Docs/catch up 2024.2 to 2026.2

docs/admin/cloudshell-event-queue.md

@@ -26,6 +26,10 @@ To experiment with this, it is possible to emit messages to the RabbitMQ service
 In RabbitMQ, make sure you have an exchange, and a queue.
 Bind the queue to the exchange, with a routing key.
 
+:::warning
+Starting with CloudShell 2026.1, the `UseEmbeddedSandboxService` key defaults to `false`. If you are using the embedded Sandbox Service's RabbitMQ for the events queue (as in the [example below](#example-configuration)), make sure `UseEmbeddedSandboxService` is set to `True` in your `customer.config` so the embedded RabbitMQ is available. This does not affect deployments that use their own standalone RabbitMQ.
+:::
+
 In Cloudshell Server `customer.config`, set the following keys:
 
 :::info[customer.config]
@@ -56,9 +60,9 @@ ServerEventsWhiteList.csv should be line-break separated, not comma separated.
 
 :::info[Example csv]
 ```
-UserCreated
-UserGroupsListUpdated
-Login
+UserCreatedEvent
+UserGroupsListUpdatedEvent
+LoginEvent
 ```
 :::
 
@@ -81,84 +85,92 @@ In the above example, Cloudshell Server would only emit events related to new us
 
 
 ## Supported Events
-**UserCreated**:   This event is triggered when a new user is created.
+**UserCreatedEvent**:   This event is triggered when a new user is created.
+
+**UserDeletedEvent**:   This event occurs when a user is deleted.
+
+**UserGroupsListUpdatedEvent**:   This event is fired when the list of user groups is updated.
+
+**UserUpdatedEvent**:   This event happens when a user's details are updated.
+
+**LoginEvent**:   This event is triggered when a user logs in. *Since CloudShell 2024.1.0.2596*, login events are also generated for SSO (Single Sign-On) logins. Previously, login events were only created for direct authentication.
 
-**UserDeleted**:   This event occurs when a user is deleted.
+**UserGroupAddedEvent**:   This event occurs when a new user group is added.
 
-**UserGroupsListUpdated**:   This event is fired when the list of user groups is updated.
+**UserGroupDeletedEvent**:   This event is fired when a user group is deleted.
 
-**UserUpdated**:   This event happens when a user's details are updated.
+**UserGroupDomainsUpdatedEvent**:   This event is triggered when the domains of a user group are updated.
 
-**Login**:   This event is triggered when a user logs in.
+**UserGroupUpdatedEvent**:   This event happens when a user group is updated.
 
-**GroupAdded**:   This event occurs when a new user group is added.
+**JobEndedEvent**:   This event occurs when a job ends.
 
-**GroupDeleted**:   This event is fired when a user group is deleted.
+**JobSetEndedEvent**:   This event is fired when a job suite ends.
 
-**GroupDomainsUpdated**:   This event is triggered when the domains of a user group are updated.
+**ResourceAvailabilityChangedDomainEvent**:   This event is triggered when the availability of a resource changes.
 
-**GroupUpdated**:   This event happens when a user group is updated.
+**BlueprintCreatedEvent**:   This event occurs when a new blueprint is created.
 
-**JobEnded**:   This event occurs when a job ends.
+**BlueprintUpdatedEvent**:   This event is fired when a blueprint is updated.
 
-**JobSetEnded**:   This event is fired when a job suite ends.
+**BlueprintDeletedEvent**:   This event is triggered when a blueprint is deleted.
 
-**ResourceAvailabilityChanged**:   This event is triggered when the availability of a resource changes.
+**BlueprintRenamedEvent**:   This event happens when a blueprint is renamed.
 
-**BlueprintCreated**:   This event occurs when a new blueprint is created.
+**DeployResourceEvent**:   This event occurs when a resource is deployed.
 
-**BlueprintUpdated**:   This event is fired when a blueprint is updated.
+**ResourceEnabledEvent**:   This event is fired when a resource is enabled.
 
-**BlueprintDeleted**:   This event is triggered when a blueprint is deleted.
+**ResourceDisabledEvent**:   This event is triggered when a resource is disabled.
 
-**BlueprintRenamed**:   This event happens when a blueprint is renamed.
+**ResourceAddedEvent**:   This event occurs when a resource is added.
 
-**DeployResource**:   This event occurs when a resource is deployed.
+**ResourceDeletedEvent**:   This event is fired when a resource is deleted.
 
-**ResourceIncluded**:   This event is fired when a resource is enabled.
+**ResourceMovedEvent**:   This event happens when a resource is moved.
 
-**ResourceExcluded**:   This event is triggered when a resource is disabled.
+**ResourceRenamedEvent**:   This event occurs when a resource is renamed.
 
-**ResourceAdded**:   This event occurs when a resource is added.
+**ResourceUpdatedEvent**:   This event is fired when a resource is updated.
 
-**ResourceDeleted**:   This event is fired when a resource is deleted.
+**ResourcesReservedEvent**:   This event is triggered when resources are reserved.
 
-**ResourceMoved**:   This event happens when a resource is moved.
+**ResourceUnlockedEvent**:   This event occurs when a resource is unlocked.
 
-**ResourceRenamed**:   This event occurs when a resource is renamed.
+**BulkResourcesAddedEvent**:   This event is fired when multiple resources are added in bulk.
 
-**ResourceUpdated**:   This event is fired when a resource is updated.
+**SandboxCreatedEvent**:   This event is triggered when a sandbox is created.
 
-**ResourcesReserved**:   This event is triggered when resources are reserved.
+**SandboxDeleteEvent**:   This event occurs when a sandbox is deleted.
 
-**ResourceUnlocked**:   This event occurs when a resource is unlocked.
+**SandboxEndEvent**:   This event is fired when a sandbox ends.
 
-**BulkResourcesAdded**:   This event is fired when multiple resources are added in bulk.
+**SandboxEndTimeChangedEvent**:   This event is triggered when the end time of a sandbox is changed.
 
-**SandboxCreated**:   This event is triggered when a sandbox is created.
+**SandboxRejectedEvent**:   This event happens when a sandbox is rejected (typically due to user or license restrictions).
 
-**SandboxDeleted**:   This event occurs when a sandbox is deleted.
+**SandboxRenamedEvent**:   This event occurs when a sandbox is renamed.
 
-**SandboxEnd**:   This event is fired when a sandbox ends.
+**SandboxSetupEndedEvent**:   This event is fired when the setup of a sandbox ends.
 
-**SandboxEndTimeChanged**:   This event is triggered when the end time of a sandbox is changed.
+**SandboxStartTimeChangedEvent**:   This event is triggered when the start time of a sandbox is changed.
 
-**SandboxRejected**:   This event happens when a sandbox is rejected (typically due to user or license restrictions).
+**SandboxUpdateEvent**:   This event happens when a sandbox is updated.
 
-**SandboxRenamed**:   This event occurs when a sandbox is renamed.
+**WorkOrderResourceUpdatedEvent**:   This event is fired when a work order resource is updated in an assembly lab sandbox.
 
-**SandboxSetupEnded**:   This event is fired when the setup of a sandbox ends.
+**WorkOrderResourceSolvedEvent**:   This event occurs when a concrete resource is selected for a work order resource in an assembly lab sandbox.
 
-**SandboxStartTimeChanged**:   This event is triggered when the start time of a sandbox is changed.
+**WorkOrderResourceCreatedEvent**:   This event is triggered when a work order resource is created in an assembly lab sandbox.
 
-**SandboxUpdated**:   This event happens when a sandbox is updated.
+**WorkOrderResourceUnsolvedEvent**:   This event is fired when a concrete match for a work order resource is unselected in an assembly lab sandbox.
 
-**WorkOrderResourceUpdated**:   This event is fired when a work order resource is updated in an assembly lab sandbox.
+**WorkOrderResourceRemovedEvent**:   This event happens when a work order resource is removed in an assembly lab sandbox.
 
-**WorkOrderResourceSolved**:   This event occurs when a concrete resource is selected for a work order resource in an assembly lab sandbox.
+**AttributeChangedEvent** *(Added in CloudShell 2024.1)*:   This event is triggered when an attribute value is changed on a resource. Useful for monitoring attribute changes via MQ integration for audit or automation purposes.
 
-**WorkOrderResourceCreated**:   This event is triggered when a work order resource is created in an assembly lab sandbox.
+## Domain ID in Events
 
-**WorkOrderResourceUnsolved**:   This event is fired when a concrete match for a work order resource is unselected in an assembly lab sandbox.
+*Added in CloudShell 2024.1.0.2596*
 
-**WorkOrderResourceRemoved**:   This event happens when a work order resource is removed in an assembly lab sandbox.
+Certain server events now include a `DomainId` field in their message payload. This simplifies event handling and filtering by domain in MQ consumers, allowing subscribers to process only events relevant to a specific domain without additional API lookups.

docs/admin/cloudshell-manage-dashboard/maintenance-window.md

@@ -61,6 +61,26 @@ The maintenance window's areas are arranged as follows:
 | 9 | Warning on Reserve | The message shown to non-admin users who try in advance to create a sandbox that starts and ends outside the maintenance window. The user is presented with the option to either **Continue** or **Cancel**. If they select to continue, the sandbox will be created and remain active during the maintenance period, but it will be inaccessible.<br/>In the API, there is no warning, and the action is allowed. |
 | 10 | Delete button | <ul><li>**PLANNED** or **NEW** state: deletes the maintenance window</li><li>**ACTIVE** state: ends and deletes the maintenance window</li></ul> |
 
+## Maintenance Window By Domain
+
+*New in CloudShell 2026.1*
+
+In addition to the system-wide maintenance window described above, administrators can define maintenance windows scoped to individual domains. During a domain-scoped maintenance window, sandbox creation and modifications are restricted in that domain, while other domains continue operating normally.
+
+This is useful for planned infrastructure maintenance, upgrades, or other activities that require temporarily restricting access to specific lab resources without affecting other teams.
+
+### Configuring a Domain Maintenance Window
+
+To set a maintenance window for a specific domain, use the API:
+
+- **UpdateDomainSetting** — Set maintenance window parameters for a specific domain
+- **GetDomainSettings** — Retrieve current domain settings including maintenance window configuration
+
+:::note
+The system-wide maintenance window (configured from the **Manage** dashboard) takes precedence over domain-level maintenance windows. If both are active, the system-wide restrictions apply.
+:::
+
 ## Related Topics
 
 - [Manage Dashboard Overview](../../admin/cloudshell-manage-dashboard/manage-dashboard-overview.md)
+- [CloudShell Domains](../../admin/cloudshell-identity-management/cloudshell-domains/index.md)

docs/admin/cloudshell-manage-dashboard/manage-app-templates/app-template/deployment-path/aws-ec2-dp-attributes.md

@@ -84,7 +84,7 @@ If not specified, the protocol defaults to TCP.
 
 :::tip Tips
 - To allow QualiX in-browser connections to the VM from the sandbox, include port "22".
-- To set more specific security groups, it is recommended to use the TestShell API's [SetAppsSecurityGroup](pathname:///api-docs/2024.1/TestShell-API/TestShell%20XML%20RPC%20API.html) method instead. Unlike the Inbound Ports attribute, it enables you to define different port settings per subnet and allow inbound access to specific source CIDRs. For additional information, see [SetAppSecurityGroups Code Example](../../../../supported-cloud-providers-in-cloudshell/public-cloud-provider-support-in-cloudshell/setappsecuritygroups-code-example.md).
+- To set more specific security groups, it is recommended to use the TestShell API's [SetAppsSecurityGroup](pathname:///api-docs/latest/TestShell-API/TestShell%20XML%20RPC%20API.html) method instead. Unlike the Inbound Ports attribute, it enables you to define different port settings per subnet and allow inbound access to specific source CIDRs. For additional information, see [SetAppSecurityGroups Code Example](../../../../supported-cloud-providers-in-cloudshell/public-cloud-provider-support-in-cloudshell/setappsecuritygroups-code-example.md).
 :::
             </td>
         </tr>

docs/admin/cloudshell-manage-dashboard/manage-app-templates/app-template/deployment-path/azure-custom-image-dp-attributes.md

@@ -216,7 +216,7 @@ If not specified, the protocol defaults to TCP.
 :::
 :::tip Tips
 - To allow QualiX in-browser connections to the VM from the sandbox, include port "22".
-- To set more specific security groups, it is recommended to use the TestShell API's [SetAppSecurityGroups](pathname:///api-docs/2024.1/TestShell-API/TestShell%20XML%20RPC%20API.html#SetAppSecurityGroups) method instead. Unlike the **Inbound Ports** attribute, it enables you to define different port settings per subnet and allow inbound access to specific source CIDRs. For additional information, see [SetAppSecurityGroups Code Example](../../../../supported-cloud-providers-in-cloudshell/public-cloud-provider-support-in-cloudshell/setappsecuritygroups-code-example.md).
+- To set more specific security groups, it is recommended to use the TestShell API's [SetAppSecurityGroups](pathname:///api-docs/latest/TestShell-API/TestShell%20XML%20RPC%20API.html#SetAppSecurityGroups) method instead. Unlike the **Inbound Ports** attribute, it enables you to define different port settings per subnet and allow inbound access to specific source CIDRs. For additional information, see [SetAppSecurityGroups Code Example](../../../../supported-cloud-providers-in-cloudshell/public-cloud-provider-support-in-cloudshell/setappsecuritygroups-code-example.md).
 :::
             </td>
         </tr>

docs/admin/cloudshell-manage-dashboard/manage-app-templates/app-template/deployment-path/azure-galery-dp-attributes.md

@@ -193,7 +193,7 @@ If not specified, the protocol defaults to TCP.
 :::
 :::tip Tips
 - To allow QualiX in-browser connections to the VM from the sandbox, include port "22".
-- To set more specific security groups, it is recommended to use the TestShell API's [SetAppSecurityGroups](pathname:///api-docs/2024.1/TestShell-API/TestShell%20XML%20RPC%20API.html#SetAppSecurityGroups) method instead. Unlike the **Inbound Ports** attribute, it enables you to define different port settings per subnet and allow inbound access to specific source CIDRs. For additional information, see [SetAppSecurityGroups Code Example](../../../../supported-cloud-providers-in-cloudshell/public-cloud-provider-support-in-cloudshell/setappsecuritygroups-code-example.md).
+- To set more specific security groups, it is recommended to use the TestShell API's [SetAppSecurityGroups](pathname:///api-docs/latest/TestShell-API/TestShell%20XML%20RPC%20API.html#SetAppSecurityGroups) method instead. Unlike the **Inbound Ports** attribute, it enables you to define different port settings per subnet and allow inbound access to specific source CIDRs. For additional information, see [SetAppSecurityGroups Code Example](../../../../supported-cloud-providers-in-cloudshell/public-cloud-provider-support-in-cloudshell/setappsecuritygroups-code-example.md).
 :::
             </td>
         </tr>

docs/admin/cloudshell-manage-dashboard/manage-app-templates/app-template/deployment-path/azure-marketplace-dp-attributes.md

@@ -219,7 +219,7 @@ If not specified, the protocol defaults to TCP.
 :::
 :::tip Tips
 - To allow QualiX in-browser connections to the VM from the sandbox, include port "22".
-- To set more specific security groups, it is recommended to use the TestShell API's [SetAppSecurityGroups](pathname:///api-docs/2024.1/TestShell-API/TestShell%20XML%20RPC%20API.html#SetAppSecurityGroups) method instead. Unlike the Inbound Ports attribute, it enables you to define different port settings per subnet and allow inbound access to specific source CIDRs. For additional information, see [SetAppSecurityGroups Code Example](../../../../supported-cloud-providers-in-cloudshell/public-cloud-provider-support-in-cloudshell/setappsecuritygroups-code-example.md).
+- To set more specific security groups, it is recommended to use the TestShell API's [SetAppSecurityGroups](pathname:///api-docs/latest/TestShell-API/TestShell%20XML%20RPC%20API.html#SetAppSecurityGroups) method instead. Unlike the Inbound Ports attribute, it enables you to define different port settings per subnet and allow inbound access to specific source CIDRs. For additional information, see [SetAppSecurityGroups Code Example](../../../../supported-cloud-providers-in-cloudshell/public-cloud-provider-support-in-cloudshell/setappsecuritygroups-code-example.md).
 :::
             </td>
         </tr>

docs/admin/setting-up-cloudshell/assembly-lab/index.md

@@ -11,16 +11,40 @@ In the standard mode, the entire blueprint must be solved satisfactorily, or the
 
 In Assembly Lab, solving the blueprint partially is possible, and it is expected that further changes to the inventory OR to the request (originally a blueprint, but now a pending sandbox) will eventually bring the sandbox to the desired state.
 
+## Diagram Editor
+
+### Collapsing Abstract Nodes
+
+When working with complex blueprints that contain many abstract requirements, users can collapse abstract nodes in the diagram editor for a cleaner visualization. Right-click an abstract node and select **Collapse** to hide its child elements. This helps manage large diagrams while retaining access to the full structure when needed.
+
 ## Assembly Lab Rules
 
 ### Route Handling
 
 If there is a route between resources, the route will not be solved (i.e., Layer 1 ports will not be reserved). However, the system will attempt to select resources that are connected to Layer 1 switches.
 
+### Smart Route Creation with L1 Priority
+
+When creating routes between concrete devices in the sandbox, the system prioritizes using existing route segments (patch panels, Layer 1 infrastructure). If a valid route can be established through existing L1 infrastructure, it will be used automatically.
+
+If no valid route can be established through existing L1 infrastructure, a provisional direct connection (device-to-device) is created. This placeholder route can later be refined by selecting appropriate connections through Layer 1 switches or patch panels.
+
+### L1 Port Auto-Add on Solve
+
+When solving an abstract requirement that is part of a route, if the solution resource is connected to a Layer 1 port, that port is automatically added to the route and reservation. This eliminates the need to manually manage L1 port assignments when resolving abstract requirements within routes.
+
+Conversely, when unsolving an abstract, the associated L1 port is automatically removed from the route and reservation.
+
 ### Sandbox Creation
 
 A sandbox is always created, even if not all requirements are met. This approach ensures that users can proceed with their projects while resolving outstanding requirements.
 
+### Exclusive Requirement Solving
+
+When solving exclusive abstract requirements, only the device itself is used as the solution — not the entire resource graph beneath it. This ensures that exclusive reservations are scoped precisely to the required resource.
+
+Additionally, the "unsolve abstract" operation accurately determines which resources to remove from the reservation, preventing unintended removal of resources that are still needed by other requirements.
+
 ### Whole Resource Utilization
 
 As many resource requirements as possible will be solved with whole resources. This approach minimizes fragmentation and maintains the integrity of individual resources.