@@ -2867,94 +2867,47 @@ public UserVm createAdvancedSecurityGroupVirtualMachine(DataCenter zone, Service
28672867
28682868 Account caller = UserContext .current ().getCaller ();
28692869 List <NetworkVO > networkList = new ArrayList <NetworkVO >();
2870- boolean isSecurityGroupEnabledNetworkUsed = false ;
28712870 boolean isVmWare = (template .getHypervisorType () == HypervisorType .VMware || (hypervisor != null && hypervisor == HypervisorType .VMware ));
2871+ if (isVmWare ) {
2872+ throw new InvalidParameterValueException ("Security group feature is not supported for vmWare hypervisor" );
2873+ }
28722874
28732875 // Verify that caller can perform actions in behalf of vm owner
28742876 _accountMgr .checkAccess (caller , null , true , owner );
2875-
2876- // If no network is specified, find system security group enabled
2877- // network
28782877 if (networkIdList == null || networkIdList .isEmpty ()) {
2879- Network networkWithSecurityGroup = _networkModel .getNetworkWithSecurityGroupEnabled (zone .getId ());
2880- if (networkWithSecurityGroup == null ) {
2881- throw new InvalidParameterValueException (
2882- "No network with security enabled is found in zone id="
2883- + zone .getId ());
2884- }
2885-
2886- networkList .add (_networkDao .findById (networkWithSecurityGroup .getId ()));
2887- isSecurityGroupEnabledNetworkUsed = true ;
2888-
2889- } else if (securityGroupIdList != null
2890- && !securityGroupIdList .isEmpty ()) {
2891- if (isVmWare ) {
2892- throw new InvalidParameterValueException (
2893- "Security group feature is not supported for vmWare hypervisor" );
2894- }
2895- // Only one network can be specified, and it should be security
2896- // group enabled
2897- if (networkIdList .size () > 1 ) {
2898- throw new InvalidParameterValueException (
2899- "Only support one network per VM if security group enabled" );
2900- }
2901-
2902- NetworkVO network = _networkDao .findById (networkIdList .get (0 )
2903- .longValue ());
2904-
2878+ throw new InvalidParameterValueException ("need to specify networkIDs" );
2879+ }
2880+ if (networkIdList .size () > 1 ) {
2881+ throw new InvalidParameterValueException ("VM can only be on one network in Zone with Security group enabled zone" );
2882+ }
2883+ // Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks
2884+ for (Long networkId : networkIdList ) {
2885+ NetworkVO network = _networkDao .findById (networkId );
29052886 if (network == null ) {
29062887 throw new InvalidParameterValueException (
29072888 "Unable to find network by id "
29082889 + networkIdList .get (0 ).longValue ());
29092890 }
29102891
2911- if (!_networkModel .isSecurityGroupSupportedInNetwork (network )) {
2912- throw new InvalidParameterValueException ("Network is not security group enabled: " + network .getId ());
2913- }
2914-
2915- networkList .add (network );
2916- isSecurityGroupEnabledNetworkUsed = true ;
2917-
2918- } else {
2919- // Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks
2920- for (Long networkId : networkIdList ) {
2921- NetworkVO network = _networkDao .findById (networkId );
2922-
2923- if (network == null ) {
2924- throw new InvalidParameterValueException (
2925- "Unable to find network by id "
2926- + networkIdList .get (0 ).longValue ());
2927- }
2928-
2929- boolean isSecurityGroupEnabled = _networkModel .isSecurityGroupSupportedInNetwork (network );
2930- if (isSecurityGroupEnabled ) {
2931- if (networkIdList .size () > 1 ) {
2932- throw new InvalidParameterValueException ("Can't create a vm with multiple networks one of" +
2933- " which is Security Group enabled" );
2934- }
2935-
2936- isSecurityGroupEnabledNetworkUsed = true ;
2937- }
2892+ boolean isSecurityGroupEnabled = _networkModel .isSecurityGroupSupportedInNetwork (network );
2893+ if ( ! isSecurityGroupEnabled ) {
2894+ throw new InvalidParameterValueException ("Only support Security Group enabled networks in Security enabled zone, network " + network .getUuid () + " doesn't support security group " );
2895+ }
29382896
2939- if (!(network .getTrafficType () == TrafficType .Guest && network .getGuestType () == Network .GuestType .Shared )) {
2940- throw new InvalidParameterValueException ("Can specify only Shared Guest networks when" +
2897+ if (!(network .getTrafficType () == TrafficType .Guest && network .getGuestType () == Network .GuestType .Shared )) {
2898+ throw new InvalidParameterValueException ("Can specify only Shared Guest networks when" +
29412899 " deploy vm in Advance Security Group enabled zone" );
2942- }
2900+ }
29432901
2944- // Perform account permission check
2945- if (network .getAclType () == ACLType .Account ) {
2946- _accountMgr .checkAccess (caller , AccessType .UseNetwork , false , network );
2947- }
2948- networkList .add (network );
2902+ // Perform account permission check
2903+ if (network .getAclType () == ACLType .Account ) {
2904+ _accountMgr .checkAccess (caller , AccessType .UseNetwork , false , network );
29492905 }
2906+ networkList .add (network );
29502907 }
2951-
29522908 // if network is security group enabled, and no security group is specified, then add the default security group automatically
2953- if (isSecurityGroupEnabledNetworkUsed && !isVmWare && _networkModel .canAddDefaultSecurityGroup ()) {
2954-
2955- // add the default securityGroup only if no security group is
2956- // specified
2957- if (securityGroupIdList == null || securityGroupIdList .isEmpty ()) {
2909+ if ( _networkModel .canAddDefaultSecurityGroup ()) {
2910+ if (securityGroupIdList == null || securityGroupIdList .isEmpty ()){
29582911 if (securityGroupIdList == null ) {
29592912 securityGroupIdList = new ArrayList <Long >();
29602913 }
@@ -2978,7 +2931,6 @@ public UserVm createAdvancedSecurityGroupVirtualMachine(DataCenter zone, Service
29782931 }
29792932 }
29802933 }
2981-
29822934 return createVirtualMachine (zone , serviceOffering , template , hostName , displayName , owner , diskOfferingId ,
29832935 diskSize , networkList , securityGroupIdList , group , userData , sshKeyPair , hypervisor , caller , requestedIps , defaultIps , keyboard );
29842936 }
0 commit comments