Support ApiServer to enforce POST requests for state changing APIs and requests with timestamps

[sureshanaparti]

Description

This PR enables ApiServer to support enforcing POST requests with timestamps for state changing APIs, thought the setting 'enforce.post.requests.and.timestamps' (default: false).

Other related sub-project PRs supporting POST requests:

• Allow users to send requests from CMK using POST requests.  cloudstack-cloudmonkey#161
• Changing executeAPI to utilize POST request cloudstack-csbench#18
• Modify State Changing Requests to Utilize POST Request cloudstack-go#107
• Updated cloudstack go sdk to v2.17.1 kubernetes-sigs/cluster-api-provider-cloudstack#449
• Updated cloudstack go sdk to v2.17.1 cloudstack-terraform-provider#193
• Updated cloudstack go sdk to v2.17.1 cloudstack-kubernetes-provider#79

Need to update the cloudstack-go sdk version in the below sub-projects once the changes in apache/cloudstack-go#107 are merged and the sdk is released.

• K8S Provider: https://github.com/apache/cloudstack-kubernetes-provider/blob/a315d9e1c2aa3d571abf2ef992c230d5cbcf58c6/go.mod#L6
• Terraform Provider: https://github.com/apache/cloudstack-terraform-provider/blob/d85ccb23d232b52e5e1d0d535b1c51ca041f178d/go.mod#L4
• CAPC: https://github.com/kubernetes-sigs/cluster-api-provider-cloudstack/blob/4ba60650a17ae795d789e562d1895f6cc3b2cb89/go.mod#L8

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI
• test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Tested some VM, Volume operations with setting 'enforce.post.requests.and.timestamps' false and true.

How did you try to break this feature and the system with this change?

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13472

[sureshanaparti]

@blueorangutan test

[blueorangutan]

@sureshanaparti a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-13373)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 56145 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10899-t13373-kvm-ol8.zip
Smoke tests completed. 141 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[codecov]

Codecov Report

❌ Patch coverage is 11.11111% with 64 lines in your changes missing coverage. Please review.
✅ Project coverage is 16.58%. Comparing base (3e3a0c0) to head (a1f2604).
⚠️ Report is 174 commits behind head on main.

Files with missing lines	Patch %	Lines
server/src/main/java/com/cloud/api/ApiServlet.java	8.92%	50 Missing and 1 partial ⚠️
server/src/main/java/com/cloud/api/ApiServer.java	13.33%	13 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##               main   #10899   +/-   ##
=========================================
  Coverage     16.58%   16.58%           
  Complexity    13989    13989           
=========================================
  Files          5743     5743           
  Lines        510706   510764   +58     
  Branches      62119    62124    +5     
=========================================
+ Hits          84689    84699   +10     
- Misses       416543   416591   +48     
  Partials       9474     9474           

Flag	Coverage Δ
uitests	3.90% <ø> (+<0.01%)	⬆️
unittests	17.47% <11.11%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13492

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13493

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13498

[borisstoyanov]

@blueorangutan test

[blueorangutan]

@borisstoyanov a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-13412)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 86433 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10899-t13412-kvm-ol8.zip
Smoke tests completed. 130 look OK, 11 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_nic_secondaryip_add_remove	Error	1518.90	test_multipleips_per_nic.py
ContextSuite context=TestNestedVirtualization>:setup	Error	0.00	test_nested_virtualization.py
ContextSuite context=TestNetworkACL>:setup	Error	0.00	test_network_acl.py
ContextSuite context=TestIpv6Network>:setup	Error	0.00	test_network_ipv6.py
test_delete_account	Error	1518.17	test_network.py
test_delete_network_while_vm_on_it	Error	1.25	test_network.py
test_deploy_vm_l2network	Error	1.23	test_network.py
test_l2network_restart	Error	2.42	test_network.py
ContextSuite context=TestPortForwarding>:setup	Error	3.71	test_network.py
ContextSuite context=TestPublicIP>:setup	Error	13.52	test_network.py
test_reboot_router	Failure	0.12	test_network.py
test_releaseIP	Error	6.71	test_network.py
test_releaseIP_using_IP	Error	6.82	test_network.py
ContextSuite context=TestRouterRules>:setup	Error	6.93	test_network.py
ContextSuite context=TestSharedNetworkWithConfigDrive>:setup	Error	1522.77	test_network.py
ContextSuite context=TestPrivateGwACL>:setup	Error	0.00	test_privategw_acl.py
ContextSuite context=TestAdapterTypeForNic>:setup	Error	0.00	test_nic_adapter_type.py
ContextSuite context=TestNonStrictAffinityGroups>:setup	Error	0.00	test_nonstrict_affinity_group.py
ContextSuite context=TestIsolatedNetworksPasswdServer>:setup	Error	0.00	test_password_server.py
ContextSuite context=TestPortForwardingRules>:setup	Error	0.00	test_portforwardingrules.py
ContextSuite context=TestProjectSuspendActivate>:setup	Error	1530.13	test_projects.py

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[kiranchavala]

LGTM

1. Enabled the global setting "enforce.post.requests.and.timestamps” to true

2. Execute some API's like create volume /delete network API

3. Monitor the network traffic via wireshark and we can see the POST request is enforced

[weizhouapache]

code lgtm

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14026

[sureshanaparti]

@blueorangutan test

[blueorangutan]

@sureshanaparti a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-13677)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 55487 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10899-t13677-kvm-ol8.zip
Smoke tests completed. 141 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[shwstppr]

@sureshanaparti On latest main branch,

cloudstack|main ⇒  git --no-pager grep "api(" ui/                                                                                                                                                                                main|⚑32 
ui/src/components/view/ImageDeployInstanceButton.vue:      api(this.imageApi, params).then(json => {
ui/src/components/view/ImageDeployInstanceButton.vue:      api('listZones', { showicon: true, ids: zoneids.join(',') }).then(json => {
ui/src/views/compute/KubernetesAddNodes.vue:        api('listVirtualMachines', {
ui/src/views/compute/KubernetesAddNodes.vue:        api('addNodesToKubernetesCluster', params).then(json => {
ui/src/views/compute/KubernetesRemoveNodes.vue:        api('removeNodesFromKubernetesCluster', params).then(json => {

Also, in

cloudstack|main ⇒  git --no-pager grep "postAPI(" ui/src/components/widgets/InfiniteScrollSelect.vue                                                                                                                             main|⚑32 
ui/src/components/widgets/InfiniteScrollSelect.vue:      postAPI(this.api, params).then(json => {

APIs here are supposed to be list APIs so should it call getAPI?

[sureshanaparti]

@shwstppr Below should call postAPI(), rest all - list calls should call getAPI().

ui/src/views/compute/KubernetesAddNodes.vue:        api('addNodesToKubernetesCluster', params).then(json => {
ui/src/views/compute/KubernetesRemoveNodes.vue:        api('removeNodesFromKubernetesCluster', params).then(json => {

[rohityadavcloud]

@sureshanaparti or @shwstppr anyone following up on these changes?