diff --git a/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java b/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java index 2fa66d7166b..73d3de0ef0c 100644 --- a/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java +++ b/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java @@ -56,6 +56,10 @@ public interface IpAddressManager { "Set placement of vrouter ips in redundant mode in vpc tiers, this can be 3 value: `first` to use first ips in tiers, `last` to use last ips in tiers and `random` to take random ips in tiers.", true, ConfigKey.Scope.Account, null, null, null, null, null, ConfigKey.Kind.Select, "first,last,random"); + ConfigKey AllowUserListAvailableIpsOnSharedNetwork = new ConfigKey("Advanced", Boolean.class, "allow.user.list.available.ips.on.shared.network", "false", + "Determines whether users can list available IPs on shared networks", + true, ConfigKey.Scope.Global); + /** * Assigns a new public ip address. * diff --git a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java index 5436dd6acb1..60e7c5d12bf 100644 --- a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java +++ b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java @@ -2342,7 +2342,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage @Override public ConfigKey[] getConfigKeys() { - return new ConfigKey[] {UseSystemPublicIps, RulesContinueOnError, SystemVmPublicIpReservationModeStrictness, VrouterRedundantTiersPlacement}; + return new ConfigKey[] {UseSystemPublicIps, RulesContinueOnError, SystemVmPublicIpReservationModeStrictness, VrouterRedundantTiersPlacement, AllowUserListAvailableIpsOnSharedNetwork}; } /** diff --git a/server/src/main/java/com/cloud/server/ManagementServerImpl.java b/server/src/main/java/com/cloud/server/ManagementServerImpl.java index c6ace852bd3..31a78744153 100644 --- a/server/src/main/java/com/cloud/server/ManagementServerImpl.java +++ b/server/src/main/java/com/cloud/server/ManagementServerImpl.java @@ -2323,6 +2323,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe isAllocated = Boolean.TRUE; } } + boolean isAllocatedTemp = isAllocated; VlanType vlanType = null; if (forVirtualNetwork != null) { @@ -2333,6 +2334,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe final Account caller = getCaller(); List addrs = new ArrayList<>(); + NetworkVO network = null; // shared network if (vlanType == VlanType.DirectAttached && networkId == null && ipId == null) { // only root admin can list public ips in all shared networks if (caller.getType() != Account.Type.ADMIN) { @@ -2341,7 +2343,6 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe } else if (vlanType == VlanType.DirectAttached) { // list public ip address on shared network // access control. admin: all Ips, domain admin/user: all Ips in shared network in the domain/sub-domain/user - NetworkVO network = null; if (networkId == null) { IPAddressVO ip = _publicIpAddressDao.findById(ipId); if (ip == null) { @@ -2475,7 +2476,20 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe for (IPAddressVO addr: freeAddrs) { freeAddrIds.add(addr.getId()); } + } else if (vlanType == VlanType.DirectAttached && network != null && !isAllocatedTemp && isAllocated) { + if (caller.getType() != Account.Type.ADMIN && !IpAddressManager.AllowUserListAvailableIpsOnSharedNetwork.value()) { + s_logger.debug("Non-admin users are not allowed to list available IPs on shared networks"); + } else { + final SearchBuilder searchBuilder = _publicIpAddressDao.createSearchBuilder(); + buildParameters(searchBuilder, cmd, false); + + SearchCriteria searchCriteria = searchBuilder.create(); + setParameters(searchCriteria, cmd, vlanType, false); + searchCriteria.setParameters("state", IpAddress.State.Free.name()); + addrs.addAll(_publicIpAddressDao.search(searchCriteria, searchFilter)); // Free IPs on shared network + } } + if (freeAddrIds.size() > 0) { final SearchBuilder sb2 = _publicIpAddressDao.createSearchBuilder(); buildParameters(sb2, cmd, false);