Disable API Key Access for users, accounts and domains

[abh1sar]

Description

This PR implements the feature which give Root Admin the ability to Disable Api-key/Secret-key access at different granularities (User/Account/Domain/Global) Spec : https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=323488155 Doc PR : https://github.com/apache/cloudstack-documentation/pull/446

Types of changes

• [ ] Breaking change (fix or feature that would cause existing functionality to change)
• [x] New feature (non-breaking change which adds functionality)
• [ ] Bug fix (non-breaking change which fixes an issue)
• [ ] Enhancement (improves an existing feature and functionality)
• [ ] Cleanup (Code refactoring and cleanup, that may add test cases)
• [ ] build/CI
• [ ] test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• [ ] Major
• [x] Minor

Bug Severity

• [ ] BLOCKER
• [ ] Critical
• [ ] Major
• [ ] Minor
• [ ] Trivial

Screenshots (if appropriate):

Edit form :

User view :

Event logging :

How Has This Been Tested?

1. Local value should always take precedence unless it is set to Inherit. Tested the following matrix. Result denotes if Api key access was allowed for the User or not.

User	Account	Domain	Global	Result
Inherit	Inherit	Inherit	Enabled	Enabled
Inherit	Inherit	Inherit	Disabled	Disabled
Inherit	Inherit	Enabled	Disabled	Enabled
Inherit	Disabled	Enabled	Enabled	Disabled
Disabled	Enabled	Enabled	Enabled	Disabled
Enabled	Inherit	Inherit	Disabled	Enabled

2. Tested that apikeyaccess parameter in updateUser, updateAccount, listUsers and listAccounts is not shown to anyone else apart from the Root Admin.

3. Tested that api.key.access configuration is not editable by the domain admin.

How did you try to break this feature and the system with this change?

[codecov[bot]]

Codecov Report

Attention: Patch coverage is 25.73840% with 176 lines in your changes missing coverage. Please review.

Project coverage is 15.82%. Comparing base (046870e) to head (a9805b5). Report is 62 commits behind head on main.

Files with missing lines	Patch %	Lines
...com/cloud/network/vpn/Site2SiteVpnManagerImpl.java	0.00%	48 Missing :warning:
server/src/main/java/com/cloud/api/ApiServer.java	22.72%	17 Missing :warning:
...c/main/java/com/cloud/user/dao/AccountDaoImpl.java	0.00%	14 Missing :warning:
.../cloud/configuration/ConfigurationManagerImpl.java	0.00%	13 Missing :warning:
...ain/java/com/cloud/api/query/QueryManagerImpl.java	47.82%	7 Missing and 5 partials :warning:
...c/main/java/com/cloud/user/AccountManagerImpl.java	75.00%	6 Missing and 4 partials :warning:
...n/java/org/apache/cloudstack/api/ApiConstants.java	47.05%	9 Missing :warning:
...ne/schema/src/main/java/com/cloud/user/UserVO.java	0.00%	6 Missing :warning:
...ck/api/command/admin/account/UpdateAccountCmd.java	0.00%	5 Missing :warning:
...loudstack/api/command/admin/user/ListUsersCmd.java	0.00%	5 Missing :warning:
... and 12 more

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #9741 +/- ## ============================================ + Coverage 15.78% 15.82% +0.03% - Complexity 12552 12587 +35 ============================================ Files 5625 5628 +3 Lines 491972 492483 +511 Branches 63764 60018 -3746 ============================================ + Hits 77664 77912 +248 - Misses 405849 406059 +210 - Partials 8459 8512 +53 ``` | [Flag](https://app.codecov.io/gh/apache/cloudstack/pull/9741/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | Coverage Δ | | |---|---|---| | [uitests](https://app.codecov.io/gh/apache/cloudstack/pull/9741/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | `4.03% <ø> (-0.01%)` | :arrow_down: | | [unittests](https://app.codecov.io/gh/apache/cloudstack/pull/9741/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | `16.64% <25.73%> (+0.03%)` | :arrow_up: | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

---

🚨 Try these New Features:

• Flaky Tests Detection - Detect and resolve failed and flaky tests
• JS Bundle Analysis - Avoid shipping oversized bundles

[abh1sar]

@blueorangutan package

[blueorangutan]

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11245

[abh1sar]

@blueorangutan test

[blueorangutan]

@abh1sar a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-11585) Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8 Total time taken: 49512 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9741-t11585-kvm-ol8.zip Smoke tests completed. 141 look OK, 0 have errors, 0 did not run Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[harikrishna-patnala]

@blueorangutan package

[blueorangutan]

@harikrishna-patnala a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11312

[borisstoyanov]

@blueorangutan test matrix

[blueorangutan]

@borisstoyanov a [SL] Trillian-Jenkins matrix job (EL8 mgmt + EL8 KVM, Ubuntu22 mgmt + Ubuntu22 KVM, EL8 mgmt + VMware 7.0u3, EL9 mgmt + XCP-ng 8.2 ) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-11659) Environment: kvm-ubuntu22 (x2), Advanced Networking with Mgmt server u22 Total time taken: 54747 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9741-t11659-kvm-ubuntu22.zip Smoke tests completed. 140 look OK, 1 have errors, 0 did not run Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_hostha_enable_ha_when_host_disabled	Error	3.00	test_hostha_kvm.py
test_hostha_enable_ha_when_host_in_maintenance	Error	303.24	test_hostha_kvm.py

[blueorangutan]

[SF] Trillian test result (tid-11658) Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8 Total time taken: 60034 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9741-t11658-kvm-ol8.zip Smoke tests completed. 139 look OK, 2 have errors, 0 did not run Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_01_secure_vm_migration	Error	134.18	test_vm_life_cycle.py
test_01_secure_vm_migration	Error	134.19	test_vm_life_cycle.py
ContextSuite context=TestCreateVolume>:setup	Error	0.00	test_volumes.py
ContextSuite context=TestVolumeEncryption>:setup	Error	0.00	test_volumes.py
ContextSuite context=TestVolumes>:setup	Error	0.00	test_volumes.py

[abh1sar]

@blueorangutan package

[blueorangutan]

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 11361

[abh1sar]

@blueorangutan package

[blueorangutan]

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11363

[blueorangutan]

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 11370

[abh1sar]

@blueorangutan package

[blueorangutan]

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11372

[abh1sar]

@blueorangutan test matrix

[blueorangutan]

@abh1sar a [SL] Trillian-Jenkins matrix job (EL8 mgmt + EL8 KVM, Ubuntu22 mgmt + Ubuntu22 KVM, EL8 mgmt + VMware 7.0u3, EL9 mgmt + XCP-ng 8.2 ) has been kicked to run smoke tests

[abh1sar]

@blueorangutan package

[blueorangutan]

@abh1sar a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11377

[blueorangutan]

[SF] Trillian test result (tid-11678) Environment: kvm-ubuntu22 (x2), Advanced Networking with Mgmt server u22 Total time taken: 53707 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9741-t11678-kvm-ubuntu22.zip Smoke tests completed. 141 look OK, 0 have errors, 0 did not run Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[blueorangutan]

[SF] Trillian test result (tid-11677) Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8 Total time taken: 53373 seconds Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9741-t11677-kvm-ol8.zip Smoke tests completed. 140 look OK, 1 have errors, 0 did not run Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_03_secured_to_nonsecured_vm_migration	Error	372.43	test_vm_life_cycle.py