@Override public boolean apply(Allocation allocInfo) throws MetadataException { Context ctx = allocInfo.getContext(); NetworkGroups.lookup( ctx.getUserFullName().asAccountFullName(), NetworkGroups.defaultNetworkName()); Set<String> networkNames = Sets.newHashSet(allocInfo.getRequest().getGroupSet()); if (networkNames.isEmpty()) { networkNames.add(NetworkGroups.defaultNetworkName()); } Map<String, NetworkGroup> networkRuleGroups = Maps.newHashMap(); for (String groupName : networkNames) { NetworkGroup group = NetworkGroups.lookup(ctx.getUserFullName().asAccountFullName(), groupName); if (!ctx.hasAdministrativePrivileges() && !RestrictedTypes.filterPrivileged().apply(group)) { throw new IllegalMetadataAccessException( "Not authorized to use network group " + groupName + " for " + ctx.getUser().getName()); } networkRuleGroups.put(groupName, group); } Set<String> missingNets = Sets.difference(networkNames, networkRuleGroups.keySet()); if (!missingNets.isEmpty()) { throw new NoSuchMetadataException("Failed to find security group info for: " + missingNets); } else { allocInfo.setNetworkRules(networkRuleGroups); } return true; }