diff --git a/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java b/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java index 43a4994ec91..0c4374c6877 100644 --- a/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java +++ b/api/src/org/apache/cloudstack/affinity/AffinityGroupService.java @@ -79,4 +79,7 @@ public interface AffinityGroupService { boolean isAffinityGroupAvailableInDomain(long affinityGroupId, long domainId); + AffinityGroup createAffinityGroupInternal(String account, Long domainId, String affinityGroupName, + String affinityGroupType, String description); + } diff --git a/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java b/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java index 68adb2bfa6a..9eaf589a01b 100755 --- a/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java +++ b/plugins/dedicated-resources/src/org/apache/cloudstack/dedicated/DedicatedResourceManagerImpl.java @@ -609,7 +609,7 @@ public class DedicatedResourceManagerImpl implements DedicatedService { } - group = _affinityGroupService.createAffinityGroup(accountName, domainId, affinityGroupName, + group = _affinityGroupService.createAffinityGroupInternal(accountName, domainId, affinityGroupName, "ExplicitDedication", "dedicated resources group"); return group; diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index b017ef18650..113df5ac869 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -1852,7 +1852,7 @@ public class ConfigurationManagerImpl extends ManagerBase implements Configurati } } - group = _affinityGroupService.createAffinityGroup(accountName, domainId, affinityGroupName, + group = _affinityGroupService.createAffinityGroupInternal(accountName, domainId, affinityGroupName, "ExplicitDedication", "dedicated resources group"); return group; diff --git a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java index c6f1b92848d..96da87bdca6 100644 --- a/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java +++ b/server/src/org/apache/cloudstack/affinity/AffinityGroupServiceImpl.java @@ -134,6 +134,34 @@ public class AffinityGroupServiceImpl extends ManagerBase implements AffinityGro AffinityGroupProcessor processor = typeProcessorMap.get(affinityGroupType); + if (processor.isAdminControlledGroup()) { + throw new PermissionDeniedException("Cannot create the affinity group"); + } + + return createAffinityGroupInternal(account, domainId, affinityGroupName, affinityGroupType, description); + } + + @DB + @Override + public AffinityGroup createAffinityGroupInternal(String account, Long domainId, String affinityGroupName, + String affinityGroupType, String description) { + + Account caller = UserContext.current().getCaller(); + + // validate the affinityGroupType + Map typeProcessorMap = getAffinityTypeToProcessorMap(); + if (typeProcessorMap != null && !typeProcessorMap.isEmpty()) { + if (!typeProcessorMap.containsKey(affinityGroupType)) { + throw new InvalidParameterValueException("Unable to create affinity group, invalid affinity group type" + + affinityGroupType); + } + } else { + throw new InvalidParameterValueException( + "Unable to create affinity group, no Affinity Group Types configured"); + } + + AffinityGroupProcessor processor = typeProcessorMap.get(affinityGroupType); + if (processor.isAdminControlledGroup() && !_accountMgr.isRootAdmin(caller.getType())) { throw new PermissionDeniedException("Cannot create the affinity group"); }