NSX: Re-add network rules when network is updated

plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java

@@ -387,7 +387,9 @@ public class NsxResource implements ServerResource {
             String privatePort = cmd.getPrivatePort();
             String service = privatePort.contains("-") ? nsxApiClient.getServicePath(ruleName, privatePort, cmd.getProtocol(), null, null) :
                     nsxApiClient.getNsxInfraServices(ruleName, privatePort, cmd.getProtocol(), null, null);
-
+            if (nsxApiClient.doesPfRuleExist(ruleName, tier1GatewayName, cmd.getNetworkResourceName())) {
+                return new NsxAnswer(cmd, true, null);
+            }
             nsxApiClient.createPortForwardingRule(ruleName, tier1GatewayName, cmd.getNetworkResourceName(), cmd.getPublicIp(),
                     cmd.getVmIp(), cmd.getPublicPort(), service);
         } catch (Exception e) {

plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxApiClient.java

@@ -124,6 +124,7 @@ public class NsxApiClient {
     protected static final String NSX_LB_PASSIVE_MONITOR = "/infra/lb-monitor-profiles/default-passive-lb-monitor";
     protected static final String TCP_MONITOR_PROFILE = "LBTcpMonitorProfile";
     protected static final String UDP_MONITOR_PROFILE = "LBUdpMonitorProfile";
+    protected static final String NAT_ID = "USER";
 
     private enum PoolAllocation { ROUTING, LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE }
 
@@ -342,18 +343,16 @@ public class NsxApiClient {
 
     private void removeTier1GatewayNatRules(String tier1Id) {
         NatRules natRulesService = (NatRules) nsxService.apply(NatRules.class);
-        String natId = "USER";
-        PolicyNatRuleListResult result = natRulesService.list(tier1Id, natId, null, false, null, null, null, null);
+        PolicyNatRuleListResult result = natRulesService.list(tier1Id, NAT_ID, null, false, null, null, null, null);
         List<PolicyNatRule> natRules = result.getResults();
         if (CollectionUtils.isEmpty(natRules)) {
             logger.debug(String.format("Didn't find any NAT rule to remove on the Tier 1 Gateway %s", tier1Id));
         } else {
             for (PolicyNatRule natRule : natRules) {
                 logger.debug(String.format("Removing NAT rule %s from Tier 1 Gateway %s", natRule.getId(), tier1Id));
-                natRulesService.delete(tier1Id, natId, natRule.getId());
+                natRulesService.delete(tier1Id, NAT_ID, natRule.getId());
             }
         }
-
     }
 
     public String getDefaultSiteId() {
@@ -566,13 +565,23 @@ public class NsxApiClient {
             natService.patch(tier1GatewayName, NatId.USER.name(), ruleName, rule);
         } catch (Error error) {
             ApiError ae = error.getData()._convertTo(ApiError.class);
-            String msg = String.format("Failed to delete NSX Port-forward rule %s for network: %s, due to %s",
+            String msg = String.format("Failed to add NSX Port-forward rule %s for network: %s, due to %s",
                     ruleName, networkName, ae.getErrorMessage());
             logger.error(msg);
             throw new CloudRuntimeException(msg);
         }
     }
 
+    public boolean doesPfRuleExist(String ruleName, String tier1GatewayName, String networkName) {
+        try {
+            NatRules natService = (NatRules) nsxService.apply(NatRules.class);
+            PolicyNatRule rule = natService.get(tier1GatewayName, NAT_ID, ruleName);
+            return !Objects.isNull(rule);
+        } catch (Error error) {
+            return false;
+        }
+    }
+
     List<LBPoolMember> getLbPoolMembers(List<NsxLoadBalancerMember> memberList, String tier1GatewayName) {
         List<LBPoolMember> members = new ArrayList<>();
         for (NsxLoadBalancerMember member : memberList) {
@@ -678,6 +687,9 @@ public class NsxApiClient {
             String lbVirtualServerName = getVirtualServerName(tier1GatewayName, lbId);
             String lbServiceName = getLoadBalancerName(tier1GatewayName);
             LbVirtualServers lbVirtualServers = (LbVirtualServers) nsxService.apply(LbVirtualServers.class);
+            if (Objects.nonNull(getLbVirtualServerService(lbVirtualServers, lbServiceName))) {
+                return;
+            }
             LBVirtualServer lbVirtualServer = new LBVirtualServer.Builder()
                     .setId(lbVirtualServerName)
                     .setDisplayName(lbVirtualServerName)
@@ -762,6 +774,18 @@ public class NsxApiClient {
         return null;
     }
 
+    private LBVirtualServer getLbVirtualServerService(LbVirtualServers lbVirtualServers, String lbVSName) {
+        try {
+            LBVirtualServer lbVirtualServer = lbVirtualServers.get(lbVSName);
+            if (Objects.nonNull(lbVirtualServer)) {
+                return lbVirtualServer;
+            }
+        } catch (Exception e) {
+            return null;
+        }
+        return null;
+    }
+
     private String getLbPath(String lbServiceName) {
         try {
             LbServices lbServices = (LbServices) nsxService.apply(LbServices.class);

plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/service/NsxElement.java

@@ -558,7 +558,7 @@ public class NsxElement extends AdapterBase implements  DhcpServiceProvider, Dns
                     .setRuleId(rule.getId())
                     .setProtocol(rule.getProtocol().toUpperCase(Locale.ROOT))
                     .build();
-            if (rule.getState() == FirewallRule.State.Add) {
+            if (Arrays.asList(FirewallRule.State.Add, FirewallRule.State.Active).contains(rule.getState())) {
                 result &= nsxService.createPortForwardRule(networkRule);
             } else if (rule.getState() == FirewallRule.State.Revoke) {
                 result &= nsxService.deletePortForwardRule(networkRule);
@@ -642,9 +642,6 @@ public class NsxElement extends AdapterBase implements  DhcpServiceProvider, Dns
     public boolean applyLBRules(Network network, List<LoadBalancingRule> rules) throws ResourceUnavailableException {
         boolean result = true;
         for (LoadBalancingRule loadBalancingRule : rules) {
-            if (loadBalancingRule.getState() == FirewallRule.State.Active) {
-                continue;
-            }
             IPAddressVO publicIp = ipAddressDao.findByIpAndDcId(network.getDataCenterId(),
                     loadBalancingRule.getSourceIp().addr());
             NsxOpObject nsxObject = getNsxOpObject(network);
@@ -666,7 +663,7 @@ public class NsxElement extends AdapterBase implements  DhcpServiceProvider, Dns
                     .setProtocol(loadBalancingRule.getLbProtocol().toUpperCase(Locale.ROOT))
                     .setAlgorithm(loadBalancingRule.getAlgorithm())
                     .build();
-            if (loadBalancingRule.getState() == FirewallRule.State.Add) {
+            if (Arrays.asList(FirewallRule.State.Add, FirewallRule.State.Active).contains(loadBalancingRule.getState())) {
                 result &= nsxService.createLbRule(networkRule);
             } else if (loadBalancingRule.getState() == FirewallRule.State.Revoke) {
                 result &= nsxService.deleteLbRule(networkRule);