This is an automated email from the ASF dual-hosted git repository.
dahn pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/main by this push:
new 9ccec161db5 Minor console access refactor and improvements (#6919)
9ccec161db5 is described below
commit 9ccec161db553be4c9619696b49d1157a0cf05f7
Author: Nicolas Vazquez <[email protected]>
AuthorDate: Tue Dec 20 05:29:04 2022 -0300
Minor console access refactor and improvements (#6919)
---
.../consoleproxy/ConsoleAccessManager.java | 8 +----
.../consoleproxy/ConsoleAccessManagerImpl.java | 40 ++++++++++------------
ui/src/components/widgets/Console.vue | 15 +-------
3 files changed, 20 insertions(+), 43 deletions(-)
diff --git
a/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java
b/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java
index ac503c9ef6d..b1bd198309a 100644
---
a/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java
+++
b/api/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManager.java
@@ -18,14 +18,8 @@ package org.apache.cloudstack.consoleproxy;
import com.cloud.utils.component.Manager;
import org.apache.cloudstack.api.command.user.consoleproxy.ConsoleEndpoint;
-import org.apache.cloudstack.framework.config.ConfigKey;
-import org.apache.cloudstack.framework.config.Configurable;
-public interface ConsoleAccessManager extends Manager, Configurable {
-
- ConfigKey<Boolean> ConsoleProxyExtraSecurityValidationEnabled = new
ConfigKey<>(ConfigKey.CATEGORY_ADVANCED, Boolean.class,
- "consoleproxy.extra.security.validation.enabled", "false",
- "Enable/disable extra security validation for console proxy using
an extra token.", true);
+public interface ConsoleAccessManager extends Manager {
ConsoleEndpoint generateConsoleEndpoint(Long vmId, String
extraSecurityToken, String clientAddress);
diff --git
a/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
b/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
index f6dd2e06158..559ceb43e05 100644
---
a/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
+++
b/server/src/main/java/org/apache/cloudstack/consoleproxy/ConsoleAccessManagerImpl.java
@@ -47,10 +47,8 @@ import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import org.apache.cloudstack.api.command.user.consoleproxy.ConsoleEndpoint;
import org.apache.cloudstack.context.CallContext;
-import org.apache.cloudstack.framework.config.ConfigKey;
import org.apache.cloudstack.framework.security.keys.KeysManager;
import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
@@ -60,8 +58,10 @@ import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import javax.naming.ConfigurationException;
+import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
+import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
@@ -90,6 +90,10 @@ public class ConsoleAccessManagerImpl extends ManagerBase
implements ConsoleAcce
public static final Logger s_logger =
Logger.getLogger(ConsoleAccessManagerImpl.class.getName());
+ private static final List<VirtualMachine.State> unsupportedConsoleVMState
= Arrays.asList(
+ VirtualMachine.State.Stopped, VirtualMachine.State.Error,
VirtualMachine.State.Destroyed
+ );
+
private static Set<String> allowedSessions;
@Override
@@ -130,13 +134,6 @@ public class ConsoleAccessManagerImpl extends ManagerBase
implements ConsoleAcce
return new ConsoleEndpoint(false, null, "Permission denied");
}
- if
(BooleanUtils.isTrue(ConsoleAccessManager.ConsoleProxyExtraSecurityValidationEnabled.value())
&&
- StringUtils.isBlank(extraSecurityToken)) {
- String errorMsg = "Extra security validation is enabled but
the extra token is missing";
- s_logger.error(errorMsg);
- return new ConsoleEndpoint(false, errorMsg);
- }
-
String sessionUuid = UUID.randomUUID().toString();
return generateAccessEndpoint(vmId, sessionUuid,
extraSecurityToken, clientAddress);
} catch (Exception e) {
@@ -207,15 +204,23 @@ public class ConsoleAccessManagerImpl extends ManagerBase
implements ConsoleAcce
throw new CloudRuntimeException(msg);
}
- if (vm.getHostId() == null) {
- msg = "VM " + vmId + " lost host info, sending blank response for
console access request";
+ String vmUuid = vm.getUuid();
+ if (unsupportedConsoleVMState.contains(vm.getState())) {
+ msg = "VM " + vmUuid + " must be running to connect console,
sending blank response for console access request";
+ s_logger.warn(msg);
+ throw new CloudRuntimeException(msg);
+ }
+
+ Long hostId = vm.getState() != VirtualMachine.State.Migrating ?
vm.getHostId() : vm.getLastHostId();
+ if (hostId == null) {
+ msg = "VM " + vmUuid + " lost host info, sending blank response
for console access request";
s_logger.warn(msg);
throw new CloudRuntimeException(msg);
}
- HostVO host = managementServer.getHostBy(vm.getHostId());
+ HostVO host = managementServer.getHostBy(hostId);
if (host == null) {
- msg = "VM " + vmId + "'s host does not exist, sending blank
response for console access request";
+ msg = "VM " + vmUuid + "'s host does not exist, sending blank
response for console access request";
s_logger.warn(msg);
throw new CloudRuntimeException(msg);
}
@@ -482,13 +487,4 @@ public class ConsoleAccessManagerImpl extends ManagerBase
implements ConsoleAcce
}
}
- @Override
- public String getConfigComponentName() {
- return ConsoleAccessManagerImpl.class.getSimpleName();
- }
-
- @Override
- public ConfigKey<?>[] getConfigKeys() {
- return new ConfigKey[] { ConsoleProxyExtraSecurityValidationEnabled };
- }
}
diff --git a/ui/src/components/widgets/Console.vue
b/ui/src/components/widgets/Console.vue
index d31277e2b32..7125dfabe87 100644
--- a/ui/src/components/widgets/Console.vue
+++ b/ui/src/components/widgets/Console.vue
@@ -28,7 +28,6 @@
<script>
import { SERVER_MANAGER } from '@/store/mutation-types'
import { api } from '@/api'
-import { uuid } from 'vue-uuid'
export default {
name: 'Console',
@@ -44,24 +43,12 @@ export default {
},
data () {
return {
- url: '',
- tokenValidationEnabled: false
+ url: ''
}
},
- created () {
- this.verifyExtraValidationEnabled()
- },
methods: {
- verifyExtraValidationEnabled () {
- api('listConfigurations', { name:
'consoleproxy.extra.security.validation.enabled' }).then(json => {
- this.tokenValidationEnabled =
json?.listconfigurationsresponse?.configuration &&
json?.listconfigurationsresponse?.configuration[0]?.value === 'true'
- })
- },
consoleUrl () {
const params = {}
- if (this.tokenValidationEnabled) {
- params.token = uuid.v4()
- }
params.virtualmachineid = this.resource.id
api('createConsoleEndpoint', params).then(json => {
this.url = (json && json.createconsoleendpointresponse) ?
json.createconsoleendpointresponse.consoleendpoint.url : '#/exception/404'
