Skip to content

<feature>[kms]: support kms trust API #3397

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
zstack-robot-2 wants to merge 1 commit into from
Closed

<feature>[kms]: support kms trust API #3397

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions sdk/src/main/java/SourceClassMap.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,7 @@ public class SourceClassMap {
put("org.zstack.header.image.APIGetUploadImageJobDetailsReply$JobDetails", "org.zstack.sdk.JobDetails");
put("org.zstack.header.image.ImageBackupStorageRefInventory", "org.zstack.sdk.ImageBackupStorageRefInventory");
put("org.zstack.header.image.ImageInventory", "org.zstack.sdk.ImageInventory");
put("org.zstack.header.keyprovider.CertificateInfo", "org.zstack.sdk.CertificateInfo");
put("org.zstack.header.keyprovider.KeyProviderInventory", "org.zstack.sdk.KeyProviderInventory");
put("org.zstack.header.keyprovider.KmsIdentityInventory", "org.zstack.sdk.KmsIdentityInventory");
put("org.zstack.header.keyprovider.KmsInventory", "org.zstack.sdk.KmsInventory");
Expand Down Expand Up @@ -763,6 +764,7 @@ public class SourceClassMap {
put("org.zstack.sdk.CephPrimaryStorageInventory", "org.zstack.storage.ceph.primary.CephPrimaryStorageInventory");
put("org.zstack.sdk.CephPrimaryStorageMonInventory", "org.zstack.storage.ceph.primary.CephPrimaryStorageMonInventory");
put("org.zstack.sdk.CephPrimaryStoragePoolInventory", "org.zstack.storage.ceph.primary.CephPrimaryStoragePoolInventory");
put("org.zstack.sdk.CertificateInfo", "org.zstack.header.keyprovider.CertificateInfo");
put("org.zstack.sdk.CertificateInventory", "org.zstack.network.service.lb.CertificateInventory");
put("org.zstack.sdk.ChainInfo", "org.zstack.header.core.progress.ChainInfo");
put("org.zstack.sdk.ChronyServerInfo", "org.zstack.zops.ChronyServerInfo");
Expand Down
55 changes: 55 additions & 0 deletions sdk/src/main/java/org/zstack/sdk/CertificateInfo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
package org.zstack.sdk;



public class CertificateInfo {

public java.lang.String subject;
public void setSubject(java.lang.String subject) {
this.subject = subject;
}
public java.lang.String getSubject() {
return this.subject;
}

public java.lang.String issuer;
public void setIssuer(java.lang.String issuer) {
this.issuer = issuer;
}
public java.lang.String getIssuer() {
return this.issuer;
}

public java.lang.String commonName;
public void setCommonName(java.lang.String commonName) {
this.commonName = commonName;
}
public java.lang.String getCommonName() {
return this.commonName;
}

public java.util.List subjectAltNamesDns;
Copy link
Collaborator

@zstack-robot-1 zstack-robot-1 Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment from zhijian.liu:

最好能够指定泛型

Copy link
Collaborator

@ZStack-Robot ZStack-Robot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment from tao.yang:

sdk脚本自动生成的内容

public void setSubjectAltNamesDns(java.util.List subjectAltNamesDns) {
this.subjectAltNamesDns = subjectAltNamesDns;
}
public java.util.List getSubjectAltNamesDns() {
return this.subjectAltNamesDns;
}

public java.util.List subjectAltNamesIp;
public void setSubjectAltNamesIp(java.util.List subjectAltNamesIp) {
this.subjectAltNamesIp = subjectAltNamesIp;
}
public java.util.List getSubjectAltNamesIp() {
return this.subjectAltNamesIp;
}

public java.sql.Timestamp expiredDate;
public void setExpiredDate(java.sql.Timestamp expiredDate) {
this.expiredDate = expiredDate;
}
public java.sql.Timestamp getExpiredDate() {
return this.expiredDate;
}

}
19 changes: 14 additions & 5 deletions sdk/src/main/java/org/zstack/sdk/KmsInventory.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package org.zstack.sdk;

import org.zstack.sdk.CertificateInfo;
import org.zstack.sdk.KmsIdentityInventory;

public class KmsInventory extends org.zstack.sdk.KeyProviderInventory {
Expand Down Expand Up @@ -52,12 +53,20 @@ public java.lang.String getActiveIdentityUuid() {
return this.activeIdentityUuid;
}

public java.sql.Timestamp serverCertExpiredDate;
public void setServerCertExpiredDate(java.sql.Timestamp serverCertExpiredDate) {
this.serverCertExpiredDate = serverCertExpiredDate;
public java.lang.String serverCertPem;
public void setServerCertPem(java.lang.String serverCertPem) {
this.serverCertPem = serverCertPem;
}
public java.sql.Timestamp getServerCertExpiredDate() {
return this.serverCertExpiredDate;
public java.lang.String getServerCertPem() {
return this.serverCertPem;
}

public CertificateInfo serverCertInfo;
public void setServerCertInfo(CertificateInfo serverCertInfo) {
this.serverCertInfo = serverCertInfo;
}
public CertificateInfo getServerCertInfo() {
return this.serverCertInfo;
}
Comment on lines +56 to 70
Copy link

@coderabbitai coderabbitai bot Mar 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

替换证书字段会引入 SDK 向后兼容风险。

这里将旧的过期时间表达迁移为 serverCertPem/serverCertInfo 后,历史 SDK 调用方(尤其依赖旧 accessor 的调用)会出现编译或行为不兼容。建议至少保留一版过渡兼容访问器并标记 @Deprecated

🔧 建议的兼容层补丁(过渡期) 
+    /**
+     * `@deprecated` 请改用 getServerCertInfo().getExpiredDate()
+     */
+    `@Deprecated`
+    public java.sql.Timestamp getServerCertExpiredDate() {
+        return this.serverCertInfo == null ? null : this.serverCertInfo.getExpiredDate();
+    }
+
+    /**
+     * `@deprecated` 请改用 setServerCertInfo()
+     */
+    `@Deprecated`
+    public void setServerCertExpiredDate(java.sql.Timestamp serverCertExpiredDate) {
+        if (this.serverCertInfo == null) {
+            this.serverCertInfo = new CertificateInfo();
+        }
+        this.serverCertInfo.setExpiredDate(serverCertExpiredDate);
+    }
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@sdk/src/main/java/org/zstack/sdk/KmsInventory.java` around lines 56 - 70,
Keep backward compatibility by adding deprecated transitional accessors that
delegate to the new fields: add `@Deprecated` public String getCertPem() /
setCertPem(String) which read/write serverCertPem, and `@Deprecated` public
CertificateInfo getCertInfo() / setCertInfo(CertificateInfo) which read/write
serverCertInfo; mark each with `@Deprecated` and a javadoc explaining they
delegate to serverCertPem/serverCertInfo and will be removed in a future
release.


public KmsIdentityInventory activeIdentity;
Expand Down
16 changes: 8 additions & 8 deletions sdk/src/main/java/org/zstack/sdk/NkpRestoreInfo.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,6 @@ public java.lang.String getSaltPolicy() {
return this.saltPolicy;
}

public java.lang.String encryptedMasterSeed;
public void setEncryptedMasterSeed(java.lang.String encryptedMasterSeed) {
this.encryptedMasterSeed = encryptedMasterSeed;
}
public java.lang.String getEncryptedMasterSeed() {
return this.encryptedMasterSeed;
}

public java.lang.Integer currentVersion;
public void setCurrentVersion(java.lang.Integer currentVersion) {
this.currentVersion = currentVersion;
Expand All @@ -60,4 +52,12 @@ public java.lang.Integer getCurrentVersion() {
return this.currentVersion;
}

public java.lang.Long backupTime;
public void setBackupTime(java.lang.Long backupTime) {
this.backupTime = backupTime;
}
public java.lang.Long getBackupTime() {
return this.backupTime;
}

}
3 changes: 0 additions & 3 deletions sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/CreateKmsAction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,6 @@ public Result throwExceptionIfError() {
@Param(required = false, maxLength = 2048, nonempty = false, nullElements = false, emptyString = true, noTrim = false)
public java.lang.String description;

@Param(required = false)
public java.lang.String type;

@Param(required = false)
public java.lang.String resourceUuid;

Expand Down
101 changes: 101 additions & 0 deletions sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsAction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
package org.zstack.sdk.keyprovider.kms.api;

import java.util.HashMap;
import java.util.Map;
import org.zstack.sdk.*;

public class GetKmsServerCertFromKmsAction extends AbstractAction {

private static final HashMap<String, Parameter> parameterMap = new HashMap<>();
Copy link
Owner

@MatheMatrix MatheMatrix Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment from zhijian.liu:

这里多个非必要的空格,定义变量直接函数内部第一行,相同的变量之间也没必要空格

Copy link
Collaborator

@zstack-robot-1 zstack-robot-1 Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment from tao.yang:

sdk脚本自动生成的内容


private static final HashMap<String, Parameter> nonAPIParameterMap = new HashMap<>();

public static class Result {
public ErrorCode error;
public org.zstack.sdk.keyprovider.kms.api.GetKmsServerCertFromKmsResult value;

public Result throwExceptionIfError() {
if (error != null) {
throw new ApiException(
String.format("error[code: %s, description: %s, details: %s]", error.code, error.description, error.details)
);
}

return this;
}
}

@Param(required = true, nonempty = false, nullElements = false, emptyString = false, noTrim = false)
public java.lang.String uuid;

@Param(required = false)
public java.util.List systemTags;

@Param(required = false)
public java.util.List userTags;

@Param(required = false)
public String sessionId;

@Param(required = false)
public String accessKeyId;

@Param(required = false)
public String accessKeySecret;

@Param(required = false)
public String requestIp;

@NonAPIParam
public long timeout = -1;

@NonAPIParam
public long pollingInterval = -1;


private Result makeResult(ApiResult res) {
Result ret = new Result();
if (res.error != null) {
ret.error = res.error;
return ret;
}

org.zstack.sdk.keyprovider.kms.api.GetKmsServerCertFromKmsResult value = res.getResult(org.zstack.sdk.keyprovider.kms.api.GetKmsServerCertFromKmsResult.class);
ret.value = value == null ? new org.zstack.sdk.keyprovider.kms.api.GetKmsServerCertFromKmsResult() : value;

return ret;
}

public Result call() {
ApiResult res = ZSClient.call(this);
return makeResult(res);
}

public void call(final Completion<Result> completion) {
ZSClient.call(this, new InternalCompletion() {
@Override
public void complete(ApiResult res) {
completion.complete(makeResult(res));
}
});
}

protected Map<String, Parameter> getParameterMap() {
return parameterMap;
}

protected Map<String, Parameter> getNonAPIParameterMap() {
return nonAPIParameterMap;
}

protected RestInfo getRestInfo() {
RestInfo info = new RestInfo();
info.httpMethod = "PUT";
info.path = "/key-providers/kms/{uuid}/actions";
info.needSession = true;
info.needPoll = true;
info.parameterName = "getKmsServerCertFromKms";
return info;
}

}
30 changes: 30 additions & 0 deletions sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsResult.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
package org.zstack.sdk.keyprovider.kms.api;

import org.zstack.sdk.CertificateInfo;

public class GetKmsServerCertFromKmsResult {
public java.lang.String serverCertPem;
public void setServerCertPem(java.lang.String serverCertPem) {
this.serverCertPem = serverCertPem;
}
public java.lang.String getServerCertPem() {
return this.serverCertPem;
}

public boolean selfSigned;
public void setSelfSigned(boolean selfSigned) {
this.selfSigned = selfSigned;
}
public boolean getSelfSigned() {
return this.selfSigned;
}

public CertificateInfo serverCertInfo;
public void setServerCertInfo(CertificateInfo serverCertInfo) {
this.serverCertInfo = serverCertInfo;
}
public CertificateInfo getServerCertInfo() {
return this.serverCertInfo;
}

}
107 changes: 107 additions & 0 deletions sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientCsrAction.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
package org.zstack.sdk.keyprovider.kms.api;

import java.util.HashMap;
import java.util.Map;
import org.zstack.sdk.*;

public class UploadKmsClientCsrAction extends AbstractAction {

private static final HashMap<String, Parameter> parameterMap = new HashMap<>();

private static final HashMap<String, Parameter> nonAPIParameterMap = new HashMap<>();

public static class Result {
public ErrorCode error;
public org.zstack.sdk.keyprovider.kms.api.UploadKmsClientCsrResult value;

public Result throwExceptionIfError() {
if (error != null) {
throw new ApiException(
String.format("error[code: %s, description: %s, details: %s]", error.code, error.description, error.details)
);
}

return this;
}
}

@Param(required = true, nonempty = false, nullElements = false, emptyString = false, noTrim = false)
public java.lang.String uuid;

@Param(required = true, nonempty = false, nullElements = false, emptyString = false, noTrim = false)
public java.lang.String csrPem;

@Param(required = true, nonempty = false, nullElements = false, emptyString = false, noTrim = false)
public java.lang.String csrKeyPem;

@Param(required = false)
public java.util.List systemTags;

@Param(required = false)
public java.util.List userTags;

@Param(required = false)
public String sessionId;

@Param(required = false)
public String accessKeyId;

@Param(required = false)
public String accessKeySecret;

@Param(required = false)
public String requestIp;

@NonAPIParam
public long timeout = -1;

@NonAPIParam
public long pollingInterval = -1;


private Result makeResult(ApiResult res) {
Result ret = new Result();
if (res.error != null) {
ret.error = res.error;
return ret;
}

org.zstack.sdk.keyprovider.kms.api.UploadKmsClientCsrResult value = res.getResult(org.zstack.sdk.keyprovider.kms.api.UploadKmsClientCsrResult.class);
ret.value = value == null ? new org.zstack.sdk.keyprovider.kms.api.UploadKmsClientCsrResult() : value;

return ret;
}

public Result call() {
ApiResult res = ZSClient.call(this);
return makeResult(res);
}

public void call(final Completion<Result> completion) {
ZSClient.call(this, new InternalCompletion() {
@Override
public void complete(ApiResult res) {
completion.complete(makeResult(res));
}
});
}

protected Map<String, Parameter> getParameterMap() {
return parameterMap;
}

protected Map<String, Parameter> getNonAPIParameterMap() {
return nonAPIParameterMap;
}

protected RestInfo getRestInfo() {
RestInfo info = new RestInfo();
info.httpMethod = "PUT";
info.path = "/key-providers/kms/{uuid}/actions";
info.needSession = true;
info.needPoll = true;
info.parameterName = "uploadKmsClientCsr";
return info;
}

}
14 changes: 14 additions & 0 deletions sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientCsrResult.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
package org.zstack.sdk.keyprovider.kms.api;

import org.zstack.sdk.KmsIdentityInventory;

public class UploadKmsClientCsrResult {
public KmsIdentityInventory inventory;
public void setInventory(KmsIdentityInventory inventory) {
this.inventory = inventory;
}
public KmsIdentityInventory getInventory() {
return this.inventory;
}

}
Loading