<feature>[kms]: support kms trust API

[zstack-robot-2]

Resolves: ZSV-11331

Change-Id: I63646d7974756278777565696276797066796f68

sync from gitlab !9245

[coderabbitai]

Walkthrough

新增多项 KMS 相关 SDK API 操作（证书/身份上传与检索）；从 CreateKmsAction 与 CreateNkpAction 中移除公共字段 type；为 testlib 的 ApiHelper 添加多种 zwatch/监控/告警相关的包装方法；调整 NkpRestoreInfo 与 ParseNkpRestoreResult 的部分字段。

Changes

Cohort / File(s)	Summary
删除公共字段 sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/CreateKmsAction.java, sdk/src/main/java/org/zstack/sdk/keyprovider/nkp/api/CreateNkpAction.java	移除类中公开的 type 字段及其注解。
新增：获取 KMS 服务端证书 sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsAction.java, sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsResult.java	新增 SDK Action 与返回 DTO，包含参数声明、同步/异步调用、REST 元数据，返回 PEM 与到期时间字段。
新增：上传 KMS 客户端 CSR sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientCsrAction.java, sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientCsrResult.java	新增 Action 与 Result DTO，支持 csr/密钥参数，返回 KmsIdentityInventory。
新增：上传 KMS 客户端身份 sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientIdentityAction.java, sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientIdentityResult.java	新增 Action 与 Result DTO，包含 identityType、证书/私钥 PEM 等参数与 REST 配置。
新增：上传已签名客户端证书 sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientSignedCertAction.java, sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientSignedCertResult.java	新增 Action 与 Result DTO，接收已签名证书 PEM，返回 KmsIdentityInventory。
新增：上传服务器证书 sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsServerCertAction.java, sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsServerCertResult.java	新增 Action 与 Result DTO，处理 serverCertPem，返回 KmsInventory，含参数映射与错误处理。
SDK DTO 变更 sdk/src/main/java/org/zstack/sdk/NkpRestoreInfo.java	移除 encryptedMasterSeed 字段及其访问器，新增 backupTime 字段及访问器。
ParseNkpRestoreResult 扩展 sdk/src/main/java/org/zstack/sdk/keyprovider/nkp/api/ParseNkpRestoreResult.java	新增公有字段 code 与 reason 及其 getter/setter。
ApiHelper 扩展（测试库） testlib/src/main/java/org/zstack/testlib/ApiHelper.groovy	新增大量封装 zwatch/监控/告警/策略/模板 等 API 的同步/异步调用方法，遵循统一的调用与错误处理模式。

Sequence Diagram(s)

sequenceDiagram
    participant Client as "Client"
    participant Action as "SDK Action\n(e.g. Upload/Get Action)"
    participant ZSClient as "ZSClient"
    participant KMS as "KMS Backend"
    participant Result as "Result Mapper"

    Client->>Action: 设置参数并调用 call()/call(async)
    Action->>ZSClient: 发送 REST 请求 (PUT /key-providers/kms/{uuid}/actions)
    ZSClient->>KMS: 转发请求并等待响应
    KMS-->>ZSClient: 返回 ApiResult
    ZSClient->>Result: 将 ApiResult 转换为强类型 Result
    Result-->>Action: 返回 Result（value 或 error）
    Action-->>Client: 返回或抛出异常

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~75 minutes

Poem

🐰 新证书跳跃登场，
CSR 与身份齐相望，
小兔递来调用包，
参数整齐路更长，
API 花园春意洋。

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The pull request title clearly describes the main change: adding support for KMS trust API. It aligns with the changeset which adds multiple new KMS-related action classes and APIs.
Description check	✅ Passed	The pull request description references the issue (ZSV-11331) and change ID, and indicates it's synced from GitLab. While minimal, it is related to the changeset which adds KMS trust API functionality.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch sync/tao.yang/ZSV-11331@@2

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsAction.java (1)

31-35: 建议使用泛型参数化 List 类型。

systemTags 和 userTags 使用了原始类型 java.util.List，建议使用参数化类型 List<String> 以提高类型安全性并避免编译器警告。

不过考虑到这可能是自动生成的 SDK 代码且需要与代码库中其他 KMS action 保持一致，此建议可延后处理。

♻️ 建议的改进

 `@Param`(required = false)
-public java.util.List systemTags;
+public java.util.List<String> systemTags;

 `@Param`(required = false)
-public java.util.List userTags;
+public java.util.List<String> userTags;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsAction.java`
around lines 31 - 35, Change the raw java.util.List fields systemTags and
userTags in class GetKmsServerCertFromKmsAction to use a parameterized type
(List<String>) to improve type safety and remove compiler warnings; update the
field declarations for systemTags and userTags to use java.util.List<String>
(and add/import java.util.List if missing) while keeping the `@Param` annotations
and the rest of the class unchanged so it stays consistent with other KMS action
classes.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In
`@sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsAction.java`:
- Around line 31-35: Change the raw java.util.List fields systemTags and
userTags in class GetKmsServerCertFromKmsAction to use a parameterized type
(List<String>) to improve type safety and remove compiler warnings; update the
field declarations for systemTags and userTags to use java.util.List<String>
(and add/import java.util.List if missing) while keeping the `@Param` annotations
and the rest of the class unchanged so it stays consistent with other KMS action
classes.

---

ℹ️ Review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d2ffba5 and 7c40c8e.

📒 Files selected for processing (13)

• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/CreateKmsAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsResult.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientCsrAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientCsrResult.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientIdentityAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientIdentityResult.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientSignedCertAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientSignedCertResult.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsServerCertAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsServerCertResult.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/nkp/api/CreateNkpAction.java
• testlib/src/main/java/org/zstack/testlib/ApiHelper.groovy

💤 Files with no reviewable changes (2)

• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/CreateKmsAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/nkp/api/CreateNkpAction.java

[coderabbitai]

🧹 Nitpick comments (2)

sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsResult.java (1)

5-22: DTO 结构基本正确，但字段可见性可考虑优化。

该类作为 KMS 服务证书查询结果的数据传输对象，结构清晰，命名规范符合编码指南。

如果这不是自动生成的代码，建议将 public 字段改为 private，以保持封装性的一致性（既然已经提供了 getter/setter）。

♻️ 可选：将字段改为 private 以增强封装性

 public class GetKmsServerCertFromKmsResult {
-    public java.lang.String serverCertPem;
+    private java.lang.String serverCertPem;
     public void setServerCertPem(java.lang.String serverCertPem) {
         this.serverCertPem = serverCertPem;
     }
     public java.lang.String getServerCertPem() {
         return this.serverCertPem;
     }

-    public java.sql.Timestamp serverCertExpiredDate;
+    private java.sql.Timestamp serverCertExpiredDate;
     public void setServerCertExpiredDate(java.sql.Timestamp serverCertExpiredDate) {
         this.serverCertExpiredDate = serverCertExpiredDate;
     }
     public java.sql.Timestamp getServerCertExpiredDate() {
         return this.serverCertExpiredDate;
     }

 }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsResult.java`
around lines 5 - 22, Change the two public DTO fields in
GetKmsServerCertFromKmsResult (serverCertPem and serverCertExpiredDate) to
private while keeping the existing setServerCertPem/getServerCertPem and
setServerCertExpiredDate/getServerCertExpiredDate methods unchanged; this
ensures proper encapsulation for the class GetKmsServerCertFromKmsResult without
altering the external API.

sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientCsrAction.java (1)

37-41: 考虑为 List 添加泛型类型参数（可选改进）

systemTags 和 userTags 使用了原始类型 java.util.List，建议添加泛型参数以提升类型安全性，例如 java.util.List<String>。

不过，这可能是 SDK 代码生成器的既定模式，若与其他 Action 类保持一致则可忽略此建议。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientCsrAction.java`
around lines 37 - 41, Update the raw List fields in UploadKmsClientCsrAction to
use a generic type for type safety: change the fields systemTags and userTags
from java.util.List to java.util.List<String> (update their declarations and any
related getters/setters or usages inside UploadKmsClientCsrAction so types
remain consistent, e.g., references to systemTags and userTags and any methods
that accept/return them).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In
`@sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsResult.java`:
- Around line 5-22: Change the two public DTO fields in
GetKmsServerCertFromKmsResult (serverCertPem and serverCertExpiredDate) to
private while keeping the existing setServerCertPem/getServerCertPem and
setServerCertExpiredDate/getServerCertExpiredDate methods unchanged; this
ensures proper encapsulation for the class GetKmsServerCertFromKmsResult without
altering the external API.

In
`@sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientCsrAction.java`:
- Around line 37-41: Update the raw List fields in UploadKmsClientCsrAction to
use a generic type for type safety: change the fields systemTags and userTags
from java.util.List to java.util.List<String> (update their declarations and any
related getters/setters or usages inside UploadKmsClientCsrAction so types
remain consistent, e.g., references to systemTags and userTags and any methods
that accept/return them).

---

ℹ️ Review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 10bddcc and ed54bda.

📒 Files selected for processing (15)

• sdk/src/main/java/org/zstack/sdk/NkpRestoreInfo.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/CreateKmsAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsResult.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientCsrAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientCsrResult.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientIdentityAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientIdentityResult.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientSignedCertAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientSignedCertResult.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsServerCertAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsServerCertResult.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/nkp/api/CreateNkpAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/nkp/api/ParseNkpRestoreResult.java
• testlib/src/main/java/org/zstack/testlib/ApiHelper.groovy

💤 Files with no reviewable changes (2)

• sdk/src/main/java/org/zstack/sdk/keyprovider/nkp/api/CreateNkpAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/CreateKmsAction.java

🚧 Files skipped from review as they are similar to previous changes (5)

• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/GetKmsServerCertFromKmsAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientSignedCertAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientIdentityAction.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsServerCertResult.java
• sdk/src/main/java/org/zstack/sdk/keyprovider/kms/api/UploadKmsClientIdentityResult.java