apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

server: allow normal users to create isolated network without source nat (#5920)

Browse Source
This commit is contained in:
Wei Zhou 2022-02-03 12:14:11 +01:00 committed by GitHub
parent 638779ca37
commit 4a1ebb3fa5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
server/src/main/java/com/cloud/network/NetworkServiceImpl.java
View File

@ -1360,9 +1360,8 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
performBasicPrivateVlanChecks(vlanId, secondaryVlanId, privateVlanType); performBasicPrivateVlanChecks(vlanId, secondaryVlanId, privateVlanType);
// Regular user can create Guest Isolated Source Nat enabled network or L2 network only if (!_accountMgr.isRootAdmin(caller.getId())) {
if (_accountMgr.isNormalUser(caller.getId())) { validateNetworkOfferingForNonRootAdminUser(ntwkOff);
validateNetworkOfferingForRegularUser(ntwkOff);
} }
// Don't allow to specify vlan if the caller is not ROOT admin // Don't allow to specify vlan if the caller is not ROOT admin
@ -1454,20 +1453,16 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
return network; return network;
} }
private void validateNetworkOfferingForRegularUser(NetworkOfferingVO ntwkOff) { private void validateNetworkOfferingForNonRootAdminUser(NetworkOfferingVO ntwkOff) {
if (ntwkOff.getTrafficType() != TrafficType.Guest) { if (ntwkOff.getTrafficType() != TrafficType.Guest) {
throw new InvalidParameterValueException("Regular users can only create a Guest network"); throw new InvalidParameterValueException("This user can only create a Guest network");
} }
if (ntwkOff.getGuestType() == GuestType.Isolated && areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)) { if (ntwkOff.getGuestType() == GuestType.L2 || ntwkOff.getGuestType() == GuestType.Isolated) {
s_logger.debug(String.format("Creating a network from network offerings having traffic type [%s] and network type [%s] with a service [%s] enabled.",
TrafficType.Guest, GuestType.Isolated, Service.SourceNat.getName()));
} else if (ntwkOff.getGuestType() == GuestType.L2) {
s_logger.debug(String.format("Creating a network from network offerings having traffic type [%s] and network type [%s].", s_logger.debug(String.format("Creating a network from network offerings having traffic type [%s] and network type [%s].",
TrafficType.Guest, GuestType.L2)); TrafficType.Guest, ntwkOff.getGuestType()));
} else { } else {
throw new InvalidParameterValueException( throw new InvalidParameterValueException(
String.format("Regular users can only create an %s network with a service [%s] enabled, or a %s network.", String.format("This user can only create an %s network or a %s network.", GuestType.Isolated, GuestType.L2));
GuestType.Isolated, Service.SourceNat.getName(), GuestType.L2));
} }
} }