server: allow user to list available IPs on shared networks (#7898)

This fixes #7817
2025-10-26 08:42:29 +01:00 · 2023-08-24 18:12:01 +02:00 · 2023-08-24 18:12:01 +02:00 · 3c38ed7a65
commit 3c38ed7a65
parent 8ad1009ad2
3 changed files with 20 additions and 2 deletions
--- a/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java
+++ b/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java
@ -56,6 +56,10 @@ public interface IpAddressManager {
            "Set placement of vrouter ips in redundant mode in vpc tiers, this can be 3 value: `first` to use first ips in tiers, `last` to use last ips in tiers and `random` to take random ips in tiers.",
            true, ConfigKey.Scope.Account, null, null, null, null, null, ConfigKey.Kind.Select, "first,last,random");

+    ConfigKey<Boolean> AllowUserListAvailableIpsOnSharedNetwork = new ConfigKey<Boolean>("Advanced", Boolean.class, "allow.user.list.available.ips.on.shared.network", "false",
+            "Determines whether users can list available IPs on shared networks",
+            true, ConfigKey.Scope.Global);
+
    /**
     * Assigns a new public ip address.
     *
--- a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java
@ -2342,7 +2342,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage

    @Override
    public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] {UseSystemPublicIps, RulesContinueOnError, SystemVmPublicIpReservationModeStrictness, VrouterRedundantTiersPlacement};
+        return new ConfigKey<?>[] {UseSystemPublicIps, RulesContinueOnError, SystemVmPublicIpReservationModeStrictness, VrouterRedundantTiersPlacement, AllowUserListAvailableIpsOnSharedNetwork};
    }

    /**
--- a/server/src/main/java/com/cloud/server/ManagementServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ManagementServerImpl.java
@ -2323,6 +2323,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
                isAllocated = Boolean.TRUE;
            }
        }
+        boolean isAllocatedTemp = isAllocated;

        VlanType vlanType = null;
        if (forVirtualNetwork != null) {
@ -2333,6 +2334,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe

        final Account caller = getCaller();
        List<IPAddressVO> addrs = new ArrayList<>();
+        NetworkVO network = null;   // shared network

        if (vlanType == VlanType.DirectAttached && networkId == null && ipId == null) { // only root admin can list public ips in all shared networks
            if (caller.getType() != Account.Type.ADMIN) {
@ -2341,7 +2343,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
        } else if (vlanType == VlanType.DirectAttached) {
            // list public ip address on shared network
            // access control. admin: all Ips, domain admin/user: all Ips in shared network in the domain/sub-domain/user
-            NetworkVO network = null;
            if (networkId == null) {
                IPAddressVO ip = _publicIpAddressDao.findById(ipId);
                if (ip == null) {
@ -2475,7 +2476,20 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe
            for (IPAddressVO addr: freeAddrs) {
                freeAddrIds.add(addr.getId());
            }
+        } else if (vlanType == VlanType.DirectAttached && network != null && !isAllocatedTemp && isAllocated) {
+            if (caller.getType() != Account.Type.ADMIN && !IpAddressManager.AllowUserListAvailableIpsOnSharedNetwork.value()) {
+                s_logger.debug("Non-admin users are not allowed to list available IPs on shared networks");
+            } else {
+                final SearchBuilder<IPAddressVO> searchBuilder = _publicIpAddressDao.createSearchBuilder();
+                buildParameters(searchBuilder, cmd, false);
+
+                SearchCriteria<IPAddressVO> searchCriteria = searchBuilder.create();
+                setParameters(searchCriteria, cmd, vlanType, false);
+                searchCriteria.setParameters("state", IpAddress.State.Free.name());
+                addrs.addAll(_publicIpAddressDao.search(searchCriteria, searchFilter)); // Free IPs on shared network
+            }
        }
+
        if (freeAddrIds.size() > 0) {
            final SearchBuilder<IPAddressVO> sb2 = _publicIpAddressDao.createSearchBuilder();
            buildParameters(sb2, cmd, false);