Skip to content

API to list console sessions #11016

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 18 commits into
base: main
Choose a base branch
from
Open

API to list console sessions #11016

wants to merge 18 commits into from

Conversation

bernardodemarco
Copy link
Member

@bernardodemarco bernardodemarco commented Jun 12, 2025
edited
Loading

Description

Currently, details about console sessions are stored in the cloud.console_session table in the database. Operators can only access this information by querying the database directly, while end users have no way to view console session data at all.

To address this, this PR proposes to create the listConsoleSessions API. It allows listing the console sessions, with optional filters by domain, account, user, host, instance, IP address, and date. The API is accessible to all account types and, thus, performs proper access validation on the queried resources.

The API supports the following parameters:

Parameter Description Required
id Console session ID. No
activeonly Indicates whether only currently active console sessions should be listed. Defaults to true. Active sessions are the ones that have been acquired and have not been removed. No
acquired Indicates whether only acquired console sessions should be listed. Defaults to false. Acquired sessions are the ones that have been accessed. The activeonly parameter has precedence over the acquired parameter, i.e., when the activeonly parameter is true, the acquired parameter value will be ignored. No
isrecursive Lists console sessions recursively per domain. Defaults to false. No
clientaddress IP address of the client that accessed the console. No
consoleendpointcreatoraddress IP address of the client that generated the console session endpoint. No
hostid ID of the host where the VM was running when the console session endpoint was generated. Only available for Root Admins. No
virtualmachineid ID of the VM associated with the console session. No
startdate If provided, only console sessions that were generated from this date onward will be listed. No
enddate If provided, only console sessions that were generated up to this date will be listed. No
domainid Domain ID of the account that generated the console session endpoint. No
accountid ID of the account that generated the console session endpoint. No
userid ID of the user that generated the console session endpoint. No
page Used for pagination along with pagesize. No
pagesize User for pagination along with page. No

This PR only encompasses the creation of the API listConsoleSessions API. UI support will be implemented in a future PR.

Types of changes

  • Breaking change (fix or feature that would cause existing functionality to change)
  • New feature (non-breaking change which adds functionality)
  • Bug fix (non-breaking change which fixes an issue)
  • Enhancement (improves an existing feature and functionality)
  • Cleanup (Code refactoring and cleanup, that may add test cases)
  • build/CI
  • test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

  • Major
  • Minor

Screenshots (if appropriate):

How Has This Been Tested?

Tests Setup

  1. Created the following domain hierarchy:
ROOT
├── d1
│   └── d1-d1
└── d2
  1. Created the following accounts:
Name Role Type Domain
admin Admin ROOT
u1 User ROOT
d1-admin DomainAdmin ROOT/d1
d1-user User ROOT/d1
d1-d1-admin DomainAdmin ROOT/d1/d1-d1
d1-d1-user User ROOT/d1/d1-d1
d2-admin DomainAdmin ROOT/d2
  1. Deployed a VM for each account:
ID Name Instance Name Account Name
5 v-5-VM v-5-VM system
6 s-6-VM s-6-VM system
7 VM-fb5fa7ab-c5a0-4943-88bd-dedec9007c7b i-7-7-VM d1-d1-user
8 r-8-VM r-8-VM d1-d1-user
9 VM-16febbcd-a35e-4f05-87d3-1a27db077136 i-6-9-VM d1-user
10 r-10-VM r-10-VM d1-user
11 VM-d3208889-d3fd-43fe-9087-3cf5d863a3b1 i-4-11-VM d1-admin
12 r-12-VM r-12-VM d1-admin
13 VM-dea9f800-afd0-4054-9160-3a676a0df3d3 i-2-13-VM admin
14 r-14-VM r-14-VM admin
15 VM-766b6485-330e-4ec9-9516-59e17b52c1c7 i-8-15-VM u1
16 r-16-VM r-16-VM u1
17 VM-d2d7ded1-e210-4191-9a0e-75c3914de043 i-9-17-VM d2-admin
18 r-18-VM r-18-VM d2-admin
19 VM-266b73ff-2684-46b9-b36e-830ac83c5c14 i-5-19-VM d1-d1-admin
20 r-20-VM r-20-VM d1-d1-admin
  1. With each account, I accessed all available VM consoles through the CPVM.

listConsoleSessions tests

  • With the admin account, verified that the API lists console sessions correctly according to the specified parameters
  • With the u1 account, verified that it is only possible to access the account's console sessions
  • With the d2-admin account, verified that it is only possible to list the console sessions of the d2 domain
  • With the d1-admin account, verified that it is only possible to list the console sessions of the d1 and d1/d1-d1 domains
  • With the d1-user account, verified that it is only possible to list the d1-user console sessions
  • With the d1-d1-admin account, verified that it is only possible to list the console sessions of the d1/d1-d1 domain
  • With the d1-d1-user account, verified that it is only possible to list the d1-d1-user console sessions
  • With accounts of the User type, verified that the hostid parameter is not considered in the API workflow
  • With accounts of the User type, verified that the hostid and hostname response attributes are not included in the API's return

@bernardodemarco bernardodemarco added this to the 4.21.0 milestone Jun 12, 2025
@bernardodemarco
Copy link
Member Author

@blueorangutan package

@codecov Codecov
Copy link

codecov bot commented Jun 12, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 56.36943% with 137 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.19%. Comparing base (86827f8) to head (cbd4295).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...loudstack/api/response/ConsoleSessionResponse.java 50.48% 51 Missing ⚠️
...n/java/com/cloud/vm/dao/ConsoleSessionDaoImpl.java 9.09% 40 Missing ⚠️
...mand/user/consoleproxy/ListConsoleSessionsCmd.java 50.81% 30 Missing ⚠️
...a/src/main/java/com/cloud/vm/ConsoleSessionVO.java 14.28% 6 Missing ⚠️
...udstack/consoleproxy/ConsoleAccessManagerImpl.java 87.50% 5 Missing and 1 partial ⚠️
...src/main/java/com/cloud/api/ApiResponseHelper.java 94.00% 1 Missing and 2 partials ⚠️
...in/java/com/cloud/server/ManagementServerImpl.java 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@             Coverage Diff              @@
##               main   #11016      +/-   ##
============================================
+ Coverage     17.17%   17.19%   +0.02%     
- Complexity    14985    15017      +32     
============================================
  Files          5869     5871       +2     
  Lines        521590   521896     +306     
  Branches      63485    63504      +19     
============================================
+ Hits          89562    89739     +177     
- Misses       421962   422087     +125     
- Partials      10066    10070       +4
Flag Coverage Δ
uitests 3.75% <ø> (ø)
unittests 18.17% <56.36%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@bernardodemarco
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@bernardodemarco a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@blueorangutan
Copy link

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 13755

@bernardodemarco
Copy link
Member Author

@blueorangutan package

@blueorangutan
Copy link

@bernardodemarco a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

DaanHoogland
DaanHoogland reviewed Jun 13, 2025
View reviewed changes
Copy link
Contributor

@DaanHoogland DaanHoogland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clgtm, only doubt, is the active parameter needed? would we ever want to list no longer available sessions?

@blueorangutan
Copy link

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 13766

@blueorangutan
Copy link

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 13771

@bernardodemarco
Copy link
Member Author

@DaanHoogland, thanks for the review!

is the active parameter needed? would we ever want to list no longer available sessions?

Yes, listing removed sessions is useful for audit and analysis purposes, as it allows users to track who generated a console endpoint, who accessed it, and when it was generated, acquired, and removed. Listing only active sessions, on the other hand, is helpful for verifying whether someone is currently using a VM.

@blueorangutan
Copy link

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 13777

@DaanHoogland
Copy link
Contributor

@blueorangutan test

@blueorangutan
Copy link

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

@blueorangutan
Copy link

[SF] Trillian test result (tid-13527)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 54933 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11016-t13527-kvm-ol8.zip
Smoke tests completed. 141 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File

@DaanHoogland
Copy link
Contributor

@blueorangutan test ol8 vmware-70u3 keepEnv

@blueorangutan
Copy link

@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + vmware-70u3) has been kicked to run smoke tests

@github-actions GitHub Actions
Copy link

This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.

@sureshanaparti
Copy link
Contributor

@bernardodemarco @winterhazel can you check the conflicts

bernardodemarco and others added 16 commits July 29, 2025 09:19
@bernardodemarco
create API to list console sessions
be784ae
@bernardodemarco
add listConsoleSessions API to list of MS APIs
6555a68
@bernardodemarco
persist console endpoint creator domain ID
62cbc1b
@bernardodemarco
fix invalid access validation performed to the domainId attribute
a4e786a
@bernardodemarco
deal with inexistent provided domain ID
8216ddf
@bernardodemarco
add end of line to ListConsoleSessionsCmd.java
e78a264
@bernardodemarco
enhance access control validation
f24bba2
@bernardodemarco @nvazquez
Update api/src/main/java/org/apache/cloudstack/api/command/user/conso…
c1cf1de 
…leproxy/ListConsoleSessionsCmd.java

Co-authored-by: Nicolas Vazquez <nicovazquez90@gmail.com>
@bernardodemarco @nvazquez
Update server/src/main/java/org/apache/cloudstack/consoleproxy/Consol…
8a0d29e 
…eAccessManagerImpl.java

Co-authored-by: Nicolas Vazquez <nicovazquez90@gmail.com>
@bernardodemarco
refactor createConsoleSessionResponse method
46e7577
@bernardodemarco
add instancename to the APIs response
f70e7d9
@bernardodemarco
add constants to ConsoleSessionDaoImpl
b1aad2d
@bernardodemarco
check if consoleSession is null at the beginning of the method
ae7f440
@bernardodemarco
compare startdate and enddate parameters with the created attribute
005b6ba
@bernardodemarco
add acquired param
6d34e43
@bernardodemarco
rename instanceid param
dc67763
@sureshanaparti
Copy link
Contributor

@blueorangutan package

@blueorangutan
Copy link

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

@bernardodemarco
Copy link
Member Author

@shwstppr, @winterhazel, @sureshanaparti, @nvazquez as suggested, I renamed the instanceid parameter to virtualmachineid and the instanceid and instancename response attributes to, respectively, virtualmachineid and virtualmachinename.

Therefore, I'll close the apache/cloudstack-cloudmonkey#162 PR, that intended to add autocomplete support for the instanceid parameter, which is not required anymore.

@blueorangutan
Copy link

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14442

@sureshanaparti
Copy link
Contributor

@blueorangutan test

@blueorangutan
Copy link

@sureshanaparti a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

@blueorangutan
Copy link

[SF] Trillian test result (tid-13967)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 85837 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11016-t13967-kvm-ol8.zip
Smoke tests completed. 139 look OK, 6 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test Result Time (s) Test File
ContextSuite context=TestVPCRedundancy>:setup Error 0.00 test_vpc_redundant.py
ContextSuite context=TestISOUsage>:setup Error 0.00 test_usage.py
test_01_snapshot_usage Error 3.23 test_usage.py
test_10_attachAndDetach_iso Failure 1512.86 test_vm_life_cycle.py
ContextSuite context=TestMigrateVMStrictTags>:setup Error 0.00 test_vm_strict_host_tags.py
ContextSuite context=TestRestoreVMStrictTags>:setup Error 0.00 test_vm_strict_host_tags.py
ContextSuite context=TestScaleVMStrictTags>:setup Error 0.00 test_vm_strict_host_tags.py
ContextSuite context=TestVMDeploymentPlannerStrictTags>:setup Error 0.00 test_vm_strict_host_tags.py
test_06_download_detached_volume Error 307.22 test_volumes.py
test_13_migrate_volume_and_change_offering Error 129.37 test_volumes.py
ContextSuite context=TestIpv6Vpc>:setup Error 0.00 test_vpc_ipv6.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shwstppr shwstppr shwstppr left review comments

@DaanHoogland DaanHoogland DaanHoogland approved these changes

@nvazquez nvazquez nvazquez approved these changes

@JoaoJandre JoaoJandre JoaoJandre approved these changes

@sureshanaparti sureshanaparti Awaiting requested review from sureshanaparti

@winterhazel winterhazel Awaiting requested review from winterhazel

@weizhouapache weizhouapache Awaiting requested review from weizhouapache

Assignees
No one assigned
Labels
component:api component:management-server Python Warning... Python code Ahead! status:waiting-for-smoketest-results
Projects
Apache CloudStack 4.21.0
Status: In Progress
Milestone
4.21.0
Development

Successfully merging this pull request may close these issues.
9 participants
@bernardodemarco @blueorangutan @DaanHoogland @nvazquez @weizhouapache @sureshanaparti @JoaoJandre @winterhazel @shwstppr
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy