Hide CloudStack version from XML response when unauthenticated

[gpordeus]

This PR hides the cloudstack version field of XML responses when the caller is unauthenticated (checks if it is SYSTEM account).

It also adds the expose.cloudstack.version.api.list.capabilities to allow hiding the field from the listCapabilities API call and expose.cloudstack.version.api.xml.response to allow hiding the field from XML responses, both are true by default as to not change compatibility.

It does not change the version information in system VMs and VRs.

Fixes: #10072

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI
• test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Unauthenticated:

<loginresponse>
<errorcode>531</errorcode>
<errortext>
Your authenticated user is not authorized for SAML Single Sign-On, please contact your administrator
</errortext>
</loginresponse>

Authenticated and configs:

• expose.cloudstack.version.api.list.capabilities = true;
  expose.cloudstack.version.api.xml.response = true;

<listcapabilitiesresponse cloud-stack-version="4.21.0.0-SNAPSHOT">
<capability>
<securitygroupsenabled>false</securitygroupsenabled>
<dynamicrolesenabled>true</dynamicrolesenabled>
<cloudstackversion>4.21.0.0-SNAPSHOT</cloudstackversion>
<userpublictemplateenabled>true</userpublictemplateenabled>
<supportELB>false</supportELB>
<projectinviterequired>false</projectinviterequired>
<allowusercreateprojects>true</allowusercreateprojects>
<customdiskofferingminsize>1</customdiskofferingminsize>
<customdiskofferingmaxsize>1024</customdiskofferingmaxsize>
<regionsecondaryenabled>false</regionsecondaryenabled>
<kvmsnapshotenabled>false</kvmsnapshotenabled>
<allowuserviewdestroyedvm>true</allowuserviewdestroyedvm>
<allowuserexpungerecovervm>true</allowuserexpungerecovervm>
<allowuserexpungerecovervolume>true</allowuserexpungerecovervolume>
<allowuserviewalldomainaccounts>false</allowuserviewalldomainaccounts>
<allowuserforcestopvm>true</allowuserforcestopvm>
<kubernetesserviceenabled>true</kubernetesserviceenabled>
<kubernetesclusterexperimentalfeaturesenabled>false</kubernetesclusterexperimentalfeaturesenabled>
<customhypervisordisplayname>Custom</customhypervisordisplayname>
<defaultuipagesize>20</defaultuipagesize>
<instancesstatsretentiontime>720</instancesstatsretentiontime>
<instancesstatsuseronly>false</instancesstatsuseronly>
<instancesdisksstatsretentionenabled>false</instancesdisksstatsretentionenabled>
<instancesdisksstatsretentiontime>720</instancesdisksstatsretentiontime>
<sharedfsvmmincpucount>2</sharedfsvmmincpucount>
<sharedfsvmminramsize>1024</sharedfsvmminramsize>
</capability>
</listcapabilitiesresponse>

• expose.cloudstack.version.api.list.capabilities = false;
  expose.cloudstack.version.api.xml.response = false;

<listcapabilitiesresponse>
<capability>
<securitygroupsenabled>false</securitygroupsenabled>
<dynamicrolesenabled>true</dynamicrolesenabled>
<userpublictemplateenabled>true</userpublictemplateenabled>
<supportELB>false</supportELB>
<projectinviterequired>false</projectinviterequired>
<allowusercreateprojects>true</allowusercreateprojects>
<customdiskofferingminsize>1</customdiskofferingminsize>
<customdiskofferingmaxsize>1024</customdiskofferingmaxsize>
<regionsecondaryenabled>false</regionsecondaryenabled>
<kvmsnapshotenabled>false</kvmsnapshotenabled>
<allowuserviewdestroyedvm>true</allowuserviewdestroyedvm>
<allowuserexpungerecovervm>true</allowuserexpungerecovervm>
<allowuserexpungerecovervolume>true</allowuserexpungerecovervolume>
<allowuserviewalldomainaccounts>false</allowuserviewalldomainaccounts>
<allowuserforcestopvm>true</allowuserforcestopvm>
<kubernetesserviceenabled>true</kubernetesserviceenabled>
<kubernetesclusterexperimentalfeaturesenabled>false</kubernetesclusterexperimentalfeaturesenabled>
<customhypervisordisplayname>Custom</customhypervisordisplayname>
<defaultuipagesize>20</defaultuipagesize>
<instancesstatsretentiontime>720</instancesstatsretentiontime>
<instancesstatsuseronly>false</instancesstatsuseronly>
<instancesdisksstatsretentionenabled>false</instancesdisksstatsretentionenabled>
<instancesdisksstatsretentiontime>720</instancesdisksstatsretentiontime>
<sharedfsvmmincpucount>2</sharedfsvmmincpucount>
<sharedfsvmminramsize>1024</sharedfsvmminramsize>
</capability>
</listcapabilitiesresponse>

How did you try to break this feature and the system with this change?

[codecov]

Codecov Report

Attention: Patch coverage is 15.38462% with 11 lines in your changes missing coverage. Please review.

Project coverage is 16.26%. Comparing base (9c6f2a9) to head (5d18410).

Files with missing lines	Patch %	Lines
.../com/cloud/api/response/ApiResponseSerializer.java	0.00%	8 Missing ⚠️
...in/java/com/cloud/server/ManagementServerImpl.java	40.00%	3 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##               main   #10575   +/-   ##
=========================================
  Coverage     16.26%   16.26%           
+ Complexity    13388    13387    -1     
=========================================
  Files          5674     5674           
  Lines        498929   498938    +9     
  Branches      60338    60341    +3     
=========================================
+ Hits          81154    81157    +3     
- Misses       408736   408741    +5     
- Partials       9039     9040    +1     

Flag	Coverage Δ
uitests	3.99% <ø> (ø)
unittests	17.12% <15.38%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[DaanHoogland]

code looks good @gpordeus , but can I ask you to remove all the log.append() calls and only append sb to log, just before returning at line 211?

Not your doing for sure, but the code looks a bit silly like this.

[winterhazel]

Tested manually:

• Verified that XML responses do not contain the version when the user is not authenticated, independently of expose.cloudstack.version.api.xml.response
• Verified that XML responses contain the version when user is authenticated and expose.cloudstack.version.api.xml.response is set to true
• Verified that XML responses do not contain the version when user is authenticated and expose.cloudstack.version.api.xml.response is set to false
• Verified that listCapabilities returns the version when expose.cloudstack.version.api.list.capabilities is set to true
• Verified that listCapabilities does not return the version when expose.cloudstack.version.api.list.capabilities is set to false