User two factor authentication

[harikrishna-patnala]

Description

This PR introduces a new feature to add support for Two Factor Authentication 2FA in CloudStack.

The corresponding documentation PR is at apache/cloudstack-documentation#293 having all the details about the feature and how to use it.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Screenshots (if appropriate):

Few sample screenshots are attached here

1. User login page to verify 2FA
   

2. User page to setup 2FA using google provider
   

3. User page to setup 2FA using staticpin provider
   

4. User login page to setup 2FA on the first login attempt
   

5. A new action button to enable/disable 2FA for user
   

[harikrishna-patnala]

@blueorangutan package

[blueorangutan]

@harikrishna-patnala a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✖️ el7 ✖️ el8 ✖️ debian ✖️ suse15. SL-JID 4654

[codecov]

Codecov Report

Merging #6924 (650c01d) into main (23d8981) will increase coverage by 0.03%.
The diff coverage is 35.34%.

@@             Coverage Diff              @@
##               main    #6924      +/-   ##
============================================
+ Coverage     12.63%   12.67%   +0.03%     
- Complexity     8613     8640      +27     
============================================
  Files          2711     2716       +5     
  Lines        255752   256110     +358     
  Branches      39873    39924      +51     
============================================
+ Hits          32325    32455     +130     
- Misses       219320   219527     +207     
- Partials       4107     4128      +21     

Impacted Files	Coverage Δ
...ne/schema/src/main/java/com/cloud/user/UserVO.java	42.85% <0.00%> (-4.02%)	⬇️
...apache/cloudstack/resourcedetail/UserDetailVO.java	40.00% <0.00%> (+40.00%)	⬆️
.../org/apache/cloudstack/ldap/LdapAuthenticator.java	23.91% <ø> (ø)
...loudstack/server/auth/PBKDF2UserAuthenticator.java	51.78% <ø> (ø)
...he/cloudstack/auth/PlainTextUserAuthenticator.java	0.00% <0.00%> (ø)
...apache/cloudstack/saml/SAML2UserAuthenticator.java	56.25% <ø> (ø)
...tack/auth/StaticPinUserTwoFactorAuthenticator.java	0.00% <0.00%> (ø)
...loudstack/auth/TotpUserTwoFactorAuthenticator.java	0.00% <0.00%> (ø)
server/src/main/java/com/cloud/api/ApiServer.java	1.83% <0.00%> (-0.05%)	⬇️
...m/cloud/api/auth/APIAuthenticationManagerImpl.java	0.00% <0.00%> (ø)
... and 16 more

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[harikrishna-patnala]

@blueorangutan package

[blueorangutan]

@harikrishna-patnala a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✖️ el7 ✖️ el8 ✖️ debian ✖️ suse15. SL-JID 4656

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with

SystemVM template(s). I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✖️ el7 ✖️ el8 ✖️ debian ✖️ suse15. SL-JID 4657

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with

SystemVM template(s). I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔️ el7 ✖️ el8 ✔️ debian ✔️ suse15. SL-JID 4654

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with

SystemVM template(s). I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✖️ el7 ✔️ el8 ✖️ debian ✔️ suse15. SL-JID 4655

[weizhouapache]

@blueorangutan package

[blueorangutan]

@weizhouapache a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔️ el7 ✔️ el8 ✔️ debian ✔️ suse15. SL-JID 4656

[harikrishna-patnala]

@blueorangutan package

[blueorangutan]

@harikrishna-patnala a Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔️ el7 ✖️ el8 ✔️ debian ✔️ suse15. SL-JID 4668

[weizhouapache]

@harikrishna-patnala
overall it looks good to me.
great job !

[yadvr]

@BryanMLima @stephankruggg Github has its own mind, I was trying to click on the re-review icon to ask you both to help review this again. Thanks.

[yadvr]

cc @DaanHoogland I think this is ready for merge if smoketests passes and there are no regressions. Any additional testing and review is welcome.

[blueorangutan]

Trillian test result (tid-6163)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 46116 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6924-t6163-kvm-centos7.zip
Smoke tests completed. 106 look OK, 2 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_router_dhcphosts	Failure	22.83	test_router_dhcphosts.py
test_02_deploy_vm_with_extraconfig_kvm	Error	1.18	test_deploy_vm_extra_config_data.py
test_03_update_vm_with_extraconfig_kvm	Error	0.14	test_deploy_vm_extra_config_data.py

[DaanHoogland]

@harikrishna-patnala can you address/answer the comments?

[harikrishna-patnala]

@blueorangutan package

[blueorangutan]

@harikrishna-patnala a Jenkins job has been kicked to build packages. It will be bundled with

SystemVM template(s). I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 5564

[sonarqubecloud]

SonarCloud Quality Gate failed.   

0 Bugs
0 Vulnerabilities
9 Security Hotspots
27 Code Smells

34.0% Coverage
3.6% Duplication

[DaanHoogland]

@blueorangutan test matrix

[blueorangutan]

@DaanHoogland a Trillian-Jenkins matrix job (centos7 mgmt + xenserver71, rocky8 mgmt + vmware67u3, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests

[blueorangutan]

Trillian test result (tid-6166)
Environment: xenserver-71 (x2), Advanced Networking with Mgmt server 7
Total time taken: 40310 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6924-t6166-xenserver-71.zip
Smoke tests completed. 107 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_06_deploy_vm_with_extraconfig_throws_exception_xenserver	Error	1.22	test_deploy_vm_extra_config_data.py
test_07_deploy_vm_with_extraconfig_xenserver	Error	1.18	test_deploy_vm_extra_config_data.py

[blueorangutan]

Trillian test result (tid-6168)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 40852 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6924-t6168-kvm-centos7.zip
Smoke tests completed. 107 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_02_deploy_vm_with_extraconfig_kvm	Error	1.22	test_deploy_vm_extra_config_data.py
test_03_update_vm_with_extraconfig_kvm	Error	0.17	test_deploy_vm_extra_config_data.py

[blueorangutan]

Trillian test result (tid-6167)
Environment: vmware-67u3 (x2), Advanced Networking with Mgmt server r8
Total time taken: 44755 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr6924-t6167-vmware-67u3.zip
Smoke tests completed. 107 look OK, 1 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_04_deploy_vm_with_extraconfig_throws_exception_vmware	Error	1.27	test_deploy_vm_extra_config_data.py
test_05_deploy_vm_with_extraconfig_vmware	Error	1.22	test_deploy_vm_extra_config_data.py

[yadvr]

@harikrishna-patnala are the extraconfig errors related to this pr?

[harikrishna-patnala]

No @rohityadavcloud these are failing on main as well.

[blueorangutan]

Packaging result: ✔️ el7 ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 5568