SRX Plugin Fails to Delete Static NAT Rules #3309
Description
ISSUE TYPE
- Bug Report
COMPONENT NAME
Juniper SRX Plugin
CLOUDSTACK VERSION
4.11.2, master
CONFIGURATION
SRX Network Zone
OS / ENVIRONMENT
n/a
SUMMARY
The Juniper SRX plugin fails to delete static NAT rules. Looking at the output in debug logs, it does the following:
- Find public rule (untrust)
- Delete public rule (untrust)
- Find private rule (trust) (reports "Didn't find load-success in response" in log, indicating problem)
- Delete public rule (untrust) again - should have deleted private rule
I believe there are two problems - the first is here where case CHECK_PRIVATE_IF_EXISTS: should be added to the same block as case CHECK_IF_EXISTS:.
The second is here where the sendRequestAndCheckResponse block should be moved inside the if block where the command is constructed.
STEPS TO REPRODUCE
Enable SRX Plugin
Create Network Offering using SRX
Create Network using SRX
Add Static NAT rule
Delete Static NAT rule (fails)
EXPECTED RESULTS
Static NAT rules should be deleted from both trust and untrust
Full Log output from Job showing problem
ACTUAL RESULTS
ACS attempted to delete the untrust rule twice