cloudstack Disable API Key Access for users, accounts and domains

Description

This PR implements the feature which give Root Admin the ability to Disable Api-key/Secret-key access at different granularities (User/Account/Domain/Global) Spec : https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=323488155 Doc PR : https://github.com/apache/cloudstack-documentation/pull/446

Types of changes

[ ] Breaking change (fix or feature that would cause existing functionality to change)
[x] New feature (non-breaking change which adds functionality)
[ ] Bug fix (non-breaking change which fixes an issue)
[ ] Enhancement (improves an existing feature and functionality)
[ ] Cleanup (Code refactoring and cleanup, that may add test cases)
[ ] build/CI
[ ] test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

[ ] Major
[x] Minor

Bug Severity

[ ] BLOCKER
[ ] Critical
[ ] Major
[ ] Minor
[ ] Trivial

Screenshots (if appropriate):

Edit form : Screenshot 2024-10-16 at 5 09 52 PM

User view : Screenshot 2024-10-17 at 8 11 29 AM

Event logging : Screenshot 2024-10-16 at 5 37 09 PM

How Has This Been Tested?

Local value should always take precedence unless it is set to Inherit. Tested the following matrix. Result denotes if Api key access was allowed for the User or not.

User	Account	Domain	Global	Result
Inherit	Inherit	Inherit	Enabled	Enabled
Inherit	Inherit	Inherit	Disabled	Disabled
Inherit	Inherit	Enabled	Disabled	Enabled
Inherit	Disabled	Enabled	Enabled	Disabled
Disabled	Enabled	Enabled	Enabled	Disabled
Enabled	Inherit	Inherit	Disabled	Enabled

Tested that apikeyaccess parameter in updateUser, updateAccount, listUsers and listAccounts is not shown to anyone else apart from the Root Admin.
Tested that api.key.access configuration is not editable by the domain admin.

How did you try to break this feature and the system with this change?

Sep 27 '24 13:09 abh1sar

Codecov Report

Attention: Patch coverage is 35.65217% with 148 lines in your changes missing coverage. Please review.

Project coverage is 16.01%. Comparing base (58138f2) to head (564d2b4). Report is 1 commits behind head on 4.20.

Files with missing lines	Patch %	Lines
...ava/com/cloud/upgrade/dao/Upgrade42000to42010.java	10.52%	34 Missing :warning:
...c/main/java/com/cloud/user/dao/AccountDaoImpl.java	0.00%	14 Missing :warning:
.../cloud/configuration/ConfigurationManagerImpl.java	0.00%	13 Missing :warning:
...ain/java/com/cloud/api/query/QueryManagerImpl.java	57.14%	7 Missing and 5 partials :warning:
...n/java/org/apache/cloudstack/api/ApiConstants.java	47.05%	9 Missing :warning:
...c/main/java/com/cloud/user/AccountManagerImpl.java	80.00%	7 Missing and 1 partial :warning:
...ne/schema/src/main/java/com/cloud/user/UserVO.java	0.00%	6 Missing :warning:
...ck/api/command/admin/account/UpdateAccountCmd.java	0.00%	5 Missing :warning:
...loudstack/api/command/admin/user/ListUsersCmd.java	0.00%	5 Missing :warning:
...schema/src/main/java/com/cloud/user/AccountVO.java	16.66%	5 Missing :warning:
... and 12 more

Additional details and impacted files

@@             Coverage Diff              @@
##               4.20    #9741      +/-   ##
============================================
+ Coverage     15.98%   16.01%   +0.03%     
- Complexity    12753    12776      +23     
============================================
  Files          5631     5633       +2     
  Lines        492702   492958     +256     
  Branches      59737    59769      +32     
============================================
+ Hits          78755    78962     +207     
- Misses       405219   405230      +11     
- Partials       8728     8766      +38

Flag	Coverage Δ
uitests	`4.03% <ø> (-0.01%)`	:arrow_down:
unittests	`16.85% <35.65%> (+0.03%)`	:arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

Sep 27 '24 13:09 codecov[bot]

@blueorangutan package

Sep 30 '24 19:09 abh1sar

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

Sep 30 '24 19:09 blueorangutan

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11245

Sep 30 '24 20:09 blueorangutan

@blueorangutan test

Oct 01 '24 08:10 abh1sar

@abh1sar a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

Oct 01 '24 08:10 blueorangutan

[SF] Trillian test result (tid-11585) Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8 Total time taken: 49512 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9741-t11585-kvm-ol8.zip Smoke tests completed. 141 look OK, 0 have errors, 0 did not run Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

Oct 01 '24 22:10 blueorangutan

@blueorangutan package

Oct 10 '24 04:10 harikrishna-patnala

@harikrishna-patnala a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

Oct 10 '24 04:10 blueorangutan

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11312

Oct 10 '24 05:10 blueorangutan

@blueorangutan test matrix

Oct 14 '24 09:10 borisstoyanov

@borisstoyanov a [SL] Trillian-Jenkins matrix job (EL8 mgmt + EL8 KVM, Ubuntu22 mgmt + Ubuntu22 KVM, EL8 mgmt + VMware 7.0u3, EL9 mgmt + XCP-ng 8.2 ) has been kicked to run smoke tests

Oct 14 '24 09:10 blueorangutan

[SF] Trillian test result (tid-11659) Environment: kvm-ubuntu22 (x2), Advanced Networking with Mgmt server u22 Total time taken: 54747 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9741-t11659-kvm-ubuntu22.zip Smoke tests completed. 140 look OK, 1 have errors, 0 did not run Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_hostha_enable_ha_when_host_disabled	`Error`	3.00	test_hostha_kvm.py
test_hostha_enable_ha_when_host_in_maintenance	`Error`	303.24	test_hostha_kvm.py

Oct 15 '24 01:10 blueorangutan

[SF] Trillian test result (tid-11658) Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8 Total time taken: 60034 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9741-t11658-kvm-ol8.zip Smoke tests completed. 139 look OK, 2 have errors, 0 did not run Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_01_secure_vm_migration	`Error`	134.18	test_vm_life_cycle.py
test_01_secure_vm_migration	`Error`	134.19	test_vm_life_cycle.py
ContextSuite context=TestCreateVolume>:setup	`Error`	0.00	test_volumes.py
ContextSuite context=TestVolumeEncryption>:setup	`Error`	0.00	test_volumes.py
ContextSuite context=TestVolumes>:setup	`Error`	0.00	test_volumes.py

Oct 15 '24 03:10 blueorangutan

@blueorangutan package

Oct 16 '24 12:10 abh1sar

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

Oct 16 '24 12:10 blueorangutan

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 11361

Oct 16 '24 12:10 blueorangutan

@blueorangutan package

Oct 16 '24 13:10 abh1sar

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

Oct 16 '24 13:10 blueorangutan

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11363

Oct 16 '24 14:10 blueorangutan

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

Oct 17 '24 02:10 blueorangutan

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 11370

Oct 17 '24 03:10 blueorangutan

@blueorangutan package

Oct 17 '24 05:10 abh1sar

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

Oct 17 '24 05:10 blueorangutan

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11372

Oct 17 '24 06:10 blueorangutan

@blueorangutan test matrix

Oct 17 '24 07:10 abh1sar

@abh1sar a [SL] Trillian-Jenkins matrix job (EL8 mgmt + EL8 KVM, Ubuntu22 mgmt + Ubuntu22 KVM, EL8 mgmt + VMware 7.0u3, EL9 mgmt + XCP-ng 8.2 ) has been kicked to run smoke tests

Oct 17 '24 07:10 blueorangutan

@blueorangutan package

Oct 17 '24 10:10 abh1sar

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

Oct 17 '24 10:10 blueorangutan

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11377

Oct 17 '24 11:10 blueorangutan