javascriptextjs
diff --git a/‎server/src/com/cloud/configuration/ConfigurationManagerImpl.java‎
Lines changed: 4 additions & 6 deletions b/‎server/src/com/cloud/configuration/ConfigurationManagerImpl.java‎
Lines changed: 4 additions & 6 deletions
diff --git a/‎server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java‎
Lines changed: 19 additions & 10 deletions b/‎server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java‎
Lines changed: 19 additions & 10 deletions
diff --git a/‎server/src/com/cloud/resource/ResourceManagerImpl.java‎
Lines changed: 6 additions & 0 deletions b/‎server/src/com/cloud/resource/ResourceManagerImpl.java‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java‎
Lines changed: 20 additions & 12 deletions b/‎server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java‎
Lines changed: 20 additions & 12 deletions
diff --git a/‎setup/db/db/schema-410to420.sql‎
Lines changed: 2 additions & 1 deletion b/‎setup/db/db/schema-410to420.sql‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎setup/dev/advancedsg.cfg‎
Lines changed: 185 additions & 0 deletions b/‎setup/dev/advancedsg.cfg‎
Lines changed: 185 additions & 0 deletions
@@ -1787,13 +1787,11 @@ public DataCenter editZone(UpdateZoneCmd cmd) {
                 // check if zone has necessary trafficTypes before enabling
                 try {
                     PhysicalNetwork mgmtPhyNetwork;
-                    if (NetworkType.Advanced == zone.getNetworkType()) {
-                        // zone should have a physical network with public and management traffiType
+                    // zone should have a physical network with management traffiType
+                    mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management);
+                    if (NetworkType.Advanced == zone.getNetworkType() && ! zone.isSecurityGroupEnabled() ) {
+                        // advanced zone without SG should have a physical network with public Thpe
                         _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Public);
-                        mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management);
-                    } else {
-                        // zone should have a physical network with management traffiType
-                        mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management);
                     }
 
                     try {
 
@@ -687,19 +687,28 @@ protected Map<String, Object> createProxyInstance(long dataCenterId, HypervisorT
 
         DataCenterDeployment plan = new DataCenterDeployment(dataCenterId);
 
-        TrafficType defaultTrafficType = TrafficType.Public;
-        if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
-            defaultTrafficType = TrafficType.Guest;
-        }
-
-        List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
+        NetworkVO defaultNetwork = null;
+        if (dc.getNetworkType() == NetworkType.Advanced && dc.isSecurityGroupEnabled()) {
+            List<NetworkVO> networks = _networkDao.listByZoneSecurityGroup(dataCenterId);
+            if (networks == null || networks.size() == 0) {
+                throw new CloudRuntimeException("Can not found security enabled network in SG Zone " + dc);
+            }
+            defaultNetwork = networks.get(0);
+        } else {
+            TrafficType defaultTrafficType = TrafficType.Public;
+            if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
+                defaultTrafficType = TrafficType.Guest;
+            }
+            List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
 
-        if (defaultNetworks.size() != 1) {
-            throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + defaultTrafficType + " when expect to find 1");
+            // api should never allow this situation to happen
+            if (defaultNetworks.size() != 1) {
+                throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type "
+                      + defaultTrafficType + " when expect to find 1");
+            }
+             defaultNetwork = defaultNetworks.get(0);
         }
 
-        NetworkVO defaultNetwork = defaultNetworks.get(0);
-
         List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOffering.SystemControlNetwork, NetworkOffering.SystemManagementNetwork);
         List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1);
         NicProfile defaultNic = new NicProfile();
 
@@ -444,6 +444,12 @@ public List<? extends Cluster> discoverCluster(AddClusterCmd cmd)
 					+ cmd.getHypervisor() + " to a supported ");
         }
 
+        if (zone.isSecurityGroupEnabled()) {
+            if( hypervisorType != HypervisorType.KVM && hypervisorType != HypervisorType.XenServer ) {
+                throw new InvalidParameterValueException("Don't support hypervisor type " + hypervisorType + " in advanced security enabled zone");
+            }
+        }
+
         Cluster.ClusterType clusterType = null;
         if (cmd.getClusterType() != null && !cmd.getClusterType().isEmpty()) {
             clusterType = Cluster.ClusterType.valueOf(cmd.getClusterType());
 
@@ -538,19 +538,27 @@ protected Map<String, Object> createSecStorageVmInstance(long dataCenterId, Seco
         DataCenterDeployment plan = new DataCenterDeployment(dataCenterId);
         DataCenter dc = _dcDao.findById(plan.getDataCenterId());
 
-        TrafficType defaultTrafficType = TrafficType.Public;
-        if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
-        	defaultTrafficType = TrafficType.Guest;
-        }
-        
-        List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
-        
-        //api should never allow this situation to happen
-        if (defaultNetworks.size() != 1) {
-        	throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + defaultTrafficType + " when expect to find 1");
+        NetworkVO defaultNetwork = null;
+        if (dc.getNetworkType() == NetworkType.Advanced && dc.isSecurityGroupEnabled()) {
+            List<NetworkVO> networks = _networkDao.listByZoneSecurityGroup(dataCenterId);
+            if (networks == null || networks.size() == 0) {
+                throw new CloudRuntimeException("Can not found security enabled network in SG Zone " + dc);
+            }
+            defaultNetwork = networks.get(0);
+        } else {
+            TrafficType defaultTrafficType = TrafficType.Public;
+
+            if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) {
+                defaultTrafficType = TrafficType.Guest;
+            }
+            List<NetworkVO> defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType);
+            // api should never allow this situation to happen
+            if (defaultNetworks.size() != 1) {
+                throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type "
+                                + defaultTrafficType + " when expect to find 1");
+            }
+            defaultNetwork = defaultNetworks.get(0);
         }
-        
-        NetworkVO defaultNetwork = defaultNetworks.get(0);
 
         List<? extends NetworkOffering> offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOfferingVO.SystemControlNetwork, NetworkOfferingVO.SystemManagementNetwork, NetworkOfferingVO.SystemStorageNetwork);
         List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(offerings.size() + 1);
 
@@ -1716,4 +1716,5 @@ UPDATE `cloud`.`snapshots` set swift_id=null where swift_id=0;
 -- Re-enable foreign key checking, at the end of the upgrade path
 SET foreign_key_checks = 1;			
 UPDATE `cloud`.`snapshot_policy` set uuid=id WHERE uuid is NULL;
-
+#update shared sg enabled network with not null name in Advance Security Group enabled network
+UPDATE `cloud`.`networks` set name='Shared SG enabled network', display_text='Shared SG enabled network' WHERE name IS null AND traffic_type='Guest' AND data_center_id IN (select id from data_center where networktype='Advanced' and is_security_group_enabled=1) AND acl_type='Domain';
@@ -0,0 +1,185 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+{
+    "zones": [
+        {
+            "name": "Sandbox-Simulator", 
+            "dns1": "10.147.28.6", 
+            "physical_networks": [
+                {
+                    "name": "Sandbox-pnet", 
+                    "tags": [
+                        "cloud-simulator-pnet"
+                    ], 
+                    "broadcastdomainrange": "Zone", 
+                    "providers": [
+                        {
+                            "broadcastdomainrange": "ZONE", 
+                            "name": "VirtualRouter"
+                        }, 
+                        {
+                            "broadcastdomainrange": "ZONE", 
+                            "name": "SecurityGroupProvider"
+                        }
+                    ], 
+                    "traffictypes": [
+                        {
+                            "typ": "Guest"
+                        }, 
+                        {
+                            "typ": "Management", 
+                            "simulator": "cloud-simulator-mgmt"
+                        }
+                    ], 
+                    "isolationmethods": [
+                        "VLAN"
+                    ]
+                }
+            ], 
+            "securitygroupenabled": "true", 
+            "ipranges": [
+                {
+                    "startip": "10.147.31.150", 
+                    "endip": "10.147.31.159", 
+                    "netmask": "255.255.255.0", 
+                    "vlan": "31", 
+                    "gateway": "10.147.31.1"
+                }
+            ], 
+            "networktype": "Advanced", 
+            "pods": [
+                {
+                    "endip": "10.147.29.159", 
+                    "name": "POD0", 
+                    "startip": "10.147.29.150", 
+                    "netmask": "255.255.255.0", 
+                    "clusters": [
+                        {
+                            "clustername": "C0", 
+                            "hypervisor": "Simulator", 
+                            "hosts": [
+                                {
+                                    "username": "root", 
+                                    "url": "http://simulator0", 
+                                    "password": "password"
+                                }
+                            ], 
+                            "clustertype": "CloudManaged", 
+                            "primaryStorages": [
+                                {
+                                    "url": "nfs://10.147.28.6:/export/home/sandbox/primary", 
+                                    "name": "PS0"
+                                }
+                            ]
+                        }
+                    ], 
+                    "gateway": "10.147.29.1"
+                }
+            ], 
+            "internaldns1": "10.147.28.6", 
+            "secondaryStorages": [
+                {
+                    "url": "nfs://10.147.28.6:/export/home/sandbox/sstor"
+                }
+            ]
+        }
+    ], 
+    "dbSvr": {
+        "dbSvr": "localhost", 
+        "passwd": "cloud", 
+        "db": "cloud", 
+        "port": 3306, 
+        "user": "cloud"
+    }, 
+    "logger": [
+        {
+            "name": "TestClient", 
+            "file": "testclient.log"
+        }, 
+        {
+            "name": "TestCase", 
+            "file": "testcase.log"
+        }
+    ], 
+    "globalConfig": [
+        {
+            "name": "storage.cleanup.interval", 
+            "value": "300"
+        }, 
+        {
+            "name": "direct.agent.load.size", 
+            "value": "1000"
+        }, 
+        {
+            "name": "default.page.size", 
+            "value": "10000"
+        }, 
+        {
+            "name": "instance.name", 
+            "value": "QA"
+        }, 
+        {
+            "name": "workers", 
+            "value": "10"
+        }, 
+        {
+            "name": "vm.op.wait.interval", 
+            "value": "5"
+        }, 
+        {
+            "name": "account.cleanup.interval", 
+            "value": "600"
+        }, 
+        {
+            "name": "guest.domain.suffix", 
+            "value": "sandbox.simulator"
+        }, 
+        {
+            "name": "expunge.delay", 
+            "value": "60"
+        }, 
+        {
+            "name": "vm.allocation.algorithm", 
+            "value": "random"
+        }, 
+        {
+            "name": "expunge.interval", 
+            "value": "60"
+        }, 
+        {
+            "name": "expunge.workers", 
+            "value": "3"
+        }, 
+        {
+            "name": "secstorage.allowed.internal.sites", 
+            "value": "10.147.28.0/24"
+        }, 
+        {
+            "name": "check.pod.cidrs", 
+            "value": "true"
+        }
+    ], 
+    "mgtSvr": [
+        {
+            "mgtSvrIp": "localhost", 
+            "passwd": "password", 
+            "user": "root", 
+            "port": 8096
+        }
+    ]
+}