Externalize tls version and security protocols configuration on mail sending (#5119)

GutoVeronezi · GutoVeronezi · web-flow · commit eb3acc334b08 · 2021-07-21T09:01:11.000-03:00
* Externalize configs to alert

* Externalize configs to project

Co-authored-by: GutoVeronezi &lt;daniel@scclouds.com.br&gt;
diff --git a/engine/components-api/src/main/java/com/cloud/alert/AlertManager.java b/engine/components-api/src/main/java/com/cloud/alert/AlertManager.java
@@ -35,6 +35,12 @@ public interface AlertManager extends Manager, AlertService {
         "Alert", "0.75", "Percentage (as a value between 0 and 1) of allocated storage utilization above which alerts will be sent about low storage available.", true,
         ConfigKey.Scope.Cluster, null);
 
+    public static final ConfigKey<Boolean> AlertSmtpUseStartTLS = new ConfigKey<Boolean>("Advanced", Boolean.class, "alert.smtp.useStartTLS", "false",
+            "If set to true and if we enable security via alert.smtp.useAuth, this will enable StartTLS to secure the conection.", true);
+
+    public static final ConfigKey<String> AlertSmtpEnabledSecurityProtocols = new ConfigKey<String>("Advanced", String.class, "alert.smtp.enabledSecurityProtocols", "",
+            "White-space separated security protocols; ex: \"TLSv1 TLSv1.1\". Supported protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1 and TLSv1.2", true);
+
     void clearAlert(AlertType alertType, long dataCenterId, long podId);
 
     void recalculateCapacity();
diff --git a/server/src/main/java/com/cloud/alert/AlertManagerImpl.java b/server/src/main/java/com/cloud/alert/AlertManagerImpl.java
@@ -759,7 +759,8 @@ public String getConfigComponentName() {
 
     @Override
     public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] {CPUCapacityThreshold, MemoryCapacityThreshold, StorageAllocatedCapacityThreshold, StorageCapacityThreshold};
+        return new ConfigKey<?>[] {CPUCapacityThreshold, MemoryCapacityThreshold, StorageAllocatedCapacityThreshold, StorageCapacityThreshold, AlertSmtpEnabledSecurityProtocols,
+            AlertSmtpUseStartTLS};
     }
 
     @Override
diff --git a/server/src/main/java/com/cloud/projects/ProjectManager.java b/server/src/main/java/com/cloud/projects/ProjectManager.java
@@ -19,8 +19,15 @@
 import java.util.List;
 
 import com.cloud.user.Account;
+import org.apache.cloudstack.framework.config.ConfigKey;
 
 public interface ProjectManager extends ProjectService {
+    public static final ConfigKey<Boolean> ProjectSmtpUseStartTLS = new ConfigKey<Boolean>("Advanced", Boolean.class, "project.smtp.useStartTLS", "false",
+            "If set to true and if we enable security via project.smtp.useAuth, this will enable StartTLS to secure the conection.", true);
+
+    public static final ConfigKey<String> ProjectSmtpEnabledSecurityProtocols = new ConfigKey<String>("Advanced", String.class, "project.smtp.enabledSecurityProtocols", "",
+            "White-space separated security protocols; ex: \"TLSv1 TLSv1.1\". Supported protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1 and TLSv1.2", true);
+
     boolean canAccessProjectAccount(Account caller, long accountId);
 
     boolean canModifyProjectAccount(Account caller, long accountId);
diff --git a/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java b/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
@@ -82,13 +82,15 @@
 import com.cloud.utils.exception.CloudRuntimeException;
 import java.util.HashSet;
 import java.util.Set;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.framework.config.Configurable;
 import org.apache.cloudstack.utils.mailing.MailAddress;
 import org.apache.cloudstack.utils.mailing.SMTPMailProperties;
 import org.apache.cloudstack.utils.mailing.SMTPMailSender;
 import org.apache.commons.lang3.BooleanUtils;
 
 @Component
-public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
+public class ProjectManagerImpl extends ManagerBase implements ProjectManager, Configurable {
     public static final Logger s_logger = Logger.getLogger(ProjectManagerImpl.class);
 
     @Inject
@@ -1366,4 +1368,13 @@ public boolean allowUserToCreateProject() {
         return _allowUserToCreateProject;
     }
 
+    @Override
+    public String getConfigComponentName() {
+        return ProjectManager.class.getSimpleName();
+    }
+
+    @Override
+    public ConfigKey<?>[] getConfigKeys() {
+        return new ConfigKey<?>[] {ProjectSmtpEnabledSecurityProtocols, ProjectSmtpUseStartTLS};
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -759,7 +759,8 @@ public String getConfigComponentName() {`
`759`	`759`
`760`	`760`	`@Override`
`761`	`761`	`public ConfigKey<?>[] getConfigKeys() {`
`762`		`- return new ConfigKey<?>[] {CPUCapacityThreshold, MemoryCapacityThreshold, StorageAllocatedCapacityThreshold, StorageCapacityThreshold};`
	`762`	`+ return new ConfigKey<?>[] {CPUCapacityThreshold, MemoryCapacityThreshold, StorageAllocatedCapacityThreshold, StorageCapacityThreshold, AlertSmtpEnabledSecurityProtocols,`
	`763`	`+ AlertSmtpUseStartTLS};`
`763`	`764`	`}`
`764`	`765`
`765`	`766`	`@Override`