apache · PaulAngus · Jun 7, 2020 · Jun 8, 2020 · Jun 8, 2020 · Jun 8, 2020
diff --git a/api/src/main/java/org/apache/cloudstack/query/QueryService.java b/api/src/main/java/org/apache/cloudstack/query/QueryService.java
@@ -92,8 +92,8 @@ public interface QueryService {
     ConfigKey<Boolean> AllowUserViewDestroyedVM = new ConfigKey<>("Advanced", Boolean.class, "allow.user.view.destroyed.vm", "false",
             "Determines whether users can view their destroyed or expunging vm ", true, ConfigKey.Scope.Account);
 
-    static final ConfigKey<String> UserVMBlacklistedDetails = new ConfigKey<String>("Advanced", String.class,
-            "user.vm.blacklisted.details", "rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag",
+    static final ConfigKey<String> UserVMDenyListedDetails = new ConfigKey<String>("Advanced", String.class,
+            "user.vm.denylisted.details", "rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag",
             "Determines whether users can view certain VM settings. When set to empty, default value used is: rootdisksize, cpuOvercommitRatio, memoryOvercommitRatio, Message.ReservedCapacityFreed.Flag.", true);
 
     static final ConfigKey<String> UserVMReadOnlyDetails = new ConfigKey<String>("Advanced", String.class,

diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41510to41600.sql b/engine/schema/src/main/resources/META-INF/db/schema-41510to41600.sql
@@ -303,3 +303,9 @@ from
 
 -- Update name for global configuration user.vm.readonly.ui.details
 Update configuration set name='user.vm.readonly.details' where name='user.vm.readonly.ui.details';
+
+-- Update name for global configuration 'user.vm.readonly.ui.details' to 'user.vm.denied.details'
+UPDATE `cloud`.`configuration` SET name='user.vm.denied.details' WHERE name='user.vm.blacklisted.details';
+
+-- Update name for global configuration 'blacklisted.routes' to 'denied.routes'
+UPDATE `cloud`.`configuration` SET name='denied.routes', description='Routes that are denied, can not be used for Static Routes creation for the VPC Private Gateway' WHERE name='blacklisted.routes';
diff --git a/...-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java b/...-role-based/src/main/java/org/apache/cloudstack/acl/DynamicRoleBasedAPIAccessChecker.java
@@ -58,7 +58,7 @@ protected DynamicRoleBasedAPIAccessChecker() {
     }
 
     private void denyApiAccess(final String commandName) throws PermissionDeniedException {
-        throw new PermissionDeniedException("The API " + commandName + " is blacklisted for the account's role.");
+        throw new PermissionDeniedException("The API " + commandName + " is denied for the account's role.");
     }
 
     public boolean isDisabled() {

diff --git a/...-role-based/src/main/java/org/apache/cloudstack/acl/ProjectRoleBasedApiAccessChecker.java b/...-role-based/src/main/java/org/apache/cloudstack/acl/ProjectRoleBasedApiAccessChecker.java
@@ -55,7 +55,7 @@ protected ProjectRoleBasedApiAccessChecker() {
     }
 
     private void denyApiAccess(final String commandName) throws PermissionDeniedException {
-        throw new PermissionDeniedException("The API " + commandName + " is blacklisted for the user's/account's project role.");
+        throw new PermissionDeniedException("The API " + commandName + " is denied for the user's/account's project role.");
     }
 
 

diff --git a/...c-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java b/...c-role-based/src/main/java/org/apache/cloudstack/acl/StaticRoleBasedAPIAccessChecker.java
@@ -90,7 +90,7 @@ public boolean checkAccess(User user, String commandName) throws PermissionDenie
         }
 
         if (commandNames.contains(commandName)) {
-            throw new PermissionDeniedException("The API is blacklisted. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName);
+            throw new PermissionDeniedException("The API is denied. Role type=" + roleType.toString() + " is not allowed to request the api: " + commandName);
         } else {
             throw new UnavailableCommandException("The API " + commandName + " does not exist or is not available for this account.");
         }

diff --git a/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java b/plugins/database/mysql-ha/src/main/java/com/cloud/utils/db/StaticStrategy.java
@@ -44,21 +44,21 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List<String> confi
 
         SQLException ex = null;
 
-        List<String> whiteList = new ArrayList<String>(numHosts);
-        whiteList.addAll(configuredHosts);
+        List<String> allowList = new ArrayList<String>(numHosts);
+        allowList.addAll(configuredHosts);
 
-        Map<String, Long> blackList = ((LoadBalancedConnectionProxy) proxy).getGlobalBlacklist();
+        Map<String, Long> denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalBlacklist();
 
-        whiteList.removeAll(blackList.keySet());
+        allowList.removeAll(denylist.keySet());
 
-        Map<String, Integer> whiteListMap = this.getArrayIndexMap(whiteList);
+        Map<String, Integer> allowListMap = this.getArrayIndexMap(allowList);
 
         for (int attempts = 0; attempts < numRetries;) {
-            if (whiteList.size() == 0) {
+            if (allowList.size() == 0) {
                 throw SQLError.createSQLException("No hosts configured", null);
             }
 
-            String hostPortSpec = whiteList.get(0);     //Always take the first host
+            String hostPortSpec = allowList.get(0);     //Always take the first host
 
             ConnectionImpl conn = (ConnectionImpl) liveConnections.get(hostPortSpec);
 
@@ -70,16 +70,16 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List<String> confi
 
                     if (((LoadBalancedConnectionProxy) proxy).shouldExceptionTriggerFailover(sqlEx)) {
 
-                        Integer whiteListIndex = whiteListMap.get(hostPortSpec);
+                        Integer allowListIndex = allowListMap.get(hostPortSpec);
 
                         // exclude this host from being picked again
-                        if (whiteListIndex != null) {
-                            whiteList.remove(whiteListIndex.intValue());
-                            whiteListMap = this.getArrayIndexMap(whiteList);
+                        if (allowListIndex != null) {
+                            allowList.remove(allowListIndex.intValue());
+                            allowListMap = this.getArrayIndexMap(allowList);
                         }
                         ((LoadBalancedConnectionProxy) proxy).addToGlobalBlacklist(hostPortSpec);
 
-                        if (whiteList.size() == 0) {
+                        if (allowList.size() == 0) {
                             attempts++;
                             try {
                                 Thread.sleep(250);
@@ -88,12 +88,12 @@ public JdbcConnection pickConnection(InvocationHandler proxy, List<String> confi
                             }
 
                             // start fresh
-                            whiteListMap = new HashMap<String, Integer>(numHosts);
-                            whiteList.addAll(configuredHosts);
-                            blackList = ((LoadBalancedConnectionProxy) proxy).getGlobalBlacklist();
+                            allowListMap = new HashMap<String, Integer>(numHosts);
+                            allowList.addAll(configuredHosts);
+                            denylist = ((LoadBalancedConnectionProxy) proxy).getGlobalBlacklist();
 
-                            whiteList.removeAll(blackList.keySet());
-                            whiteListMap = this.getArrayIndexMap(whiteList);
+                            allowList.removeAll(denylist.keySet());
+                            allowListMap = this.getArrayIndexMap(allowList);
                         }
 
                         continue;

diff --git a/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java b/server/src/main/java/com/cloud/api/query/QueryManagerImpl.java
@@ -3740,10 +3740,10 @@ public DetailOptionsResponse listDetailOptions(final ListDetailOptionsCmd cmd) {
                 throw new CloudRuntimeException("Resource type not supported.");
         }
         if (CallContext.current().getCallingAccount().getType() != Account.ACCOUNT_TYPE_ADMIN) {
-            final List<String> userBlacklistedSettings = Stream.of(QueryService.UserVMBlacklistedDetails.value().split(","))
+            final List<String> userDenyListedSettings = Stream.of(QueryService.UserVMDenyListedDetails.value().split(","))
                     .map(item -> (item).trim())
                     .collect(Collectors.toList());
-            for (final String detail : userBlacklistedSettings) {
+            for (final String detail : userDenyListedSettings) {
                 if (options.containsKey(detail)) {
                     options.remove(detail);
                 }
@@ -4143,6 +4143,6 @@ public String getConfigComponentName() {
 
     @Override
     public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] {AllowUserViewDestroyedVM, UserVMBlacklistedDetails, UserVMReadOnlyDetails, SortKeyAscending, AllowUserViewAllDomainAccounts};
+        return new ConfigKey<?>[] {AllowUserViewDestroyedVM, UserVMDenyListedDetails, UserVMReadOnlyDetails, SortKeyAscending, AllowUserViewAllDomainAccounts};
     }
 }
diff --git a/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/UserVmJoinDaoImpl.java
@@ -344,9 +344,9 @@ public UserVmResponse newUserVmResponse(ResponseView view, String objectName, Us
                 userVmResponse.setPoolType(userVm.getPoolType().toString());
             }
 
-            // Remove blacklisted settings if user is not admin
+            // Remove deny listed settings if user is not admin
             if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
-                String[] userVmSettingsToHide = QueryService.UserVMBlacklistedDetails.value().split(",");
+                String[] userVmSettingsToHide = QueryService.UserVMDenyListedDetails.value().split(",");
                 for (String key : userVmSettingsToHide) {
                     resourceDetails.remove(key.trim());
                 }

diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -1021,7 +1021,7 @@ private String validateConfigurationValue(final String name, String value, final
                     if (route != null) {
                         final String routeToVerify = route.trim();
                         if (!NetUtils.isValidIp4Cidr(routeToVerify)) {
-                            throw new InvalidParameterValueException("Invalid value for blacklisted route: " + route + ". Valid format is list"
+                            throw new InvalidParameterValueException("Invalid value for route: " + route + " in deny list. Valid format is list"
                                     + " of cidrs separated by coma. Example: 10.1.1.0/24,192.168.0.0/24");
                         }
                     }

diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -2293,9 +2293,9 @@ public StaticRoute createStaticRoute(final long gatewayId, final String cidr) th
             throw new InvalidParameterValueException("CIDR should be outside of link local cidr " + NetUtils.getLinkLocalCIDR());
         }
 
-        // 3) Verify against blacklisted routes
-        if (isCidrBlacklisted(cidr, vpc.getZoneId())) {
-            throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the blacklisted routes of the zone the VPC belongs to");
+        // 3) Verify against denied routes
+        if (isCidrDenylisted(cidr, vpc.getZoneId())) {
+            throw new InvalidParameterValueException("The static gateway cidr overlaps with one of the denied routes of the zone the VPC belongs to");
         }
 
         return Transaction.execute(new TransactionCallbackWithException<StaticRouteVO, NetworkRuleConflictException>() {
@@ -2317,14 +2317,14 @@ public StaticRouteVO doInTransaction(final TransactionStatus status) throws Netw
         });
     }
 
-    protected boolean isCidrBlacklisted(final String cidr, final long zoneId) {
+    protected boolean isCidrDenylisted(final String cidr, final long zoneId) {
         final String routesStr = NetworkOrchestrationService.GuestDomainSuffix.valueIn(zoneId);
         if (routesStr != null && !routesStr.isEmpty()) {
-            final String[] cidrBlackList = routesStr.split(",");
+            final String[] cidrDenyList = routesStr.split(",");
 
-            if (cidrBlackList != null && cidrBlackList.length > 0) {
-                for (final String blackListedRoute : cidrBlackList) {
-                    if (NetUtils.isNetworksOverlap(blackListedRoute, cidr)) {
+            if (cidrDenyList != null && cidrDenyList.length > 0) {
+                for (final String denyListedRoute : cidrDenyList) {
+                    if (NetUtils.isNetworksOverlap(denyListedRoute, cidr)) {
                         return true;
                     }
                 }

diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
@@ -2534,7 +2534,6 @@ protected void runInContext() {
                 scanLock.releaseRef();
             }
         }
-
     }
 
     @Override
@@ -2563,7 +2562,7 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx
             updateDisplayVmFlag(isDisplayVm, id, vmInstance);
         }
         final Account caller = CallContext.current().getCallingAccount();
-        final List<String> userBlacklistedSettings = Stream.of(QueryService.UserVMBlacklistedDetails.value().split(","))
+        final List<String> userDenyListedSettings = Stream.of(QueryService.UserVMDenyListedDetails.value().split(","))
                 .map(item -> (item).trim())
                 .collect(Collectors.toList());
         final List<String> userReadOnlySettings = Stream.of(QueryService.UserVMReadOnlyDetails.value().split(","))
@@ -2574,7 +2573,7 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx
                 userVmDetailsDao.removeDetails(id);
             } else {
                 for (final UserVmDetailVO detail : userVmDetailsDao.listDetails(id)) {
-                    if (detail != null && !userBlacklistedSettings.contains(detail.getName())
+                    if (detail != null && !userDenyListedSettings.contains(detail.getName())
                             && !userReadOnlySettings.contains(detail.getName())) {
                         userVmDetailsDao.removeDetail(id, detail.getName());
                     }
@@ -2587,18 +2586,18 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx
                 }
 
                 if (caller != null && caller.getType() != Account.ACCOUNT_TYPE_ADMIN) {
-                    // Ensure blacklisted or read-only detail is not passed by non-root-admin user
+                    // Ensure denied or read-only detail is not passed by non-root-admin user
                     for (final String detailName : details.keySet()) {
-                        if (userBlacklistedSettings.contains(detailName)) {
+                        if (userDenyListedSettings.contains(detailName)) {
                             throw new InvalidParameterValueException("You're not allowed to add or edit the restricted setting: " + detailName);
                         }
                         if (userReadOnlySettings.contains(detailName)) {
                             throw new InvalidParameterValueException("You're not allowed to add or edit the read-only setting: " + detailName);
                         }
                     }
-                    // Add any hidden/blacklisted or read-only detail
+                    // Add any hidden/denied or read-only detail
                     for (final UserVmDetailVO detail : userVmDetailsDao.listDetails(id)) {
-                        if (userBlacklistedSettings.contains(detail.getName()) || userReadOnlySettings.contains(detail.getName())) {
+                        if (userDenyListedSettings.contains(detail.getName()) || userReadOnlySettings.contains(detail.getName())) {
                             details.put(detail.getName(), detail.getValue());
                         }
                     }
@@ -5553,7 +5552,7 @@ protected boolean isValidXenOrVmwareConfiguration(String cfg, String[] allowedKe
      * @param vm
      */
     protected void persistExtraConfigKvm(String decodedUrl, UserVm vm) {
-        // validate config against blacklisted cfg commands
+        // validate config against denied cfg commands
         validateKvmExtraConfig(decodedUrl);
         String[] extraConfigs = decodedUrl.split("\n\n");
         for (String cfg : extraConfigs) {
@@ -5575,7 +5574,7 @@ protected void persistExtraConfigKvm(String decodedUrl, UserVm vm) {
 
     /**
      * This method is called by the persistExtraConfigKvm
-     * Validates passed extra configuration data for KVM and validates against blacklist of unwanted commands
+     * Validates passed extra configuration data for KVM and validates against deny-list of unwanted commands
      * controlled by Root admin
      * @param decodedUrl string containing xml configuration to be validated
      */

diff --git a/systemvm/agent/noVNC/vendor/pako/lib/zlib/trees.js b/systemvm/agent/noVNC/vendor/pako/lib/zlib/trees.js
@@ -951,31 +951,31 @@ function send_all_trees(s, lcodes, dcodes, blcodes)
  * Check if the data type is TEXT or BINARY, using the following algorithm:
  * - TEXT if the two conditions below are satisfied:
  *    a) There are no non-portable control characters belonging to the
- *       "black list" (0..6, 14..25, 28..31).
+ *       "deny list" (0..6, 14..25, 28..31).
  *    b) There is at least one printable character belonging to the
- *       "white list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255).
+ *       "allow list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255).
  * - BINARY otherwise.
  * - The following partially-portable control characters form a
  *   "gray list" that is ignored in this detection algorithm:
  *   (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}).
  * IN assertion: the fields Freq of dyn_ltree are set.
  */
 function detect_data_type(s) {
-  /* black_mask is the bit mask of black-listed bytes
+  /* deny_mask is the bit mask of deny-listed bytes
    * set bits 0..6, 14..25, and 28..31
    * 0xf3ffc07f = binary 11110011111111111100000001111111
    */
-  var black_mask = 0xf3ffc07f;
+  var deny_mask = 0xf3ffc07f;
   var n;
 
-  /* Check for non-textual ("black-listed") bytes. */
-  for (n = 0; n <= 31; n++, black_mask >>>= 1) {
-    if ((black_mask & 1) && (s.dyn_ltree[n * 2]/*.Freq*/ !== 0)) {
+  /* Check for non-textual ("deny-listed") bytes. */
+  for (n = 0; n <= 31; n++, deny_mask >>>= 1) {
+    if ((deny_mask & 1) && (s.dyn_ltree[n * 2]/*.Freq*/ !== 0)) {
       return Z_BINARY;
     }
   }
 
-  /* Check for textual ("white-listed") bytes. */
+  /* Check for textual ("allow-listed") bytes. */
   if (s.dyn_ltree[9 * 2]/*.Freq*/ !== 0 || s.dyn_ltree[10 * 2]/*.Freq*/ !== 0 ||
       s.dyn_ltree[13 * 2]/*.Freq*/ !== 0) {
     return Z_TEXT;
@@ -986,7 +986,7 @@ function detect_data_type(s) {
     }
   }
 
-  /* There are no "black-listed" or "white-listed" bytes:
+  /* There are no "deny-listed" or "allow-listed" bytes:
    * this stream either is empty or has tolerated ("gray-listed") bytes only.
    */
   return Z_BINARY;
-Original file line number
+Diff line change
@@ Expand Up / @@ -55,7 +55,7 @@ protected ProjectRoleBasedApiAccessChecker() { @@
         }
         private void denyApiAccess(final String commandName) throws PermissionDeniedException {
-            throw new PermissionDeniedException("The API " + commandName + " is blacklisted for the user's/account's project role.");
+            throw new PermissionDeniedException("The API " + commandName + " is denied for the user's/account's project role.");
         }
@@ Expand Down @@