diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java index 021c6ff62267..167995a6b5f3 100644 --- a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java @@ -28,7 +28,6 @@ import java.net.URLDecoder; import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.HashSet; @@ -3105,42 +3104,6 @@ public UserVm updateVirtualMachine(long id, String displayName, String group, Bo } } - boolean isVMware = (vm.getHypervisorType() == HypervisorType.VMware); - - if (securityGroupIdList != null && isVMware) { - throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor"); - } else { - // Get default guest network in Basic zone - Network defaultNetwork = null; - try { - DataCenterVO zone = _dcDao.findById(vm.getDataCenterId()); - if (zone.getNetworkType() == NetworkType.Basic) { - // Get default guest network in Basic zone - defaultNetwork = _networkModel.getExclusiveGuestNetwork(zone.getId()); - } else if (_networkModel.checkSecurityGroupSupportForNetwork(_accountMgr.getActiveAccountById(vm.getAccountId()), zone, Collections.emptyList(), securityGroupIdList)) { - NicVO defaultNic = _nicDao.findDefaultNicForVM(vm.getId()); - if (defaultNic != null) { - defaultNetwork = _networkDao.findById(defaultNic.getNetworkId()); - } - } - } catch (InvalidParameterValueException e) { - if(logger.isDebugEnabled()) { - logger.debug(e.getMessage(),e); - } - defaultNetwork = _networkModel.getDefaultNetworkForVm(id); - } - - if (securityGroupIdList != null && _networkModel.isSecurityGroupSupportedInNetwork(defaultNetwork) && _networkModel.canAddDefaultSecurityGroup()) { - if (vm.getState() == State.Stopped) { - // Remove instance from security groups - _securityGroupMgr.removeInstanceFromGroups(vm); - // Add instance in provided groups - _securityGroupMgr.addInstanceToGroups(vm, securityGroupIdList); - } else { - throw new InvalidParameterValueException("Virtual machine must be stopped prior to update security groups "); - } - } - } List nics = _nicDao.listByVmId(vm.getId()); if (hostName != null) { // Check is hostName is RFC compliant @@ -3173,6 +3136,8 @@ public UserVm updateVirtualMachine(long id, String displayName, String group, Bo .getUuid(), nic.getId(), extraDhcpOptionsMap); } + checkAndUpdateSecurityGroupForVM(securityGroupIdList, vm, networks); + _vmDao.updateVM(id, displayName, ha, osTypeId, userData, userDataId, userDataDetails, isDisplayVmEnabled, isDynamicallyScalable, deleteProtection, customId, hostName, instanceName); @@ -3188,6 +3153,48 @@ public UserVm updateVirtualMachine(long id, String displayName, String group, Bo return _vmDao.findById(id); } + private void checkAndUpdateSecurityGroupForVM(List securityGroupIdList, UserVmVO vm, List networks) { + boolean isVMware = (vm.getHypervisorType() == HypervisorType.VMware); + + if (securityGroupIdList != null && isVMware) { + throw new InvalidParameterValueException("Security group feature is not supported for VMware hypervisor"); + } else if (securityGroupIdList != null) { + DataCenterVO zone = _dcDao.findById(vm.getDataCenterId()); + List networkIds = new ArrayList<>(); + try { + if (zone.getNetworkType() == NetworkType.Basic) { + // Get default guest network in Basic zone + Network defaultNetwork = _networkModel.getExclusiveGuestNetwork(zone.getId()); + networkIds.add(defaultNetwork.getId()); + } else { + networkIds = networks.stream().map(Network::getId).collect(Collectors.toList()); + } + } catch (InvalidParameterValueException e) { + if(logger.isDebugEnabled()) { + logger.debug(e.getMessage(),e); + } + } + + if (_networkModel.checkSecurityGroupSupportForNetwork( + _accountMgr.getActiveAccountById(vm.getAccountId()), + zone, networkIds, securityGroupIdList) + ) { + updateSecurityGroup(vm, securityGroupIdList); + } + } + } + + private void updateSecurityGroup(UserVmVO vm, List securityGroupIdList) { + if (vm.getState() == State.Stopped) { + // Remove instance from security groups + _securityGroupMgr.removeInstanceFromGroups(vm); + // Add instance in provided groups + _securityGroupMgr.addInstanceToGroups(vm, securityGroupIdList); + } else { + throw new InvalidParameterValueException(String.format("VM %s must be stopped prior to update security groups", vm.getUuid())); + } + } + protected void updateUserData(UserVm vm) throws ResourceUnavailableException, InsufficientCapacityException { boolean result = updateUserDataInternal(vm); if (result) { @@ -3695,7 +3702,7 @@ public UserVm createBasicSecurityGroupVirtualMachine(DataCenter zone, ServiceOff boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware || (hypervisor != null && hypervisor == HypervisorType.VMware)); if (securityGroupIdList != null && isVmWare) { - throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor"); + throw new InvalidParameterValueException("Security group feature is not supported for VMware hypervisor"); } else if (!isVmWare && _networkModel.isSecurityGroupSupportedInNetwork(defaultNetwork) && _networkModel.canAddDefaultSecurityGroup()) { //add the default securityGroup only if no security group is specified if (securityGroupIdList == null || securityGroupIdList.isEmpty()) { @@ -3755,7 +3762,7 @@ public UserVm createAdvancedSecurityGroupVirtualMachine(DataCenter zone, Service } else if (securityGroupIdList != null && !securityGroupIdList.isEmpty()) { if (isVmWare) { - throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor"); + throw new InvalidParameterValueException("Security group feature is not supported for VMware hypervisor"); } // Only one network can be specified, and it should be security group enabled if (networkIdList.size() > 1 && template.getHypervisorType() != HypervisorType.KVM && hypervisor != HypervisorType.KVM) { diff --git a/ui/src/views/compute/EditVM.vue b/ui/src/views/compute/EditVM.vue index f2d679ee4445..75a297cee3e0 100644 --- a/ui/src/views/compute/EditVM.vue +++ b/ui/src/views/compute/EditVM.vue @@ -206,7 +206,7 @@ export default { zoneid: this.resource.zoneid }).then(response => { const zone = response?.listzonesresponse?.zone || [] - this.securityGroupsEnabled = zone?.[0]?.securitygroupsenabled + this.securityGroupsEnabled = zone?.[0]?.securitygroupsenabled || this.$store.getters.showSecurityGroups }) }, fetchSecurityGroups () { diff --git a/ui/src/views/compute/InstanceTab.vue b/ui/src/views/compute/InstanceTab.vue index b22f576e70ad..925f707591ad 100644 --- a/ui/src/views/compute/InstanceTab.vue +++ b/ui/src/views/compute/InstanceTab.vue @@ -179,6 +179,7 @@ export default { vm: {}, totalStorage: 0, currentTab: 'details', + showUpdateSecurityGroupsModal: false, showAddVolumeModal: false, diskOfferings: [], annotations: [],