UI for API Key Pair Management (#13225)

Co-authored-by: Fabricio Duarte <fabricio.duarte.jr@gmail.com>

Author: bernardodemarco

api/src/main/java/org/apache/cloudstack/api/command/admin/user/RegisterUserKeysCmd.java

@@ -50,7 +50,7 @@ public class RegisterUserKeysCmd extends BaseAsyncCmd {
     @Parameter(name = ApiConstants.NAME, type = CommandType.STRING, description = "API key pair name.")
     private String name;
 
-    @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "API key pair description.")
+    @Parameter(name = ApiConstants.DESCRIPTION, type = CommandType.STRING, description = "API key pair description.", length = 1024)
     private String description;
 
     @Parameter(name = ApiConstants.START_DATE, type = CommandType.DATE, description = "Start date of the API key pair. " +
@@ -138,6 +138,9 @@ public List<Map<String, Object>> getRules() {
 
             String description = detail.get(ApiConstants.DESCRIPTION);
             if (StringUtils.isNotEmpty(description)) {
+                if (description.length() > 255) {
+                    throw new ServerApiException(ApiErrorCode.PARAM_ERROR, "Rule description cannot be longer than 255 characters.");
+                }
                 ruleDetails.put(ApiConstants.DESCRIPTION, description);
             }
 

engine/schema/src/main/java/org/apache/cloudstack/acl/ApiKeyPairVO.java

@@ -70,7 +70,7 @@ public class ApiKeyPairVO implements ApiKeyPair {
     @Temporal(value = TemporalType.TIMESTAMP)
     private Date created = Date.from(Instant.now());
 
-    @Column(name = "description")
+    @Column(name = "description", length = 1024)
     private String description = "";
 
     @Column(name = "api_key", nullable = false)

engine/schema/src/main/resources/META-INF/db/schema-42210to42300.sql

@@ -73,7 +73,7 @@ CREATE TABLE IF NOT EXISTS `cloud`.`api_keypair` (
     `user_id` bigint(20) unsigned NOT NULL,
     `start_date` datetime,
     `end_date` datetime,
-    `description` varchar(100),
+    `description` varchar(1024),
     `api_key` varchar(255) NOT NULL,
     `secret_key` varchar(255) NOT NULL,
     `created` datetime NOT NULL,
@@ -107,11 +107,15 @@ WHERE user.api_key IS NOT NULL AND user.secret_key IS NOT NULL;
 -- Drop API keys from user table
 ALTER TABLE `cloud`.`user` DROP COLUMN api_key, DROP COLUMN secret_key;
 
--- Grant access to the "deleteUserKeys" API to the "User", "Domain Admin" and "Resource Admin" roles, similarly to the "registerUserKeys" API
+-- Grant access to the "deleteUserKeys" and "listUserKeyRules" APIs to the "User", "Domain Admin" and "Resource Admin" roles, similarly to the "registerUserKeys" API
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('User', 'deleteUserKeys', 'ALLOW');
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Domain Admin', 'deleteUserKeys', 'ALLOW');
 CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Resource Admin', 'deleteUserKeys', 'ALLOW');
 
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('User', 'listUserKeyRules', 'ALLOW');
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Domain Admin', 'listUserKeyRules', 'ALLOW');
+CALL `cloud`.`IDEMPOTENT_UPDATE_API_PERMISSION`('Resource Admin', 'listUserKeyRules', 'ALLOW');
+
 -- Add conserve mode for VPC offerings
 CALL `cloud`.`IDEMPOTENT_ADD_COLUMN`('cloud.vpc_offerings','conserve_mode', 'tinyint(1) unsigned NULL DEFAULT 0 COMMENT ''True if the VPC offering is IP conserve mode enabled, allowing public IP services to be used across multiple VPC tiers'' ');
 

ui/public/locales/en.json

@@ -62,6 +62,7 @@
 "label.action.attach.disk": "Attach Disk",
 "label.action.attach.iso": "Attach ISO",
 "label.action.attach.to.instance": "Attach to Instance",
+"label.action.bulk.delete.api.keys": "Bulk delete API key pairs",
 "label.action.bulk.delete.egress.firewall.rules": "Bulk delete egress firewall rules",
 "label.action.bulk.delete.firewall.rules": "Bulk delete firewall rules",
 "label.action.bulk.delete.ip.v6.firewall.rules": "Bulk remove IPv6 firewall rules",
@@ -82,6 +83,7 @@
 "label.action.copy.iso": "Copy ISO",
 "label.action.copy.snapshot": "Copy Snapshot",
 "label.action.copy.template": "Copy Template",
+"label.action.create.api.key": "Create API key pair for user",
 "label.action.create.backup.schedule": "Create Backup Schedule",
 "label.action.create.recurring.snapshot": "Create Recurring Snapshot",
 "label.action.create.snapshot.from.vmsnapshot": "Create Snapshot from Instance Snapshot",
@@ -116,6 +118,7 @@
 "label.action.delete.snapshot": "Delete Snapshot",
 "label.action.delete.template": "Delete Template",
 "label.action.delete.tungsten.router.table": "Remove Tungsten Fabric route table from Network",
+"label.action.delete.keypair": "Delete API key pair",
 "label.action.delete.user": "Delete User",
 "label.action.delete.vgpu.profile": "Delete vGPU profile",
 "label.action.delete.volume": "Delete Volume",
@@ -409,6 +412,11 @@
 "label.api.docs.count": "APIs available for your account",
 "label.api.version": "API version",
 "label.apikey": "API key",
+"label.apikeypairs": "API Key Pairs",
+"label.apikeypair.description": "Description of the API key pair",
+"label.apikeypair.name": "Name of the API key pair",
+"label.apikeypair.startdate": "API key pair valid from",
+"label.apikeypair.enddate": "API key pair valid until",
 "label.app.cookie": "AppCookie",
 "label.app.name": "CloudStack",
 "label.application.policy.set": "Application Policy Set",
@@ -624,6 +632,7 @@
 "label.configure.ldap": "Configure LDAP",
 "label.configure.ovs": "Configure Ovs",
 "label.configure.sticky.policy": "Configure sticky policy",
+"label.confirm.delete.api.keys": "Please confirm you wish to delete the selected API key pairs",
 "label.confirm.delete.egress.firewall.rules": "Please confirm you wish to delete the selected egress firewall rules.",
 "label.confirm.delete.firewall.rules": "Please confirm you wish to delete the selected firewall rules.",
 "label.confirm.delete.ip.v6.firewall.rules": "Please confirm you wish to delete the selected IPv6 firewall rules",
@@ -786,6 +795,7 @@
 "label.delete.alerts": "Delete alerts",
 "label.delete.asnrange": "Delete AS Range",
 "label.delete.autoscale.vmgroup": "Delete AutoScaling Group",
+"label.delete.all.rules": "Delete all API key pair rules",
 "label.delete.backup": "Delete backup",
 "label.delete.backup.schedule": "Delete backup schedule",
 "label.delete.bgp.peer": "Delete BGP peer",
@@ -843,6 +853,7 @@
 "label.deleting": "Deleting",
 "label.deleting.failed": "Deleting failed",
 "label.deleting.iso": "Deleting ISO",
+"label.deleting.keypair": "Deleting API key pair",
 "label.deleting.snapshot": "Deleting Snapshot",
 "label.deleting.template": "Deleting Template",
 "label.deleteprotection": "Delete protection",
@@ -1643,6 +1654,7 @@
 "message.memory.usage.info.hypervisor.additionals": "The data shown may not reflect the actual memory usage if the Instance does not have the additional hypervisor tools installed",
 "message.memory.usage.info.negative.value": "If the Instance's memory usage cannot be obtained from the hypervisor, the lines for free memory in the raw data graph and memory usage in the percentage graph will be disabled",
 "message.migrate.volume.tooltip": "Volume can be migrated to any suitable storage pool. Admin has to choose the appropriate disk offering to replace, that supports the new storage pool",
+"message.register.keypair.failed": "Failed to register API key pair",
 "label.migrate.with.storage": "Migrate with storage",
 "label.migrating": "Migrating",
 "label.migrating.data": "Migrating data",
@@ -2083,12 +2095,14 @@
 "label.redundantvpcrouter": "Redundant VPC",
 "label.refresh": "Refresh",
 "label.region": "Region",
+"label.register.api.key": "Register API key pair",
 "label.register.extension": "Register Extension",
 "label.register.oauth": "Register OAuth",
 "label.register.template": "Register Template",
 "label.register.user.data": "Register User Data",
 "label.register.cni.config": "Register CNI Configuration",
 "label.register.user.data.details": "Enter the User Data in plain text or in Base64 encoding. Up to 32KB of Base64 encoded User Data can be sent by default. The setting vm.userdata.max.length can be used to increase the limit to upto 1MB.",
+"label.registering.keypair": "Registering API key pair for user \"{user}\"",
 "label.reinstall.vm": "Reinstall Instance",
 "label.reject": "Reject",
 "label.related": "Related",
@@ -2403,6 +2417,7 @@
 "label.unregister.extension": "Unregister Extension",
 "label.usediops": "IOPS used",
 "label.userdata": "User Data",
+"label.user.api.key.rules": "API key pair rules",
 "label.user.data.id": "User Data ID",
 "label.user.data.name": "User Data name",
 "label.user.data.details": "User Data details",
@@ -2936,7 +2951,7 @@
 "label.versioning": "Versioning",
 "label.objectlocking": "Object Lock",
 "label.bucket.policy": "Bucket Policy",
-"label.usersecretkey": "Secret Key",
+"label.usersecretkey": "API Secret Key",
 "label.create.bucket": "Create Bucket",
 "label.cniconfiguration": "CNI Configuration",
 "label.cniconfigname": "Associated CNI Configuration",
@@ -3350,6 +3365,8 @@
 "message.delete.failed": "Delete fail",
 "message.delete.gateway": "Please confirm you want to delete the gateway.",
 "message.delete.ip.v6.prefix.processing": "Deleting IPv6 prefix...",
+"message.delete.keypair": "Please confirm that you would like to delete this API key pair.",
+"message.delete.keypair.failed": "Failed to delete API key pair",
 "message.delete.port.forward.processing": "Deleting port forwarding rule...",
 "message.delete.project": "Are you sure you want to delete this project?",
 "message.delete.rule.processing": "Deleting rule...",
@@ -3755,6 +3772,8 @@
 "message.new.version.available": "A new version of CloudStack is available. Click here to check the details",
 "message.no.data.to.show.for.period": "No data to show for the selected period.",
 "message.no.description": "No description entered.",
+"message.note.about.keypair.permissions.title": "Note about API key pair rule permissions",
+"message.note.about.keypair.permissions.body": "During the creation of API key pairs, it is possible to define a corresponding set of rule permissions. If a rule set is defined, the API key pair will only have access to APIs for which access has been explicitly granted (i.e., APIs whose corresponding rules are marked as allowed). On the other hand, if no rule set is specified, the API key pair permissions will follow and adapt to the permission set of the user's account role.",
 "message.offering.internet.protocol.warning": "WARNING: IPv6 supported Networks use static routing and will require upstream routes to be configured manually.",
 "message.offering.ipv6.warning": "Please refer documentation for creating IPv6 enabled Network/VPC offering <a href='http://docs.cloudstack.apache.org/en/latest/plugins/ipv6.html#isolated-network-and-vpc-tier'>IPv6 support in CloudStack - Isolated Networks and VPC Network Tiers</a>",
 "message.oobm.configured": "Successfully configured out-of-band management for host",
@@ -3963,6 +3982,7 @@
 "message.success.delete.gpu.devices": "Successfully deleted GPU device(s)",
 "message.success.delete.icon": "Successfully deleted icon of",
 "message.success.delete.interface.static.route": "Successfully removed interface Static Route",
+"message.success.delete.keypair": "Success deleting API key pair",
 "message.success.delete.ipv4.subnet": "Successfully removed IPv4 subnet",
 "message.success.delete.network.static.route": "Successfully removed Network Static Route",
 "message.success.delete.node": "Successfully deleted node",
@@ -3994,6 +4014,7 @@
 "message.success.register.keypair": "Successfully registered SSH key pair",
 "message.success.register.template": "Successfully registered Template",
 "message.success.register.user.data": "Successfully registered User Data",
+"message.success.register.user.keypair": "Successfully registered API key pair for user \"{user}\"",
 "message.success.release.ip": "Successfully released IP",
 "message.success.release.dedicated.bgp.peer": "Successfully released dedicated BGP peer",
 "message.success.release.dedicated.ipv4.subnet": "Successfully released dedicated IPv4 subnet",