apache
API to list console sessions
Description
Currently, details about console sessions are stored in the cloud.console_session table in the database. Operators can only access this information by querying the database directly, while end users have no way to view console session data at all.
To address this, this PR proposes to create the listConsoleSessions API. It allows listing the console sessions, with optional filters by domain, account, user, host, instance, IP address, and date. The API is accessible to all account types and, thus, performs proper access validation on the queried resources.
The API supports the following parameters:
| Parameter | Description | Required |
|---|---|---|
id |
Console session ID. | No |
activeonly |
Indicates whether only currently active console sessions should be listed. Defaults to true. Active sessions are the ones that have been acquired and have not been removed. |
No |
isrecursive |
Lists console sessions recursively per domain. Defaults to false. |
No |
clientaddress |
IP address of the client that accessed the console. | No |
consoleendpointcreatoraddress |
IP address of the client that generated the console session endpoint. | No |
hostid |
ID of the host where the VM was running when the console session endpoint was generated. Only available for Root Admins. | No |
instanceid |
ID of the VM associated with the console session. | No |
startdate |
If provided, only console sessions that were acquired from this date onward will be listed. | No |
enddate |
If provided, only console sessions that were acquired up to this date will be listed. | No |
domainid |
Domain ID of the account that generated the console session endpoint. | No |
accountid |
ID of the account that generated the console session endpoint. | No |
userid |
ID of the user that generated the console session endpoint. | No |
page |
Used for pagination along with pagesize. |
No |
pagesize |
User for pagination along with page. |
No |
This PR only encompasses the creation of the API listConsoleSessions API. UI support will be implemented in a future PR.
Types of changes
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
- [X] New feature (non-breaking change which adds functionality)
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] Enhancement (improves an existing feature and functionality)
- [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
- [ ] build/CI
- [ ] test (unit or integration test code)
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
- [X] Major
- [ ] Minor
Screenshots (if appropriate):
How Has This Been Tested?
Tests Setup
- Created the following domain hierarchy:
ROOT
├── d1
│ └── d1-d1
└── d2
- Created the following accounts:
| Name | Role Type | Domain |
|---|---|---|
| admin | Admin | ROOT |
| u1 | User | ROOT |
| d1-admin | DomainAdmin | ROOT/d1 |
| d1-user | User | ROOT/d1 |
| d1-d1-admin | DomainAdmin | ROOT/d1/d1-d1 |
| d1-d1-user | User | ROOT/d1/d1-d1 |
| d2-admin | DomainAdmin | ROOT/d2 |
- Deployed a VM for each account:
| ID | Name | Instance Name | Account Name |
|---|---|---|---|
| 5 | v-5-VM | v-5-VM | system |
| 6 | s-6-VM | s-6-VM | system |
| 7 | VM-fb5fa7ab-c5a0-4943-88bd-dedec9007c7b | i-7-7-VM | d1-d1-user |
| 8 | r-8-VM | r-8-VM | d1-d1-user |
| 9 | VM-16febbcd-a35e-4f05-87d3-1a27db077136 | i-6-9-VM | d1-user |
| 10 | r-10-VM | r-10-VM | d1-user |
| 11 | VM-d3208889-d3fd-43fe-9087-3cf5d863a3b1 | i-4-11-VM | d1-admin |
| 12 | r-12-VM | r-12-VM | d1-admin |
| 13 | VM-dea9f800-afd0-4054-9160-3a676a0df3d3 | i-2-13-VM | admin |
| 14 | r-14-VM | r-14-VM | admin |
| 15 | VM-766b6485-330e-4ec9-9516-59e17b52c1c7 | i-8-15-VM | u1 |
| 16 | r-16-VM | r-16-VM | u1 |
| 17 | VM-d2d7ded1-e210-4191-9a0e-75c3914de043 | i-9-17-VM | d2-admin |
| 18 | r-18-VM | r-18-VM | d2-admin |
| 19 | VM-266b73ff-2684-46b9-b36e-830ac83c5c14 | i-5-19-VM | d1-d1-admin |
| 20 | r-20-VM | r-20-VM | d1-d1-admin |
- With each account, I accessed all available VM consoles through the CPVM.
listConsoleSessions tests
- With the
adminaccount, verified that the API lists console sessions correctly according to the specified parameters - With the
u1account, verified that it is only possible to access the account's console sessions - With the
d2-adminaccount, verified that it is only possible to list the console sessions of thed2domain - With the
d1-adminaccount, verified that it is only possible to list the console sessions of thed1andd1/d1-d1domains - With the
d1-useraccount, verified that it is only possible to list thed1-userconsole sessions - With the
d1-d1-adminaccount, verified that it is only possible to list the console sessions of thed1/d1-d1domain - With the
d1-d1-useraccount, verified that it is only possible to list thed1-d1-userconsole sessions - With accounts of the
Usertype, verified that thehostidparameter is not considered in the API workflow - With accounts of the
Usertype, verified that thehostidandhostnameresponse attributes are not included in the API's return
Codecov Report
:x: Patch coverage is 56.36943% with 137 lines in your changes missing coverage. Please review.
:white_check_mark: Project coverage is 17.37%. Comparing base (a60c8ca) to head (dcece22).
:warning: Report is 38 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #11016 +/- ##
============================================
+ Coverage 17.35% 17.37% +0.02%
- Complexity 15189 15222 +33
============================================
Files 5883 5885 +2
Lines 524514 524820 +306
Branches 64007 64026 +19
============================================
+ Hits 91013 91196 +183
- Misses 423216 423336 +120
- Partials 10285 10288 +3
| Flag | Coverage Δ | |
|---|---|---|
| uitests | 3.63% <ø> (ø) |
|
| unittests | 18.41% <56.36%> (+0.02%) |
:arrow_up: |
Flags with carried forward coverage won't be shown. Click here to find out more.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
- :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
@bernardodemarco a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 13755
@bernardodemarco a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 13766
Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 13771
@DaanHoogland, thanks for the review!
is the active parameter needed? would we ever want to list no longer available sessions?
Yes, listing removed sessions is useful for audit and analysis purposes, as it allows users to track who generated a console endpoint, who accessed it, and when it was generated, acquired, and removed. Listing only active sessions, on the other hand, is helpful for verifying whether someone is currently using a VM.
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13777
@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests
[SF] Trillian test result (tid-13527) Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8 Total time taken: 54933 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11016-t13527-kvm-ol8.zip Smoke tests completed. 141 look OK, 0 have errors, 0 did not run Only failed and skipped tests results shown below:
| Test | Result | Time (s) | Test File |
|---|
@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + vmware-70u3) has been kicked to run smoke tests
[SF] Trillian test result (tid-13531) Environment: vmware-70u3 (x2), Advanced Networking with Mgmt server ol8 Total time taken: 64089 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11016-t13531-vmware-70u3.zip Smoke tests completed. 140 look OK, 1 have errors, 0 did not run Only failed and skipped tests results shown below:
| Test | Result | Time (s) | Test File |
|---|---|---|---|
| test_01_prepare_and_cancel_maintenance | Error |
0.23 | test_ms_maintenance_and_safe_shutdown.py |
@bernardodemarco a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
Packaging result [SF]: ✔️ el8 ✔️ el9 ✖️ debian ✔️ suse15. SL-JID 13897
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13898
Hi @bernardodemarco thanks for the feature! I'll try to test it soon
@nvazquez okay, many thanks for the review! I'll apply this suggestion https://github.com/apache/cloudstack/pull/11016#discussion_r2163995966 ASAP
@bernardodemarco a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13902