server,engine-schema: add check for account userdata cleanup

Fixes #9477

Signed-off-by: Abhishek Kumar <[email protected]>

Author: shwstppr

engine/schema/src/main/java/com/cloud/storage/dao/VMTemplateDao.java

@@ -99,4 +99,6 @@ public interface VMTemplateDao extends GenericDao<VMTemplateVO, Long>, StateDao<
     List<VMTemplateVO> listByIds(List<Long> ids);
 
     List<Long> listIdsByTemplateTag(String tag);
+
+    List<Long> listByUserdataIdsNotAccount(List<Long> userdataIds, long accountId);
 }

engine/schema/src/main/java/com/cloud/storage/dao/VMTemplateDaoImpl.java

@@ -863,4 +863,22 @@ public boolean updateState(
         }
         return rows > 0;
     }
+
+    @Override
+    public List<Long> listByUserdataIdsNotAccount(List<Long> userdataIds, long accountId) {
+        if (CollectionUtils.isEmpty(userdataIds)) {
+            return Collections.emptyList();
+        }
+        GenericSearchBuilder<VMTemplateVO, Long> sb = createSearchBuilder(Long.class);
+        sb.selectFields(userDataSearch.entity().getId());
+        sb.and("userDataId", sb.entity().getUserDataId(), SearchCriteria.Op.EQ);
+        sb.and("state", sb.entity().getState(), SearchCriteria.Op.EQ);
+        sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.NEQ);
+        sb.done();
+        SearchCriteria<Long> sc = sb.create();
+        sc.setParameters("userDataId", userdataIds.toArray());
+        sc.setParameters("state", VirtualMachineTemplate.State.Active.toString());
+        sc.setParameters("accountId", accountId);
+        return customSearch(sc, null);
+    }
 }

engine/schema/src/main/java/com/cloud/user/dao/UserDataDao.java

@@ -16,6 +16,8 @@
 // under the License.
 package com.cloud.user.dao;
 
+import java.util.List;
+
 import com.cloud.user.UserDataVO;
 import com.cloud.utils.db.GenericDao;
 
@@ -25,6 +27,7 @@ public interface UserDataDao extends GenericDao<UserDataVO, Long> {
 
     public UserDataVO findByName(long accountId, long domainId, String name);
 
+    List<UserDataVO> listByAccountId(long accountId);
     int removeByAccountId(long accountId);
 
 }

server/src/main/java/com/cloud/user/AccountManagerImpl.java

@@ -475,6 +475,20 @@ public void setQuerySelectors(List<QuerySelector> querySelectors) {
         _querySelectors = querySelectors;
     }
 
+    protected void deleteUserDataForAccount(long accountId) {
+        List<UserDataVO> userdataList = userDataDao.listByAccountId(accountId);
+        if (CollectionUtils.isNotEmpty(userdataList)) {
+            List<Long> conflictingTemplateIds = _templateDao.listByUserdataIdsNotAccount(userdataList
+                    .stream()
+                    .map(UserDataVO::getId)
+                    .collect(Collectors.toList()), accountId);
+            if (CollectionUtils.isNotEmpty(conflictingTemplateIds)) {
+                throw new CloudRuntimeException("User data owned by account linked to templates not owned by the account");
+            }
+        }
+        userDataDao.removeByAccountId(accountId);
+    }
+
     protected void deleteWebhooksForAccount(long accountId) {
         try {
             WebhookHelper webhookService = ComponentContext.getDelegateComponentOfType(WebhookHelper.class);
@@ -1200,7 +1214,7 @@ public int compare(NetworkVO network1, NetworkVO network2) {
             }
 
             // Delete registered UserData
-            userDataDao.removeByAccountId(accountId);
+            deleteUserDataForAccount(accountId);
 
             // Delete Webhooks
             deleteWebhooksForAccount(accountId);