Feature: Allow adding delete protection for VMs & volumes

[vishesh92]

Docs PR: apache/cloudstack-documentation#433

Description

This PR allows adding deletion protection for a VM & volume. If the flag is enabled for a VM or a volume, the deletion of that resource fails. This feature helps user prevent deletion of critical resources by mistake.

If the resource is part of an Autoscaling group, CKS or any other plugin/feature, deletion protection flag is ignored. i.e. Deletion protection works only while deletion of resource via destroyVirtualMachine & deleteVolume command.

As of now, delete protection can be enabled only after the resource has been created/deployed. i.e. only updateVirtualMachine & updateVolume commands can set the deleteprotection for a resource.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI
• test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Screenshots (if appropriate):

How Has This Been Tested?

How did you try to break this feature and the system with this change?

[codecov]

Codecov Report

Attention: Patch coverage is 16.90141% with 59 lines in your changes missing coverage. Please review.

Project coverage is 15.57%. Comparing base (2245d98) to head (518d940).
Report is 16 commits behind head on main.

Files with missing lines	Patch %	Lines
.../src/main/java/com/cloud/vm/UserVmManagerImpl.java	52.94%	7 Missing and 1 partial ⚠️
...apache/cloudstack/api/response/VolumeResponse.java	0.00%	6 Missing ⚠️
...hema/src/main/java/com/cloud/storage/VolumeVO.java	0.00%	6 Missing ⚠️
...chema/src/main/java/com/cloud/vm/VMInstanceVO.java	0.00%	6 Missing ⚠️
...n/java/com/cloud/storage/VolumeApiServiceImpl.java	0.00%	5 Missing and 1 partial ⚠️
...stack/api/command/user/volume/UpdateVolumeCmd.java	0.00%	4 Missing ⚠️
...apache/cloudstack/api/response/UserVmResponse.java	33.33%	4 Missing ⚠️
...he/cloudstack/api/command/user/vm/UpdateVMCmd.java	0.00%	3 Missing ⚠️
...apache/cloudstack/storage/volume/VolumeObject.java	0.00%	3 Missing ⚠️
...ava/com/cloud/api/query/dao/VolumeJoinDaoImpl.java	0.00%	3 Missing ⚠️
... and 4 more

Additional details and impacted files

@@             Coverage Diff              @@
##               main    #9633      +/-   ##
============================================
- Coverage     15.57%   15.57%   -0.01%     
  Complexity    12056    12056              
============================================
  Files          5506     5506              
  Lines        482919   482995      +76     
  Branches      61184    60564     -620     
============================================
+ Hits          75233    75242       +9     
- Misses       399375   399439      +64     
- Partials       8311     8314       +3     

Flag	Coverage Δ
uitests	4.17% <ø> (-0.01%)	⬇️
unittests	16.35% <16.90%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[vishesh92]

@blueorangutan package

[blueorangutan]

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 10952

[vishesh92]

@blueorangutan package

[blueorangutan]

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 10959

[vishesh92]

@blueorangutan package

[blueorangutan]

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 10965

[vishesh92]

@blueorangutan test

[blueorangutan]

@vishesh92 a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[github-actions]

This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.

[vishesh92]

@blueorangutan package

[blueorangutan]

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 11003

[vishesh92]

@blueorangutan package

[blueorangutan]

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11009

[rohityadavcloud]

LGTM, simple and very useful feature. Didn't test it though.

[rohityadavcloud]

@blueorangutan test

[blueorangutan]

@rohityadavcloud a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-11383)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 47349 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9633-t11383-kvm-ol8.zip
Smoke tests completed. 111 look OK, 27 have errors, 2 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_01_deploy_vm	Error	31.77	test_resource_names.py
test_02_create_volume	Error	33.34	test_resource_names.py
test_03_register_template	Error	31.85	test_resource_names.py
test_04_register_iso	Error	50.29	test_resource_names.py
ContextSuite context=TestResourceNames>:teardown	Error	85.81	test_resource_names.py
test_04_deploy_vnf_appliance	Error	131.54	test_vnf_templates.py
test_04_deploy_vnf_appliance	Error	131.54	test_vnf_templates.py
test_05_delete_vnf_template	Error	0.03	test_vnf_templates.py
ContextSuite context=TestVnfTemplates>:teardown	Error	0.08	test_vnf_templates.py
ContextSuite context=TestRouterDHCPHosts>:setup	Error	0.00	test_router_dhcphosts.py
ContextSuite context=TestRouterDHCPOpts>:setup	Error	0.00	test_router_dhcphosts.py
ContextSuite context=TestCreateVolume>:setup	Error	0.00	test_volumes.py
test_01_root_volume_encryption	Error	0.05	test_volumes.py
test_02_data_volume_encryption	Error	0.05	test_volumes.py
test_03_root_and_data_volume_encryption	Error	0.04	test_volumes.py
ContextSuite context=TestVolumeEncryption>:teardown	Error	0.06	test_volumes.py
ContextSuite context=TestVolumes>:setup	Error	2.91	test_volumes.py
ContextSuite context=TestIpv6Vpc>:setup	Error	0.00	test_vpc_ipv6.py
test_01_prepare_and_cancel_shutdown	Error	2.44	test_safe_shutdown.py
test_02_trigger_shutdown	Failure	301.34	test_safe_shutdown.py
test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL	Error	3.29	test_vpc_redundant.py
test_02_redundant_VPC_default_routes	Error	3.36	test_vpc_redundant.py
test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers	Error	3.15	test_vpc_redundant.py
test_04_rvpc_network_garbage_collector_nics	Error	3.08	test_vpc_redundant.py
test_05_rvpc_multi_tiers	Error	3.15	test_vpc_redundant.py
ContextSuite context=TestCpuCapServiceOfferings>:setup	Error	0.00	test_service_offerings.py
ContextSuite context=TestServiceOfferings>:setup	Error	3.01	test_service_offerings.py
test_01_VPC_nics_after_destroy	Error	3.20	test_vpc_router_nics.py
test_02_VPC_default_routes	Error	2.93	test_vpc_router_nics.py
ContextSuite context=TestSetSourceNatIp>:setup	Error	0.00	test_set_sourcenat.py
ContextSuite context=TestVmSnapshot>:setup	Error	2.84	test_vm_snapshots.py
test_01_redundant_vpc_site2site_vpn	Error	0.05	test_vpc_vpn.py
ContextSuite context=TestRVPCSite2SiteVpn>:teardown	Error	0.08	test_vpc_vpn.py
test_01_vpc_site2site_vpn_multiple_options	Error	0.04	test_vpc_vpn.py
ContextSuite context=TestVPCSite2SiteVPNMultipleOptions>:teardown	Error	0.06	test_vpc_vpn.py
test_01_vpc_remote_access_vpn	Failure	0.05	test_vpc_vpn.py
ContextSuite context=TestVpcRemoteAccessVpn>:teardown	Error	0.07	test_vpc_vpn.py
test_01_vpc_site2site_vpn	Error	0.03	test_vpc_vpn.py
ContextSuite context=TestVpcSite2SiteVpn>:teardown	Error	0.06	test_vpc_vpn.py
ContextSuite context=TestSharedFSLifecycle>:setup	Error	0.00	test_sharedfs_lifecycle.py
ContextSuite context=TestSnapshotRootDisk>:setup	Error	0.00	test_snapshots.py
ContextSuite context=TestSnapshotStandaloneBackup>:setup	Error	0.00	test_snapshots.py
test_01_webhook_deliveries	Error	5.06	test_webhook_delivery.py
test_05_stop_ssvm	Error	0.11	test_ssvm.py
test_06_stop_cpvm	Error	0.11	test_ssvm.py
test_07_reboot_ssvm	Error	0.11	test_ssvm.py
test_08_reboot_cpvm	Error	0.10	test_ssvm.py
test_09_reboot_ssvm_forced	Error	0.11	test_ssvm.py
test_10_reboot_cpvm_forced	Error	0.11	test_ssvm.py
test_11_destroy_ssvm	Error	0.09	test_ssvm.py
test_12_destroy_cpvm	Error	0.08	test_ssvm.py
test_01_create_webhook_admin_local	Error	0.12	test_webhook_lifecycle.py
test_02_create_webhook_admin_domain	Error	0.11	test_webhook_lifecycle.py
test_03_create_webhook_admin_global	Error	0.13	test_webhook_lifecycle.py
test_04_create_webhook_domainadmin_local	Error	3.40	test_webhook_lifecycle.py
test_05_create_webhook_domainadmin_subdomain	Error	3.29	test_webhook_lifecycle.py
test_06_create_webhook_domainadmin_global_negative	Error	3.19	test_webhook_lifecycle.py
test_07_create_webhook_user_local	Error	3.01	test_webhook_lifecycle.py
test_08_create_webhook_user_domain	Error	3.09	test_webhook_lifecycle.py
test_09_create_webhook_user_gloabl	Error	2.95	test_webhook_lifecycle.py
test_10_create_webhook_admin_advanced	Error	3.08	test_webhook_lifecycle.py
test_11_update_webhook	Error	3.32	test_webhook_lifecycle.py
test_12_list_user_webhook_deliveries	Error	8.22	test_webhook_lifecycle.py
test_13_webhook_execute_delivery	Error	3.62	test_webhook_lifecycle.py
ContextSuite context=TestCopyAndDeleteTemplatesAcrossZones>:setup	Error	0.00	test_templates.py
ContextSuite context=TestCreateTemplate>:setup	Error	0.00	test_templates.py
test_02_deploy_vm_from_direct_download_template	Error	0.02	test_templates.py
test_03_deploy_vm_wrong_checksum	Error	0.22	test_templates.py
ContextSuite context=TestCreateTemplateWithDirectDownload>:teardown	Error	0.24	test_templates.py
ContextSuite context=TestTemplates>:setup	Error	6.32	test_templates.py
test_01_cancel_host_maintenace_with_no_migration_jobs	Error	6.26	test_host_maintenance.py
test_02_cancel_host_maintenace_with_migration_jobs	Error	0.36	test_host_maintenance.py
test_03_cancel_host_maintenace_with_migration_jobs_failure	Error	0.41	test_host_maintenance.py
test_01_cancel_host_maintenance_ssh_enabled_agent_connected	Failure	0.10	test_host_maintenance.py
test_03_cancel_host_maintenance_ssh_disabled_agent_connected	Failure	0.11	test_host_maintenance.py
test_04_cancel_host_maintenance_ssh_disabled_agent_disconnected	Failure	0.09	test_host_maintenance.py
ContextSuite context=TestHostMaintenanceAgents>:teardown	Error	0.18	test_host_maintenance.py
test_01_positive_tests_usage	Failure	2.78	test_usage_events.py
test_01_positive_tests_usage	Error	2.78	test_usage_events.py
test_disable_oobm_ha_state_ineligible	Error	0.41	test_hostha_kvm.py
test_hostha_configure_default_driver	Error	0.38	test_hostha_kvm.py
test_hostha_enable_ha_when_host_disabled	Error	0.45	test_hostha_kvm.py
test_hostha_enable_ha_when_host_disconected	Error	0.37	test_hostha_kvm.py
test_hostha_enable_ha_when_host_in_maintenance	Error	0.41	test_hostha_kvm.py
test_hostha_kvm_host_degraded	Error	0.40	test_hostha_kvm.py
test_hostha_kvm_host_fencing	Error	0.38	test_hostha_kvm.py
test_hostha_kvm_host_recovering	Error	0.38	test_hostha_kvm.py
test_remove_ha_provider_not_possible	Error	0.38	test_hostha_kvm.py
test_01_ISO_usage	Error	0.03	test_usage.py
ContextSuite context=TestISOUsage>:teardown	Error	0.06	test_usage.py
ContextSuite context=TestLBRuleUsage>:setup	Error	2.81	test_usage.py
ContextSuite context=TestNatRuleUsage>:setup	Error	5.58	test_usage.py
ContextSuite context=TestPublicIPUsage>:setup	Error	8.30	test_usage.py
ContextSuite context=TestSnapshotUsage>:setup	Error	11.26	test_usage.py
ContextSuite context=TestTemplateUsage>:setup	Error	14.48	test_usage.py
ContextSuite context=TestVmUsage>:setup	Error	17.42	test_usage.py
ContextSuite context=TestVolumeUsage>:setup	Error	20.44	test_usage.py
ContextSuite context=TestVpnUsage>:setup	Error	23.51	test_usage.py
ContextSuite context=TestVmAutoScaling>:setup	Error	0.00	test_vm_autoscaling.py
test_01_deploy_vm_on_specific_host	Error	0.08	test_vm_deployment_planner.py
test_02_deploy_vm_on_specific_cluster	Error	0.07	test_vm_deployment_planner.py
test_03_deploy_vm_on_specific_pod	Error	0.09	test_vm_deployment_planner.py
test_04_deploy_vm_on_host_override_pod_and_cluster	Error	0.14	test_vm_deployment_planner.py
test_05_deploy_vm_on_cluster_override_pod	Error	0.08	test_vm_deployment_planner.py
ContextSuite context=TestVMDeploymentPlanner>:teardown	Error	0.14	test_vm_deployment_planner.py
ContextSuite context=TestDeployVM>:setup	Error	0.00	test_vm_life_cycle.py
test_01_migrate_VM_and_root_volume	Error	0.06	test_vm_life_cycle.py
test_02_migrate_VM_with_two_data_disks	Error	0.04	test_vm_life_cycle.py
ContextSuite context=TestKVMLiveMigration>:teardown	Error	0.06	test_vm_life_cycle.py
ContextSuite context=TestMigrateVMwithVolume>:teardown	Error	0.02	test_vm_life_cycle.py
test_01_secure_vm_migration	Error	0.05	test_vm_life_cycle.py
test_02_unsecure_vm_migration	Error	0.05	test_vm_life_cycle.py
test_03_secured_to_nonsecured_vm_migration	Error	0.04	test_vm_life_cycle.py
test_04_nonsecured_to_secured_vm_migration	Error	0.06	test_vm_life_cycle.py
ContextSuite context=TestSecuredVmMigration>:teardown	Error	0.13	test_vm_life_cycle.py
ContextSuite context=TestVMLifeCycle>:setup	Error	3.35	test_vm_life_cycle.py
ContextSuite context=TestVMSchedule>:setup	Error	0.00	test_vm_schedule.py
test_01_migrate_vm_strict_tags_success	Error	0.21	test_vm_strict_host_tags.py
test_02_migrate_vm_strict_tags_failure	Error	0.21	test_vm_strict_host_tags.py
ContextSuite context=TestMigrateVMStrictTags>:teardown	Error	0.35	test_vm_strict_host_tags.py
test_01_restore_vm_strict_tags_success	Error	0.20	test_vm_strict_host_tags.py
test_02_restore_vm_strict_tags_failure	Error	0.20	test_vm_strict_host_tags.py
ContextSuite context=TestRestoreVMStrictTags>:teardown	Error	0.31	test_vm_strict_host_tags.py
test_01_scale_vm_strict_tags_success	Error	0.24	test_vm_strict_host_tags.py
test_02_scale_vm_strict_tags_failure	Error	0.28	test_vm_strict_host_tags.py
ContextSuite context=TestScaleVMStrictTags>:teardown	Error	0.41	test_vm_strict_host_tags.py
test_01_deploy_vm_on_specific_host_without_strict_tags	Error	0.19	test_vm_strict_host_tags.py
test_02_deploy_vm_on_any_host_without_strict_tags	Error	0.22	test_vm_strict_host_tags.py
test_03_deploy_vm_on_specific_host_with_strict_tags_success	Error	0.21	test_vm_strict_host_tags.py
test_04_deploy_vm_on_any_host_with_strict_tags_success	Error	0.22	test_vm_strict_host_tags.py
test_05_deploy_vm_on_specific_host_with_strict_tags_failure	Failure	0.21	test_vm_strict_host_tags.py
test_06_deploy_vm_on_any_host_with_strict_tags_failure	Failure	0.22	test_vm_strict_host_tags.py
ContextSuite context=TestVMDeploymentPlannerStrictTags>:teardown	Error	0.33	test_vm_strict_host_tags.py
all_test_restore_vm	Skipped	---	test_restore_vm.py
all_test_router_dns	Skipped	---	test_router_dns.py

[shwstppr]

code looks good. One query abt DB change

[shwstppr]

question - will it make a lot of difference if these flags are stored as details in vm_details/volume_details tables?

[vishesh92]

I don't think it will create a lot of impact. Just a few extra queries & joins to check the value from details table.

[vishesh92]

@JoaoJandre This is a small feature. Can we include this PR in 4.20 release as well?

[vishesh92]

@blueorangutan package

[blueorangutan]

@vishesh92 a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 11038

[vishesh92]

@blueorangutan test

[blueorangutan]

@vishesh92 a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[JoaoJandre]

@JoaoJandre This is a small feature. Can we include this PR in 4.20 release as well?

Sure! but next week the main branch is getting frozen, so the PR will need to be merged by then.

[vishesh92]

@JoaoJandre This is a small feature. Can we include this PR in 4.20 release as well?

Sure! but next week the main branch is getting frozen, so the PR will need to be merged by then.

Thanks Joao. I will try to get both the PRs merged by Monday.

[blueorangutan]

[SF] Trillian test result (tid-11413)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 59967 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr9633-t11413-kvm-ol8.zip
Smoke tests completed. 139 look OK, 1 have errors, 1 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File
test_01_VPC_nics_after_destroy	Error	2040.12	test_vpc_router_nics.py
test_02_VPC_default_routes	Error	35.99	test_vpc_router_nics.py
all_test_vpc_vpn	Skipped	---	test_vpc_vpn.py

[borisstoyanov]

@blueorangutan UI

[rohityadavcloud]

@blueorangutan ui

[blueorangutan]

@rohityadavcloud a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.

[blueorangutan]

UI build: ✔️
Live QA URL: https://qa.cloudstack.cloud/simulator/pr/9633 (QA-JID-443)

[borisstoyanov]

LGTM, manually tested it