Advanced SG: allow create/update physical networks with vlan range (#8122)

Author: weizhouapache

server/src/main/java/com/cloud/network/NetworkServiceImpl.java

@@ -3816,12 +3816,8 @@ public PhysicalNetwork createPhysicalNetwork(final Long zoneId, final String vne
             throw new InvalidParameterException("Only one isolationMethod can be specified for a physical network at this time");
         }
 
-        if (vnetRange != null) {
-            // Verify zone type
-            if (zoneType == NetworkType.Basic || (zoneType == NetworkType.Advanced && zone.isSecurityGroupEnabled())) {
-                throw new InvalidParameterValueException(
-                        "Can't add vnet range to the physical network in the zone that supports " + zoneType + " network, Security Group enabled: " + zone.isSecurityGroupEnabled());
-            }
+        if (vnetRange != null && zoneType == NetworkType.Basic) {
+            throw new InvalidParameterValueException("Can't add vnet range to the physical network in the Basic zone");
         }
 
         BroadcastDomainRange broadcastDomainRange = null;
@@ -3943,11 +3939,9 @@ public PhysicalNetwork updatePhysicalNetwork(Long id, String networkSpeed, List<
         if (zone == null) {
             throwInvalidIdException("Zone with id=" + network.getDataCenterId() + " doesn't exist in the system", String.valueOf(network.getDataCenterId()), "dataCenterId");
         }
-        if (newVnetRange != null) {
-            if (zone.getNetworkType() == NetworkType.Basic || (zone.getNetworkType() == NetworkType.Advanced && zone.isSecurityGroupEnabled())) {
-                throw new InvalidParameterValueException(
-                        "Can't add vnet range to the physical network in the zone that supports " + zone.getNetworkType() + " network, Security Group enabled: " + zone.isSecurityGroupEnabled());
-            }
+
+        if (newVnetRange != null && zone.getNetworkType() == NetworkType.Basic) {
+            throw new InvalidParameterValueException("Can't add vnet range to the physical network in the Basic zone");
         }
 
         if (tags != null && tags.size() > 1) {

server/src/main/java/com/cloud/vm/UserVmManagerImpl.java

@@ -3644,8 +3644,8 @@ public UserVm createAdvancedSecurityGroupVirtualMachine(DataCenter zone, Service
                     isSecurityGroupEnabledNetworkUsed = true;
                 }
 
-                if (!(network.getTrafficType() == TrafficType.Guest && network.getGuestType() == Network.GuestType.Shared)) {
-                    throw new InvalidParameterValueException("Can specify only Shared Guest networks when" + " deploy vm in Advance Security Group enabled zone");
+                if (network.getTrafficType() != TrafficType.Guest || !Arrays.asList(GuestType.Shared, GuestType.L2).contains(network.getGuestType())) {
+                    throw new InvalidParameterValueException("Can specify only Shared or L2 Guest networks when deploy vm in Advance Security Group enabled zone");
                 }
 
                 _accountMgr.checkAccess(owner, AccessType.UseEntry, false, network);