bernardodemarco opened a new pull request, #11016:
URL: https://github.com/apache/cloudstack/pull/11016
### Description
Currently, details about console sessions are stored in the
`cloud.console_session` table in the database. Operators can only access this
information by querying the database directly, while end users have no way to
view console session data at all.
To address this, this PR proposes to create the `listConsoleSessions` API.
It allows listing the console sessions, with optional filters by domain,
account, user, host, instance, IP address, and date. The API is accessible to
all account types and, thus, performs proper access validation on the queried
resources.
The API supports the following parameters:
| Parameter | Description
| Required |
| ------------------------------- |
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
| -------- |
| `id` | Console session ID.
| No |
| `activeonly` | Indicates whether only currently active
console sessions should be listed. Defaults to `true`. Active sessions are the
ones that have been acquired and have not been removed. | No |
| `isrecursive` | Lists console sessions recursively per
domain. Defaults to `false`.
| No |
| `clientaddress` | IP address of the client that accessed
the console.
| No |
| `consoleendpointcreatoraddress` | IP address of the client that generated
the console session endpoint.
| No |
| `hostid` | ID of the host where the VM was running
when the console session endpoint was generated. Only available for Root
Admins. | No |
| `instanceid` | ID of the VM associated with the console
session.
| No |
| `startdate` | If provided, only console sessions that
were acquired from this date onward will be listed.
| No |
| `enddate` | If provided, only console sessions that
were acquired up to this date will be listed.
| No |
| `domainid` | Domain ID of the account that generated
the console session endpoint.
| No |
| `accountid` | ID of the account that generated the
console session endpoint.
| No |
| `userid` | ID of the user that generated the
console session endpoint.
| No |
| `page` | Used for pagination along with
`pagesize`.
| No |
| `pagesize` | User for pagination along with `page`.
| No |
This PR only encompasses the creation of the API `listConsoleSessions` API.
UI support will be implemented in a future PR.
### Types of changes
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [X] New feature (non-breaking change which adds functionality)
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
- [ ] build/CI
- [ ] test (unit or integration test code)
### Feature/Enhancement Scale or Bug Severity
#### Feature/Enhancement Scale
- [X] Major
- [ ] Minor
### Screenshots (if appropriate):
### How Has This Been Tested?
#### Tests Setup
1. Created the following domain hierarchy:
```bash
ROOT
├── d1
│ └── d1-d1
└── d2
```
2. Created the following accounts:
| Name | Role Type | Domain |
|--------------|--------------|-------------------|
| admin | Admin | ROOT |
| u1 | User | ROOT |
| d1-admin | DomainAdmin | ROOT/d1 |
| d1-user | User | ROOT/d1 |
| d1-d1-admin | DomainAdmin | ROOT/d1/d1-d1 |
| d1-d1-user | User | ROOT/d1/d1-d1 |
| d2-admin | DomainAdmin | ROOT/d2 |
3. Deployed a VM for each account:
| ID | Name | Instance Name | Account
Name |
|----|-----------------------------------------|----------------|---------------|
| 5 | v-5-VM | v-5-VM | system
|
| 6 | s-6-VM | s-6-VM | system
|
| 7 | VM-fb5fa7ab-c5a0-4943-88bd-dedec9007c7b | i-7-7-VM | d1-d1-user
|
| 8 | r-8-VM | r-8-VM | d1-d1-user
|
| 9 | VM-16febbcd-a35e-4f05-87d3-1a27db077136 | i-6-9-VM | d1-user
|
| 10 | r-10-VM | r-10-VM | d1-user
|
| 11 | VM-d3208889-d3fd-43fe-9087-3cf5d863a3b1 | i-4-11-VM | d1-admin
|
| 12 | r-12-VM | r-12-VM | d1-admin
|
| 13 | VM-dea9f800-afd0-4054-9160-3a676a0df3d3 | i-2-13-VM | admin
|
| 14 | r-14-VM | r-14-VM | admin
|
| 15 | VM-766b6485-330e-4ec9-9516-59e17b52c1c7 | i-8-15-VM | u1
|
| 16 | r-16-VM | r-16-VM | u1
|
| 17 | VM-d2d7ded1-e210-4191-9a0e-75c3914de043 | i-9-17-VM | d2-admin
|
| 18 | r-18-VM | r-18-VM | d2-admin
|
| 19 | VM-266b73ff-2684-46b9-b36e-830ac83c5c14 | i-5-19-VM |
d1-d1-admin |
| 20 | r-20-VM | r-20-VM |
d1-d1-admin |
4. With each account, I accessed all available VM consoles through the CPVM.
#### `listConsoleSessions` tests
- With the `admin` account, verified that the API lists console sessions
correctly according to the specified parameters
- With the `u1` account, verified that it is only possible to access the
account's console sessions
- With the `d2-admin` account, verified that it is only possible to list the
console sessions of the `d2` domain
- With the `d1-admin` account, verified that it is only possible to list the
console sessions of the `d1` and `d1/d1-d1` domains
- With the `d1-user` account, verified that it is only possible to list the
`d1-user` console sessions
- With the `d1-d1-admin` account, verified that it is only possible to list
the console sessions of the `d1/d1-d1` domain
- With the `d1-d1-user` account, verified that it is only possible to list
the `d1-d1-user` console sessions
- With accounts of the `User` type, verified that the `hostid` parameter is
not considered in the API workflow
- With accounts of the `User` type, verified that the `hostid` and
`hostname` response attributes are not included in the API's return
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
