Allow large IPSec key (PSK) when creating VPN

[joseflauzino]

Description

The global parameter remote.access.vpn.psk.length sets the length of the IPSec key (a PSK). The ipsec_psk field (which is a varchar(256) in the remote_access_vpn table) stores the PSK in encrypted form - it has an @Encrypt annotation. When the value defined in remote.access.vpn.psk.length generates a PSK that, when encrypted, has more than 256 characters, ACS throws a database exception when trying to persist the data, preventing the creation of the VPN.

This PR changes the ipsec_psk field from varchar(256) to text in order to allow the creation of large PSKs.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

How Has This Been Tested?

In a local lab, I performed the following steps:

• I changed the ipsec_psk field from varchar(256) to the type text;
• I set remote.access.vpn.psk.length to 224 (which generates an encrypted PSK with 320 characters - more than the previous limit, 256);
• I restarted ACS Management Server to apply the configuration;
• And then I tried to create a new VPN;
• The VPN has been successfully created.

[GutoVeronezi]

@blueorangutan package

[blueorangutan]

@GutoVeronezi a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔️ el7 ✔️ el8 ✔️ debian ✔️ suse15. SL-JID 1689

[yadvr]

LGTM
@blueorangutan package

[blueorangutan]

@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✖️ el7 ✖️ el8 ✖️ debian ✖️ suse15. SL-JID 1708

[GabrielBrascher]

Code LGTM.
Thanks, @joseflauzino!

[GutoVeronezi]

@blueorangutan package

[blueorangutan]

@GutoVeronezi a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔️ el7 ✔️ el8 ✔️ debian ✔️ suse15. SL-JID 1720

[yadvr]

@blueorangutan test

[blueorangutan]

@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests

[blueorangutan]

Trillian test result (tid-2558)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 30275 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr5668-t2558-kvm-centos7.zip
Smoke tests completed. 91 look OK, 0 have errors
Only failed tests results shown below:

Test	Result	Time (s)	Test File