CS-14753: When Vm is deployed with a Security Group , it also gets associated with the default security group.

prachi · prachi · commit f1fae9d57f42 · 2012-05-25T14:40:31.000-07:00
Changes:
- StartVM needed to be changed to add default security group only when none is present.
- DeployVm: createAdvancedSecurityGroupVirtualMachine changed to follow the same rule - add default SG only if none is specified.
diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java
@@ -2110,34 +2110,26 @@ public UserVm createAdvancedSecurityGroupVirtualMachine(DataCenter zone, Service
             }
         }
 
-        // if network is security group enabled, and default security group is not present in the list of groups specified, add it automatically
+        // if network is security group enabled, and no security group is specified, then add the default security group automatically
         if (isSecurityGroupEnabledNetworkUsed && !isVmWare && _networkMgr.canAddDefaultSecurityGroup()) {
-            if (securityGroupIdList == null) {
-                securityGroupIdList = new ArrayList<Long>();
-            }
-
-            SecurityGroup defaultGroup = _securityGroupMgr.getDefaultSecurityGroup(owner.getId());
-            if (defaultGroup != null) {
-                //check if security group id list already contains Default security group, and if not - add it
-                boolean defaultGroupPresent = false;
-                for (Long securityGroupId : securityGroupIdList) {
-                    if (securityGroupId.longValue() == defaultGroup.getId()) {
-                        defaultGroupPresent = true;
-                        break;
-                    }
+            
+          //add the default securityGroup only if no security group is specified
+            if(securityGroupIdList == null || securityGroupIdList.isEmpty()){
+                if (securityGroupIdList == null) {
+                    securityGroupIdList = new ArrayList<Long>();
                 }
-
-                if (!defaultGroupPresent) {
+    
+                SecurityGroup defaultGroup = _securityGroupMgr.getDefaultSecurityGroup(owner.getId());
+                if (defaultGroup != null) {
+                    securityGroupIdList.add(defaultGroup.getId());
+                } else {
+                    //create default security group for the account
+                    if (s_logger.isDebugEnabled()) {
+                        s_logger.debug("Couldn't find default security group for the account " + owner + " so creating a new one");
+                    }
+                    defaultGroup = _securityGroupMgr.createSecurityGroup(SecurityGroupManager.DEFAULT_GROUP_NAME, SecurityGroupManager.DEFAULT_GROUP_DESCRIPTION, owner.getDomainId(), owner.getId(), owner.getAccountName());
                     securityGroupIdList.add(defaultGroup.getId());
                 }
-
-            } else {
-                //create default security group for the account
-                if (s_logger.isDebugEnabled()) {
-                    s_logger.debug("Couldn't find default security group for the account " + owner + " so creating a new one");
-                }
-                defaultGroup = _securityGroupMgr.createSecurityGroup(SecurityGroupManager.DEFAULT_GROUP_NAME, SecurityGroupManager.DEFAULT_GROUP_DESCRIPTION, owner.getDomainId(), owner.getId(), owner.getAccountName());
-                securityGroupIdList.add(defaultGroup.getId());
             }
         }
 
@@ -2759,7 +2751,7 @@ public Pair<UserVmVO, Map<VirtualMachineProfile.Param, Object>> startVirtualMach
         }
 
         //check if vm is security group enabled
-        if (_securityGroupMgr.isVmSecurityGroupEnabled(vmId) && !_securityGroupMgr.isVmMappedToDefaultSecurityGroup(vmId) && _networkMgr.canAddDefaultSecurityGroup()) {
+        if (_securityGroupMgr.isVmSecurityGroupEnabled(vmId) && _securityGroupMgr.getSecurityGroupsForVm(vmId).isEmpty() && !_securityGroupMgr.isVmMappedToDefaultSecurityGroup(vmId) && _networkMgr.canAddDefaultSecurityGroup()) {
             //if vm is not mapped to security group, create a mapping
             if (s_logger.isDebugEnabled()) {
                 s_logger.debug("Vm " + vm + " is security group enabled, but not mapped to default security group; creating the mapping automatically");
