temp commit

Author: vishesh92

api/src/main/java/org/apache/cloudstack/api/ApiConstants.java

@@ -862,6 +862,7 @@ public class ApiConstants {
     public static final String ITERATIONS = "iterations";
     public static final String SORT_BY = "sortby";
     public static final String CHANGE_CIDR = "changecidr";
+    public static final String HSM_PROFILE = "hsmprofile";
     public static final String PURPOSE = "purpose";
     public static final String KMS_KEY_ID = "kmskeyid";
     public static final String KMS_KEY_VERSION = "kmskeyversion";

api/src/main/java/org/apache/cloudstack/api/command/admin/kms/RotateKMSKeyCmd.java

@@ -61,6 +61,11 @@ public class RotateKMSKeyCmd extends BaseAsyncCmd {
                description = "Key size for new KEK (default: same as current)")
     private Integer keyBits;
 
+    @Parameter(name = ApiConstants.HSM_PROFILE,
+               type = CommandType.STRING,
+               description = "The target HSM profile name for the new KEK version. If provided, migrates the key to this HSM.")
+    private String hsmProfile;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -73,6 +78,10 @@ public Integer getKeyBits() {
         return keyBits;
     }
 
+    public String getHsmProfile() {
+        return hsmProfile;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////

api/src/main/java/org/apache/cloudstack/api/command/user/kms/CreateKMSKeyCmd.java

@@ -95,6 +95,11 @@ public class CreateKMSKeyCmd extends BaseCmd implements UserCmd {
                description = "Key size in bits: 128, 192, or 256 (default: 256)")
     private Integer keyBits;
 
+    @Parameter(name = ApiConstants.HSM_PROFILE,
+               type = CommandType.STRING,
+               description = "Name of HSM profile to create key in")
+    private String hsmProfile;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -127,6 +132,10 @@ public Integer getKeyBits() {
         return keyBits != null ? keyBits : 256; // Default to 256 bits
     }
 
+    public String getHsmProfile() {
+        return hsmProfile;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////

api/src/main/java/org/apache/cloudstack/api/command/user/kms/hsm/AddHSMProfileCmd.java

@@ -0,0 +1,138 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.user.kms.hsm;
+
+import java.util.Map;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.DomainResponse;
+import org.apache.cloudstack.api.response.HSMProfileResponse;
+import org.apache.cloudstack.api.response.ZoneResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.kms.KMSException;
+import org.apache.cloudstack.kms.HSMProfile;
+import org.apache.cloudstack.kms.KMSManager;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.user.Account;
+
+@APICommand(name = "addHSMProfile", description = "Adds a new HSM profile", responseObject = HSMProfileResponse.class,
+        requestHasSensitiveInfo = true, responseHasSensitiveInfo = true, since = "4.21.0")
+public class AddHSMProfileCmd extends BaseCmd {
+
+    @Inject
+    private KMSManager kmsManager;
+
+    ////////////////////////////////////////////////=====
+    // API parameters
+    ////////////////////////////////////////////////=====
+
+    @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, required = true, description = "the name of the HSM profile")
+    private String name;
+
+    @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, required = true, description = "the protocol of the HSM profile (PKCS11, KMIP, etc.)")
+    private String protocol;
+
+    @Parameter(name = ApiConstants.ZONE_ID, type = CommandType.UUID, entityType = ZoneResponse.class, description = "the zone ID where the HSM profile is available. If null, global scope (for admin only)")
+    private Long zoneId;
+
+    @Parameter(name = ApiConstants.DOMAIN_ID, type = CommandType.UUID, entityType = DomainResponse.class, description = "the domain ID where the HSM profile is available")
+    private Long domainId;
+
+    @Parameter(name = ApiConstants.ACCOUNT_ID, type = CommandType.UUID, entityType = DomainResponse.class, description = "the account ID of the HSM profile owner. If null, admin-provided (available to all accounts)")
+    private Long accountId;
+
+    @Parameter(name = ApiConstants.VENDOR_NAME, type = CommandType.STRING, description = "the vendor name of the HSM")
+    private String vendorName;
+
+    @Parameter(name = ApiConstants.DETAILS, type = CommandType.MAP, required = true, description = "HSM configuration details (protocol specific)")
+    private Map<String, String> details;
+
+    ////////////////////////////////////////////////=====
+    // Accessors
+    ////////////////////////////////////////////////=====
+
+    public String getName() {
+        return name;
+    }
+
+    public String getProtocol() {
+        return protocol;
+    }
+
+    public Long getZoneId() {
+        return zoneId;
+    }
+
+    public Long getDomainId() {
+        return domainId;
+    }
+
+    public Long getAccountId() {
+        return accountId;
+    }
+
+    public String getVendorName() {
+        return vendorName;
+    }
+
+    public Map<String, String> getDetails() {
+        return details;
+    }
+
+    ////////////////////////////////////////////////=====
+    // Implementation
+    ////////////////////////////////////////////////=====
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
+        try {
+            // Default to caller account if not admin and accountId not specified
+            // But wait, the plan says: "No accountId parameter means account_id = NULL (admin-provided)"
+            // However, regular users can add their own profiles.
+            // So if caller is normal user, accountId should be forced to their account.
+
+            // Logic handled in KMSManagerImpl
+            HSMProfile profile = kmsManager.addHSMProfile(this);
+            HSMProfileResponse response = kmsManager.createHSMProfileResponse(profile);
+            response.setResponseName(getCommandName());
+            setResponseObject(response);
+        } catch (KMSException e) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.getMessage());
+        }
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        if (accountId != null) {
+            return accountId;
+        }
+        return CallContext.current().getCallingAccount().getId();
+    }
+}

api/src/main/java/org/apache/cloudstack/api/command/user/kms/hsm/DeleteHSMProfileCmd.java

@@ -0,0 +1,90 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.user.kms.hsm;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.HSMProfileResponse;
+import org.apache.cloudstack.api.response.SuccessResponse;
+import org.apache.cloudstack.context.CallContext;
+import org.apache.cloudstack.framework.kms.KMSException;
+import org.apache.cloudstack.kms.HSMProfile;
+import org.apache.cloudstack.kms.KMSManager;
+
+import com.cloud.exception.ConcurrentOperationException;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.NetworkRuleConflictException;
+import com.cloud.exception.ResourceAllocationException;
+import com.cloud.exception.ResourceUnavailableException;
+
+@APICommand(name = "deleteHSMProfile", description = "Deletes an HSM profile", responseObject = SuccessResponse.class,
+        requestHasSensitiveInfo = false, responseHasSensitiveInfo = false, since = "4.21.0")
+public class DeleteHSMProfileCmd extends BaseCmd {
+
+    @Inject
+    private KMSManager kmsManager;
+
+    ////////////////////////////////////////////////=====
+    // API parameters
+    ////////////////////////////////////////////////=====
+
+    @Parameter(name = ApiConstants.ID, type = CommandType.UUID, entityType = HSMProfileResponse.class, required = true, description = "the ID of the HSM profile")
+    private Long id;
+
+    ////////////////////////////////////////////////=====
+    // Accessors
+    ////////////////////////////////////////////////=====
+
+    public Long getId() {
+        return id;
+    }
+
+    ////////////////////////////////////////////////=====
+    // Implementation
+    ////////////////////////////////////////////////=====
+
+    @Override
+    public void execute() throws ResourceUnavailableException, InsufficientCapacityException, ServerApiException, ConcurrentOperationException, ResourceAllocationException, NetworkRuleConflictException {
+        try {
+            boolean result = kmsManager.deleteHSMProfile(this);
+            if (result) {
+                SuccessResponse response = new SuccessResponse(getCommandName());
+                setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to delete HSM profile");
+            }
+        } catch (KMSException e) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, e.getMessage());
+        }
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        HSMProfile profile = _entityMgr.findById(HSMProfile.class, id);
+        if (profile != null && profile.getAccountId() != null) {
+            return profile.getAccountId();
+        }
+        return CallContext.current().getCallingAccount().getId();
+    }
+}

api/src/main/java/org/apache/cloudstack/api/command/user/kms/hsm/ListHSMProfilesCmd.java

@@ -0,0 +1,90 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.cloudstack.api.command.user.kms.hsm;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.BaseListCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.response.HSMProfileResponse;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.apache.cloudstack.api.response.ZoneResponse;
+import org.apache.cloudstack.kms.HSMProfile;
+import org.apache.cloudstack.kms.KMSManager;
+
+@APICommand(name = "listHSMProfiles", description = "Lists HSM profiles", responseObject = HSMProfileResponse.class,
+        requestHasSensitiveInfo = false, responseHasSensitiveInfo = true, since = "4.21.0")
+public class ListHSMProfilesCmd extends BaseListCmd {
+
+    @Inject
+    private KMSManager kmsManager;
+
+    ////////////////////////////////////////////////=====
+    // API parameters
+    ////////////////////////////////////////////////=====
+
+    @Parameter(name = ApiConstants.ZONE_ID, type = CommandType.UUID, entityType = ZoneResponse.class, description = "the zone ID")
+    private Long zoneId;
+
+    @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "the protocol of the HSM profile")
+    private String protocol;
+
+    @Parameter(name = ApiConstants.ENABLED, type = CommandType.BOOLEAN, description = "list only enabled profiles")
+    private Boolean enabled;
+
+    ////////////////////////////////////////////////=====
+    // Accessors
+    ////////////////////////////////////////////////=====
+
+    public Long getZoneId() {
+        return zoneId;
+    }
+
+    public String getProtocol() {
+        return protocol;
+    }
+
+    public Boolean getEnabled() {
+        return enabled;
+    }
+
+    ////////////////////////////////////////////////=====
+    // Implementation
+    ////////////////////////////////////////////////=====
+
+    @Override
+    public void execute() {
+        List<HSMProfile> profiles = kmsManager.listHSMProfiles(this);
+        ListResponse<HSMProfileResponse> response = new ListResponse<>();
+        List<HSMProfileResponse> profileResponses = new ArrayList<>();
+        
+        for (HSMProfile profile : profiles) {
+            HSMProfileResponse profileResponse = kmsManager.createHSMProfileResponse(profile);
+            profileResponses.add(profileResponse);
+        }
+
+        response.setResponses(profileResponses);
+        response.setResponseName(getCommandName());
+        setResponseObject(response);
+    }
+}