Bypass empty string check for username and password

[Pearl1594]

Description

Fixes: #5332
This PR attempts to bypass the empty string check added in ParamProcessorValidator - for username and password, so that in case of vmware, it doesn't fail during addition of hosts (where username and password is obtained from cluster details)

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)

Feature/Enhancement Scale or Bug Severity

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Added a host to a VMware cluster via UI without any issues.

[yadvr]

I think we had fixed the issue in Trillian to work-around that @Pearl1594 cc @nvazquez

[harikrishna-patnala]

LGTM. the old UI behaves the same as this PR.

[yadvr]

@blueorangutan package

[blueorangutan]

@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔️ el7 ✔️ el8 ✔️ debian. SL-JID 930

[Pearl1594]

@blueorangutan test

[blueorangutan]

@Pearl1594 a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[ravening]

How about using ApiConstants.USERNAME and PASSWORD ?

[Pearl1594]

Done - Thanks @ravening

[blueorangutan]

Trillian test result (tid-1718)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 34076 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5337-t1718-kvm-centos7.zip
Smoke tests completed. 89 look OK, 0 have error(s)
Only failed tests results shown below:

Test	Result	Time (s)	Test File

[weizhouapache]

@Pearl1594
this has small code change, but might have big impact.
can we skip the username/password check only in some apis ?

[Pearl1594]

We could do that @weizhouapache - However, my understanding is, if a null / empty uname / password is provided as part of any API args - the corresponding APIs logic would ideally validate the correctness of the input or the authorization would fails if it's empty - which is the assumption that we had even before this check was added by - #5136.

[weizhouapache]

We could do that @weizhouapache - However, my understanding is, if a null / empty uname / password is provided as part of any API args - the corresponding APIs logic would ideally validate the correctness of the input or the authorization would fails if it's empty - which is the assumption that we had even before this check was added by - #5136.

@Pearl1594
If you can make sure that all required username/password have been verified, this pr is good to me.

Otherwise, I suggest you change the fields from required to optional in the specific API (add host ?) and check if they are null in codes.

[weizhouapache]

We could do that @weizhouapache - However, my understanding is, if a null / empty uname / password is provided as part of any API args - the corresponding APIs logic would ideally validate the correctness of the input or the authorization would fails if it's empty - which is the assumption that we had even before this check was added by - #5136.

#5136 is good I think, it fixes some potential missing validations, and causes few regressions (for example the issue you mentioned in PR description). in my opinion, it's better to fix the regression (eg, optional username/password in specific api), instead of rolling back to old behavior (skip validation on username/password in all apis).

[Pearl1594]

We could do that @weizhouapache - However, my understanding is, if a null / empty uname / password is provided as part of any API args - the corresponding APIs logic would ideally validate the correctness of the input or the authorization would fails if it's empty - which is the assumption that we had even before this check was added by - #5136.

@Pearl1594
If you can make sure that all required username/password have been verified, this pr is good to me.

Otherwise, I suggest you change the fields from required to optional in the specific API (add host ?) and check if they are null in codes.

Will do @weizhouapache - Thanks.

[weizhouapache]

@Pearl1594
should we check if username/password are null when hypervisor is not vmware ?

[weizhouapache]

code lgtm
thanks for fixing @Pearl1594

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[Pearl1594]

@weizhouapache I believe this issue is only seen on main branch

[DaanHoogland]

clgtm

[yadvr]

@blueorangutan package

[blueorangutan]

@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[weizhouapache]

@weizhouapache I believe this issue is only seen on main branch

@Pearl1594 ok, got it. thanks for confirm

[blueorangutan]

Packaging result: ✔️ el7 ✔️ debian. SL-JID 955

[blueorangutan]

Packaging result: ✔️ el7 ✔️ el8 ✔️ debian ✔️ suse15. SL-JID 958

[Pearl1594]

@blueorangutan test

[blueorangutan]

@Pearl1594 a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[blueorangutan]

Trillian test result (tid-1737)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 33721 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5337-t1737-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_snapshots.py
Smoke tests completed. 88 look OK, 1 have error(s)
Only failed tests results shown below:

Test	Result	Time (s)	Test File
test_02_list_snapshots_with_removed_data_store	Error	51.50	test_snapshots.py

[DaanHoogland]

must be unlucky on that snapshot test
@blueorangutan test

[blueorangutan]

@DaanHoogland a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[shwstppr]

@Pearl1594 sorry but I don't understand point of this change. We are removing required tag for API params but making them required again in API handling.

Maybe the intention is to check username, password is not empty when they are passed but I don't think the check correspond to that. Sorry if I'm missing something.

[weizhouapache]

@Pearl1594 sorry but I don't understand point of this change. We are removing required tag for API params but making them required again in API handling.

Maybe the intention is to check username, password is not empty when they are passed but I don't think the check correspond to that. Sorry if I'm missing something.

username and password can be empty when add a vmware host.

[weizhouapache]

@Pearl1594 is it possible that username and password are empty in cluster details ?

[blueorangutan]

Trillian test result (tid-1741)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 37249 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5337-t1741-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_snapshots.py
Intermittent failure detected: /marvin/tests/smoke/test_ssvm.py
Intermittent failure detected: /marvin/tests/smoke/test_hostha_kvm.py
Smoke tests completed. 87 look OK, 2 have error(s)
Only failed tests results shown below:

Test	Result	Time (s)	Test File
test_02_list_snapshots_with_removed_data_store	Error	52.38	test_snapshots.py
test_disable_oobm_ha_state_ineligible	Error	1511.24	test_hostha_kvm.py

[Pearl1594]

@Pearl1594 is it possible that username and password are empty in cluster details ?

@weizhouapache even if that's the case - there's a check in place to handle it
https://github.com/apache/cloudstack/blob/main/server/src/main/java/com/cloud/resource/ResourceManagerImpl.java#L701-L706

[weizhouapache]

@Pearl1594 is it possible that username and password are empty in cluster details ?

@weizhouapache even if that's the case - there's a check in place to handle it
https://github.com/apache/cloudstack/blob/main/server/src/main/java/com/cloud/resource/ResourceManagerImpl.java#L701-L706

@Pearl1594 ok, that's good.

[GutoVeronezi]

We could import org.apache.commons.lang3.StringUtils here and use StringUtils.isAnyEmpty(username, password).

[GabrielBrascher]

I agree with @GutoVeronezi.

Nowadays we already have some discussions about adopting org.apache.commons.lang3.StringUtils vs com.cloud.utils.StringUtils "facade" (@DaanHoogland 🙂); with the google.common.base.Strings adds a third variable to this "equation".