This is an automated email from the ASF dual-hosted git repository.
pearl11594 pushed a commit to branch 4.20
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.20 by this push:
new 45bac89b831 Fix NPE on updating security groups for an instance
(#10493)
45bac89b831 is described below
commit 45bac89b831c27a5738e834b3562a6fffe6433e6
Author: Vishesh <[email protected]>
AuthorDate: Tue Apr 22 12:42:30 2025 +0530
Fix NPE on updating security groups for an instance (#10493)
* Fix NPE on updating security groups for an instance
* addressed review comments
* Method refactoring
---------
Co-authored-by: Harikrishna Patnala <[email protected]>
---
.../main/java/com/cloud/vm/UserVmManagerImpl.java | 85 ++++++++++++----------
ui/src/views/compute/EditVM.vue | 2 +-
ui/src/views/compute/InstanceTab.vue | 1 +
3 files changed, 48 insertions(+), 40 deletions(-)
diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
index 021c6ff6226..167995a6b5f 100644
--- a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
@@ -28,7 +28,6 @@ import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Arrays;
-import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
@@ -3105,42 +3104,6 @@ public class UserVmManagerImpl extends ManagerBase
implements UserVmManager, Vir
}
}
- boolean isVMware = (vm.getHypervisorType() == HypervisorType.VMware);
-
- if (securityGroupIdList != null && isVMware) {
- throw new InvalidParameterValueException("Security group feature
is not supported for vmWare hypervisor");
- } else {
- // Get default guest network in Basic zone
- Network defaultNetwork = null;
- try {
- DataCenterVO zone = _dcDao.findById(vm.getDataCenterId());
- if (zone.getNetworkType() == NetworkType.Basic) {
- // Get default guest network in Basic zone
- defaultNetwork =
_networkModel.getExclusiveGuestNetwork(zone.getId());
- } else if
(_networkModel.checkSecurityGroupSupportForNetwork(_accountMgr.getActiveAccountById(vm.getAccountId()),
zone, Collections.emptyList(), securityGroupIdList)) {
- NicVO defaultNic = _nicDao.findDefaultNicForVM(vm.getId());
- if (defaultNic != null) {
- defaultNetwork =
_networkDao.findById(defaultNic.getNetworkId());
- }
- }
- } catch (InvalidParameterValueException e) {
- if(logger.isDebugEnabled()) {
- logger.debug(e.getMessage(),e);
- }
- defaultNetwork = _networkModel.getDefaultNetworkForVm(id);
- }
-
- if (securityGroupIdList != null &&
_networkModel.isSecurityGroupSupportedInNetwork(defaultNetwork) &&
_networkModel.canAddDefaultSecurityGroup()) {
- if (vm.getState() == State.Stopped) {
- // Remove instance from security groups
- _securityGroupMgr.removeInstanceFromGroups(vm);
- // Add instance in provided groups
- _securityGroupMgr.addInstanceToGroups(vm,
securityGroupIdList);
- } else {
- throw new InvalidParameterValueException("Virtual machine
must be stopped prior to update security groups ");
- }
- }
- }
List<? extends Nic> nics = _nicDao.listByVmId(vm.getId());
if (hostName != null) {
// Check is hostName is RFC compliant
@@ -3173,6 +3136,8 @@ public class UserVmManagerImpl extends ManagerBase
implements UserVmManager, Vir
.getUuid(), nic.getId(), extraDhcpOptionsMap);
}
+ checkAndUpdateSecurityGroupForVM(securityGroupIdList, vm, networks);
+
_vmDao.updateVM(id, displayName, ha, osTypeId, userData, userDataId,
userDataDetails, isDisplayVmEnabled, isDynamicallyScalable,
deleteProtection, customId, hostName, instanceName);
@@ -3188,6 +3153,48 @@ public class UserVmManagerImpl extends ManagerBase
implements UserVmManager, Vir
return _vmDao.findById(id);
}
+ private void checkAndUpdateSecurityGroupForVM(List<Long>
securityGroupIdList, UserVmVO vm, List<NetworkVO> networks) {
+ boolean isVMware = (vm.getHypervisorType() == HypervisorType.VMware);
+
+ if (securityGroupIdList != null && isVMware) {
+ throw new InvalidParameterValueException("Security group feature
is not supported for VMware hypervisor");
+ } else if (securityGroupIdList != null) {
+ DataCenterVO zone = _dcDao.findById(vm.getDataCenterId());
+ List<Long> networkIds = new ArrayList<>();
+ try {
+ if (zone.getNetworkType() == NetworkType.Basic) {
+ // Get default guest network in Basic zone
+ Network defaultNetwork =
_networkModel.getExclusiveGuestNetwork(zone.getId());
+ networkIds.add(defaultNetwork.getId());
+ } else {
+ networkIds =
networks.stream().map(Network::getId).collect(Collectors.toList());
+ }
+ } catch (InvalidParameterValueException e) {
+ if(logger.isDebugEnabled()) {
+ logger.debug(e.getMessage(),e);
+ }
+ }
+
+ if (_networkModel.checkSecurityGroupSupportForNetwork(
+
_accountMgr.getActiveAccountById(vm.getAccountId()),
+ zone, networkIds, securityGroupIdList)
+ ) {
+ updateSecurityGroup(vm, securityGroupIdList);
+ }
+ }
+ }
+
+ private void updateSecurityGroup(UserVmVO vm, List<Long>
securityGroupIdList) {
+ if (vm.getState() == State.Stopped) {
+ // Remove instance from security groups
+ _securityGroupMgr.removeInstanceFromGroups(vm);
+ // Add instance in provided groups
+ _securityGroupMgr.addInstanceToGroups(vm, securityGroupIdList);
+ } else {
+ throw new InvalidParameterValueException(String.format("VM %s must
be stopped prior to update security groups", vm.getUuid()));
+ }
+ }
+
protected void updateUserData(UserVm vm) throws
ResourceUnavailableException, InsufficientCapacityException {
boolean result = updateUserDataInternal(vm);
if (result) {
@@ -3695,7 +3702,7 @@ public class UserVmManagerImpl extends ManagerBase
implements UserVmManager, Vir
boolean isVmWare = (template.getHypervisorType() ==
HypervisorType.VMware || (hypervisor != null && hypervisor ==
HypervisorType.VMware));
if (securityGroupIdList != null && isVmWare) {
- throw new InvalidParameterValueException("Security group feature
is not supported for vmWare hypervisor");
+ throw new InvalidParameterValueException("Security group feature
is not supported for VMware hypervisor");
} else if (!isVmWare &&
_networkModel.isSecurityGroupSupportedInNetwork(defaultNetwork) &&
_networkModel.canAddDefaultSecurityGroup()) {
//add the default securityGroup only if no security group is
specified
if (securityGroupIdList == null || securityGroupIdList.isEmpty()) {
@@ -3755,7 +3762,7 @@ public class UserVmManagerImpl extends ManagerBase
implements UserVmManager, Vir
} else if (securityGroupIdList != null &&
!securityGroupIdList.isEmpty()) {
if (isVmWare) {
- throw new InvalidParameterValueException("Security group
feature is not supported for vmWare hypervisor");
+ throw new InvalidParameterValueException("Security group
feature is not supported for VMware hypervisor");
}
// Only one network can be specified, and it should be security
group enabled
if (networkIdList.size() > 1 && template.getHypervisorType() !=
HypervisorType.KVM && hypervisor != HypervisorType.KVM) {
diff --git a/ui/src/views/compute/EditVM.vue b/ui/src/views/compute/EditVM.vue
index f2d679ee444..75a297cee3e 100644
--- a/ui/src/views/compute/EditVM.vue
+++ b/ui/src/views/compute/EditVM.vue
@@ -206,7 +206,7 @@ export default {
zoneid: this.resource.zoneid
}).then(response => {
const zone = response?.listzonesresponse?.zone || []
- this.securityGroupsEnabled = zone?.[0]?.securitygroupsenabled
+ this.securityGroupsEnabled = zone?.[0]?.securitygroupsenabled ||
this.$store.getters.showSecurityGroups
})
},
fetchSecurityGroups () {
diff --git a/ui/src/views/compute/InstanceTab.vue
b/ui/src/views/compute/InstanceTab.vue
index b22f576e70a..925f707591a 100644
--- a/ui/src/views/compute/InstanceTab.vue
+++ b/ui/src/views/compute/InstanceTab.vue
@@ -179,6 +179,7 @@ export default {
vm: {},
totalStorage: 0,
currentTab: 'details',
+ showUpdateSecurityGroupsModal: false,
showAddVolumeModal: false,
diskOfferings: [],
annotations: [],
