@Override
public boolean apply(Allocation allocInfo) throws MetadataException {
Context ctx = allocInfo.getContext();
NetworkGroups.lookup(
ctx.getUserFullName().asAccountFullName(), NetworkGroups.defaultNetworkName());
Set<String> networkNames = Sets.newHashSet(allocInfo.getRequest().getGroupSet());
if (networkNames.isEmpty()) {
networkNames.add(NetworkGroups.defaultNetworkName());
}
Map<String, NetworkGroup> networkRuleGroups = Maps.newHashMap();
for (String groupName : networkNames) {
NetworkGroup group =
NetworkGroups.lookup(ctx.getUserFullName().asAccountFullName(), groupName);
if (!ctx.hasAdministrativePrivileges()
&& !RestrictedTypes.filterPrivileged().apply(group)) {
throw new IllegalMetadataAccessException(
"Not authorized to use network group "
+ groupName
+ " for "
+ ctx.getUser().getName());
}
networkRuleGroups.put(groupName, group);
}
Set<String> missingNets = Sets.difference(networkNames, networkRuleGroups.keySet());
if (!missingNets.isEmpty()) {
throw new NoSuchMetadataException("Failed to find security group info for: " + missingNets);
} else {
allocInfo.setNetworkRules(networkRuleGroups);
}
return true;
}
