Block VM-level affinity change on CKS VM

Author: Damans227

api/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelper.java

@@ -34,6 +34,7 @@ enum KubernetesClusterNodeType {
     ControlledEntity findByUuid(String uuid);
     ControlledEntity findByVmId(long vmId);
     void checkVmCanBeDestroyed(UserVm userVm);
+    void checkVmAffinityGroupsCanBeUpdated(UserVm userVm);
     boolean isValidNodeType(String nodeType);
     Map<String, Long> getServiceOfferingNodeTypeMap(Map<String, Map<String, String>> serviceOfferingNodeTypeMap);
     Map<String, Long> getTemplateNodeTypeMap(Map<String, Map<String, String>> templateNodeTypeMap);

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesServiceHelperImpl.java

@@ -129,6 +129,27 @@ public void checkVmCanBeDestroyed(UserVm userVm) {
         throw new CloudRuntimeException(msg);
     }
 
+    @Override
+    public void checkVmAffinityGroupsCanBeUpdated(UserVm userVm) {
+        if (!UserVmManager.CKS_NODE.equals(userVm.getUserVmType())) {
+            return;
+        }
+        KubernetesClusterVmMapVO clusterVmMapping = kubernetesClusterVmMapDao.findByVmId(userVm.getId());
+        if (Objects.isNull(clusterVmMapping)) {
+            return;
+        }
+        KubernetesCluster kubernetesCluster = kubernetesClusterDao.findById(clusterVmMapping.getClusterId());
+        String errorMessage = "Affinity groups cannot be updated for a VM part of Kubernetes cluster";
+        if (Objects.nonNull(kubernetesCluster)) {
+            if (KubernetesCluster.ClusterType.ExternalManaged.equals(kubernetesCluster.getClusterType())) {
+                return;
+            }
+            errorMessage += String.format(": %s", kubernetesCluster.getName());
+        }
+        errorMessage += ". Please use the cluster's Change Affinity option instead.";
+        throw new CloudRuntimeException(errorMessage);
+    }
+
     @Override
     public boolean isValidNodeType(String nodeType) {
         if (StringUtils.isBlank(nodeType)) {

server/src/main/java/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java

@@ -25,6 +25,8 @@
 import javax.inject.Inject;
 import javax.naming.ConfigurationException;
 
+import org.springframework.beans.factory.NoSuchBeanDefinitionException;
+
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.ControlledEntity.ACLType;
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
@@ -41,6 +43,8 @@
 import com.cloud.domain.dao.DomainDao;
 import com.cloud.event.ActionEvent;
 import com.cloud.event.EventTypes;
+import com.cloud.kubernetes.cluster.KubernetesServiceHelper;
+import com.cloud.utils.component.ComponentContext;
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.PermissionDeniedException;
 import com.cloud.hypervisor.Hypervisor;
@@ -435,6 +439,13 @@ public UserVm updateVMAffinityGroups(Long vmId, List<Long> affinityGroupIds) {
         if (UserVmManager.SHAREDFSVM.equals(vmInstance.getUserVmType())) {
             throw new InvalidParameterValueException("Operation not supported on Shared FileSystem Instance");
         }
+        try {
+            KubernetesServiceHelper kubernetesServiceHelper =
+                    ComponentContext.getDelegateComponentOfType(KubernetesServiceHelper.class);
+            kubernetesServiceHelper.checkVmAffinityGroupsCanBeUpdated(vmInstance);
+        } catch (NoSuchBeanDefinitionException ignored) {
+            logger.debug("No KubernetesServiceHelper bean found");
+        }
         if (Hypervisor.HypervisorType.External.equals(vmInstance.getHypervisorType())) {
             logger.error("Update VM Affinity Group not supported for {} as it is {} hypervisor instance",
                     vmInstance, Hypervisor.HypervisorType.External.name());