Prevent downloading templates to secondary storages that are in read-only#13023
Prevent downloading templates to secondary storages that are in read-only#13023GaOrtiga wants to merge 3 commits intoapache:4.20from
read-only#13023Conversation
|
@blueorangutan package |
|
@winterhazel a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 17486 |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## 4.20 #13023 +/- ##
=========================================
Coverage 16.26% 16.27%
- Complexity 13433 13438 +5
=========================================
Files 5665 5665
Lines 500530 500544 +14
Branches 60787 60790 +3
=========================================
+ Hits 81411 81441 +30
+ Misses 410027 409997 -30
- Partials 9092 9106 +14
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
@blueorangutan package |
|
@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 17514 |
|
@GaOrtiga could you have a look at the test failures? |
|
@blueorangutan package |
|
@GaOrtiga a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress. |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 17553 |
| @Inject | ||
| StorageOrchestrationService storageOrchestrator; | ||
| @Inject | ||
| ImageStoreDao dataStoreDao; |
There was a problem hiding this comment.
| ImageStoreDao dataStoreDao; | |
| ImageStoreDao imageStoreDao; |
| } | ||
|
|
||
| protected boolean shouldDownloadTemplateToStore(VMTemplateVO template, DataStore store) { | ||
| if (dataStoreDao.findById(store.getId()).isReadonly()) { |
There was a problem hiding this comment.
| if (dataStoreDao.findById(store.getId()).isReadonly()) { | |
| ImageStoreVO storeVO = imageStoreDao.findById(store.getId()); | |
| if (storeVO == null) { | |
| // add log | |
| return false; | |
| } | |
| if (storeVO.isReadonly()) { |
npe for removed image store, can check store exists before isReadonly()
| @Inject | ||
| DataStoreManager dataStoreManager; | ||
| @Inject | ||
| ImageStoreDao dataStoreDao; |
There was a problem hiding this comment.
| ImageStoreDao dataStoreDao; | |
| ImageStoreDao imageStoreDao; |
| if (dataStoreDao.findById(dataStore.getId()).isReadonly()) { | ||
| logger.debug("Template [{}] will not be downloaded to image store [{}] because this store is marked as read-only.", data.getName(), | ||
| dataStore.getName()); | ||
| return; |
There was a problem hiding this comment.
same here
can have a common method to check image store exists or not and then isReadonly() ?
| if (_imgStoreDao.findById(imageStore.getId()).isReadonly()) { | ||
| logger.info("Image store [{}] is marked as read-only. Skip downloading template to this image store.", imageStore); | ||
| return false; | ||
| } |
There was a problem hiding this comment.
use common method if possible
There was a problem hiding this comment.
Pull request overview
Fixes template download/allocation behavior so Secondary Storage marked read-only is skipped during template download and sync flows.
Changes:
- Add read-only image store checks when selecting/validating secondary storage for template creation/allocation.
- Prevent template sync/download decisions from targeting read-only image stores.
- Extend unit tests to account for the new read-only filtering behavior.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| server/src/main/java/com/cloud/template/HypervisorTemplateAdapter.java | Skips template allocation/download to image stores flagged as read-only. |
| server/src/test/java/com/cloud/template/HypervisorTemplateAdapterTest.java | Updates tests/mocks to support new ImageStoreDao read-only checks. |
| engine/storage/image/src/main/java/org/apache/cloudstack/storage/image/TemplateServiceImpl.java | Skips downloads during template sync when the target image store is read-only; fixes a log message typo. |
| engine/storage/image/src/test/java/org/apache/cloudstack/storage/image/TemplateServiceImplTest.java | Adds coverage for read-only store behavior and adjusts setup for new DAO usage. |
| engine/storage/src/main/java/org/apache/cloudstack/storage/image/BaseImageStoreDriverImpl.java | Avoids downloading templates to read-only image stores at the driver level. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ImageStoreVO ImageStoreVOMock = Mockito.mock(ImageStoreVO.class); | ||
| Long zoneId = 1L; | ||
| Set<Long> zoneSet = null; | ||
| boolean isTemplatePrivate = false; | ||
| DataCenterVO dataCenterVOMock = Mockito.mock(DataCenterVO.class); | ||
|
|
||
| Mockito.when(_imgStoreDao.findById(Mockito.anyLong())).thenReturn(ImageStoreVOMock); |
| @Mock | ||
| ImageStoreDao imageStore; | ||
|
|
||
| @Mock | ||
| ImageStoreVO imageMock; | ||
|
|
| if (_imgStoreDao.findById(imageStore.getId()).isReadonly()) { | ||
| logger.info("Image store [{}] is marked as read-only. Skip downloading template to this image store.", imageStore); | ||
| return false; | ||
| } |
| if (dataStoreDao.findById(dataStore.getId()).isReadonly()) { | ||
| logger.debug("Template [{}] will not be downloaded to image store [{}] because this store is marked as read-only.", data.getName(), | ||
| dataStore.getName()); | ||
| return; | ||
| } |
| return false; | ||
| } | ||
|
|
||
| if (_imgStoreDao.findById(imageStore.getId()).isReadonly()) { |
| protected boolean shouldDownloadTemplateToStore(VMTemplateVO template, DataStore store) { | ||
| if (dataStoreDao.findById(store.getId()).isReadonly()) { | ||
| logger.debug("Template [{}] will not be downloaded to image store [{}] because this store is marked as read-only.", template.getUniqueName(), | ||
| store.getName()); | ||
| return false; | ||
| } |
Description
When a Secondary Storage is marked as read-only, download of new templates is still performed in it. This behavior has been fixed, making it so that read-only storages are ignored during the template download process.
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
I put a secondary in the zone in the read-only state and verified that it no longer would be selected for the download.
How did you try to break this feature and the system with this change?