User data content size validation, and related code improvements

[sureshanaparti]

Description

This PR validates the user data with actual length only, and has some code improvements.

Fixes #8415

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Manually tested managed user data registration, and instance creation from UI.

How did you try to break this feature and the system with this change?

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[codecov]

Codecov Report

Attention: 12 lines in your changes are missing coverage. Please review.

Comparison is base (6d916ca) 30.85% compared to head (c95f2ce) 30.80%.
Report is 24 commits behind head on main.

Files	Patch %	Lines
...pache/cloudstack/userdata/UserDataManagerImpl.java	40.00%	7 Missing and 5 partials ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #8418      +/-   ##
============================================
- Coverage     30.85%   30.80%   -0.05%     
+ Complexity    34048    33979      -69     
============================================
  Files          5341     5341              
  Lines        374861   374888      +27     
  Branches      54518    54520       +2     
============================================
- Hits         115659   115491     -168     
- Misses       243973   244127     +154     
- Partials      15229    15270      +41     

Flag	Coverage Δ
simulator-marvin-tests	24.72% <33.33%> (-0.04%)	⬇️
uitests	4.39% <ø> (ø)
unit-tests	16.46% <41.66%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[DaanHoogland]

clgtm, just one functional question

[blueorangutan]

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 8164

[harikrishna-patnala]

@sureshanaparti, along with these changes is it better to call the registerUserData API using POST from UI ?

[yadvr]

@sureshanaparti can you review the outstanding comments?
@blueorangutan package

[blueorangutan]

@rohityadavcloud a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 8189

[sureshanaparti]

@sureshanaparti, along with these changes is it better to call the registerUserData API using POST from UI ?

changes done

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 8199

[sureshanaparti]

@blueorangutan test

[blueorangutan]

@sureshanaparti a [SL] Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 8224

[sureshanaparti]

@blueorangutan test

[blueorangutan]

@sureshanaparti a [SL] Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[JoaoJandre]

@sureshanaparti can you rebase with 4.18.2? As the related issue is also aimed at 4.18.2

[JoaoJandre]

Overall looks good, just a few remarks

[blueorangutan]

[SF] Trillian test result (tid-8750)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 48273 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr8418-t8750-kvm-centos7.zip
Smoke tests completed. 118 look OK, 3 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_02_list_cpvm_vm	Failure	0.03	test_ssvm.py
test_04_cpvm_internals	Failure	0.04	test_ssvm.py
test_08_upgrade_kubernetes_ha_cluster	Failure	614.36	test_kubernetes_clusters.py
test_08_migrate_vm	Error	0.06	test_vm_life_cycle.py

[sureshanaparti]

@JoaoJandre can you check the changes on your remarks?

@JoaoJandre pls check your remarks. thanks.

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 9915

[JoaoJandre]

CLGTM, did not test it.

[kiranchavala]

@sureshanaparti as discussed, the userdata registration from the browser is not working

Regsiter a userdata of size 686kb

test2.zip

Error

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 9930

[kiranchavala]

@sureshanaparti

As discussed, the registerUserdata api call Is failing with 400 error , if the userdata size is of 916kb

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[sureshanaparti]

@sureshanaparti

As discussed, the registerUserdata api call Is failing with 400 error , if the userdata size is of 916kb

@kiranchavala Allowed size is for the userdata after base64 encoding. Updated descriptions for the cmd param and config vm.userdata.max.length.

MaxSizeInBytesAfterEncoding = (SizeInBytesBeforeEncoding / 3 * 4) + 4

So, it seems about 786432 bytes / 768 KB actual user data supported

[blueorangutan]

Packaging result [SF]: ✔️ el7 ✖️ el8 ✖️ el9 ✔️ debian ✖️ suse15. SL-JID 9951

[kiranchavala]

@blueorangutan package

[blueorangutan]

@kiranchavala a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 9953

[sureshanaparti]

@blueorangutan test

[blueorangutan]

@sureshanaparti a [SL] Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-10455)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 43955 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr8418-t10455-kvm-centos7.zip
Smoke tests completed. 131 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[DaanHoogland]

@kiranchavala all good now?

[kiranchavala]

LGTM, Followed these steps

1. Global setting (vm.userdata.max.length) change it to 1048576
2. Compute > userdata > register userdata

registering a user data

A Post request will be sent

and the logs will contain the userdata size

Configured base64 encoded user data size: 914652 bytes, actual user data size: 685987 bytes

LOGS

[root@ref-trl-6845-k-Mr8-kiran-chavala-mgmt1 ~]# cat   /var/log/cloudstack/management/management-server.log  |grep -i "logid:c0d4d084"
2024-06-14 09:26:08,934 DEBUG [c.c.a.ApiServlet] (qtp931675031-19:ctx-56f46fc4) (logid:c0d4d084) ===START===  10.0.3.251 -- POST  command=registerUserData&response=json
2024-06-14 09:26:08,935 DEBUG [c.c.a.ApiServlet] (qtp931675031-19:ctx-56f46fc4) (logid:c0d4d084) Two factor authentication is already verified for the user 2, so skipping
2024-06-14 09:26:08,943 DEBUG [c.c.a.ApiServer] (qtp931675031-19:ctx-56f46fc4 ctx-bdb563ce) (logid:c0d4d084) CIDRs from which account 'Account [{"accountName":"admin","id":2,"uuid":"7669013f-2a0a-11ef-9a70-1e00da00037e"}]' is allowed to perform API calls: 0.0.0.0/0,::/0
2024-06-14 09:26:08,946 INFO  [o.a.c.a.DynamicRoleBasedAPIAccessChecker] (qtp931675031-19:ctx-56f46fc4 ctx-bdb563ce) (logid:c0d4d084) Account [Account [{"accountName":"admin","id":2,"uuid":"7669013f-2a0a-11ef-9a70-1e00da00037e"}]] is Root Admin or Domain Admin, all APIs are allowed.
2024-06-14 09:26:08,947 WARN  [o.a.c.a.ProjectRoleBasedApiAccessChecker] (qtp931675031-19:ctx-56f46fc4 ctx-bdb563ce) (logid:c0d4d084) Project is null, ProjectRoleBasedApiAccessChecker only applies to projects, returning API [registerUserData] for user [User {"username":"admin","uuid":"766a609c-2a0a-11ef-9a70-1e00da00037e"}.] as allowed.
2024-06-14 09:26:08,948 DEBUG [o.a.c.a.StaticRoleBasedAPIAccessChecker] (qtp931675031-19:ctx-56f46fc4 ctx-bdb563ce) (logid:c0d4d084) RoleService is enabled. We will use it instead of StaticRoleBasedAPIAccessChecker.
2024-06-14 09:26:08,949 DEBUG [o.a.c.r.ApiRateLimitServiceImpl] (qtp931675031-19:ctx-56f46fc4 ctx-bdb563ce) (logid:c0d4d084) API rate limiting is disabled. We will not use ApiRateLimitService.
2024-06-14 09:26:09,102 INFO  [o.a.c.u.UserDataManagerImpl] (qtp931675031-19:ctx-56f46fc4 ctx-bdb563ce) (logid:c0d4d084) Configured base64 encoded user data size: 914652 bytes, actual user data size: 685987 bytes
2024-06-14 09:26:09,421 DEBUG [c.c.a.ApiServlet] (qtp931675031-19:ctx-56f46fc4 ctx-bdb563ce) (logid:c0d4d084) ===END===  10.0.3.251 -- POST  command=registerUserData&response=json

Sent a userdata of higher size > 1048576 , and a 400 exception will be thrown