early check delete protected vm count and error out for account deletion

Author: sudo87

engine/schema/src/main/java/com/cloud/vm/dao/VMInstanceDao.java

@@ -192,4 +192,6 @@ List<VMInstanceVO> searchRemovedByRemoveDate(final Date startDate, final Date en
     int getVmCountByOfferingNotInDomain(Long serviceOfferingId, List<Long> domainIds);
 
     List<VMInstanceVO> listByIdsIncludingRemoved(List<Long> ids);
+
+    List<VMInstanceVO> listDeleteProtectedVmsByAccountId(long accountId);
 }

engine/schema/src/main/java/com/cloud/vm/dao/VMInstanceDaoImpl.java

@@ -30,6 +30,7 @@
 import javax.annotation.PostConstruct;
 import javax.inject.Inject;
 
+import org.apache.cloudstack.api.ApiConstants;
 import org.apache.commons.collections.CollectionUtils;
 import org.springframework.stereotype.Component;
 
@@ -106,6 +107,7 @@ public class VMInstanceDaoImpl extends GenericDaoBase<VMInstanceVO, Long> implem
     protected SearchBuilder<VMInstanceVO> IdsPowerStateSelectSearch;
     GenericSearchBuilder<VMInstanceVO, Integer> CountByOfferingId;
     GenericSearchBuilder<VMInstanceVO, Integer> CountUserVmNotInDomain;
+    SearchBuilder<VMInstanceVO> DeleteProtectedVmSearch;
 
     @Inject
     ResourceTagDao tagsDao;
@@ -368,6 +370,12 @@ protected void init() {
         CountUserVmNotInDomain.and("domainIdsNotIn", CountUserVmNotInDomain.entity().getDomainId(), Op.NIN);
         CountUserVmNotInDomain.done();
 
+        DeleteProtectedVmSearch = createSearchBuilder();
+        DeleteProtectedVmSearch.selectFields(DeleteProtectedVmSearch.entity().getUuid());
+        DeleteProtectedVmSearch.and(ApiConstants.ACCOUNT_ID, DeleteProtectedVmSearch.entity().getAccountId(), Op.EQ);
+        DeleteProtectedVmSearch.and(ApiConstants.DELETE_PROTECTION, DeleteProtectedVmSearch.entity().isDeleteProtection(), Op.EQ);
+        DeleteProtectedVmSearch.and(ApiConstants.REMOVED, DeleteProtectedVmSearch.entity().getRemoved(), Op.NULL);
+        DeleteProtectedVmSearch.done();
     }
 
     @Override
@@ -1296,4 +1304,12 @@ public List<VMInstanceVO> listByIdsIncludingRemoved(List<Long> ids) {
         sc.setParameters("ids", ids.toArray());
         return listIncludingRemovedBy(sc);
     }
+
+    @Override
+    public List<VMInstanceVO> listDeleteProtectedVmsByAccountId(long accountId)  {
+        SearchCriteria<VMInstanceVO> sc = DeleteProtectedVmSearch.create();
+        sc.setParameters(ApiConstants.ACCOUNT_ID, accountId);
+        sc.setParameters(ApiConstants.DELETE_PROTECTION, true);
+        return listBy(sc);
+    }
 }

server/src/main/java/com/cloud/user/AccountManagerImpl.java

@@ -2103,6 +2103,7 @@ public boolean deleteUserAccount(long accountId) {
             return true;
         }
 
+        validateNoDeleteProtectedVms(account);
         checkIfAccountManagesProjects(accountId);
         verifyCallerPrivilegeForUserOrAccountOperations(account);
 
@@ -2144,6 +2145,24 @@ protected boolean isDeleteNeeded(AccountVO account, long accountId, Account call
         return true;
     }
 
+    private void validateNoDeleteProtectedVms(Account account) {
+        long accountId = account.getId();
+        List<VMInstanceVO> deleteProtectedVms = _vmDao.listDeleteProtectedVmsByAccountId(accountId);
+        if (deleteProtectedVms.isEmpty()) {
+            return;
+        }
+
+        if (logger.isDebugEnabled()) {
+            List<String> vmUuids = deleteProtectedVms.stream().map(VMInstanceVO::getUuid).collect(Collectors.toList());
+            logger.debug("Cannot delete Account {} (id={}), delete protection enabled for Instances: {}",
+                    account.getAccountName(), accountId, vmUuids);
+        }
+
+        throw new InvalidParameterValueException(
+                String.format("Cannot delete Account '%s'. One or more Instances have delete protection enabled.",
+                        account.getAccountName()));
+    }
+
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_ACCOUNT_ENABLE, eventDescription = "enabling account", async = true)
     public AccountVO enableAccount(String accountName, Long domainId, Long accountId) {