Address static code analysis issues for volume encryption

Signed-off-by: Marcus Sorensen <mls@apple.com>

Author: Marcus Sorensen

api/src/main/java/org/apache/cloudstack/api/response/DiskOfferingResponse.java

@@ -162,7 +162,7 @@ public class DiskOfferingResponse extends BaseResponseWithAnnotations {
     private Boolean diskSizeStrictness;
 
     @SerializedName(ApiConstants.ENCRYPT)
-    @Param(description = "Whether disks using this offering will be encrypted on primary storage")
+    @Param(description = "Whether disks using this offering will be encrypted on primary storage", since = "4.18")
     private Boolean encrypt;
 
     @SerializedName(ApiConstants.DETAILS)

api/src/main/java/org/apache/cloudstack/api/response/HostResponse.java

@@ -271,7 +271,7 @@ public class HostResponse extends BaseResponseWithAnnotations {
     private Boolean uefiCapabilty;
 
     @SerializedName(ApiConstants.ENCRYPTION_SUPPORTED)
-    @Param(description = "true if the host supports encryption")
+    @Param(description = "true if the host supports encryption", since = "4.18")
     private Boolean encryptionSupported;
 
     @Override

api/src/main/java/org/apache/cloudstack/api/response/ServiceOfferingResponse.java

@@ -227,7 +227,7 @@ public class ServiceOfferingResponse extends BaseResponseWithAnnotations {
     private String diskOfferingDisplayText;
 
     @SerializedName(ApiConstants.ENCRYPT_ROOT)
-    @Param(description = "true if virtual machine root disk will be encrypted on storage", since = "4.16")
+    @Param(description = "true if virtual machine root disk will be encrypted on storage", since = "4.18")
     private Boolean encryptRoot;
 
     public ServiceOfferingResponse() {

core/src/main/java/org/apache/cloudstack/storage/to/VolumeObjectTO.java

@@ -380,4 +380,8 @@ public void clearPassphrase() {
             Arrays.fill(this.passphrase, (byte) 0);
         }
     }
+
+    public boolean requiresEncryption() {
+        return passphrase != null && passphrase.length > 0;
+    }
 }

engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/VolumeOrchestrator.java

@@ -235,7 +235,7 @@ public enum UserVmCloneType {
     @Inject
     VolumeApiService _volumeApiService;
     @Inject
-    PassphraseDao _passphraseDao;
+    PassphraseDao passphraseDao;
 
     @Inject
     protected SnapshotHelper snapshotHelper;
@@ -310,7 +310,7 @@ public VolumeVO allocateDuplicateVolumeVO(Volume oldVol, Long templateId) {
         newVol.setFormat(oldVol.getFormat());
 
         if (oldVol.getPassphraseId() != null) {
-            PassphraseVO passphrase =_passphraseDao.persist(new PassphraseVO());
+            PassphraseVO passphrase = passphraseDao.persist(new PassphraseVO());
             passphrase.clearPassphrase();
             newVol.setPassphraseId(passphrase.getId());
         }
@@ -1655,7 +1655,7 @@ private VolumeVO setPassphraseForVolumeEncryption(VolumeVO volume) {
         }
         s_logger.debug("Creating passphrase for the volume: " + volume.getName());
         long startTime = System.currentTimeMillis();
-        PassphraseVO passphrase = _passphraseDao.persist(new PassphraseVO());
+        PassphraseVO passphrase = passphraseDao.persist(new PassphraseVO());
         passphrase.clearPassphrase();
         volume.setPassphraseId(passphrase.getId());
         long finishTime = System.currentTimeMillis();

engine/schema/src/main/java/com/cloud/storage/dao/VolumeDaoImpl.java

@@ -25,7 +25,6 @@
 
 import javax.inject.Inject;
 
-import org.apache.cloudstack.secret.dao.PassphraseDao;
 import org.apache.log4j.Logger;
 import org.springframework.stereotype.Component;
 
@@ -69,8 +68,6 @@ public class VolumeDaoImpl extends GenericDaoBase<VolumeVO, Long> implements Vol
     protected GenericSearchBuilder<VolumeVO, SumCount> secondaryStorageSearch;
     @Inject
     ResourceTagDao _tagsDao;
-    @Inject
-    PassphraseDao _passphraseDao;
 
     protected static final String SELECT_VM_SQL = "SELECT DISTINCT instance_id from volumes v where v.host_id = ? and v.mirror_state = ?";
     // need to account for zone-wide primary storage where storage_pool has

engine/schema/src/main/resources/META-INF/db/schema-41600to41610-cleanup.sql

@@ -17,4 +17,4 @@
 
 --;
 -- Schema upgrade cleanup from 4.16.0.0 to 4.16.1.0
---;
+--;

engine/storage/datamotion/src/main/java/org/apache/cloudstack/storage/motion/AncientDataMotionStrategy.java

@@ -81,6 +81,9 @@
 @Component
 public class AncientDataMotionStrategy implements DataMotionStrategy {
     private static final Logger s_logger = Logger.getLogger(AncientDataMotionStrategy.class);
+    private static final String NO_REMOTE_ENDPOINT_SSVM = "No remote endpoint to send command, check if host or ssvm is down?";
+    private static final String NO_REMOTE_ENDPOINT_WITH_ENCRYPTION = "No remote endpoint to send command, unable to find a valid endpoint. Requires encryption support: %s";
+
     @Inject
     EndPointSelector selector;
     @Inject
@@ -171,9 +174,8 @@ protected Answer copyObject(DataObject srcData, DataObject destData, Host destHo
                     VirtualMachineManager.ExecuteInSequence.value());
             EndPoint ep = destHost != null ? RemoteHostEndPoint.getHypervisorHostEndPoint(destHost) : selector.select(srcForCopy, destData);
             if (ep == null) {
-                String errMsg = "No remote endpoint to send command, check if host or ssvm is down?";
-                s_logger.error(errMsg);
-                answer = new Answer(cmd, false, errMsg);
+                s_logger.error(NO_REMOTE_ENDPOINT_SSVM);
+                answer = new Answer(cmd, false, NO_REMOTE_ENDPOINT_SSVM);
             } else {
                 answer = ep.sendMessage(cmd);
             }
@@ -295,9 +297,8 @@ protected Answer copyVolumeFromSnapshot(DataObject snapObj, DataObject volObj) {
 
             Answer answer = null;
             if (ep == null) {
-                String errMsg = "No remote endpoint to send command, check if host or ssvm is down?";
-                s_logger.error(errMsg);
-                answer = new Answer(cmd, false, errMsg);
+                s_logger.error(NO_REMOTE_ENDPOINT_SSVM);
+                answer = new Answer(cmd, false, NO_REMOTE_ENDPOINT_SSVM);
             } else {
                 answer = ep.sendMessage(cmd);
             }
@@ -320,9 +321,8 @@ protected Answer cloneVolume(DataObject template, DataObject volume) {
             EndPoint ep = selector.select(volume, anyVolumeRequiresEncryption(volume));
             Answer answer = null;
             if (ep == null) {
-                String errMsg = "No remote endpoint to send command, check if host or ssvm is down?";
-                s_logger.error(errMsg);
-                answer = new Answer(cmd, false, errMsg);
+                s_logger.error(NO_REMOTE_ENDPOINT_SSVM);
+                answer = new Answer(cmd, false, NO_REMOTE_ENDPOINT_SSVM);
             } else {
                 answer = ep.sendMessage(cmd);
             }
@@ -360,7 +360,7 @@ protected Answer copyVolumeBetweenPools(DataObject srcData, DataObject destData)
                 EndPoint ep = selector.select(srcData, destData, encryptionRequired);
                 Answer answer = null;
                 if (ep == null) {
-                    String errMsg = String.format("No remote endpoint to send command, unable to find a valid endpoint. Requires encryption support: %s", encryptionRequired);
+                    String errMsg = String.format(NO_REMOTE_ENDPOINT_WITH_ENCRYPTION, encryptionRequired);
                     s_logger.error(errMsg);
                     answer = new Answer(cmd, false, errMsg);
                 } else {
@@ -399,7 +399,7 @@ protected Answer copyVolumeBetweenPools(DataObject srcData, DataObject destData)
                 CopyCommand cmd = new CopyCommand(objOnImageStore.getTO(), addFullCloneAndDiskprovisiongStrictnessFlagOnVMwareDest(destData.getTO()), _copyvolumewait, VirtualMachineManager.ExecuteInSequence.value());
                 EndPoint ep = selector.select(objOnImageStore, destData, encryptionRequired);
                 if (ep == null) {
-                    String errMsg = String.format("No remote endpoint to send command, unable to find a valid endpoint. Requires encryption support: %s", encryptionRequired);
+                    String errMsg = String.format(NO_REMOTE_ENDPOINT_WITH_ENCRYPTION, encryptionRequired);
                     s_logger.error(errMsg);
                     answer = new Answer(cmd, false, errMsg);
                 } else {
@@ -432,7 +432,7 @@ protected Answer copyVolumeBetweenPools(DataObject srcData, DataObject destData)
             EndPoint ep = selector.select(cacheData, destData, encryptionRequired);
             Answer answer = null;
             if (ep == null) {
-                String errMsg = String.format("No remote endpoint to send command, unable to find a valid endpoint. Requires encryption support: %s", encryptionRequired);
+                String errMsg = String.format(NO_REMOTE_ENDPOINT_WITH_ENCRYPTION, encryptionRequired);
                 s_logger.error(errMsg);
                 answer = new Answer(cmd, false, errMsg);
             } else {
@@ -464,7 +464,7 @@ protected Answer migrateVolumeToPool(DataObject srcData, DataObject destData) {
         EndPoint ep = selector.select(srcData, StorageAction.MIGRATEVOLUME);
         Answer answer = null;
         if (ep == null) {
-            String errMsg = String.format("No remote endpoint to send command, unable to find a valid endpoint. Requires encryption support: %s", encryptionRequired);
+            String errMsg = String.format(NO_REMOTE_ENDPOINT_WITH_ENCRYPTION, encryptionRequired);
             s_logger.error(errMsg);
             answer = new Answer(command, false, errMsg);
         } else {
@@ -560,9 +560,8 @@ protected Answer createTemplateFromSnapshot(DataObject srcData, DataObject destD
         CopyCommand cmd = new CopyCommand(srcData.getTO(), addFullCloneAndDiskprovisiongStrictnessFlagOnVMwareDest(destData.getTO()), _createprivatetemplatefromsnapshotwait, VirtualMachineManager.ExecuteInSequence.value());
         Answer answer = null;
         if (ep == null) {
-            String errMsg = "No remote endpoint to send command, check if host or ssvm is down?";
-            s_logger.error(errMsg);
-            answer = new Answer(cmd, false, errMsg);
+            s_logger.error(NO_REMOTE_ENDPOINT_SSVM);
+            answer = new Answer(cmd, false, NO_REMOTE_ENDPOINT_SSVM);
         } else {
             answer = ep.sendMessage(cmd);
         }
@@ -601,9 +600,8 @@ protected Answer copySnapshot(DataObject srcData, DataObject destData) {
                 cmd.setOptions(options);
                 EndPoint ep = selector.select(srcData, destData, encryptionRequired);
                 if (ep == null) {
-                    String errMsg = "No remote endpoint to send command, check if host or ssvm is down?";
-                    s_logger.error(errMsg);
-                    answer = new Answer(cmd, false, errMsg);
+                    s_logger.error(NO_REMOTE_ENDPOINT_SSVM);
+                    answer = new Answer(cmd, false, NO_REMOTE_ENDPOINT_SSVM);
                 } else {
                     answer = ep.sendMessage(cmd);
                 }
@@ -613,9 +611,8 @@ protected Answer copySnapshot(DataObject srcData, DataObject destData) {
                 cmd.setOptions(options);
                 EndPoint ep = selector.select(srcData, destData, StorageAction.BACKUPSNAPSHOT, encryptionRequired);
                 if (ep == null) {
-                    String errMsg = "No remote endpoint to send command, check if host or ssvm is down?";
-                    s_logger.error(errMsg);
-                    answer = new Answer(cmd, false, errMsg);
+                    s_logger.error(NO_REMOTE_ENDPOINT_SSVM);
+                    answer = new Answer(cmd, false, NO_REMOTE_ENDPOINT_SSVM);
                 } else {
                     answer = ep.sendMessage(cmd);
                 }
@@ -648,6 +645,7 @@ public void copyAsync(Map<VolumeInfo, DataStore> volumeMap, VirtualMachineTO vmT
      */
     private boolean anyVolumeRequiresEncryption(DataObject ... objects) {
         for (DataObject o : objects) {
+            // this fails code smell for returning true twice, but it is more readable than combining all tests into one statement
             if (o instanceof VolumeInfo && ((VolumeInfo) o).getPassphraseId() != null) {
                 return true;
             } else if (o instanceof SnapshotInfo && ((SnapshotInfo) o).getBaseVolume().getPassphraseId() != null) {

engine/storage/datamotion/src/main/java/org/apache/cloudstack/storage/motion/StorageSystemDataMotionStrategy.java

@@ -59,7 +59,6 @@
 import org.apache.cloudstack.framework.async.AsyncCallFuture;
 import org.apache.cloudstack.framework.async.AsyncCompletionCallback;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
-import org.apache.cloudstack.secret.dao.PassphraseDao;
 import org.apache.cloudstack.storage.command.CopyCmdAnswer;
 import org.apache.cloudstack.storage.command.CopyCommand;
 import org.apache.cloudstack.storage.command.ResignatureAnswer;
@@ -162,8 +161,6 @@ public class StorageSystemDataMotionStrategy implements DataMotionStrategy {
     @Inject
     private HostDao _hostDao;
     @Inject
-    private PassphraseDao _passphraseDao;
-    @Inject
     protected PrimaryDataStoreDao _storagePoolDao;
     @Inject
     private SnapshotDao _snapshotDao;
@@ -2227,7 +2224,6 @@ protected void prepareDiskWithSecretConsumerDetail(VirtualMachineTO vmTO, Volume
         if (vmTO.getDisks() != null) {
             LOGGER.debug(String.format("Preparing VM TO '%s' disks with migration data", vmTO));
             Arrays.stream(vmTO.getDisks()).filter(diskTO -> diskTO.getData().getId() == srcVolume.getId()).forEach( diskTO -> {
-                Map<String, String> details = diskTO.getDetails();
                 if (diskTO.getDetails() == null) {
                     diskTO.setDetails(new HashMap<>());
                 }

engine/storage/src/main/java/org/apache/cloudstack/storage/endpoint/DefaultEndPointSelector.java

@@ -75,9 +75,9 @@ public class DefaultEndPointSelector implements EndPointSelector {
     @Inject
     private DedicatedResourceDao dedicatedResourceDao;
 
-    private static final String volEncryptColumnName = "volume_encryption_support";
+    private static final String VOL_ENCRYPT_COLUMN_NAME = "volume_encryption_support";
     private final String findOneHostOnPrimaryStorage = "select t.id from "
-                            + "(select h.id, cd.value, hd.value as " + volEncryptColumnName + " "
+                            + "(select h.id, cd.value, hd.value as " + VOL_ENCRYPT_COLUMN_NAME + " "
                             + "from host h join storage_pool_host_ref s on h.id = s.host_id  "
                             + "join cluster c on c.id=h.cluster_id "
                             + "left join cluster_details cd on c.id=cd.cluster_id and cd.name='" + CapacityManager.StorageOperationsExcludeCluster.key() + "' "
@@ -154,7 +154,7 @@ protected EndPoint findEndPointInScope(Scope scope, String sqlBase, Long poolId,
         sbuilder.append(") t where t.value<>'true' or t.value is null");    //Added for exclude cluster's subquery
 
         if (volumeEncryptionSupportRequired) {
-            sbuilder.append(String.format(" and t.%s='true'", volEncryptColumnName));
+            sbuilder.append(String.format(" and t.%s='true'", VOL_ENCRYPT_COLUMN_NAME));
         }
 
         // TODO: order by rand() is slow if there are lot of hosts