Open
Description
problem
A bugfix introduced in 4.19.2.0 #9596 has caused regression with Shared Networks in an Advanced Zone. We have Shared Networks owned/created by ROOT, now when calling deployVirtualMachine without specifying networkids a user can no longer deploy a virtual machine. The code will loop over all existing networks and try to find one owned by the accountid of the caller, but this will fail and thus results in the error below:
2025-07-03 10:15:19,350 DEBUG [c.c.n.NetworkModelImpl] (qtp1312381159-22:ctx-f210c9ac ctx-bed343de ctx-b06ef2f0) (logid:d87b1fcd) Can not find network with security group enabled with free IPs
2025-07-03 10:15:19,351 INFO [c.c.a.ApiServer] (qtp1312381159-22:ctx-f210c9ac ctx-bed343de ctx-b06ef2f0) (logid:d87b1fcd) No network with security enabled is found in zone id=10c85e3a-b499-4b73-a78d-f2f48ca2a3ba
This was functioning in 4.19.1 and is broken since we upgraded to 4.19.3 (CVE patch)
versions
4.19.3
The steps to reproduce the bug
- Shared Networks in an Advanced Zone
- Create network owned by ROOT
- Create a new account
- Call
deployVritualMachineand pass the accountid+securitygroupids and NOT networkids:deploy virtualmachine displayname=rubentest domainid=066fac82-fed8-44bf-af3e-27b30e28127f securitygroupids=3a1862d1-b2d4-4f08-9ba5-7abeb07cafac serviceofferingid=3fd7b0f1-bc04-44e3-8305-5eead74f1756 templateid=b7de29f0-b240-4ae6-9843-9291bd3c397e zoneid=10c85e3a-b499-4b73-a78d-f2f48ca2a3ba account=cs22843888 - A deploy will fail. On 4.19.1 this still worked
- Passing the previous command with
networkidsspecified still works fine
What to do about it?
Make it so that accounts can still use ROOT provided networks in Advanced Networking zones without needing to specify the network ID.
Metadata
Metadata
Assignees
Type
Projects
Status
No status