bug 13924: default Firewall provider to Juniper when Juniper is a provider for Pf/StaticNat or source nat service

status 13924: resolved fixed reviewed-by: Will Chan
2025-10-26 08:42:29 +01:00 · 2012-02-22 18:45:13 -08:00 · 2012-02-22 18:45:13 -08:00 · 836a063a9e
commit 836a063a9e
parent b683312df5
1 changed files with 12 additions and 4 deletions
--- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java
@ -3101,6 +3101,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
        // populate providers
        Map<Provider, Set<Service>> providerCombinationToVerify = new HashMap<Provider, Set<Service>>();
        Map<String, List<String>> svcPrv = cmd.getServiceProviders();
+        boolean isSrx = false;
        if (svcPrv != null) {
            for (String serviceStr : svcPrv.keySet()) {
                Network.Service service = Network.Service.getService(serviceStr);
@ -3117,9 +3118,8 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
                            throw new InvalidParameterValueException("Invalid service provider: " + prvNameStr);
                        }

-                        // Only VirtualRouter can be specified as a firewall provider
-                        if (service == Service.Firewall && provider != Provider.VirtualRouter) {
-                            throw new InvalidParameterValueException("Only Virtual router can be specified as a provider for the Firewall service");
+                        if (provider == Provider.JuniperSRX) {
+                            isSrx = true;
                        }
                            
                        providers.add(provider);
@ -3170,6 +3170,14 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura
        serviceCapabilityMap.put(Service.SourceNat, sourceNatServiceCapabilityMap);
        serviceCapabilityMap.put(Service.StaticNat, staticNatServiceCapabilityMap);
        
+        //if Firewall service is missing, and Juniper is a provider for any other service, add Firewall service/provider combination
+        if (isSrx)  {
+            s_logger.debug("Adding Firewall service with provider " + Provider.JuniperSRX.getName());
+            Set<Provider> firewallProvider = new HashSet<Provider>();
+            firewallProvider.add(Provider.JuniperSRX);
+            serviceProviderMap.put(Service.Firewall, firewallProvider);
+        }
+
        return createNetworkOffering(userId, name, displayText, trafficType, tags, specifyVlan, availability, networkRate, serviceProviderMap, false, guestType,
                false, serviceOfferingId, conserveMode, serviceCapabilityMap, specifyIpRanges);
    }