refactor: avoid redundant DB calls when checking for root admin account

[shwstppr]

Description

AccountService.isRootAdmin(Long) is currently invoked each time to check if an account or caller is a root admin, leading to repeated DB lookups. In most cases, the Account object is already available and should be used directly. For the caller, the root admin flag is now cached in CallContext to avoid repeated evaluations.

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)
• build/CI
• test (unit or integration test code)

Feature/Enhancement Scale or Bug Severity

Feature/Enhancement Scale

• Major
• Minor

Bug Severity

• BLOCKER
• Critical
• Major
• Minor
• Trivial

Screenshots (if appropriate):

How Has This Been Tested?

Without change, 80 calls for AccountDaoImpl.findById during deploy VM and it took 4.994s in a local simulator env,

$ time cmk deploy virtualmachine zoneid=50d134ba-8f56-4018-8636-be3d578d6ac1 templateid=11229cef-6ebe-11f0-bb73-9843fa67404e serviceofferingid=50faea90-caa9-4af9-bcab-e82932ad9ade networkids=04cb503a-2625-4ef6-b740-340c46cff471
{
  "virtualmachine": {
    "account": "user",
    "affinitygroup": [],
    "bootmode": "legacy",
    "boottype": "Bios",
    "cpunumber": 1,
    "cpuspeed": 1000,
    "created": "2025-08-05T10:32:04+0530",
    "deleteprotection": false,
    "details": {},
    "displayname": "QA-0fbcfacf-da04-430c-bafc-ed6ce3543a7c",
    "domain": "ROOT",
    "domainid": "53476c17-6ebd-11f0-bb73-9843fa67404e",
    "domainpath": "/",
    "guestosid": "5338fb33-6ebd-11f0-bb73-9843fa67404e",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hypervisor": "Simulator",
    "id": "0fbcfacf-da04-430c-bafc-ed6ce3543a7c",
    "ipaddress": "10.1.1.251",
    "isdynamicallyscalable": false,
    "jobid": "3c8e02ce-76b3-4d06-b432-241662ab7d95",
    "jobstatus": 0,
    "lastupdated": "2025-08-05T10:32:07+0530",
    "memory": 1024,
    "name": "QA-0fbcfacf-da04-430c-bafc-ed6ce3543a7c",
    "nic": [
      {
        "broadcasturi": "vlan://183",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "aabdb509-19d9-419a-b41d-22f6ffd1e2c3",
        "ipaddress": "10.1.1.251",
        "isdefault": true,
        "isolationuri": "vlan://183",
        "macaddress": "02:01:00:d0:00:0c",
        "netmask": "255.255.255.0",
        "networkid": "04cb503a-2625-4ef6-b740-340c46cff471",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.6 (64-bit)",
    "ostypeid": "5338fb33-6ebd-11f0-bb73-9843fa67404e",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "readonlydetails": "dataDiskController, rootDiskController",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "50faea90-caa9-4af9-bcab-e82932ad9ade",
    "serviceofferingname": "Medium Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "CentOS 5.6 (64-bit) no GUI (Simulator)",
    "templateformat": "VHD",
    "templateid": "11229cef-6ebe-11f0-bb73-9843fa67404e",
    "templatename": "CentOS 5.6 (64-bit) no GUI (Simulator)",
    "templatetype": "BUILTIN",
    "userid": "3fd2a667-690c-407e-a194-9dd7d73bfa2f",
    "username": "user",
    "zoneid": "50d134ba-8f56-4018-8636-be3d578d6ac1",
    "zonename": "zim1"
  }
}

real	0m4.994s
user	0m0.048s
sys	0m0.010s

After the change, AccountDaoImpl.findById calls reduced to 45 during deploy VM, and it took 3.082s in a local simulator env,

$ time cmk deploy virtualmachine zoneid=50d134ba-8f56-4018-8636-be3d578d6ac1 templateid=11229cef-6ebe-11f0-bb73-9843fa67404e serviceofferingid=50faea90-caa9-4af9-bcab-e82932ad9ade networkids=04cb503a-2625-4ef6-b740-340c46cff471
{
  "virtualmachine": {
    "account": "user",
    "affinitygroup": [],
    "bootmode": "legacy",
    "boottype": "Bios",
    "cpunumber": 1,
    "cpuspeed": 1000,
    "created": "2025-08-05T10:46:35+0530",
    "deleteprotection": false,
    "details": {},
    "displayname": "QA-dee76859-8dcf-4f40-8881-13b1f768757a",
    "domain": "ROOT",
    "domainid": "53476c17-6ebd-11f0-bb73-9843fa67404e",
    "domainpath": "/",
    "guestosid": "5338fb33-6ebd-11f0-bb73-9843fa67404e",
    "haenable": false,
    "hasannotations": false,
    "hostcontrolstate": "Enabled",
    "hypervisor": "Simulator",
    "id": "dee76859-8dcf-4f40-8881-13b1f768757a",
    "ipaddress": "10.1.1.86",
    "isdynamicallyscalable": false,
    "jobid": "f6baf9b7-2b2d-410e-8d74-f887e835c7a4",
    "jobstatus": 0,
    "lastupdated": "2025-08-05T10:46:36+0530",
    "memory": 1024,
    "name": "QA-dee76859-8dcf-4f40-8881-13b1f768757a",
    "nic": [
      {
        "broadcasturi": "vlan://183",
        "deviceid": "0",
        "extradhcpoption": [],
        "gateway": "10.1.1.1",
        "id": "2bc5439c-ca23-4c5d-9ddd-9e63c9f45c01",
        "ipaddress": "10.1.1.86",
        "isdefault": true,
        "isolationuri": "vlan://183",
        "macaddress": "02:01:00:d0:00:0d",
        "netmask": "255.255.255.0",
        "networkid": "04cb503a-2625-4ef6-b740-340c46cff471",
        "networkname": "test",
        "secondaryip": [],
        "traffictype": "Guest",
        "type": "Isolated"
      }
    ],
    "osdisplayname": "CentOS 5.6 (64-bit)",
    "ostypeid": "5338fb33-6ebd-11f0-bb73-9843fa67404e",
    "passwordenabled": false,
    "pooltype": "NetworkFilesystem",
    "readonlydetails": "dataDiskController, rootDiskController",
    "receivedbytes": 0,
    "rootdeviceid": 0,
    "rootdevicetype": "ROOT",
    "securitygroup": [],
    "sentbytes": 0,
    "serviceofferingid": "50faea90-caa9-4af9-bcab-e82932ad9ade",
    "serviceofferingname": "Medium Instance",
    "state": "Running",
    "tags": [],
    "templatedisplaytext": "CentOS 5.6 (64-bit) no GUI (Simulator)",
    "templateformat": "VHD",
    "templateid": "11229cef-6ebe-11f0-bb73-9843fa67404e",
    "templatename": "CentOS 5.6 (64-bit) no GUI (Simulator)",
    "templatetype": "BUILTIN",
    "userid": "3fd2a667-690c-407e-a194-9dd7d73bfa2f",
    "username": "user",
    "zoneid": "50d134ba-8f56-4018-8636-be3d578d6ac1",
    "zonename": "zim1"
  }
}

real	0m3.082s
user	0m0.067s
sys	0m0.012s

The considerable time difference (0m4.994s vs 0m3.082s) could be intermittent and may need more testing/profiling. Reduction in DB queries is certainly real.

How did you try to break this feature and the system with this change?

[codecov]

Codecov Report

❌ Patch coverage is 21.05263% with 165 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.35%. Comparing base (f020b5b) to head (c826221).
⚠️ Report is 16 commits behind head on main.

Files with missing lines	Patch %	Lines
...src/main/java/com/cloud/api/ApiResponseHelper.java	6.66%	14 Missing ⚠️
...ain/java/com/cloud/api/query/QueryManagerImpl.java	9.09%	9 Missing and 1 partial ⚠️
...ain/java/com/cloud/network/NetworkServiceImpl.java	9.09%	7 Missing and 3 partials ⚠️
...n/java/com/cloud/storage/VolumeApiServiceImpl.java	0.00%	8 Missing and 1 partial ⚠️
...c/main/java/com/cloud/user/AccountManagerImpl.java	57.14%	5 Missing and 4 partials ⚠️
.../src/main/java/com/cloud/vm/UserVmManagerImpl.java	10.00%	8 Missing and 1 partial ⚠️
...ver/src/main/java/com/cloud/acl/DomainChecker.java	11.11%	8 Missing ⚠️
...n/java/com/cloud/template/TemplateManagerImpl.java	0.00%	7 Missing ⚠️
server/src/main/java/com/cloud/api/ApiServer.java	0.00%	5 Missing ⚠️
...ain/java/com/cloud/storage/StorageManagerImpl.java	28.57%	4 Missing and 1 partial ⚠️
... and 50 more

Additional details and impacted files

@@            Coverage Diff            @@
##               main   #11390   +/-   ##
=========================================
  Coverage     17.35%   17.35%           
  Complexity    15230    15230           
=========================================
  Files          5885     5885           
  Lines        525626   525580   -46     
  Branches      64160    64158    -2     
=========================================
+ Hits          91217    91218    +1     
+ Misses       424112   424070   -42     
+ Partials      10297    10292    -5     

Flag	Coverage Δ
uitests	3.63% <ø> (ø)
unittests	18.39% <21.05%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[shwstppr]

@blueorangutan package

[blueorangutan]

@shwstppr a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14546

[shwstppr]

@blueorangutan package

[blueorangutan]

@shwstppr a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14552

[shwstppr]

@blueorangutan package

[blueorangutan]

@shwstppr a [SL] Jenkins job has been kicked to build packages. It will be bundled with KVM, XenServer and VMware SystemVM templates. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ debian ✔️ suse15. SL-JID 14558

[shwstppr]

@blueorangutan test

[blueorangutan]

@shwstppr a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests

[blueorangutan]

[SF] Trillian test result (tid-14035)
Environment: kvm-ol8 (x2), Advanced Networking with Mgmt server ol8
Total time taken: 47650 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr11390-t14035-kvm-ol8.zip
Smoke tests completed. 146 look OK, 0 have errors, 0 did not run
Only failed and skipped tests results shown below:

Test	Result	Time (s)	Test File

[github-actions]

This pull request has merge conflicts. Dear author, please fix the conflicts and sync your branch with the base branch.

[Copilot]

Pull Request Overview

This PR optimizes the AccountService.isRootAdmin(Long) method usage by introducing a new overloaded isRootAdmin(Account) method and caching the root admin flag in CallContext to avoid redundant database lookups. The changes reduce DB calls from 80 to 45 during VM deployment, improving performance by reducing execution time from 4.994s to 3.082s in test environments.

Key Changes

• Added isRootAdmin(Account) method overload to avoid redundant account lookups
• Added isCallingAccountRootAdmin() method to CallContext for cached access to caller's root admin status
• Refactored existing code to use the new methods where Account objects are already available

Reviewed Changes

Copilot reviewed 82 out of 82 changed files in this pull request and generated 2 comments.

File	Description
AccountManagerImpl.java	Implements new isRootAdmin(Account) method and updates existing logic
CallContext interface/impl	Adds isCallingAccountRootAdmin() method for cached root admin checks
Various service implementations	Updated to use new methods when Account objects are available
Test files	Updated mock configurations and test setup to use new method signatures