Add L2 networks to Zones with SG

api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java

@@ -311,10 +311,10 @@ public Long getPhysicalNetworkId() {
             }
         }
         if (physicalNetworkId != null) {
-            if (offering.getGuestType() == GuestType.Shared) {
+            if ((offering.getGuestType() == GuestType.Shared) || (offering.getGuestType() == GuestType.L2)) {
                 return physicalNetworkId;
             } else {
-                throw new InvalidParameterValueException("Physical network ID can be specified for networks of guest IP type " + GuestType.Shared + " only.");
+                throw new InvalidParameterValueException("Physical network ID can be specified for networks of guest IP type " + GuestType.Shared + " or " + GuestType.L2 + " only.");
             }
         } else {
             if (zoneId == null) {

api/src/test/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmdTest.java

@@ -251,7 +251,23 @@ public void testGetPhysicalNetworkIdForNonSharedNet() {
         try {
             cmd.getPhysicalNetworkId();
         } catch (Exception e) {
-            Assert.assertTrue(e.getMessage().startsWith("Physical network ID can be specified for networks of guest IP type Shared only"));
+            Assert.assertTrue(e.getMessage().startsWith("Physical network ID can be specified for networks of guest IP type Shared or L2 only."));
+        }
+    }
+
+    @Test
+    public void testGetPhysicalNetworkIdForL2Net() {
+        Long physicalNetworkId = 1L;
+        Long networkOfferingId = 1L;
+        ReflectionTestUtils.setField(cmd, "networkOfferingId", networkOfferingId);
+        NetworkOffering networkOffering = Mockito.mock(NetworkOffering.class);
+        ReflectionTestUtils.setField(cmd, "physicalNetworkId", physicalNetworkId);
+        Mockito.when(_entityMgr.findById(NetworkOffering.class, networkOfferingId)).thenReturn(networkOffering);
+        Mockito.when(networkOffering.getGuestType()).thenReturn(Network.GuestType.L2);
+        try {
+            Assert.assertEquals(cmd.getPhysicalNetworkId(), physicalNetworkId);
+        } catch (Exception e) {
+            Assert.fail("Failed to get physical network id");
         }
     }
 

engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java

@@ -2665,8 +2665,8 @@ private Network createGuestNetwork(final long networkOfferingId, final String na
                 }
                 // Only Account specific Isolated network with sourceNat service disabled are allowed in security group
                 // enabled zone
-                if (ntwkOff.getGuestType() != GuestType.Shared) {
-                    throw new InvalidParameterValueException("Only shared guest network can be created in security group enabled zone");
+                if ((ntwkOff.getGuestType() != GuestType.Shared) && (ntwkOff.getGuestType() != GuestType.L2)) {
+                    throw new InvalidParameterValueException("Only shared or L2 guest network can be created in security group enabled zone");
                 }
                 if (_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)) {
                     throw new InvalidParameterValueException("Service SourceNat is not allowed in security group enabled zone");

server/src/main/java/com/cloud/vm/UserVmManagerImpl.java

@@ -236,6 +236,7 @@
 import com.cloud.hypervisor.kvm.dpdk.DpdkHelper;
 import com.cloud.network.IpAddressManager;
 import com.cloud.network.Network;
+import com.cloud.network.Network.GuestType;
 import com.cloud.network.Network.IpAddresses;
 import com.cloud.network.Network.Provider;
 import com.cloud.network.Network.Service;
@@ -3584,13 +3585,14 @@ public UserVm createAdvancedSecurityGroupVirtualMachine(DataCenter zone, Service
 
             for (Long networkId : networkIdList) {
                 NetworkVO network = _networkDao.findById(networkId);
+                NetworkOffering ntwkOffering = _networkOfferingDao.findById(network.getNetworkOfferingId());
 
                 if (network == null) {
                     throw new InvalidParameterValueException("Unable to find network by id " + networkId);
                 }
 
-                if (!_networkModel.isSecurityGroupSupportedInNetwork(network)) {
-                    throw new InvalidParameterValueException("Network is not security group enabled: " + network.getId());
+                if (!_networkModel.isSecurityGroupSupportedInNetwork(network) && (ntwkOffering.getGuestType() != GuestType.L2)) {
+                    throw new InvalidParameterValueException("Network is not security group enabled or not L2 network: " + network.getId());
                 }
 
                 _accountMgr.checkAccess(owner, AccessType.UseEntry, false, network);

ui/src/views/network/CreateL2NetworkForm.vue

@@ -315,7 +315,7 @@ export default {
       api('listZones', params).then(json => {
         for (const i in json.listzonesresponse.zone) {
           const zone = json.listzonesresponse.zone[i]
-          if (zone.networktype === 'Advanced' && zone.securitygroupsenabled !== true) {
+          if (zone.networktype === 'Advanced') {
             this.zones.push(zone)
           }
         }

ui/src/views/network/CreateNetwork.vue

@@ -26,7 +26,7 @@
           @refresh-data="refreshParent"
           @refresh="handleRefresh"/>
       </a-tab-pane>
-      <a-tab-pane :tab="$t('label.l2')" key="3" v-if="isAdvancedZoneWithoutSGAvailable">
+      <a-tab-pane :tab="$t('label.l2')" key="3">
         <CreateL2NetworkForm
           :loading="loading"
           :resource="resource"