Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Security Level: Public (Anyone can view this level - this is the default.)
-
None
Description
L2 networks are not shared between projects. When trying to deploy a vm assigning a project id, error is logged:
2018-01-18 09:04:31,749 INFO [c.c.a.ApiServer] (qtp1310540333-17:ctx-7ff91c56 ctx-8c37c46b ctx-d58064ad) (logid:74e86028) PermissionDenied: Unable to use network with id= 5bee486a-ff20-4db2-b62e-4b4f3485cfff, permission denied on objs: []
Attachments
Issue Links
- links to
Activity
DaanHoogland commented on a change in pull request #2420: CLOUDSTACK-10247: L2 network not shared on projects
URL: https://github.com/apache/cloudstack/pull/2420#discussion_r163479947
##########
File path: server/src/com/cloud/network/NetworkModelImpl.java
##########
@@ -1637,7 +1637,8 @@ public void checkNetworkPermissions(Account owner, Network network)
// Perform account permission check
- if (network.getGuestType() != Network.GuestType.Shared || (network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Account)) {
+ if ((network.getGuestType() != Network.GuestType.Shared && network.getGuestType() != GuestType.L2) ||
Review comment:
Network.GuestType.Shared is used and then GuestType.L2 directly. please cleanup the imports and use only one scope for one java class.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
nvazquez commented on issue #2420: CLOUDSTACK-10247: L2 network not shared on projects
URL: https://github.com/apache/cloudstack/pull/2420#issuecomment-360496114
Thanks @DaanHoogland, there were some other occurrences of `Network.GuestType` and `GuestType`, last commit unifies all occurrences to `GuestType`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
rhtyd commented on issue #2420: CLOUDSTACK-10247: L2 network not shared on projects
URL: https://github.com/apache/cloudstack/pull/2420#issuecomment-364674084
LGTM, merging based on reviews and test results.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
rhtyd closed pull request #2420: CLOUDSTACK-10247: L2 network not shared on projects
URL: https://github.com/apache/cloudstack/pull/2420
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/server/src/com/cloud/network/NetworkModelImpl.java b/server/src/com/cloud/network/NetworkModelImpl.java
index e583b717a16..b8e7b53b1fa 100644
— a/server/src/com/cloud/network/NetworkModelImpl.java
+++ b/server/src/com/cloud/network/NetworkModelImpl.java
@@ -930,7 +930,7 @@ public boolean areServicesSupportedInNetwork(long networkId, Service... services
@Override
public String getIpOfNetworkElementInVirtualNetwork(long accountId, long dataCenterId) {
- List<NetworkVO> virtualNetworks = _networksDao.listByZoneAndGuestType(accountId, dataCenterId, Network.GuestType.Isolated, false);
+ List<NetworkVO> virtualNetworks = _networksDao.listByZoneAndGuestType(accountId, dataCenterId, GuestType.Isolated, false);
if (virtualNetworks.isEmpty())
{ s_logger.trace("Unable to find default Virtual network account id=" + accountId); @@ -950,13 +950,13 @@ public String getIpOfNetworkElementInVirtualNetwork(long accountId, long dataCen }@Override
- public List<NetworkVO> listNetworksForAccount(long accountId, long zoneId, Network.GuestType type) {
+ public List<NetworkVO> listNetworksForAccount(long accountId, long zoneId, GuestType type) {
List<NetworkVO> accountNetworks = new ArrayList<NetworkVO>();
List<NetworkVO> zoneNetworks = _networksDao.listByZone(zoneId);
for (NetworkVO network : zoneNetworks) {
if (!isNetworkSystem(network)) {
- if (network.getGuestType() == Network.GuestType.Shared || !_networksDao.listBy(accountId, network.getId()).isEmpty()) {
+ if (network.getGuestType() == GuestType.Shared || !_networksDao.listBy(accountId, network.getId()).isEmpty())Unknown macro: { if (type == null || type == network.getGuestType()) { accountNetworks.add(network); }@@ -967,7 +967,7 @@ public String getIpOfNetworkElementInVirtualNetwork(long accountId, long dataCen }
@Override
- public List<NetworkVO> listAllNetworksInAllZonesByType(Network.GuestType type) {
+ public List<NetworkVO> listAllNetworksInAllZonesByType(GuestType type) {
List<NetworkVO> networks = new ArrayList<NetworkVO>();
for (NetworkVO network : _networksDao.listAll()) {
if (!isNetworkSystem(network)) {
@@ -1637,7 +1637,8 @@ public void checkNetworkPermissions(Account owner, Network network) { throw new CloudRuntimeException("cannot check permissions on (Network) <null>"); }// Perform account permission check
- if (network.getGuestType() != Network.GuestType.Shared || (network.getGuestType() == Network.GuestType.Shared && network.getAclType() == ACLType.Account)) {
+ if ((network.getGuestType() != GuestType.Shared && network.getGuestType() != GuestType.L2) ||
+ (network.getGuestType() == GuestType.Shared && network.getAclType() == ACLType.Account)) {
AccountVO networkOwner = _accountDao.findById(network.getAccountId());
if (networkOwner == null)
throw new PermissionDeniedException("Unable to use network with id= " + ((NetworkVO)network).getUuid() +
@@ -1802,14 +1803,14 @@ public boolean isPrivateGateway(long ntwkId) {
public boolean isNetworkAvailableInDomain(long networkId, long domainId) {
Long networkDomainId = null;
Network network = getNetwork(networkId); - if (network.getGuestType() != Network.GuestType.Shared) {
- s_logger.trace("Network id=" + networkId + " is not shared");
+ if (network.getGuestType() != GuestType.Shared && network.getGuestType() != GuestType.L2) { + s_logger.trace("Network id=" + networkId + " is not shared or L2"); return false; }
NetworkDomainVO networkDomainMap = _networkDomainDao.getDomainNetworkMapByNetworkId(networkId);
if (networkDomainMap == null)
else
{ networkDomainId = networkDomainMap.getDomainId(); diff --git a/server/src/com/cloud/network/NetworkServiceImpl.java b/server/src/com/cloud/network/NetworkServiceImpl.java index d7ae6276f85..93f73d20a5f 100644 --- a/server/src/com/cloud/network/NetworkServiceImpl.java +++ b/server/src/com/cloud/network/NetworkServiceImpl.java @@ -1101,8 +1101,8 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac }// Only Admin can create Shared networks
- if (ntwkOff.getGuestType() == GuestType.Shared && !_accountMgr.isAdmin(caller.getId())) {
- throw new InvalidParameterValueException("Only Admins can create network with guest type " + GuestType.Shared);
+ if ((ntwkOff.getGuestType() == GuestType.Shared || ntwkOff.getGuestType() == GuestType.L2) && !_accountMgr.isAdmin(caller.getId())) { + throw new InvalidParameterValueException("Only Admins can create network with guest type " + GuestType.Shared + " or " + GuestType.L2); }
// Check if the network is domain specific
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
Commit b2a19f7587fdd86fddc6c32fa8476eeac6269116 in cloudstack's branch refs/heads/4.11 from nicolas.vazquez
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=b2a19f7 ]
CLOUDSTACK-10247: L2 network not shared on projects (#2420)
When trying to deploy a vm providing a project id and a L2 network id, this error is logged.
Commit b2a19f7587fdd86fddc6c32fa8476eeac6269116 in cloudstack's branch refs/heads/master from nicolas.vazquez
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=b2a19f7 ]
CLOUDSTACK-10247: L2 network not shared on projects (#2420)
When trying to deploy a vm providing a project id and a L2 network id, this error is logged.
nvazquez commented on issue #2420:
CLOUDSTACK-10247: L2 network not shared on projectsURL: https://github.com/apache/cloudstack/pull/2420#issuecomment-359877998
Thanks @borisstoyanov! @DaanHoogland @rhtyd can you review?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org