Prevent downloading templates to secondary storages that are in read-only

[GaOrtiga]

Description

When a Secondary Storage is marked as read-only, download of new templates is still performed in it. This behavior has been fixed, making it so that read-only storages are ignored during the template download process.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• Build/CI
• Test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

I put a secondary in the zone in the read-only state and verified that it no longer would be selected for the download.

How did you try to break this feature and the system with this change?

[winterhazel]

CLGTM

[winterhazel]

@blueorangutan package

[blueorangutan]

@winterhazel a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 17486

[codecov]

Codecov Report

❌ Patch coverage is 35.71429% with 9 lines in your changes missing coverage. Please review.
✅ Project coverage is 16.27%. Comparing base (8eb162c) to head (d46b59e).
⚠️ Report is 2 commits behind head on 4.20.

Files with missing lines	Patch %	Lines
...dstack/storage/image/BaseImageStoreDriverImpl.java	0.00%	6 Missing ⚠️
.../com/cloud/template/HypervisorTemplateAdapter.java	0.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##               4.20   #13023   +/-   ##
=========================================
  Coverage     16.26%   16.27%           
- Complexity    13433    13438    +5     
=========================================
  Files          5665     5665           
  Lines        500530   500544   +14     
  Branches      60787    60790    +3     
=========================================
+ Hits          81411    81441   +30     
+ Misses       410027   409997   -30     
- Partials       9092     9106   +14     

Flag	Coverage Δ
uitests	4.15% <ø> (ø)
unittests	17.12% <35.71%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sureshanaparti]

@blueorangutan package

[blueorangutan]

@sureshanaparti a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✖️ el8 ✖️ el9 ✖️ debian ✖️ suse15. SL-JID 17514

[winterhazel]

@GaOrtiga could you have a look at the test failures?

[GaOrtiga]

@blueorangutan package

[blueorangutan]

@GaOrtiga a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 17553

[sureshanaparti]

Suggested change

	ImageStoreDao dataStoreDao;
	ImageStoreDao imageStoreDao;

[sureshanaparti]

Suggested change

	if (dataStoreDao.findById(store.getId()).isReadonly()) {
	ImageStoreVO storeVO = imageStoreDao.findById(store.getId());
	if (storeVO == null) {
	// add log
	return false;
	}
	if (storeVO.isReadonly()) {

npe for removed image store, can check store exists before isReadonly()

[sureshanaparti]

Suggested change

	ImageStoreDao dataStoreDao;
	ImageStoreDao imageStoreDao;

[sureshanaparti]

same here

can have a common method to check image store exists or not and then isReadonly() ?

[sureshanaparti]

use common method if possible

[Copilot]

Pull request overview

Fixes template download/allocation behavior so Secondary Storage marked read-only is skipped during template download and sync flows.

Changes:

• Add read-only image store checks when selecting/validating secondary storage for template creation/allocation.
• Prevent template sync/download decisions from targeting read-only image stores.
• Extend unit tests to account for the new read-only filtering behavior.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
server/src/main/java/com/cloud/template/HypervisorTemplateAdapter.java	Skips template allocation/download to image stores flagged as read-only.
server/src/test/java/com/cloud/template/HypervisorTemplateAdapterTest.java	Updates tests/mocks to support new ImageStoreDao read-only checks.
engine/storage/image/src/main/java/org/apache/cloudstack/storage/image/TemplateServiceImpl.java	Skips downloads during template sync when the target image store is read-only; fixes a log message typo.
engine/storage/image/src/test/java/org/apache/cloudstack/storage/image/TemplateServiceImplTest.java	Adds coverage for read-only store behavior and adjusts setup for new DAO usage.
engine/storage/src/main/java/org/apache/cloudstack/storage/image/BaseImageStoreDriverImpl.java	Avoids downloading templates to read-only image stores at the driver level.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.