleproxy/AgentHookBase.java	0.00% <0.00%> (ø)
...va/com/cloud/consoleproxy/ConsoleProxyManager.java	0.00% <0.00%> (ø)
...om/cloud/consoleproxy/ConsoleProxyManagerImpl.java	6.88% <0.00%> (+6.88%)	⬆️
...in/java/com/cloud/server/ManagementServerImpl.java	2.47% <0.00%> (+2.47%)	⬆️
...ava/com/cloud/servlet/ConsoleProxyClientParam.java	0.00% <0.00%> (ø)
...in/java/com/cloud/servlet/ConsoleProxyServlet.java	5.29% <0.00%> (+5.29%)	⬆️
...udstack/consoleproxy/ConsoleAccessManagerImpl.java	5.09% <5.09%> (ø)
server/src/main/java/com/cloud/api/ApiServlet.java	39.28% <28.57%> (+39.28%)	⬆️
... and 487 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[acs-robot]

Found UI changes, kicking a new UI QA build
@blueorangutan ui

[blueorangutan]

@acs-robot a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.

[blueorangutan]

UI build: ✔️
Live QA URL: http://qa.cloudstack.cloud:8080/client/pr/6577 (SL-JID-2145)

[yadvr]

@nvazquez can you rebase your branch against upstream main branch?

[blueorangutan]

@borisstoyanov a Jenkins job has been kicked to build packages. It will be bundled with
SystemVM template(s). I'll keep you posted as I make progress.

[blueorangutan]

UI build: ✔️
Live QA URL: http://qa.cloudstack.cloud:8080/client/pr/6577 (SL-JID-2283)

[blueorangutan]

Packaging result: ✔️ el7 ✔️ el8 ✔️ debian ✔️ suse15. SL-JID 4118

[borisstoyanov]

LGTM

[yadvr]

@blueorangutan test

[blueorangutan]

@rohityadavcloud a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[blueorangutan]

Trillian test result (tid-4837)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 37727 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6577-t4837-kvm-centos7.zip
Smoke tests completed. 102 look OK, 0 have errors
Only failed tests results shown below:

Test	Result	Time (s)	Test File

[yadvr]

LGTM

@nvazquez can you review the outstanding comments and advise if this is ready for merging cc @borisstoyanov @vladimirpetrov

[nvazquez]

Thanks @GutoVeronezi, have addressed your comments
@rohityadavcloud yes it is ready for merging

[nvazquez]

@blueorangutan package

[blueorangutan]

@nvazquez a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[acs-robot]

Found UI changes, kicking a new UI QA build
@blueorangutan ui

[blueorangutan]

@acs-robot a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.

[blueorangutan]

UI build: ✔️
Live QA URL: http://qa.cloudstack.cloud:8080/client/pr/6577 (SL-JID-2345)

[blueorangutan]

Packaging result: ✔️ el7 ✔️ el8 ✔️ debian ✔️ suse15. SL-JID 4175

[sonarqubecloud]

SonarCloud Quality Gate failed.   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
6 Code Smells

4.3% Coverage
3.3% Duplication

[nvazquez]

@blueorangutan test

[blueorangutan]

@nvazquez a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[blueorangutan]

Trillian Build Failed (tid-4887)

[yadvr]

@blueorangutan test

[blueorangutan]

@rohityadavcloud a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[blueorangutan]

Trillian test result (tid-4888)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 38042 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6577-t4888-kvm-centos7.zip
Smoke tests completed. 102 look OK, 0 have errors
Only failed tests results shown below:

Test	Result	Time (s)	Test File