From 0cc39bb570928919e0286e72cc0ccf2614ef699b Mon Sep 17 00:00:00 2001 From: Harikrishna Patnala Date: Mon, 11 May 2026 17:01:38 +0530 Subject: [PATCH] Changes in mapping to the VPC and not the tier network --- .../network/firewall/FirewallManagerImpl.java | 7 ++++++- ui/src/views/network/PublicIpResource.vue | 18 +++++++++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java b/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java index 779d26d51f1..4584c201a11 100644 --- a/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java +++ b/server/src/main/java/com/cloud/network/firewall/FirewallManagerImpl.java @@ -692,7 +692,12 @@ public class FirewallManagerImpl extends ManagerBase implements FirewallService, case Ipv6Firewall: for (FirewallServiceProvider fwElement : _firewallElements) { Network.Provider provider = fwElement.getProvider(); - boolean isFwProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, provider); + boolean isFwProvider; + if (network.getVpcId() != null) { + isFwProvider = _vpcMgr.isProviderSupportServiceInVpc(network.getVpcId(), Service.Firewall, provider); + } else { + isFwProvider = _networkModel.isProviderSupportServiceInNetwork(network.getId(), Service.Firewall, provider); + } if (!isFwProvider) { continue; } diff --git a/ui/src/views/network/PublicIpResource.vue b/ui/src/views/network/PublicIpResource.vue index 340aec7119f..5a5ea99a003 100644 --- a/ui/src/views/network/PublicIpResource.vue +++ b/ui/src/views/network/PublicIpResource.vue @@ -135,12 +135,13 @@ export default { return } if (this.resource && this.resource.vpcid) { -`` const vpc = await this.fetchVpc() + const vpc = await this.fetchVpc() + const hasFirewallCapability = this.hasVpcFirewallCapability(vpc) // VPC IPs with source nat have only VPN when VPC offering conserve mode = false if (this.resource.issourcenat && vpc?.vpcofferingconservemode === false) { - let tabs = this.defaultTabs.concat(this.$route.meta.tabs.filter(tab => tab.name === 'vpn')) - this.tabs = this.addFirewallTab(tabs) + const tabs = this.defaultTabs.concat(this.$route.meta.tabs.filter(tab => tab.name === 'vpn')) + this.tabs = hasFirewallCapability ? this.addFirewallTab(tabs) : tabs return } @@ -150,12 +151,15 @@ export default { if (this.resource.virtualmachinetype === 'DomainRouter') { tabs = this.defaultTabs.concat(this.$route.meta.tabs.filter(tab => tab.name === 'vpn')) } - this.tabs = this.addFirewallTab(tabs) + this.tabs = hasFirewallCapability ? this.addFirewallTab(tabs) : tabs return } - // VPC IPs have all tabs, and firewall should always be visible + // VPC IPs have all tabs; firewall is shown only if VPC has firewall capability let tabs = this.$route.meta.tabs + if (!hasFirewallCapability) { + tabs = tabs.filter(tab => tab.name !== 'firewall') + } const network = await this.fetchNetwork() if (network && network.networkofferingconservemode) { @@ -210,6 +214,10 @@ export default { } return tabs.concat(firewallTab) }, + hasVpcFirewallCapability (vpc) { + const services = vpc?.service || [] + return Array.isArray(services) && services.some(service => (service?.name || '').toLowerCase() === 'firewall') + }, fetchVpc () { if (!this.resource.vpcid) { return null