From e0141ab34887bc5b56721bbf1a97eacb7e89e4fa Mon Sep 17 00:00:00 2001 From: Abhishek Kumar Date: Thu, 15 Jul 2021 12:57:37 +0530 Subject: [PATCH] server: fix network access for addNicToVirtualMachine API (#5184) New NICs shouldn't added to VM with network from admin account, same as deployment. Signed-off-by: Abhishek Kumar --- .../src/main/java/com/cloud/vm/UserVmManagerImpl.java | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java index 6d858743745..4c615df058e 100644 --- a/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/main/java/com/cloud/vm/UserVmManagerImpl.java @@ -81,7 +81,6 @@ import org.apache.cloudstack.api.command.user.vm.UpgradeVMCmd; import org.apache.cloudstack.api.command.user.vmgroup.CreateVMGroupCmd; import org.apache.cloudstack.api.command.user.vmgroup.DeleteVMGroupCmd; import org.apache.cloudstack.api.command.user.volume.ResizeVolumeCmd; -import com.cloud.agent.api.to.deployasis.OVFNetworkTO; import org.apache.cloudstack.backup.Backup; import org.apache.cloudstack.backup.BackupManager; import org.apache.cloudstack.backup.dao.BackupDao; @@ -145,6 +144,7 @@ import com.cloud.agent.api.VolumeStatsEntry; import com.cloud.agent.api.to.DiskTO; import com.cloud.agent.api.to.NicTO; import com.cloud.agent.api.to.VirtualMachineTO; +import com.cloud.agent.api.to.deployasis.OVFNetworkTO; import com.cloud.agent.api.to.deployasis.OVFPropertyTO; import com.cloud.agent.manager.Commands; import com.cloud.alert.AlertManager; @@ -1310,12 +1310,8 @@ public class UserVmManagerImpl extends ManagerBase implements UserVmManager, Vir throw new InvalidParameterValueException("unable to find a network with id " + networkId); } - if (caller.getType() != Account.ACCOUNT_TYPE_ADMIN) { - if (!(network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Domain) - && !(network.getAclType() == ACLType.Account && network.getAccountId() == vmInstance.getAccountId())) { - throw new InvalidParameterValueException("only shared network or isolated network with the same account_id can be added to vmId: " + vmId); - } - } + Account vmOwner = _accountMgr.getAccount(vmInstance.getAccountId()); + _networkModel.checkNetworkPermissions(vmOwner, network); List allNics = _nicDao.listByVmId(vmInstance.getId()); for (NicVO nic : allNics) {