You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by nv...@apache.org on 2022/03/06 13:08:33 UTC
[cloudstack] branch 4.16 updated: Check the network access when deploying VM in Advanced Security Group. (#6050)
This is an automated email from the ASF dual-hosted git repository.
nvazquez pushed a commit to branch 4.16
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.16 by this push:
new 2820a36 Check the network access when deploying VM in Advanced Security Group. (#6050)
2820a36 is described below
commit 2820a36f86f06dbe7f85a5495fccc3ca8a2ae0aa
Author: Suresh Kumar Anaparti <su...@gmail.com>
AuthorDate: Sun Mar 6 18:37:57 2022 +0530
Check the network access when deploying VM in Advanced Security Group. (#6050)
* Check the network access when deploying VM in Advanced Security Group.
* Removed comment
* Removed redundant network access check, owner access check already exists
---
server/src/main/java/com/cloud/vm/UserVmManagerImpl.java | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
index 58ea4e9..44cc2dd 100644
--- a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
+++ b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java
@@ -1409,9 +1409,6 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
throw new CloudRuntimeException("Zone " + vmInstance.getDataCenterId() + ", has a NetworkType of Basic. Can't add a new NIC to a VM on a Basic Network");
}
- // Perform account permission check on network
- _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
-
//ensure network belongs in zone
if (network.getDataCenterId() != vmInstance.getDataCenterId()) {
throw new CloudRuntimeException(vmInstance + " is in zone:" + vmInstance.getDataCenterId() + " but " + network + " is in zone:" + network.getDataCenterId());
@@ -3533,6 +3530,8 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
throw new InvalidParameterValueException("Network is not security group enabled: " + network.getId());
}
+ _accountMgr.checkAccess(owner, AccessType.UseEntry, false, network);
+
networkList.add(network);
}
isSecurityGroupEnabledNetworkUsed = true;
@@ -3555,10 +3554,8 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir
throw new InvalidParameterValueException("Can specify only Shared Guest networks when" + " deploy vm in Advance Security Group enabled zone");
}
- // Perform account permission check
- if (network.getAclType() == ACLType.Account) {
- _accountMgr.checkAccess(caller, AccessType.UseEntry, false, network);
- }
+ _accountMgr.checkAccess(owner, AccessType.UseEntry, false, network);
+
networkList.add(network);
}
}