server: fix regular user can create isolated network without sourcenat (#5844)

* server: fix regular user can create isolated network without sourcenat
2022-01-20 09:40:23 +01:00 · 2022-01-20 09:40:23 +01:00 · f3289fb596
parent fb35f46a96
commit f3289fb596
1 changed files with 20 additions and 6 deletions
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@ -1360,12 +1360,9 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C

        performBasicPrivateVlanChecks(vlanId, secondaryVlanId, privateVlanType);

-        // Regular user can create Guest Isolated Source Nat enabled network only
-        if (_accountMgr.isNormalUser(caller.getId()) && (ntwkOff.getTrafficType() != TrafficType.Guest
-                || ntwkOff.getGuestType() != Network.GuestType.Isolated && areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat))) {
-            throw new InvalidParameterValueException(
-                    String.format("Regular users can only create a network from network offerings having traffic type [%s] and network type [%s] with a service [%s] enabled.", TrafficType.Guest,
-                            Network.GuestType.Isolated, Service.SourceNat.getName()));
+        // Regular user can create Guest Isolated Source Nat enabled network or L2 network only
+        if (_accountMgr.isNormalUser(caller.getId())) {
+            validateNetworkOfferingForRegularUser(ntwkOff);
        }

        // Don't allow to specify vlan if the caller is not ROOT admin
@ -1457,6 +1454,23 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
        return network;
    }

+    private void validateNetworkOfferingForRegularUser(NetworkOfferingVO ntwkOff) {
+        if (ntwkOff.getTrafficType() != TrafficType.Guest) {
+            throw new InvalidParameterValueException("Regular users can only create a Guest network");
+        }
+        if (ntwkOff.getGuestType() == GuestType.Isolated && areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)) {
+            s_logger.debug(String.format("Creating a network from network offerings having traffic type [%s] and network type [%s] with a service [%s] enabled.",
+                    TrafficType.Guest, GuestType.Isolated, Service.SourceNat.getName()));
+        } else if (ntwkOff.getGuestType() == GuestType.L2) {
+            s_logger.debug(String.format("Creating a network from network offerings having traffic type [%s] and network type [%s].",
+                    TrafficType.Guest, GuestType.L2));
+        } else {
+            throw new InvalidParameterValueException(
+                    String.format("Regular users can only create an %s network with a service [%s] enabled, or a %s network.",
+                            GuestType.Isolated, Service.SourceNat.getName(), GuestType.L2));
+        }
+    }
+
    /**
     * Retrieve information (if set) for private VLAN when creating the network
     */