Merge branch 'master' into CLOUDSTACK-9914

agent/pom.xml

@@ -23,7 +23,7 @@
   <parent>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack</artifactId>
-    <version>4.10.0.0-SNAPSHOT</version>
+    <version>4.10.0.0</version>
   </parent>
   <dependencies>
     <dependency>

api/pom.xml

@@ -23,7 +23,7 @@
   <parent>
     <groupId>org.apache.cloudstack</groupId>
     <artifactId>cloudstack</artifactId>
-    <version>4.10.0.0-SNAPSHOT</version>
+    <version>4.10.0.0</version>
   </parent>
   <dependencies>
     <dependency>

api/src/com/cloud/agent/api/to/FirewallRuleTO.java

@@ -48,6 +48,7 @@ public class FirewallRuleTO implements InternalIdentity {
     boolean revoked;
     boolean alreadyAdded;
     private List<String> sourceCidrList;
+    private List<String> destCidrList;
     FirewallRule.Purpose purpose;
     private Integer icmpType;
     private Integer icmpCode;
@@ -170,6 +171,7 @@ public FirewallRuleTO(FirewallRule rule, String srcVlanTag, String srcIp, Firewa
             rule.getSourceCidrList(),
             rule.getIcmpType(),
             rule.getIcmpCode());
+        this.destCidrList = rule.getDestinationCidrList();
         this.trafficType = trafficType;
         this.defaultEgressPolicy = defaultEgressPolicy;
     }
@@ -257,6 +259,10 @@ public List<String> getSourceCidrList() {
         return sourceCidrList;
     }
 
+    public List<String> getDestCidrList(){
+        return destCidrList;
+    }
+
     public boolean isAlreadyAdded() {
         return alreadyAdded;
     }

api/src/com/cloud/network/NetworkService.java

@@ -180,4 +180,6 @@ Network createPrivateNetwork(String networkName, String displayText, long physic
     IpAddress updateIP(Long id, String customId, Boolean displayIp);
 
     boolean configureNicSecondaryIp(NicSecondaryIp secIp, boolean isZoneSgEnabled);
+
+    List<? extends NicSecondaryIp> listVmNicSecondaryIps(ListNicsCmd listNicsCmd);
 }

api/src/com/cloud/network/rules/FirewallRule.java

@@ -79,6 +79,8 @@ enum TrafficType {
 
     List<String> getSourceCidrList();
 
+    List<String> getDestinationCidrList();
+
     Long getRelated();
 
     FirewallRuleType getType();

api/src/com/cloud/server/ManagementService.java

@@ -22,7 +22,6 @@
 
 import org.apache.cloudstack.api.command.admin.cluster.ListClustersCmd;
 import org.apache.cloudstack.api.command.admin.config.ListCfgsByCmd;
-import org.apache.cloudstack.api.command.admin.domain.UpdateDomainCmd;
 import org.apache.cloudstack.api.command.admin.guest.AddGuestOsCmd;
 import org.apache.cloudstack.api.command.admin.guest.AddGuestOsMappingCmd;
 import org.apache.cloudstack.api.command.admin.guest.ListGuestOsMappingCmd;
@@ -63,7 +62,6 @@
 import com.cloud.capacity.Capacity;
 import com.cloud.dc.Pod;
 import com.cloud.dc.Vlan;
-import com.cloud.domain.Domain;
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.ManagementServerException;
 import com.cloud.exception.ResourceUnavailableException;
@@ -227,15 +225,6 @@ public interface ManagementService {
 
     VirtualMachine upgradeSystemVM(UpgradeSystemVMCmd cmd);
 
-    /**
-     * update an existing domain
-     *
-     * @param cmd
-     *            - the command containing domainId and new domainName
-     * @return Domain object if the command succeeded
-     */
-    Domain updateDomain(UpdateDomainCmd cmd);
-
     /**
      * Searches for alerts
      *

api/src/com/cloud/storage/Volume.java

@@ -51,7 +51,8 @@ enum State {
         NotUploaded("The volume entry is just created in DB, not yet uploaded"),
         UploadInProgress("Volume upload is in progress"),
         UploadError("Volume upload encountered some error"),
-        UploadAbandoned("Volume upload is abandoned since the upload was never initiated within a specificed time");
+        UploadAbandoned("Volume upload is abandoned since the upload was never initiated within a specificed time"),
+        Attaching("The volume is attaching to a VM");
 
         String _description;
 
@@ -118,6 +119,9 @@ public String getDescription() {
             s_fsm.addTransition(new StateMachine2.Transition<State, Event>(UploadInProgress, Event.OperationTimeout, UploadError, null));
             s_fsm.addTransition(new StateMachine2.Transition<State, Event>(UploadError, Event.DestroyRequested, Destroy, null));
             s_fsm.addTransition(new StateMachine2.Transition<State, Event>(UploadAbandoned, Event.DestroyRequested, Destroy, null));
+            s_fsm.addTransition(new StateMachine2.Transition<State, Event>(Ready, Event.AttachRequested, Attaching, null));
+            s_fsm.addTransition(new StateMachine2.Transition<State, Event>(Attaching, Event.OperationSucceeded, Ready, null));
+            s_fsm.addTransition(new StateMachine2.Transition<State, Event>(Attaching, Event.OperationFailed, Ready, null));
         }
     }
 
@@ -139,6 +143,7 @@ enum Event {
         DestroyRequested,
         ExpungingRequested,
         ResizeRequested,
+        AttachRequested,
         OperationTimeout;
     }
 

api/src/com/cloud/user/AccountService.java

@@ -21,13 +21,15 @@
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
+import org.apache.cloudstack.api.command.admin.user.GetUserKeysCmd;
 import org.apache.cloudstack.api.command.admin.user.RegisterCmd;
 
 import com.cloud.domain.Domain;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.offering.DiskOffering;
 import com.cloud.offering.ServiceOffering;
 
+
 public interface AccountService {
 
     /**
@@ -124,6 +126,8 @@ User createUser(String userName, String password, String firstName, String lastN
 
     void checkAccess(Account account, DiskOffering dof) throws PermissionDeniedException;
 
+    void checkAccess(User user, ControlledEntity entity);
+
     void checkAccess(Account account, AccessType accessType, boolean sameOwner, String apiName,
             ControlledEntity... entities) throws PermissionDeniedException;
 
@@ -136,4 +140,5 @@ void checkAccess(Account account, AccessType accessType, boolean sameOwner, Stri
      */
     UserAccount getUserAccountById(Long userId);
 
+    public Map<String, String> getKeys(GetUserKeysCmd cmd);
 }

api/src/org/apache/cloudstack/api/ApiConstants.java

@@ -48,6 +48,7 @@ public class ApiConstants {
     public static final String CIDR = "cidr";
     public static final String IP6_CIDR = "ip6cidr";
     public static final String CIDR_LIST = "cidrlist";
+    public static final String DEST_CIDR_LIST = "destcidrlist";
     public static final String CLEANUP = "cleanup";
     public static final String MAKEREDUNDANTE = "makeredundant";
     public static final String CLUSTER_ID = "clusterid";
@@ -652,6 +653,8 @@ public class ApiConstants {
     public static final String OVM3_VIP = "ovm3vip";
     public static final String CLEAN_UP_DETAILS = "cleanupdetails";
 
+    public static final String ZONE_ID_LIST = "zoneids";
+    public static final String DESTINATION_ZONE_ID_LIST = "destzoneids";
     public static final String ADMIN = "admin";
 
     public enum HostDetails {

api/src/org/apache/cloudstack/api/Parameter.java

@@ -51,4 +51,6 @@
     RoleType[] authorized() default {};
 
     ApiArgValidator[] validations() default {};
+
+    boolean acceptedOnAdminPort() default true;
 }

api/src/org/apache/cloudstack/api/ResponseGenerator.java

@@ -307,7 +307,11 @@ public interface ResponseGenerator {
 
     TemplateResponse createTemplateUpdateResponse(ResponseView view, VirtualMachineTemplate result);
 
-    List<TemplateResponse> createTemplateResponses(ResponseView view, VirtualMachineTemplate result, Long zoneId, boolean readyOnly);
+    List<TemplateResponse> createTemplateResponses(ResponseView view, VirtualMachineTemplate result,
+                                                   Long zoneId, boolean readyOnly);
+
+    List<TemplateResponse> createTemplateResponses(ResponseView view, VirtualMachineTemplate result,
+                                                   List<Long> zoneIds, boolean readyOnly);
 
     List<CapacityResponse> createCapacityResponse(List<? extends Capacity> result, DecimalFormat format);
 

api/src/org/apache/cloudstack/api/command/admin/template/CopyTemplateCmdByAdmin.java

@@ -40,11 +40,20 @@ public class CopyTemplateCmdByAdmin extends CopyTemplateCmd {
     @Override
     public void execute() throws ResourceAllocationException{
         try {
+            if (destZoneId == null && (destZoneIds == null || destZoneIds.size() == 0))
+                throw new ServerApiException(ApiErrorCode.PARAM_ERROR,
+                        "Either destzoneid or destzoneids parameters have to be specified.");
+
+            if (destZoneId != null && destZoneIds != null && destZoneIds.size() != 0)
+                throw new ServerApiException(ApiErrorCode.PARAM_ERROR,
+                        "Both destzoneid and destzoneids cannot be specified at the same time.");
+
             CallContext.current().setEventDetails(getEventDescription());
             VirtualMachineTemplate template = _templateService.copyTemplate(this);
 
             if (template != null){
-                List<TemplateResponse> listResponse = _responseGenerator.createTemplateResponses(ResponseView.Full, template, getDestinationZoneId(), false);
+                List<TemplateResponse> listResponse = _responseGenerator.createTemplateResponses(ResponseView.Full, template,
+                        getDestinationZoneIds(), false);
                 TemplateResponse response = new TemplateResponse();
                 if (listResponse != null && !listResponse.isEmpty()) {
                     response = listResponse.get(0);

api/src/org/apache/cloudstack/api/command/admin/template/RegisterTemplateCmdByAdmin.java

@@ -40,10 +40,23 @@ public class RegisterTemplateCmdByAdmin extends RegisterTemplateCmd {
     @Override
     public void execute() throws ResourceAllocationException{
         try {
+            if ((zoneId != null) && (zoneIds != null && !zoneIds.isEmpty()))
+                throw new ServerApiException(ApiErrorCode.PARAM_ERROR,
+                        "Both zoneid and zoneids cannot be specified at the same time");
+
+            if (zoneId == null && (zoneIds == null || zoneIds.isEmpty()))
+                throw new ServerApiException(ApiErrorCode.PARAM_ERROR,
+                        "Either zoneid or zoneids is required. Both cannot be null.");
+
+            if (zoneIds != null && zoneIds.size() > 1 && zoneIds.contains(-1L))
+                throw new ServerApiException(ApiErrorCode.PARAM_ERROR,
+                        "Parameter zoneids cannot combine all zones (-1) option with other zones");
+
             VirtualMachineTemplate template = _templateService.registerTemplate(this);
             if (template != null){
                 ListResponse<TemplateResponse> response = new ListResponse<TemplateResponse>();
-                List<TemplateResponse> templateResponses = _responseGenerator.createTemplateResponses(ResponseView.Full, template, zoneId, false);
+                List<TemplateResponse> templateResponses = _responseGenerator.createTemplateResponses(ResponseView.Full, template,
+                        zoneIds, false);
                 response.setResponses(templateResponses);
                 response.setResponseName(getCommandName());
                 setResponseObject(response);

api/src/org/apache/cloudstack/api/command/admin/user/GetUserKeysCmd.java

@@ -0,0 +1,77 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.admin.user;
+
+
+import com.cloud.user.Account;
+import com.cloud.user.User;
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.RegisterResponse;
+import org.apache.cloudstack.api.response.UserResponse;
+
+import java.util.Map;
+import java.util.logging.Logger;
+
+@APICommand(name = GetUserKeysCmd.APINAME,
+            description = "This command allows the user to query the seceret and API keys for the account",
+            responseObject = RegisterResponse.class,
+            requestHasSensitiveInfo = false,
+            responseHasSensitiveInfo = true,
+            authorized = {RoleType.User, RoleType.Admin, RoleType.DomainAdmin, RoleType.ResourceAdmin},
+            since = "4.10.0")
+
+public class GetUserKeysCmd extends BaseCmd{
+
+    @Parameter(name= ApiConstants.ID, type = CommandType.UUID, entityType = UserResponse.class, required = true, description = "ID of the user whose keys are required")
+    private Long id;
+
+    public static final Logger s_logger = Logger.getLogger(RegisterCmd.class.getName());
+    public static final String APINAME = "getUserKeys";
+
+    public Long getID(){
+        return id;
+    }
+
+    public String getCommandName() {
+        return APINAME.toLowerCase() + BaseCmd.RESPONSE_SUFFIX;
+    }
+
+    public long getEntityOwnerId(){
+        User user = _entityMgr.findById(User.class, getID());
+        if(user != null){
+            return user.getAccountId();
+        }
+        else return Account.ACCOUNT_ID_SYSTEM;
+    }
+    public void execute(){
+        Map<String, String> keys = _accountService.getKeys(this);
+        RegisterResponse response = new RegisterResponse();
+        if(keys != null){
+            response.setApiKey(keys.get("apikey"));
+            response.setSecretKey(keys.get("secretkey"));
+        }
+
+        response.setObjectName("userkeys");
+        response.setResponseName(getCommandName());
+        this.setResponseObject(response);
+    }
+}

api/src/org/apache/cloudstack/api/command/admin/user/UpdateUserCmd.java

@@ -18,8 +18,6 @@
 
 import javax.inject.Inject;
 
-import org.apache.log4j.Logger;
-
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
@@ -29,6 +27,7 @@
 import org.apache.cloudstack.api.response.UserResponse;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.region.RegionService;
+import org.apache.log4j.Logger;
 
 import com.cloud.user.Account;
 import com.cloud.user.User;
@@ -61,10 +60,12 @@ public class UpdateUserCmd extends BaseCmd {
     private String lastname;
 
     @Parameter(name = ApiConstants.PASSWORD,
-               type = CommandType.STRING,
-               description = "Clear text password (default hashed to SHA256SALT). If you wish to use any other hasing algorithm, you would need to write a custom authentication adapter")
+            type = CommandType.STRING,
+            description = "Clear text password (default hashed to SHA256SALT). If you wish to use any other hasing algorithm, you would need to write a custom authentication adapter. Can't be passed when command is executed via integration.api.port",
+            acceptedOnAdminPort = false)
     private String password;
 
+
     @Parameter(name = ApiConstants.SECRET_KEY, type = CommandType.STRING, description = "The secret key for the user. Must be specified with userSecretKey")
     private String secretKey;
 

api/src/org/apache/cloudstack/api/command/user/firewall/CreateEgressFirewallRuleCmd.java

@@ -77,6 +77,9 @@ public class CreateEgressFirewallRuleCmd extends BaseAsyncCreateCmd implements F
     @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the cidr list to forward traffic from")
     private List<String> cidrlist;
 
+    @Parameter(name = ApiConstants.DEST_CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the cidr list to forward traffic to")
+    private List<String> destCidrList;
+
     @Parameter(name = ApiConstants.ICMP_TYPE, type = CommandType.INTEGER, description = "type of the icmp message being sent")
     private Integer icmpType;
 
@@ -113,6 +116,11 @@ public List<String> getSourceCidrList() {
         }
     }
 
+    @Override
+    public List<String> getDestinationCidrList(){
+        return destCidrList;
+    }
+
     public Long getVpcId() {
         Network network = _networkService.getNetwork(getNetworkId());
         if (network == null) {
@@ -136,6 +144,10 @@ public void setSourceCidrList(List<String> cidrs) {
         cidrlist = cidrs;
     }
 
+    public void setDestCidrList(List<String> cidrs){
+        destCidrList = cidrs;
+    }
+
     @Override
     public void execute() throws ResourceUnavailableException {
         CallContext callerContext = CallContext.current();
@@ -245,6 +257,16 @@ public void create() {
                 }
             }
         }
+
+        //Destination CIDR formatting check. Since it's optional param, no need to set a default as in the case of source.
+        if(destCidrList != null){
+            for(String cidr : destCidrList){
+                if(!NetUtils.isValidCIDR(cidr)) {
+                    throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Destination cidrs formatting error" + cidr);
+                }
+            }
+        }
+
         if (getProtocol().equalsIgnoreCase(NetUtils.ALL_PROTO)) {
             if (getSourcePortStart() != null && getSourcePortEnd() != null) {
                 throw new InvalidParameterValueException("Do not pass ports to protocol ALL, protocol ALL do not require ports. Unable to create " +