Introducing Storage Access Groups for better management for host and storage connections (apache#10381)

* Introducing Storage Access Groups to define the host and storage pool connections

In CloudStack, when a primary storage is added at the Zone or Cluster scope, it is by default connected to all hosts within that scope. This default behavior can be refined using storage access groups, which allow operators to control and limit which hosts can access specific storage pools.

Storage access groups can be assigned to hosts, clusters, pods, zones, and primary storage pools. When a storage access group is set on a cluster/pod/zone, all hosts within that scope inherit the group. Connectivity between a host and a storage pool is then governed by whether they share the same storage access group.

A storage pool with a storage access group will connect only to hosts that have the same storage access group. A storage pool without a storage access group will connect to all hosts, including those with or without a storage access group.

Author: harikrishna-patnala

api/src/main/java/com/cloud/configuration/ConfigurationService.java

@@ -201,11 +201,12 @@ public interface ConfigurationService {
      *            TODO
      * @param allocationState
      *            TODO
+     * @param storageAccessGroups
      * @return the new pod if successful, null otherwise
      * @throws
      * @throws
      */
-    Pod createPod(long zoneId, String name, String startIp, String endIp, String gateway, String netmask, String allocationState);
+    Pod createPod(long zoneId, String name, String startIp, String endIp, String gateway, String netmask, String allocationState, List<String> storageAccessGroups);
 
     /**
      * Creates a mutual exclusive IP range in the pod with same gateway, netmask.

api/src/main/java/com/cloud/dc/Pod.java

@@ -43,4 +43,6 @@ public interface Pod extends InfrastructureEntity, Grouping, Identity, InternalI
     AllocationState getAllocationState();
 
     boolean getExternalDhcp();
+
+    String getStorageAccessGroups();
 }

api/src/main/java/com/cloud/event/EventTypes.java

@@ -470,6 +470,7 @@ public class EventTypes {
     public static final String EVENT_ENABLE_PRIMARY_STORAGE = "ENABLE.PS";
     public static final String EVENT_DISABLE_PRIMARY_STORAGE = "DISABLE.PS";
     public static final String EVENT_SYNC_STORAGE_POOL = "SYNC.STORAGE.POOL";
+    public static final String EVENT_CONFIGURE_STORAGE_ACCESS = "CONFIGURE.STORAGE.ACCESS";
     public static final String EVENT_CHANGE_STORAGE_POOL_SCOPE = "CHANGE.STORAGE.POOL.SCOPE";
 
     // VPN

api/src/main/java/com/cloud/host/Host.java

@@ -215,4 +215,6 @@ public static String[] toStrings(Host.Type... types) {
     ResourceState getResourceState();
 
     CPU.CPUArch getArch();
+
+    String getStorageAccessGroups();
 }

api/src/main/java/com/cloud/org/Cluster.java

@@ -41,4 +41,6 @@ public static enum ClusterType {
     ManagedState getManagedState();
 
     CPU.CPUArch getArch();
+
+    String getStorageAccessGroups();
 }

api/src/main/java/com/cloud/resource/ResourceService.java

@@ -95,4 +95,11 @@ public interface ResourceService {
 
     boolean releaseHostReservation(Long hostId);
 
+    void updatePodStorageAccessGroups(long podId, List<String> newStorageAccessGroups);
+
+    void updateZoneStorageAccessGroups(long zoneId, List<String> newStorageAccessGroups);
+
+    void updateClusterStorageAccessGroups(Long clusterId, List<String> newStorageAccessGroups);
+
+    void updateHostStorageAccessGroups(Long hostId, List<String> newStorageAccessGroups);
 }

api/src/main/java/com/cloud/storage/StorageService.java

@@ -22,6 +22,7 @@
 
 import org.apache.cloudstack.api.command.admin.storage.CancelPrimaryStorageMaintenanceCmd;
 import org.apache.cloudstack.api.command.admin.storage.ChangeStoragePoolScopeCmd;
+import org.apache.cloudstack.api.command.admin.storage.ConfigureStorageAccessCmd;
 import org.apache.cloudstack.api.command.admin.storage.CreateSecondaryStagingStoreCmd;
 import org.apache.cloudstack.api.command.admin.storage.CreateStoragePoolCmd;
 import org.apache.cloudstack.api.command.admin.storage.DeleteImageStoreCmd;
@@ -99,6 +100,8 @@ public interface StorageService {
 
     StoragePool disablePrimaryStoragePool(Long id);
 
+    boolean configureStorageAccess(ConfigureStorageAccessCmd cmd);
+
     StoragePool getStoragePool(long id);
 
     boolean deleteImageStore(DeleteImageStoreCmd cmd);

api/src/main/java/org/apache/cloudstack/api/ApiConstants.java

@@ -504,6 +504,11 @@ public class ApiConstants {
     public static final String SYSTEM_VM_TYPE = "systemvmtype";
     public static final String TAGS = "tags";
     public static final String STORAGE_TAGS = "storagetags";
+    public static final String STORAGE_ACCESS_GROUPS = "storageaccessgroups";
+    public static final String STORAGE_ACCESS_GROUP = "storageaccessgroup";
+    public static final String CLUSTER_STORAGE_ACCESS_GROUPS = "clusterstorageaccessgroups";
+    public static final String POD_STORAGE_ACCESS_GROUPS = "podstorageaccessgroups";
+    public static final String ZONE_STORAGE_ACCESS_GROUPS = "zonestorageaccessgroups";
     public static final String SUCCESS = "success";
     public static final String SUITABLE_FOR_VM = "suitableforvirtualmachine";
     public static final String TARGET_IQN = "targetiqn";

api/src/main/java/org/apache/cloudstack/api/ResponseGenerator.java

@@ -313,6 +313,8 @@ public interface ResponseGenerator {
 
     PodResponse createPodResponse(Pod pod, Boolean showCapacities);
 
+    PodResponse createMinimalPodResponse(Pod pod);
+
     ZoneResponse createZoneResponse(ResponseView view, DataCenter dataCenter, Boolean showCapacities, Boolean showResourceIcon);
 
     DataCenterGuestIpv6PrefixResponse createDataCenterGuestIpv6PrefixResponse(DataCenterGuestIpv6Prefix prefix);
@@ -327,6 +329,8 @@ public interface ResponseGenerator {
 
     ClusterResponse createClusterResponse(Cluster cluster, Boolean showCapacities);
 
+    ClusterResponse createMinimalClusterResponse(Cluster cluster);
+
     FirewallRuleResponse createPortForwardingRuleResponse(PortForwardingRule fwRule);
 
     IpForwardingRuleResponse createIpForwardingRuleResponse(StaticNatRule fwRule);

api/src/main/java/org/apache/cloudstack/api/command/admin/cluster/AddClusterCmd.java

@@ -118,6 +118,12 @@ public class AddClusterCmd extends BaseCmd {
     private String ovm3cluster;
     @Parameter(name = ApiConstants.OVM3_VIP, type = CommandType.STRING, required = false,  description = "Ovm3 vip to use for pool (and cluster)")
     private String ovm3vip;
+    @Parameter(name = ApiConstants.STORAGE_ACCESS_GROUPS,
+            type = CommandType.LIST, collectionType = CommandType.STRING,
+            description = "comma separated list of storage access groups for the hosts in the cluster",
+            since = "4.21.0")
+    private List<String> storageAccessGroups;
+
     public String getOvm3Pool() {
          return ovm3pool;
     }
@@ -192,6 +198,10 @@ public void setClusterType(String type) {
         this.clusterType = type;
     }
 
+    public List<String> getStorageAccessGroups() {
+        return storageAccessGroups;
+    }
+
     @Override
     public long getEntityOwnerId() {
         return Account.ACCOUNT_ID_SYSTEM;