[cloudstack] branch main updated: Externalize tls version and security protocols configuration on mail sending (#5119)

Wed, 21 Jul 2021 05:01:40 -0700 

This is an automated email from the ASF dual-hosted git repository.

nvazquez pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/main by this push:
     new eb3acc3  Externalize tls version and security protocols configuration 
on mail sending (#5119)
eb3acc3 is described below

commit eb3acc334b082f95fb930424a01c0538507bbeb6
Author: Daniel Augusto Veronezi Salvador 
<[email protected]>
AuthorDate: Wed Jul 21 09:01:11 2021 -0300

    Externalize tls version and security protocols configuration on mail 
sending (#5119)
    
    * Externalize configs to alert
    
    * Externalize configs to project
    
    Co-authored-by: GutoVeronezi <[email protected]>
---
 .../src/main/java/com/cloud/alert/AlertManager.java         |  6 ++++++
 server/src/main/java/com/cloud/alert/AlertManagerImpl.java  |  3 ++-
 server/src/main/java/com/cloud/projects/ProjectManager.java |  7 +++++++
 .../main/java/com/cloud/projects/ProjectManagerImpl.java    | 13 ++++++++++++-
 4 files changed, 27 insertions(+), 2 deletions(-)

diff --git 
a/engine/components-api/src/main/java/com/cloud/alert/AlertManager.java 
b/engine/components-api/src/main/java/com/cloud/alert/AlertManager.java
index be29a5d..6a90e74 100644
--- a/engine/components-api/src/main/java/com/cloud/alert/AlertManager.java
+++ b/engine/components-api/src/main/java/com/cloud/alert/AlertManager.java
@@ -35,6 +35,12 @@ public interface AlertManager extends Manager, AlertService {
         "Alert", "0.75", "Percentage (as a value between 0 and 1) of allocated 
storage utilization above which alerts will be sent about low storage 
available.", true,
         ConfigKey.Scope.Cluster, null);
 
+    public static final ConfigKey<Boolean> AlertSmtpUseStartTLS = new 
ConfigKey<Boolean>("Advanced", Boolean.class, "alert.smtp.useStartTLS", "false",
+            "If set to true and if we enable security via alert.smtp.useAuth, 
this will enable StartTLS to secure the conection.", true);
+
+    public static final ConfigKey<String> AlertSmtpEnabledSecurityProtocols = 
new ConfigKey<String>("Advanced", String.class, 
"alert.smtp.enabledSecurityProtocols", "",
+            "White-space separated security protocols; ex: \"TLSv1 TLSv1.1\". 
Supported protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1 and TLSv1.2", true);
+
     void clearAlert(AlertType alertType, long dataCenterId, long podId);
 
     void recalculateCapacity();
diff --git a/server/src/main/java/com/cloud/alert/AlertManagerImpl.java 
b/server/src/main/java/com/cloud/alert/AlertManagerImpl.java
index f6e4360..5ba8c26 100644
--- a/server/src/main/java/com/cloud/alert/AlertManagerImpl.java
+++ b/server/src/main/java/com/cloud/alert/AlertManagerImpl.java
@@ -759,7 +759,8 @@ public class AlertManagerImpl extends ManagerBase 
implements AlertManager, Confi
 
     @Override
     public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] {CPUCapacityThreshold, 
MemoryCapacityThreshold, StorageAllocatedCapacityThreshold, 
StorageCapacityThreshold};
+        return new ConfigKey<?>[] {CPUCapacityThreshold, 
MemoryCapacityThreshold, StorageAllocatedCapacityThreshold, 
StorageCapacityThreshold, AlertSmtpEnabledSecurityProtocols,
+            AlertSmtpUseStartTLS};
     }
 
     @Override
diff --git a/server/src/main/java/com/cloud/projects/ProjectManager.java 
b/server/src/main/java/com/cloud/projects/ProjectManager.java
index f568146..8eebfd3 100644
--- a/server/src/main/java/com/cloud/projects/ProjectManager.java
+++ b/server/src/main/java/com/cloud/projects/ProjectManager.java
@@ -19,8 +19,15 @@ package com.cloud.projects;
 import java.util.List;
 
 import com.cloud.user.Account;
+import org.apache.cloudstack.framework.config.ConfigKey;
 
 public interface ProjectManager extends ProjectService {
+    public static final ConfigKey<Boolean> ProjectSmtpUseStartTLS = new 
ConfigKey<Boolean>("Advanced", Boolean.class, "project.smtp.useStartTLS", 
"false",
+            "If set to true and if we enable security via 
project.smtp.useAuth, this will enable StartTLS to secure the conection.", 
true);
+
+    public static final ConfigKey<String> ProjectSmtpEnabledSecurityProtocols 
= new ConfigKey<String>("Advanced", String.class, 
"project.smtp.enabledSecurityProtocols", "",
+            "White-space separated security protocols; ex: \"TLSv1 TLSv1.1\". 
Supported protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1 and TLSv1.2", true);
+
     boolean canAccessProjectAccount(Account caller, long accountId);
 
     boolean canModifyProjectAccount(Account caller, long accountId);
diff --git a/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java 
b/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
index 7cb4674..6d51c19 100644
--- a/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
+++ b/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java
@@ -82,13 +82,15 @@ import com.cloud.utils.db.TransactionStatus;
 import com.cloud.utils.exception.CloudRuntimeException;
 import java.util.HashSet;
 import java.util.Set;
+import org.apache.cloudstack.framework.config.ConfigKey;
+import org.apache.cloudstack.framework.config.Configurable;
 import org.apache.cloudstack.utils.mailing.MailAddress;
 import org.apache.cloudstack.utils.mailing.SMTPMailProperties;
 import org.apache.cloudstack.utils.mailing.SMTPMailSender;
 import org.apache.commons.lang3.BooleanUtils;
 
 @Component
-public class ProjectManagerImpl extends ManagerBase implements ProjectManager {
+public class ProjectManagerImpl extends ManagerBase implements ProjectManager, 
Configurable {
     public static final Logger s_logger = 
Logger.getLogger(ProjectManagerImpl.class);
 
     @Inject
@@ -1366,4 +1368,13 @@ public class ProjectManagerImpl extends ManagerBase 
implements ProjectManager {
         return _allowUserToCreateProject;
     }
 
+    @Override
+    public String getConfigComponentName() {
+        return ProjectManager.class.getSimpleName();
+    }
+
+    @Override
+    public ConfigKey<?>[] getConfigKeys() {
+        return new ConfigKey<?>[] {ProjectSmtpEnabledSecurityProtocols, 
ProjectSmtpUseStartTLS};
+    }
 }

Reply via email to