Support ApiServer to enforce POST requests for state changing APIs and requests with timestamps

[sureshanaparti]

Description

This PR enables ApiServer to support enforcing POST requests with timestamps for state changing APIs, thought the setting 'enforce.post.requests.and.timestamps' (default: false).

Other related sub-project PRs supporting POST requests:

• Allow users to send requests from CMK using POST requests.  cloudstack-cloudmonkey#161
• Changing executeAPI to utilize POST request cloudstack-csbench#18
• Modify State Changing Requests to Utilize POST Request cloudstack-go#107
• Updated cloudstack go sdk to v2.17.1 kubernetes-sigs/cluster-api-provider-cloudstack#449
• Updated cloudstack go sdk to v2.17.1 cloudstack-terraform-provider#193
• Updated cloudstack go sdk to v2.17.1 cloudstack-kubernetes-provider#79

Need to update the cloudstack-go sdk version in the below sub-projects once the changes in apache/cloudstack-go#107 are merged and the sdk is released.

• K8S Provider: https://github.com/apache/cloudstack-kubernetes-provider/blob/a315d9e1c2aa3d571abf2ef992c230d5cbcf58c6/go.mod#L6
• Terraform Provider: https://github.com/apache/cloudstack-terraform-provider/blob/d85ccb23d232b52e5e1d0d535b1c51ca041f178d/go.mod#L4
• CAPC: https://github.com/kubernetes-sigs/cluster-api-provider-cloudstack/blob/4ba60650a17ae795d789e562d1895f6cc3b2cb89/go.mod#L8

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI
• test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Tested some VM, Volume operations with setting 'enforce.post.requests.and.timestamps' false and true.

How did you try to break this feature and the system with this change?

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13472

[sureshanaparti]

@blueorangutan test

[blueorangutan]

@sureshanaparti a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-13373)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 56145 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10899-t13373-kvm-ol8.zip
Smoke tests completed. 141 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[codecov]

Codecov Report

Attention: Patch coverage is 11.11111% with 64 lines in your changes missing coverage. Please review.

Project coverage is 16.58%. Comparing base (3e3a0c0) to head (a1f2604).
Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
server/src/main/java/com/cloud/api/ApiServlet.java	8.92%	50 Missing and 1 partial ⚠️
server/src/main/java/com/cloud/api/ApiServer.java	13.33%	13 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##               main   #10899   +/-   ##
=========================================
  Coverage     16.58%   16.58%           
  Complexity    13989    13989           
=========================================
  Files          5743     5743           
  Lines        510706   510764   +58     
  Branches      62119    62124    +5     
=========================================
+ Hits          84689    84699   +10     
- Misses       416543   416591   +48     
  Partials       9474     9474           

Flag	Coverage Δ
uitests	3.90% <ø> (+<0.01%)	⬆️
unittests	17.47% <11.11%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13492

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13493

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13498

[borisstoyanov]

@blueorangutan test

[blueorangutan]

@borisstoyanov a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-13412)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 86433 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10899-t13412-kvm-ol8.zip
Smoke tests completed. 130 look OK, 11 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_nic_secondaryip_add_remove	Error	1518.90	test_multipleips_per_nic.py
ContextSuite context=TestNestedVirtualization>:setup	Error	0.00	test_nested_virtualization.py
ContextSuite context=TestNetworkACL>:setup	Error	0.00	test_network_acl.py
ContextSuite context=TestIpv6Network>:setup	Error	0.00	test_network_ipv6.py
test_delete_account	Error	1518.17	test_network.py
test_delete_network_while_vm_on_it	Error	1.25	test_network.py
test_deploy_vm_l2network	Error	1.23	test_network.py
test_l2network_restart	Error	2.42	test_network.py
ContextSuite context=TestPortForwarding>:setup	Error	3.71	test_network.py
ContextSuite context=TestPublicIP>:setup	Error	13.52	test_network.py
test_reboot_router	Failure	0.12	test_network.py
test_releaseIP	Error	6.71	test_network.py
test_releaseIP_using_IP	Error	6.82	test_network.py
ContextSuite context=TestRouterRules>:setup	Error	6.93	test_network.py
ContextSuite context=TestSharedNetworkWithConfigDrive>:setup	Error	1522.77	test_network.py
ContextSuite context=TestPrivateGwACL>:setup	Error	0.00	test_privategw_acl.py
ContextSuite context=TestAdapterTypeForNic>:setup	Error	0.00	test_nic_adapter_type.py
ContextSuite context=TestNonStrictAffinityGroups>:setup	Error	0.00	test_nonstrict_affinity_group.py
ContextSuite context=TestIsolatedNetworksPasswdServer>:setup	Error	0.00	test_password_server.py
ContextSuite context=TestPortForwardingRules>:setup	Error	0.00	test_portforwardingrules.py
ContextSuite context=TestProjectSuspendActivate>:setup	Error	1530.13	test_projects.py

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[Copilot]

Pull Request Overview

This PR enforces POST requests (with timestamps) for state-changing APIs in ApiServer when the enforce.post.requests.and.timestamps setting is enabled, and updates both tests and UI components accordingly.

• Replace all api(…) calls with getAPI(…) for read-only, and postAPI(…) for state-changing operations
• Update unit tests to use common.createDataParams and POST methods instead of URLSearchParams + GET
• Introduce createDataParams helper in ui/tests/common/index.js to build request bodies

Reviewed Changes

Copilot reviewed 261 out of 261 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
ui/tests/common/index.js	Added createDataParams helper for building POST body params
ui/tests/unit/views/compute/MigrateWizard.spec.js	Updated tests to expect POST + common.createDataParams
ui/tests/unit/views/AutogenView.spec.js	Updated tests to expect POST + common.createDataParams
ui/tests/unit/components/view/ActionButton.spec.js	Updated tests to expect POST + common.createDataParams
(many) ui/src/views/.../*.vue	Switched imports from api to getAPI/postAPI and updated calls

Comments suppressed due to low confidence (3)

ui/tests/unit/components/view/ActionButton.spec.js:154

• The test references common.createDataParams but common is not imported at the top of this spec file. Add an import, e.g. import common from '@/tests/common'.

          data: common.createDataParams({

ui/tests/unit/views/compute/MigrateWizard.spec.js:349

• This spec uses common.createDataParams but there is no common import shown. Ensure common is imported (e.g. import common from '@/tests/common').

          data: common.createDataParams({

ui/tests/unit/views/AutogenView.spec.js:578

• Make sure common is imported in this spec file so common.createDataParams is defined.

          data: common.createDataParams({

[shwstppr]

For UI it could be smaller, simpler change

[shwstppr]

@sureshanaparti wouldn't it be easier to refactor this method itself to enforce use of POST/GET based on configuration/API type? We won't have to modify each caller in that case. Current change will cause merge conflicts for almost all UI related active PRs.

[sureshanaparti]

will check it @shwstppr

[sureshanaparti]

@shwstppr As discussed offline, the api method is refactored to smaller, separate functions to handle GET & POST calls. These new calls also indicate the underlying method (GET / POST) used for the API call. Also, it's better to have POST method calls for all non-listing, state changing APIs from UI, so keeping these changes as it is. Any merge conflicts / issues, we(or the authors)'ll resolve them.

[github-actions]

This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[kiranchavala]

LGTM

1. Enabled the global setting "enforce.post.requests.and.timestamps” to true

2. Execute some API's like create volume /delete network API

3. Monitor the network traffic via wireshark and we can see the POST request is enforced

[weizhouapache]

code lgtm

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14026

[sureshanaparti]

@blueorangutan test

[blueorangutan]

@sureshanaparti a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-13677)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 55487 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr10899-t13677-kvm-ol8.zip
Smoke tests completed. 141 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File