Merge pull request #624 from jschoiRR/mold-main#2025

[Mold API] Security Group서비스가 설정된 nic를 가진 VM 일 경우 보안그룹 상세 탭 활성화 및 버그 수정

Author: jschoiRR

server/src/main/java/com/cloud/vm/UserVmManagerImpl.java

@@ -28,7 +28,6 @@
 import java.net.URLDecoder;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -3205,42 +3204,6 @@ public UserVm updateVirtualMachine(long id, String displayName, String group, Bo
             }
         }
 
-        boolean isVMware = (vm.getHypervisorType() == HypervisorType.VMware);
-
-        if (securityGroupIdList != null && isVMware) {
-            throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
-        } else {
-            // Get default guest network in Basic zone
-            Network defaultNetwork = null;
-            try {
-                DataCenterVO zone = _dcDao.findById(vm.getDataCenterId());
-                if (zone.getNetworkType() == NetworkType.Basic) {
-                    // Get default guest network in Basic zone
-                    defaultNetwork = _networkModel.getExclusiveGuestNetwork(zone.getId());
-                } else if (_networkModel.checkSecurityGroupSupportForNetwork(_accountMgr.getActiveAccountById(vm.getAccountId()), zone, Collections.emptyList(), securityGroupIdList)) {
-                    NicVO defaultNic = _nicDao.findDefaultNicForVM(vm.getId());
-                    if (defaultNic != null) {
-                        defaultNetwork = _networkDao.findById(defaultNic.getNetworkId());
-                    }
-                }
-            } catch (InvalidParameterValueException e) {
-                if(logger.isDebugEnabled()) {
-                    logger.debug(e.getMessage(),e);
-                }
-                defaultNetwork = _networkModel.getDefaultNetworkForVm(id);
-            }
-
-            if (securityGroupIdList != null && _networkModel.isSecurityGroupSupportedInNetwork(defaultNetwork) && _networkModel.canAddDefaultSecurityGroup()) {
-                if (vm.getState() == State.Stopped) {
-                    // Remove instance from security groups
-                    _securityGroupMgr.removeInstanceFromGroups(vm);
-                    // Add instance in provided groups
-                    _securityGroupMgr.addInstanceToGroups(vm, securityGroupIdList);
-                } else {
-                    throw new InvalidParameterValueException("Virtual machine must be stopped prior to update security groups ");
-                }
-            }
-        }
         List<? extends Nic> nics = _nicDao.listByVmId(vm.getId());
         if (hostName != null) {
             // Check is hostName is RFC compliant
@@ -3273,6 +3236,35 @@ public UserVm updateVirtualMachine(long id, String displayName, String group, Bo
                     .getUuid(), nic.getId(), extraDhcpOptionsMap);
         }
 
+        boolean isVMware = (vm.getHypervisorType() == HypervisorType.VMware);
+
+        if (securityGroupIdList != null && isVMware) {
+            throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
+        } else if (securityGroupIdList != null){
+            DataCenterVO zone = _dcDao.findById(vm.getDataCenterId());
+            List<Long> networkIds = new ArrayList<>();
+            try {
+                if (zone.getNetworkType() == NetworkType.Basic) {
+                    // Get default guest network in Basic zone
+                    Network defaultNetwork = _networkModel.getExclusiveGuestNetwork(zone.getId());
+                    networkIds.add(defaultNetwork.getId());
+                } else {
+                    networkIds = networks.stream().map(Network::getId).collect(Collectors.toList());
+                }
+            } catch (InvalidParameterValueException e) {
+                if(logger.isDebugEnabled()) {
+                    logger.debug(e.getMessage(),e);
+                }
+            }
+
+            if (_networkModel.checkSecurityGroupSupportForNetwork(
+                            _accountMgr.getActiveAccountById(vm.getAccountId()),
+                            zone, networkIds, securityGroupIdList)
+            ) {
+                updateSecurityGroup(vm, securityGroupIdList);
+            }
+        }
+
         _vmDao.updateVM(id, displayName, ha, osTypeId, userData, userDataId,
                 userDataDetails, isDisplayVmEnabled, isDynamicallyScalable,
                 deleteProtection, customId, hostName, instanceName);
@@ -3288,6 +3280,17 @@ public UserVm updateVirtualMachine(long id, String displayName, String group, Bo
         return _vmDao.findById(id);
     }
 
+    private void updateSecurityGroup(UserVmVO vm, List<Long> securityGroupIdList) {
+        if (vm.getState() == State.Stopped) {
+            // Remove instance from security groups
+            _securityGroupMgr.removeInstanceFromGroups(vm);
+            // Add instance in provided groups
+            _securityGroupMgr.addInstanceToGroups(vm, securityGroupIdList);
+        } else {
+            throw new InvalidParameterValueException("Virtual machine must be stopped prior to update security groups ");
+        }
+    }
+
     protected void updateUserData(UserVm vm) throws ResourceUnavailableException, InsufficientCapacityException {
         boolean result = updateUserDataInternal(vm);
         if (result) {

ui/src/components/view/DetailsTab.vue

@@ -28,14 +28,6 @@
     <a-alert type="error" :showIcon="true" v-else-if="isLicenseExpired(dataResource.licenseExpiryDate)" :message="$t('message.alert.licenseexpired') + ' : ' + dataResource.licenseExpiryDate + '(' + $t('message.license.renewal.required') + ')'" />
     <a-alert type="success" :showIcon="true" v-else :message="$t('message.alert.licenseexpired') + ' : ' + dataResource.licenseExpiryDate + '(' + calculateDday(dataResource.licenseExpiryDate) + $t('message.license.days.left') + ')'" />
   </div>
-  <!-- <a-alert type="error" v-if="['host'].includes($route.meta.name)">
-    <template #message>
-      <div v-if="!dataResource.licenseExpiryDate" class="title"> {{ $t('message.license.not.found') }}</div>
-      <div v-else-if="isLicenseExpired(dataResource.licenseExpiryDate)" class="title"> {{ $t('message.alert.licenseexpired') + ' : ' + dataResource.licenseExpiryDate + '(' + $t('message.license.renewal.required') + ')' }}</div>
-      <div v-else class="title"> {{ $t('message.alert.licenseexpired') + ' : ' + dataResource.licenseExpiryDate + '(' + calculateDday(dataResource.licenseExpiryDate) + $t('message.license.days.left') + ')' }}</div>
-    </template>
-  </a-alert> -->
-
   <a-alert v-if="ip4routes" type="info" :showIcon="true" :message="$t('label.add.upstream.ipv4.routes')">
     <template #description>
       <p v-html="ip4routes" />

ui/src/views/compute/EditVM.vue

@@ -91,10 +91,9 @@
         <a-textarea v-model:value="form.userdata">
         </a-textarea>
       </a-form-item>
-      <a-form-item ref="securitygroupids" name="securitygroupids" :label="$t('label.security.groups')" v-if="securityGroupsEnabled">
+      <a-form-item ref="securitygroupids" name="securitygroupids" :label="$t('label.security.groups')" v-if="securityGroupNetworkProviderUseThisVM">
         <a-select
           mode="multiple"
-          :placeholder="$t('label.select.security.groups')"
           v-model:value="form.securitygroupids"
           showSearch
           optionFilterProp="label"
@@ -165,7 +164,8 @@ export default {
       groups: {
         loading: false,
         opts: []
-      }
+      },
+      securityGroupNetworkProviderUseThisVM: false
     }
   },
   beforeCreate () {
@@ -206,7 +206,28 @@ export default {
         zoneid: this.resource.zoneid
       }).then(response => {
         const zone = response?.listzonesresponse?.zone || []
-        this.securityGroupsEnabled = zone?.[0]?.securitygroupsenabled
+        this.securityGroupsEnabled = zone?.[0]?.securitygroupsenabled || this.$store.getters.showSecurityGroups
+        if (this.securityGroupsEnabled) {
+          api('listNetworks', { supportedservices: 'SecurityGroup' }).then(json => {
+            if (json.listnetworksresponse && json.listnetworksresponse.network) {
+              for (const net of json.listnetworksresponse.network) {
+                if (this.securityGroupNetworkProviderUseThisVM) {
+                  break
+                }
+                const listVmParams = {
+                  id: this.resource.id,
+                  networkid: net.id,
+                  listall: true
+                }
+                api('listVirtualMachines', listVmParams).then(json => {
+                  if (json.listvirtualmachinesresponse && json.listvirtualmachinesresponse?.virtualmachine?.length > 0) {
+                    this.securityGroupNetworkProviderUseThisVM = true
+                  }
+                })
+              }
+            }
+          })
+        }
       })
     },
     fetchSecurityGroups () {
@@ -337,7 +358,7 @@ export default {
         params.name = values.name
         params.displayname = values.displayname
         params.ostypeid = values.ostypeid
-        if (this.securityGroupsEnabled) {
+        if (this.securityGroupNetworkProviderUseThisVM) {
           if (values.securitygroupids) {
             params.securitygroupids = values.securitygroupids
           }

ui/src/views/compute/InstanceTab.vue

@@ -94,7 +94,7 @@
           :routerlinks="(record) => { return { created: '/backup/' + record.id } }"
           :showSearch="false"/>
       </a-tab-pane>
-      <a-tab-pane :tab="$t('label.securitygroups')" key="securitygroups" v-if="dataResource.securitygroup && dataResource.securitygroup.length > 0 || $store.getters.showSecurityGroups">
+      <a-tab-pane :tab="$t('label.securitygroups')" key="securitygroups" v-if="(dataResource.securitygroup && dataResource.securitygroup.length > 0) || ($store.getters.showSecurityGroups && securityGroupNetworkProviderUseThisVM)">
         <a-button
           type="primary"
           style="width: 100%; margin-bottom: 10px"
@@ -103,6 +103,8 @@
           <template #icon><edit-outlined /></template> {{ $t('label.action.update.security.groups') }}
         </a-button>
         <ListResourceTable
+          apiName="listSecurityGroups"
+          :params="{virtualmachineid: dataResource.id}"
           :items="dataResource.securitygroup"
           :columns="['name', 'description']"
           :routerlinks="(record) => { return { name: '/securitygroups/' + record.id } }"
@@ -248,6 +250,7 @@ export default {
       totalStorage: 0,
       currentTab: 'details',
       showAddVolumeModal: false,
+      showUpdateSecurityGroupsModal: false,
       diskOfferings: [],
       showAddMirrorVMModal: false,
       showDrSimulationTestModal: false,
@@ -258,7 +261,8 @@ export default {
       editeNic: '',
       editNicLinkStat: '',
       dataPreFill: {},
-      securitygroupids: []
+      securitygroupids: [],
+      securityGroupNetworkProviderUseThisVM: false
     }
   },
   created () {
@@ -316,6 +320,25 @@ export default {
           this.annotations = json.listannotationsresponse.annotation
         }
       })
+      api('listNetworks', { supportedservices: 'SecurityGroup' }).then(json => {
+        if (json.listnetworksresponse && json.listnetworksresponse.network) {
+          for (const net of json.listnetworksresponse.network) {
+            if (this.securityGroupNetworkProviderUseThisVM) {
+              break
+            }
+            const listVmParams = {
+              id: this.resource.id,
+              networkid: net.id,
+              listall: true
+            }
+            api('listVirtualMachines', listVmParams).then(json => {
+              if (json.listvirtualmachinesresponse && json.listvirtualmachinesresponse?.virtualmachine?.length > 0) {
+                this.securityGroupNetworkProviderUseThisVM = true
+              }
+            })
+          }
+        }
+      })
     },
     listDiskOfferings () {
       api('listDiskOfferings', {