network: fix vm can be deployed on L2 network of other accounts (#5784)

* Update #5769: fix domain admin can deploy vm on L2 network of other users * test: fix test_storage_policy.py * Update #5784: revert part of changes in #2420
2022-01-11 07:46:00 +01:00 · 2022-01-11 07:46:00 +01:00 · fadd74aaca
parent 028d338aaa
commit fadd74aaca
2 changed files with 6 additions and 5 deletions
--- a/server/src/main/java/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkModelImpl.java
@ -1659,8 +1659,7 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi
            throw new CloudRuntimeException("cannot check permissions on (Network) <null>");
        }
        // Perform account permission check
-        if ((network.getGuestType() != GuestType.Shared && network.getGuestType() != GuestType.L2) ||
-                (network.getGuestType() == GuestType.Shared && network.getAclType() == ACLType.Account)) {
+        if (network.getGuestType() != GuestType.Shared || network.getAclType() == ACLType.Account) {
            AccountVO networkOwner = _accountDao.findById(network.getAccountId());
            if (networkOwner == null)
                throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO)network).getUuid() +
@ -1838,14 +1837,14 @@ public class NetworkModelImpl extends ManagerBase implements NetworkModel, Confi
    public boolean isNetworkAvailableInDomain(long networkId, long domainId) {
        Long networkDomainId = null;
        Network network = getNetwork(networkId);
-        if (network.getGuestType() != GuestType.Shared && network.getGuestType() != GuestType.L2) {
-            s_logger.trace("Network id=" + networkId + " is not shared or L2");
+        if (network.getGuestType() != GuestType.Shared) {
+            s_logger.trace("Network id=" + networkId + " is not shared");
            return false;
        }

        NetworkDomainVO networkDomainMap = _networkDomainDao.getDomainNetworkMapByNetworkId(networkId);
        if (networkDomainMap == null) {
-            s_logger.trace("Network id=" + networkId + " is shared or L2, but not domain specific");
+            s_logger.trace("Network id=" + networkId + " is shared, but not domain specific");
            return true;
        } else {
            networkDomainId = networkDomainMap.getDomainId();
--- a/test/integration/smoke/test_storage_policy.py
+++ b/test/integration/smoke/test_storage_policy.py
@ -192,6 +192,8 @@ class TestVMWareStoragePolicies(cloudstackTestCase):
            self.apiclient,
            self.testdata["l2-network"],
            zoneid=self.zone.id,
+            accountid=self.account.name,
+            domainid=self.account.domainid,
            networkofferingid=self.network_offering.id
        )
        self.cleanup.append(l2_network)