CLOUDSTACK-9203 security group update on running instance

      cherry-picked from a exoscale internal fix:

      Implement security group move on updateVM API call
      Prevent security group update while instance is running

Conflicts:
	api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java
	server/src/com/cloud/vm/UserVmManager.java
	server/src/com/cloud/vm/UserVmManagerImpl.java

Author: llambiel

api/src/org/apache/cloudstack/api/command/user/vm/UpdateVMCmd.java

@@ -29,6 +29,7 @@
 import org.apache.cloudstack.api.ResponseObject.ResponseView;
 import org.apache.cloudstack.api.ServerApiException;
 import org.apache.cloudstack.api.response.GuestOSResponse;
+import org.apache.cloudstack.api.response.SecurityGroupResponse;
 import org.apache.cloudstack.api.response.UserVmResponse;
 import org.apache.cloudstack.context.CallContext;
 
@@ -39,7 +40,9 @@
 import com.cloud.vm.VirtualMachine;
 
 import java.util.Collection;
+import java.util.List;
 import java.util.Map;
+import java.util.List;
 
 @APICommand(name = "updateVirtualMachine", description="Updates properties of a virtual machine. The VM has to be stopped and restarted for the " +
         "new properties to take effect. UpdateVirtualMachine does not first check whether the VM is stopped. " +
@@ -96,6 +99,14 @@ public class UpdateVMCmd extends BaseCustomIdCmd {
     @Parameter(name = ApiConstants.DETAILS, type = CommandType.MAP, description = "Details in key/value pairs.")
     protected Map<String, String> details;
 
+    @ACL
+    @Parameter(name = ApiConstants.SECURITY_GROUP_IDS,
+               type = CommandType.LIST,
+               collectionType = CommandType.UUID,
+               entityType = SecurityGroupResponse.class,
+               description = "list of security group ids to be applied on the virtual machine.")
+    private List<Long> securityGroupIdList;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -145,7 +156,11 @@ public Map<String, String> getDetails() {
         return (Map<String, String>) (paramsCollection.toArray())[0];
     }
 
-/////////////////////////////////////////////////////
+    public List<Long> getSecurityGroupIdList() {
+        return securityGroupIdList;
+    }
+
+    /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
 

server/src/com/cloud/vm/UserVmManager.java

@@ -103,7 +103,7 @@ boolean upgradeVirtualMachine(Long id, Long serviceOfferingId, Map<String, Strin
     void collectVmDiskStatistics(UserVmVO userVm);
 
     UserVm updateVirtualMachine(long id, String displayName, String group, Boolean ha, Boolean isDisplayVmEnabled, Long osTypeId, String userData,
-                                Boolean isDynamicallyScalable, HTTPMethod httpMethod, String customId, String hostName, String instanceName) throws ResourceUnavailableException, InsufficientCapacityException;
+                                Boolean isDynamicallyScalable, HTTPMethod httpMethod, String customId, String hostName, String instanceName, List<Long> securityGroupIdList) throws ResourceUnavailableException, InsufficientCapacityException;
 
     //the validateCustomParameters, save and remove CustomOfferingDetils functions can be removed from the interface once we can
     //find a common place for all the scaling and upgrading code of both user and systemvms.

server/src/com/cloud/vm/UserVmManagerImpl.java

@@ -2289,6 +2289,7 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx
         String hostName = cmd.getHostName();
         Map<String,String> details = cmd.getDetails();
         Account caller = CallContext.current().getCallingAccount();
+        List<Long> securityGroupIdList = cmd.getSecurityGroupIdList();
 
         // Input validation and permission checks
         UserVmVO vmInstance = _vmDao.findById(id);
@@ -2339,7 +2340,7 @@ public UserVm updateVirtualMachine(UpdateVMCmd cmd) throws ResourceUnavailableEx
         }
 
         return updateVirtualMachine(id, displayName, group, ha, isDisplayVm, osTypeId, userData, isDynamicallyScalable,
-                cmd.getHttpMethod(), cmd.getCustomId(), hostName, cmd.getInstanceName());
+                cmd.getHttpMethod(), cmd.getCustomId(), hostName, cmd.getInstanceName(), securityGroupIdList);
     }
 
     private void saveUsageEvent(UserVmVO vm) {
@@ -2389,7 +2390,8 @@ private void generateNetworkUsageForVm(VirtualMachine vm, boolean isDisplay, Str
 
     @Override
     public UserVm updateVirtualMachine(long id, String displayName, String group, Boolean ha, Boolean isDisplayVmEnabled, Long osTypeId, String userData,
-            Boolean isDynamicallyScalable, HTTPMethod httpMethod, String customId, String hostName, String instanceName) throws ResourceUnavailableException, InsufficientCapacityException {
+            Boolean isDynamicallyScalable, HTTPMethod httpMethod, String customId, String hostName, String instanceName, List<Long> securityGroupIdList)
+                    throws ResourceUnavailableException, InsufficientCapacityException {
         UserVmVO vm = _vmDao.findById(id);
         if (vm == null) {
             throw new CloudRuntimeException("Unable to find virual machine with id " + id);
@@ -2451,6 +2453,25 @@ public UserVm updateVirtualMachine(long id, String displayName, String group, Bo
             isDynamicallyScalable = vm.isDynamicallyScalable();
         }
 
+        // Get default guest network in Basic zone
+        DataCenterVO zone = _dcDao.findById(vm.getDataCenterId());
+        Network defaultNetwork = _networkModel.getExclusiveGuestNetwork(zone.getId());
+
+        boolean isVMware = (vm.getHypervisorType() == HypervisorType.VMware);
+
+        if (securityGroupIdList != null && isVMware) {
+            throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor");
+        } else if (securityGroupIdList != null && _networkModel.isSecurityGroupSupportedInNetwork(defaultNetwork) && _networkModel.canAddDefaultSecurityGroup()) {
+            if (vm.getState() == State.Stopped) {
+                // Remove instance from security groups
+                _securityGroupMgr.removeInstanceFromGroups(id);
+                // Add instance in provided groups
+                _securityGroupMgr.addInstanceToGroups(id, securityGroupIdList);
+            } else {
+                throw new InvalidParameterValueException("Virtual machine must be stopped prior to update security groups ");
+            }
+        }
+
         if (hostName != null) {
             // Check is hostName is RFC compliant
             checkNameForRFCCompliance(hostName);