Fix issue where security group selection is shown regardless of zone settings in EditVM

[toolmanwyj]

Description

In CloudStack, the security group selection box is displayed when editing a VM, regardless of whether the zone supports security groups or not. This causes the securitygroupids parameter to be sent with the request even if no security group is selected. If the zone is of type NetworkType.Advanced and does not support security groups, this triggers a NullPointerException in the UserVmManagerImpl.updateVirtualMachine method when calling isSecurityGroupSupportedInNetwork.

Upon investigation, it was found that the listZones API call, which is used to fetch the zone details, incorrectly uses zoneid instead of id for the zone identifier. This prevents the correct zone information from being retrieved. Additionally, since the listZones API does not properly filter zones, it fetches all zones and always takes the first one in the list (index 0) to determine whether security groups are enabled. Consequently, if that first zone supports security groups, the security group selection box is displayed in the UI—even if the zone actually used by the VM does not support them.

Moreover, the logic for checking whether the security group selection box is empty is not strict enough, which causes the securitygroupids parameter to be included in the request even when the selection box is empty.

Proposed Solution

1. Correct the parameter name for the zone identifier when calling the listZones API by using id instead of zoneid.
2. Filter the zones correctly in the listZones API call to ensure that only the relevant zone is considered when checking for security group support.
3. Improve the logic for checking if the security group selection box is empty before attaching the securitygroupids parameter to the request.

Modified Files

• EditVM.vue

PR Changes

• Fix incorrect usage of zoneid in listZones calls to properly retrieve the VM’s zone details.
• Only consider the matching zone (instead of just taking the first item) to determine whether security groups are enabled.
• Enhance the empty-check logic for the security group selection, preventing securitygroupids from being included if no security group is actually selected.
• Prevent a NullPointerException when editing VMs in NetworkType.Advanced zones that do not support security groups.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI
• test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

How Has This Been Tested?

1. Local Dev Environment

   • Configured multiple zones: one supporting security groups and one not supporting security groups (VPC).
   • Edited a VM in each zone to confirm that:
     1. When the zone supports SG, the security group selection is displayed and functions correctly.
     2. When the zone does not support SG, no security group selection is displayed or an empty list is properly handled, and no securitygroupids is sent to the backend.
   • Verified no NullPointerException is thrown even if securitygroupids is null or empty.

2. UI Validation

   • Checked that the modified logic in EditVM.vue properly filters the correct zone from listZones.
   • Ensured that if the user does not select a security group, the request does not include securitygroupids.

How did you try to break this feature and the system with this change?

• Attempted to edit a VM in a zone that does not support SG and artificially forced the frontend to pass securitygroupids, verifying that no NPE occurs.
• Made sure any new changes do not affect zones where security groups are legitimately supported.

[boring-cyborg]

Congratulations on your first Pull Request and welcome to the Apache CloudStack community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/cloudstack/blob/main/CONTRIBUTING.md)
Here are some useful points:

• In case of a new feature add useful documentation (raise doc PR at https://github.com/apache/cloudstack-documentation)
• Be patient and persistent. It might take some time to get a review or get the final approval from the committers.
• Pay attention to the quality of your code, ensure tests are passing and your PR doesn't have conflicts.
• Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Issues, Mailing list and Slack.
• Be sure to read the CloudStack Coding Conventions.
  Apache CloudStack is a community-driven project and together we are making it better 🚀.
  In case of doubts contact the developers at:
  Mailing List: [email protected] (https://cloudstack.apache.org/mailing-lists.html)
  Slack: https://apachecloudstack.slack.com/

[DaanHoogland]

@blueorangutan ui

[blueorangutan]

@DaanHoogland a Jenkins job has been kicked to build UI QA env. I'll keep you posted as I make progress.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 16.13%. Comparing base (a163831) to head (9d4128b).
Report is 289 commits behind head on 4.20.

Additional details and impacted files

@@             Coverage Diff              @@
##               4.20   #10224      +/-   ##
============================================
- Coverage     16.13%   16.13%   -0.01%     
+ Complexity    12967    12966       -1     
============================================
  Files          5639     5639              
  Lines        494264   494263       -1     
  Branches      59899    59898       -1     
============================================
- Hits          79760    79759       -1     
+ Misses       405684   405683       -1     
- Partials       8820     8821       +1     

Flag	Coverage Δ
uitests	4.02% <ø> (+<0.01%)	⬆️
unittests	16.98% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[blueorangutan]

UI build: ✔️
Live QA URL: https://qa.cloudstack.cloud/simulator/pr/10224 (QA-JID-517)

[rohityadavcloud]

Changes LGTM, didn't test it though

[DaanHoogland]

thanks for pointing this one out @rohityadavcloud .
@toolmanwyj , does it make sense to backport this PR to 4.19? it seem applicable to that as well.

[weizhouapache]

This is related to #10714 and #10719

[DaanHoogland]

checked as #10849 looks ok

[Pearl1594]

CLosing this as this was raised against 4.19: #10849 (commit: 39a0ba9) - as this issue existed in the earlier version as well.