Merge branch 'main' into dependabot/maven/com.zaxxer-HikariCP-7.0.2

Author: shwstppr

.github/workflows/stale.yml

@@ -0,0 +1,41 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+name: 'Close stale issues and PRs'
+on:
+  schedule:
+    - cron: '30 1 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v10
+        with:
+          stale-issue-message: 'This issue is stale because it has been open for 120 days with no activity. It may be removed by administrators of this project at any time. Remove the stale label or comment to request for removal of it to prevent this.'
+          stale-pr-message: 'This PR is stale because it has been open for 120 days with no activity. It may be removed by administrators of this project at any time. Remove the stale label or comment to request for removal of it to prevent this.'
+          close-issue-message: 'This issue was closed because it has been stale for 120 days with no activity.'
+          close-pr-message: 'This PR was closed because it has been stale for 120 days with no activity.'
+          stale-issue-label: 'no-issue-activity'
+          stale-pr-label: 'no-pr-activity'
+          days-before-stale: 120
+          exempt-issue-labels: 'gsoc,good-first-issue,long-term-plan'
+          exempt-pr-labels: 'status:ready-for-merge,status:needs-testing,status:on-hold'

plugins/user-authenticators/ldap/pom.xml

@@ -215,5 +215,11 @@
             <artifactId>commons-io</artifactId>
             <version>${cs.commons-io.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.apache.cloudstack</groupId>
+            <artifactId>cloud-api</artifactId>
+            <version>${project.version}</version>
+            <scope>compile</scope>
+        </dependency>
     </dependencies>
 </project>

plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/LinkDomainToLdapCmd.java

@@ -51,14 +51,10 @@ public class LinkDomainToLdapCmd extends BaseCmd {
     @Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, required = true, description = "type of the ldap name. GROUP or OU")
     private String type;
 
-    @Parameter(name = ApiConstants.LDAP_DOMAIN, type = CommandType.STRING, required = false, description = "name of the group or OU in LDAP")
+    @Parameter(name = ApiConstants.LDAP_DOMAIN, type = CommandType.STRING, required = true, description = "name of the group or OU in LDAP")
     private String ldapDomain;
 
-    @Deprecated
-    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = false, description = "name of the group or OU in LDAP")
-    private String name;
-
-    @Parameter(name = ApiConstants.ADMIN, type = CommandType.STRING, required = false, description = "domain admin username in LDAP ")
+    @Parameter(name = ApiConstants.ADMIN, type = CommandType.STRING, description = "domain admin username in LDAP ")
     private String admin;
 
     @Parameter(name = ApiConstants.ACCOUNT_TYPE, type = CommandType.INTEGER, required = true, description = "Type of the account to auto import. Specify 0 for user and 2 for " +
@@ -77,7 +73,7 @@ public String getType() {
     }
 
     public String getLdapDomain() {
-        return ldapDomain == null ? name : ldapDomain;
+        return ldapDomain;
     }
 
     public String getAdmin() {
@@ -98,7 +94,7 @@ public void execute() throws ServerApiException {
                 try {
                     ldapUser = _ldapManager.getUser(admin, type, getLdapDomain(), domainId);
                 } catch (NoLdapUserMatchingQueryException e) {
-                    logger.debug("no ldap user matching username " + admin + " in the given group/ou", e);
+                    logger.debug("no ldap user matching username {} in the given group/ou", admin, e);
                 }
                 if (ldapUser != null && !ldapUser.isDisabled()) {
                     Account account = _accountService.getActiveAccountByName(admin, domainId);
@@ -115,7 +111,7 @@ public void execute() throws ServerApiException {
                         logger.debug("an account with name {} already exists in the domain {} with id {}", admin, _domainService.getDomain(domainId), domainId);
                     }
                 } else {
-                    logger.debug("ldap user with username "+admin+" is disabled in the given group/ou");
+                    logger.debug("ldap user with username {} is disabled in the given group/ou", admin);
                 }
             }
             response.setObjectName("LinkDomainToLdap");

plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/api/command/UnlinkDomainFromLdapCmd.java

@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cloudstack.api.command;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.ldap.LdapManager;
+
+import javax.inject.Inject;
+
+@APICommand(name = "unlinkDomainFromLdap", description = "remove the linkage of a Domain to a group or OU in ldap",
+        responseObject = SuccessResponse.class, since = "4.23.0", requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
+public class UnlinkDomainFromLdapCmd extends BaseCmd {
+    @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, required = true, entityType = DomainResponse.class,
+            description = "The ID of the Domain which has to be unlinked from LDAP.")
+    private Long domainId;
+
+    @Inject
+    private LdapManager _ldapManager;
+
+    public Long getDomainId() {
+        return domainId;
+    }
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
+        boolean rc = _ldapManager.unlinkDomainFromLdap(this);
+        SuccessResponse response = new SuccessResponse(getCommandName());
+        response.setSuccess(rc);
+        if (rc) {
+            response.setDisplayText("Domain unlinked from LDAP successfully");
+        } else {
+            response.setDisplayText("Failed to unlink domain from LDAP");
+        }
+        setResponseObject(response);
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return Account.ACCOUNT_ID_SYSTEM;
+    }
+}

plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManager.java

@@ -23,6 +23,7 @@
 import org.apache.cloudstack.api.command.LdapListConfigurationCmd;
 import org.apache.cloudstack.api.command.LinkAccountToLdapCmd;
 import org.apache.cloudstack.api.command.LinkDomainToLdapCmd;
+import org.apache.cloudstack.api.command.UnlinkDomainFromLdapCmd;
 import org.apache.cloudstack.api.response.LdapConfigurationResponse;
 import org.apache.cloudstack.api.response.LdapUserResponse;
 
@@ -34,7 +35,7 @@
 
 public interface LdapManager extends PluggableService {
 
-    enum LinkType { GROUP, OU;}
+    enum LinkType { GROUP, OU}
 
     LdapConfigurationResponse addConfiguration(final LdapAddConfigurationCmd cmd) throws InvalidParameterValueException;
 
@@ -69,6 +70,8 @@ enum LinkType { GROUP, OU;}
 
     LinkDomainToLdapResponse linkDomainToLdap(LinkDomainToLdapCmd cmd);
 
+    boolean unlinkDomainFromLdap(UnlinkDomainFromLdapCmd cmd);
+
     LdapTrustMapVO getDomainLinkedToLdap(long domainId);
 
     List<LdapTrustMapVO> getDomainLinkage(long domainId);

plugins/user-authenticators/ldap/src/main/java/org/apache/cloudstack/ldap/LdapManagerImpl.java

@@ -43,6 +43,7 @@
 import org.apache.cloudstack.api.command.LdapUserSearchCmd;
 import org.apache.cloudstack.api.command.LinkAccountToLdapCmd;
 import org.apache.cloudstack.api.command.LinkDomainToLdapCmd;
+import org.apache.cloudstack.api.command.UnlinkDomainFromLdapCmd;
 import org.apache.cloudstack.api.response.LdapConfigurationResponse;
 import org.apache.cloudstack.api.response.LdapUserResponse;
 import org.apache.cloudstack.api.response.LinkAccountToLdapResponse;
@@ -292,7 +293,7 @@ private LdapConfigurationResponse deleteConfigurationInternal(final String hostn
 
     @Override
     public List<Class<?>> getCommands() {
-        final List<Class<?>> cmdList = new ArrayList<Class<?>>();
+        final List<Class<?>> cmdList = new ArrayList<>();
         cmdList.add(LdapUserSearchCmd.class);
         cmdList.add(LdapListUsersCmd.class);
         cmdList.add(LdapAddConfigurationCmd.class);
@@ -304,6 +305,7 @@ public List<Class<?>> getCommands() {
         cmdList.add(LDAPRemoveCmd.class);
         cmdList.add(LinkDomainToLdapCmd.class);
         cmdList.add(LinkAccountToLdapCmd.class);
+        cmdList.add(UnlinkDomainFromLdapCmd.class);
         return cmdList;
     }
 
@@ -393,7 +395,7 @@ public Pair<List<? extends LdapConfigurationVO>, Integer> listConfigurations(fin
         final boolean listAll = cmd.listAll();
         final Long id = cmd.getId();
         final Pair<List<LdapConfigurationVO>, Integer> result = _ldapConfigurationDao.searchConfigurations(id, hostname, port, domainId, listAll);
-        return new Pair<List<? extends LdapConfigurationVO>, Integer>(result.first(), result.second());
+        return new Pair<>(result.first(), result.second());
     }
 
     @Override
@@ -423,6 +425,11 @@ public LinkDomainToLdapResponse linkDomainToLdap(LinkDomainToLdapCmd cmd) {
         return linkDomainToLdap(cmd.getDomainId(),cmd.getType(), ldapDomain,cmd.getAccountType());
     }
 
+    @Override
+    public boolean unlinkDomainFromLdap(UnlinkDomainFromLdapCmd cmd) {
+        return unlinkDomainFromLdap(cmd.getDomainId());
+    }
+
     private LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, String name, Account.Type accountType) {
         Validate.notNull(type, "type cannot be null. It should either be GROUP or OU");
         Validate.notNull(domainId, "domainId cannot be null.");
@@ -442,6 +449,15 @@ private LinkDomainToLdapResponse linkDomainToLdap(Long domainId, String type, St
         return response;
     }
 
+    private boolean unlinkDomainFromLdap(Long domainId) {
+        LdapTrustMapVO vo = _ldapTrustMapDao.findByDomainId(domainId);
+        if (vo != null) {
+            removeTrustmap(vo);
+            return true;
+        }
+        return false;
+    }
+
     @Override
     public LdapTrustMapVO getDomainLinkedToLdap(long domainId){
         return _ldapTrustMapDao.findByDomainId(domainId);

pom.xml

@@ -126,7 +126,7 @@
         <cs.amqp-client.version>5.17.0</cs.amqp-client.version>
         <cs.apache-cloudstack-java-client.version>1.0.9</cs.apache-cloudstack-java-client.version>
         <cs.aspectjrt.version>1.9.19</cs.aspectjrt.version>
-        <cs.aws.sdk.version>1.12.439</cs.aws.sdk.version>
+        <cs.aws.sdk.version>1.12.795</cs.aws.sdk.version>
         <cs.axiom.version>1.2.8</cs.axiom.version>
         <cs.axis2.version>1.6.4</cs.axis2.version>
         <cs.batik.version>1.14</cs.batik.version>

ui/public/locales/en.json

@@ -1452,6 +1452,7 @@
 "label.lbruleid": "Load balancer ID",
 "label.lbtype": "Load balancer type",
 "label.ldap": "LDAP",
+"label.ldapdomain": "LDAP Domain",
 "label.ldap.configuration": "LDAP Configuration",
 "label.ldap.group.name": "LDAP Group",
 "label.level": "Level",
@@ -2587,6 +2588,7 @@
 "label.undefined": "Undefined",
 "label.unit": "Usage unit",
 "label.unknown": "Unknown",
+"label.unlink.domain.from.ldap": "Unlink the Domain from LDAP",
 "label.unlimited": "Unlimited",
 "label.unmanaged": "Unmanaged",
 "label.unmanage.instance": "Unmanage Instance",

ui/src/config/section/domain.js

@@ -144,7 +144,7 @@ export default {
       docHelp: 'adminguide/accounts.html#using-an-ldap-server-for-user-authentication',
       listView: true,
       dataView: true,
-      args: ['type', 'domainid', 'name', 'accounttype', 'admin'],
+      args: ['type', 'domainid', 'ldapdomain', 'accounttype', 'admin'],
       mapping: {
         type: {
           options: ['GROUP', 'OU']
@@ -157,6 +157,20 @@ export default {
         }
       }
     },
+    {
+      api: 'unlinkDomainFromLdap',
+      icon: 'ArrowsAltOutlined',
+      label: 'label.unlink.domain.from.ldap',
+      docHelp: 'adminguide/accounts.html#using-an-ldap-server-for-user-authentication',
+      listView: true,
+      dataView: true,
+      args: ['domainid'],
+      mapping: {
+        domainid: {
+          value: (record) => { return record.id }
+        }
+      }
+    },
     {
       api: 'deleteDomain',
       icon: 'delete-outlined',