apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check the network access when deploying VM in Advanced Security Group. (#6050)

Browse Source 
* Check the network access when deploying VM in Advanced Security Group.

* Removed comment

* Removed redundant network access check, owner access check already exists
This commit is contained in:
Suresh Kumar Anaparti 2022-03-06 18:37:57 +05:30 committed by GitHub
parent c366511294
commit 2820a36f86
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
View File

@ -1409,9 +1409,6 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
throw new CloudRuntimeException("Zone " + vmInstance.getDataCenterId() + ", has a NetworkType of Basic. Can't add a new NIC to a VM on a Basic Network");
}
// Perform account permission check on network
_accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
//ensure network belongs in zone
if (network.getDataCenterId() != vmInstance.getDataCenterId()) {
throw new CloudRuntimeException(vmInstance + " is in zone:" + vmInstance.getDataCenterId() + " but " + network + " is in zone:" + network.getDataCenterId());
@ -3533,6 +3530,8 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
throw new InvalidParameterValueException("Network is not security group enabled: " + network.getId());
}
_accountMgr.checkAccess(owner, AccessType.UseEntry, false, network);
networkList.add(network);
}
isSecurityGroupEnabledNetworkUsed = true;
@ -3555,10 +3554,8 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
throw new InvalidParameterValueException("Can specify only Shared Guest networks when" + " deploy vm in Advance Security Group enabled zone");
}
// Perform account permission check
if (network.getAclType() == ACLType.Account) {
_accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
}
_accountMgr.checkAccess(owner, AccessType.UseEntry, false, network);
networkList.add(network);
}
}