Don't allow to specify security groups when deployVm in Vmware setup.

Also fixed a couple of other problems: * verify security group ids before vm creation * don't create "default" security group (if missing) as a part of deployVm process when vm is deployed from vmWare template
2011-05-20 18:38:41 -07:00 · 2011-05-20 18:38:41 -07:00 · 30e8ed3ab6
parent ce83525b5a
commit 30e8ed3ab6
2 changed files with 44 additions and 24 deletions
--- a/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
+++ b/server/src/com/cloud/network/security/SecurityGroupManagerImpl.java
@ -836,7 +836,8 @@ public class SecurityGroupManagerImpl implements SecurityGroupManager, SecurityG
    @DB
    public boolean addInstanceToGroups(final Long userVmId, final List<Long> groups) {
        if (!isVmSecurityGroupEnabled(userVmId)) {
-            return true;
+           s_logger.warn("User vm " + userVmId + " is not security group enabled, can't add it to security group");
+           return false;
        }
        if (groups != null && !groups.isEmpty()) {

--- a/server/src/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/com/cloud/vm/UserVmManagerImpl.java
@ -128,6 +128,7 @@ import com.cloud.network.router.VirtualNetworkApplianceManager;
 import com.cloud.network.rules.RulesManager;
 import com.cloud.network.security.SecurityGroup;
 import com.cloud.network.security.SecurityGroupManager;
+import com.cloud.network.security.dao.SecurityGroupDao;
 import com.cloud.network.vpn.PasswordResetElement;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.offering.NetworkOffering.Availability;
@ -323,6 +324,8 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
    protected SSHKeyPairDao _sshKeyPairDao;
    @Inject
    protected UserVmDetailsDao _vmDetailsDao;
+    @Inject 
+    protected SecurityGroupDao _securityGroupDao;

    protected ScheduledExecutorService _executor = null;
    protected int _expungeInterval;
@ -2012,32 +2015,35 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
            networkList.add(_networkDao.findById(defaultNetwork.getId()));
        }
        
-        if (securityGroupIdList == null) {
-            securityGroupIdList = new ArrayList<Long>();
-        }
+        boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware || (hypervisor != null && hypervisor == HypervisorType.VMware));
        
-        SecurityGroup defaultGroup = _securityGroupMgr.getDefaultSecurityGroup(owner.getId());
-        if (defaultGroup != null) {
-          //check if security group id list already contains Default security group, and if not - add it
-            boolean defaultGroupPresent = false;
-            for (Long securityGroupId : securityGroupIdList) {
-                if (securityGroupId.longValue() == defaultGroup.getId()) {
-                    defaultGroupPresent = true;
-                    break;
+        if (securityGroupIdList != null && isVmWare) {
+            throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
+        } else if (securityGroupIdList == null && !isVmWare) {
+            securityGroupIdList = new ArrayList<Long>();
+            SecurityGroup defaultGroup = _securityGroupMgr.getDefaultSecurityGroup(owner.getId());
+            if (defaultGroup != null) {
+              //check if security group id list already contains Default security group, and if not - add it
+                boolean defaultGroupPresent = false;
+                for (Long securityGroupId : securityGroupIdList) {
+                    if (securityGroupId.longValue() == defaultGroup.getId()) {
+                        defaultGroupPresent = true;
+                        break;
+                    }
                }
-            }
-            
-            if (!defaultGroupPresent) {
+                
+                if (!defaultGroupPresent) {
+                    securityGroupIdList.add(defaultGroup.getId());
+                }
+              
+            } else {
+                //create default security group for the account
+                if (s_logger.isDebugEnabled()) {
+                    s_logger.debug("Couldn't find default security group for the account " + owner + " so creating a new one");
+                }
+                defaultGroup = _securityGroupMgr.createSecurityGroup(SecurityGroupManager.DEFAULT_GROUP_NAME, SecurityGroupManager.DEFAULT_GROUP_DESCRIPTION, owner.getDomainId(), owner.getId(), owner.getAccountName());
                securityGroupIdList.add(defaultGroup.getId());
            }
-          
-        } else {
-            //create default security group for the account
-            if (s_logger.isDebugEnabled()) {
-                s_logger.debug("Couldn't find default security group for the account " + owner + " so creating a new one");
-            }
-            defaultGroup = _securityGroupMgr.createSecurityGroup(SecurityGroupManager.DEFAULT_GROUP_NAME, SecurityGroupManager.DEFAULT_GROUP_DESCRIPTION, owner.getDomainId(), owner.getId(), owner.getAccountName());
-            securityGroupIdList.add(defaultGroup.getId());
        }
        
        return createVirtualMachine(zone, serviceOffering, template, hostName, displayName, owner, diskOfferingId, 
@ -2053,6 +2059,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
        Account caller = UserContext.current().getCaller();
        List<NetworkVO> networkList = new ArrayList<NetworkVO>();
        boolean isSecurityGroupEnabledNetworkUsed = false;
+        boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware || (hypervisor != null && hypervisor == HypervisorType.VMware));
        
        //Verify that caller can perform actions in behalf of vm owner
        _accountMgr.checkAccess(caller, owner);
@ -2067,6 +2074,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
            networkList.add(networkWithSecurityGroup);

        } else if (securityGroupIdList != null && !securityGroupIdList.isEmpty()) {
+            if (isVmWare) {
+                throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
+            }
            // Only one network can be specified, and it should be security group enabled
            if (networkIdList.size() > 1) {
                throw new InvalidParameterValueException("Only support one network per VM if security group enabled");
@ -2117,7 +2127,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
        }
        
        // if network is security group enabled, and default security group is not present in the list of groups specified, add it automatically
-        if (isSecurityGroupEnabledNetworkUsed) {
+        if (isSecurityGroupEnabledNetworkUsed && !isVmWare) {
            if (securityGroupIdList == null) {
                securityGroupIdList = new ArrayList<Long>();
            }
@ -2299,6 +2309,15 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager
            rae.setResourceType("vm");
            throw rae;
        }
+        
+        //verify security group ids
+        if (securityGroupIdList != null) {
+            for (Long securityGroupId : securityGroupIdList) {
+                if (_securityGroupDao.findById(securityGroupId) == null) {
+                    throw new InvalidParameterValueException("Unable to find security group by id " + securityGroupId);
+                }
+            }
+        }

        // check if we have available pools for vm deployment
        List<StoragePoolVO> availablePools = _storagePoolDao.listPoolsByStatus(StoragePoolStatus.Up);