diff --git a/api/src/com/cloud/api/commands/CreateNetworkCmd.java b/api/src/com/cloud/api/commands/CreateNetworkCmd.java index 6202f74ab88..a7d17789aa3 100644 --- a/api/src/com/cloud/api/commands/CreateNetworkCmd.java +++ b/api/src/com/cloud/api/commands/CreateNetworkCmd.java @@ -20,7 +20,6 @@ package com.cloud.api.commands; import org.apache.log4j.Logger; -import com.cloud.acl.ControlledEntity; import com.cloud.api.ApiConstants; import com.cloud.api.BaseCmd; import com.cloud.api.IdentityMapper; @@ -92,7 +91,7 @@ public class CreateNetworkCmd extends BaseCmd { @Parameter(name=ApiConstants.NETWORK_DOMAIN, type=CommandType.STRING, description="network domain") private String networkDomain; - @Parameter(name=ApiConstants.ACL_TYPE, type=CommandType.STRING, description="Access control type; supported values are account and domain. If not specified, defaulted to Account. Account means that only the account owner can use the network, domain - all accouns in the domain can use the network") + @Parameter(name=ApiConstants.ACL_TYPE, type=CommandType.STRING, description="Access control type; supported values are account and domain. If not specified, defaulted to Account in Adavnce zone, and to Domain in Basic zone. Account means that only the account owner can use the network, domain - all accouns in the domain can use the network") private String aclType; @IdentityMapper(entityTableName="physical_network") @@ -155,7 +154,7 @@ public class CreateNetworkCmd extends BaseCmd { } public String getAclType() { - return aclType == null ? ControlledEntity.ACLType.Account.toString() : aclType; + return aclType; } public Long getZoneId() { diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index a55904da8cd..7aa35052281 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -1734,17 +1734,49 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag if (networkOffering.getState() != NetworkOffering.State.Enabled) { throw new InvalidParameterValueException("Can't use network offering id=" + networkOfferingId + " as its state is not " + NetworkOffering.State.Enabled); } + + //validate physical network and zone + // Check if physical network exists + PhysicalNetwork pNtwk = null; + if (physicalNetworkId != null) { + pNtwk = _physicalNetworkDao.findById(physicalNetworkId); + if (pNtwk == null) { + throw new InvalidParameterValueException("Unable to find physical network by id " + physicalNetworkId); + } + + //check that the physical network is enabled + if (pNtwk.getState() != PhysicalNetwork.State.Enabled) { + throw new InvalidParameterValueException("Physical network id " + physicalNetworkId + " is in incorrect state: " + pNtwk.getState()); + } + } + + if (zoneId == null) { + zoneId = pNtwk.getDataCenterId(); + } + + DataCenter zone = _dcDao.findById(zoneId); + + if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())) { + throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zone.getId()); + } //Only domain and account ACL types are supported in Acton ACLType aclType = null; if (aclTypeStr != null) { if (aclTypeStr.equalsIgnoreCase(ACLType.Account.toString())) { + if (zone.getNetworkType() == NetworkType.Basic) { + throw new InvalidParameterValueException("Only AclType=Domain can be specified for network creation in Basic zone"); + } aclType = ACLType.Account; } else if (aclTypeStr.equalsIgnoreCase(ACLType.Domain.toString())){ aclType = ACLType.Domain; } else { throw new InvalidParameterValueException("Incorrect aclType specified. Check the API documentation for supported types"); } + } else if (zone.getNetworkType() == NetworkType.Advanced) { + aclType = ACLType.Account; + } else { + aclType = ACLType.Domain; } // Check if the network is domain specific @@ -1788,26 +1820,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag endIP = startIP; } - // Check if physical network exists - PhysicalNetwork pNtwk = null; - if (physicalNetworkId != null) { - pNtwk = _physicalNetworkDao.findById(physicalNetworkId); - if (pNtwk == null) { - throw new InvalidParameterValueException("Unable to find physical network by id " + physicalNetworkId); - } - - //check that the physical network is enabled - if (pNtwk.getState() != PhysicalNetwork.State.Enabled) { - throw new InvalidParameterValueException("Physical network id " + physicalNetworkId + " is in incorrect state: " + pNtwk.getState()); - } - } - - DataCenter zone = _dcDao.findById(zoneId); - - if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getType())) { - throw new PermissionDeniedException("Cannot perform this operation, Zone is currently disabled: " + zone.getId()); - } - // If one of the following parameters are defined (starIP/endIP/netmask/gateway), all the rest should be defined too ArrayList networkConfigs = new ArrayList(); networkConfigs.add(gateway); @@ -1966,11 +1978,13 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } else { if (networkDomain == null) { //1) Get networkDomain from the corresponding account/domain/zone - if (aclType == ACLType.Domain) { + if (aclType == null) { + networkDomain = getZoneNetworkDomain(zoneId); + } else if (aclType == ACLType.Domain) { networkDomain = getDomainNetworkDomain(domainId, zoneId); - } else { + } else if (aclType == ACLType.Account){ networkDomain = getAccountNetworkDomain(owner.getId(), zoneId); - } + } //2) If null, generate networkDomain using domain suffix from the global config variables if (networkDomain == null) {