Add a periodic task to generate alerts/events for vpn gateways using obsolete/excluded parameters

Author: abh1sar

api/src/main/java/com/cloud/event/EventTypes.java

@@ -503,6 +503,7 @@ public class EventTypes {
     public static final String EVENT_S2S_VPN_CUSTOMER_GATEWAY_CREATE = "VPN.S2S.CUSTOMER.GATEWAY.CREATE";
     public static final String EVENT_S2S_VPN_CUSTOMER_GATEWAY_DELETE = "VPN.S2S.CUSTOMER.GATEWAY.DELETE";
     public static final String EVENT_S2S_VPN_CUSTOMER_GATEWAY_UPDATE = "VPN.S2S.CUSTOMER.GATEWAY.UPDATE";
+    public static final String EVENT_S2S_VPN_GATEWAY_OBSOLETE_PARAMS = "VPN.S2S.GATEWAY.OBSOLETE.PARAMS";
     public static final String EVENT_S2S_VPN_CONNECTION_CREATE = "VPN.S2S.CONNECTION.CREATE";
     public static final String EVENT_S2S_VPN_CONNECTION_DELETE = "VPN.S2S.CONNECTION.DELETE";
     public static final String EVENT_S2S_VPN_CONNECTION_RESET = "VPN.S2S.CONNECTION.RESET";
@@ -1151,6 +1152,7 @@ public class EventTypes {
         entityEventDetails.put(EVENT_S2S_VPN_CUSTOMER_GATEWAY_CREATE, Site2SiteCustomerGateway.class);
         entityEventDetails.put(EVENT_S2S_VPN_CUSTOMER_GATEWAY_DELETE, Site2SiteCustomerGateway.class);
         entityEventDetails.put(EVENT_S2S_VPN_CUSTOMER_GATEWAY_UPDATE, Site2SiteCustomerGateway.class);
+        entityEventDetails.put(EVENT_S2S_VPN_GATEWAY_OBSOLETE_PARAMS, Site2SiteCustomerGateway.class);
         entityEventDetails.put(EVENT_S2S_VPN_CONNECTION_CREATE, Site2SiteVpnConnection.class);
         entityEventDetails.put(EVENT_S2S_VPN_CONNECTION_DELETE, Site2SiteVpnConnection.class);
         entityEventDetails.put(EVENT_S2S_VPN_CONNECTION_RESET, Site2SiteVpnConnection.class);

api/src/main/java/org/apache/cloudstack/alert/AlertService.java

@@ -74,6 +74,7 @@ private AlertType(short type, String name, boolean isDefault) {
         public static final AlertType ALERT_TYPE_VR_PUBLIC_IFACE_MTU = new AlertType((short)32, "ALERT.VR.PUBLIC.IFACE.MTU", true);
         public static final AlertType ALERT_TYPE_VR_PRIVATE_IFACE_MTU = new AlertType((short)32, "ALERT.VR.PRIVATE.IFACE.MTU", true);
         public static final AlertType ALERT_TYPE_EXTENSION_PATH_NOT_READY = new AlertType((short)33, "ALERT.TYPE.EXTENSION.PATH.NOT.READY", true);
+        public static final AlertType ALERT_TYPE_VPN_GATEWAY_OBSOLETE_PARAMETERS = new AlertType((short)34, "ALERT.S2S.VPN.GATEWAY.OBSOLETE.PARAMETERS", true);
         public static final AlertType ALERT_TYPE_BACKUP_STORAGE = new AlertType(Capacity.CAPACITY_TYPE_BACKUP_STORAGE, "ALERT.STORAGE.BACKUP", true);
         public static final AlertType ALERT_TYPE_OBJECT_STORAGE = new AlertType(Capacity.CAPACITY_TYPE_OBJECT_STORAGE, "ALERT.STORAGE.OBJECT", true);
 

api/src/main/java/org/apache/cloudstack/api/ApiConstants.java

@@ -1364,8 +1364,8 @@ public class ApiConstants {
     public static final String RECURSIVE_DOMAINS = "recursivedomains";
 
     public static final String VPN_CUSTOMER_GATEWAY_PARAMETERS = "vpncustomergatewayparameters";
-    public static final String CONTAINS_OBSOLETE_PARAMETERS = "containsobsoleteparameters";
-    public static final String CONTAINS_EXCLUDED_PARAMETERS = "containsexcludedparameters";
+    public static final String OBSOLETE_PARAMETERS = "obsoleteparameters";
+    public static final String EXCLUDED_PARAMETERS = "excludedparameters";
 
     /**
      * This enum specifies IO Drivers, each option controls specific policies on I/O.

api/src/main/java/org/apache/cloudstack/api/response/Site2SiteCustomerGatewayResponse.java

@@ -114,13 +114,13 @@ public class Site2SiteCustomerGatewayResponse extends BaseResponseWithAnnotation
     @Param(description = "Which IKE Version to use, one of ike (autoselect), ikev1, or ikev2. Defaults to ike")
     private String ikeVersion;
 
-    @SerializedName(ApiConstants.CONTAINS_OBSOLETE_PARAMETERS)
-    @Param(description = "Whether the vpn customer gateway contains obsolete parameters. The listCapabilities api can be used to determine which parameters are obsolete.")
-    private Boolean containsObsoleteAlgorithms;
+    @SerializedName(ApiConstants.OBSOLETE_PARAMETERS)
+    @Param(description = "Contains the list of obsolete/insecure cryptographic parameters that the vpn customer gateway is using.", since = "4.23.0")
+    private String obsoleteParameters;
 
-    @SerializedName(ApiConstants.CONTAINS_EXCLUDED_PARAMETERS)
-    @Param(description = "Whether the vpn customer gateway contains excluded parameters. The listCapabilities api can be used to determine which parameters are excluded.")
-    private Boolean containsExcludedAlgorithms;
+    @SerializedName(ApiConstants.EXCLUDED_PARAMETERS)
+    @Param(description = "Contains the list of excluded/not allowed cryptographic parameters that the vpn customer gateway is using.", since = "4.23.0")
+    private String excludedParameters;
 
     public void setId(String id) {
         this.id = id;
@@ -210,12 +210,12 @@ public void setDomainPath(String domainPath) {
         this.domainPath = domainPath;
     }
 
-    public void setContainsObsoleteParameters(Boolean containsObsoleteAlgorithms) {
-        this.containsObsoleteAlgorithms = containsObsoleteAlgorithms;
+    public void setContainsObsoleteParameters(String obsoleteParameters) {
+        this.obsoleteParameters = obsoleteParameters;
     }
 
-    public void setContainsExcludedParameters(Boolean containsExcludedAlgorithms) {
-        this.containsExcludedAlgorithms = containsExcludedAlgorithms;
+    public void setContainsExcludedParameters(String excludedParameters) {
+        this.excludedParameters = excludedParameters;
     }
 
 }

server/src/main/java/com/cloud/api/ApiResponseHelper.java

@@ -3887,8 +3887,16 @@ public Site2SiteCustomerGatewayResponse createSite2SiteCustomerGatewayResponse(S
         response.setRemoved(result.getRemoved());
         response.setIkeVersion(result.getIkeVersion());
         response.setSplitConnections(result.getSplitConnections());
-        response.setContainsExcludedParameters(site2SiteVpnManager.vpnGatewayContainsExcludedParameters(result));
-        response.setContainsObsoleteParameters(site2SiteVpnManager.vpnGatewayContainsObsoleteParameters(result));
+
+        Set<String> obsoleteParameters = site2SiteVpnManager.getObsoleteVpnGatewayParameters(result);
+        if (!obsoleteParameters.isEmpty()) {
+            response.setContainsObsoleteParameters(obsoleteParameters.toString());
+        }
+        Set<String> excludedParameters = site2SiteVpnManager.getExcludedVpnGatewayParameters(result);
+        if (!excludedParameters.isEmpty()) {
+            response.setContainsExcludedParameters(excludedParameters.toString());
+        }
+
         response.setObjectName("vpncustomergateway");
         response.setHasAnnotation(annotationDao.hasAnnotations(result.getUuid(), AnnotationService.EntityType.VPN_CUSTOMER_GATEWAY.name(),
                 _accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())));

server/src/main/java/com/cloud/network/vpn/Site2SiteVpnManager.java

@@ -17,15 +17,16 @@
 package com.cloud.network.vpn;
 
 import java.util.List;
+import java.util.Set;
 
 import com.cloud.network.Site2SiteCustomerGateway;
 import com.cloud.network.dao.Site2SiteVpnConnectionVO;
 import com.cloud.vm.DomainRouterVO;
 
 public interface Site2SiteVpnManager extends Site2SiteVpnService {
-    boolean vpnGatewayContainsExcludedParameters(Site2SiteCustomerGateway customerGateway);
+    Set<String> getExcludedVpnGatewayParameters(Site2SiteCustomerGateway customerGw);
 
-    boolean vpnGatewayContainsObsoleteParameters(Site2SiteCustomerGateway customerGateway);
+    Set<String> getObsoleteVpnGatewayParameters(Site2SiteCustomerGateway customerGw);
 
     boolean cleanupVpnConnectionByVpc(long vpcId);