From 2f50069e64f49045b57e43ef621b354f1402f85d Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Tue, 7 Jun 2022 12:43:25 +0200
Subject: [PATCH 01/51] initial parameter organisation move ipaddress
 parrameter and add snat selection option to network offering

---
 .../com/cloud/offering/NetworkOffering.java     |  2 ++
 .../admin/network/CreateNetworkCmdByAdmin.java  | 16 ----------------
 .../command/user/network/CreateNetworkCmd.java  | 17 ++++++++++++++++-
 .../com/cloud/offerings/NetworkOfferingVO.java  | 11 +++++++++++
 .../api/query/vo/NetworkOfferingJoinVO.java     | 12 ++++++++++++
 5 files changed, 41 insertions(+), 17 deletions(-)

diff --git a/api/src/main/java/com/cloud/offering/NetworkOffering.java b/api/src/main/java/com/cloud/offering/NetworkOffering.java
index 207880ea28c0..211cb081c9c5 100644
--- a/api/src/main/java/com/cloud/offering/NetworkOffering.java
+++ b/api/src/main/java/com/cloud/offering/NetworkOffering.java
@@ -151,4 +151,6 @@ public enum Detail {
     String getServicePackage();
 
     Date getCreated();
+
+    boolean isSelectSnatIpAllowed();
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkCmdByAdmin.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkCmdByAdmin.java
index 53b02718ea35..4d065e5c2091 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkCmdByAdmin.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkCmdByAdmin.java
@@ -16,7 +16,6 @@
 // under the License.
 package org.apache.cloudstack.api.command.admin.network;
 
-import org.apache.cloudstack.api.ApiArgValidator;
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.api.APICommand;
@@ -43,14 +42,6 @@ public class CreateNetworkCmdByAdmin extends CreateNetworkCmd implements AdminCm
     @Parameter(name=ApiConstants.HIDE_IP_ADDRESS_USAGE, type=CommandType.BOOLEAN, description="when true ip address usage for the network will not be exported by the listUsageRecords API")
     private Boolean hideIpAddressUsage;
 
-    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to a router in a shared network", since = "4.16",
-            validations = {ApiArgValidator.NotNullOrEmpty})
-    private String routerIp;
-
-    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to a router in a shared network", since = "4.16",
-            validations = {ApiArgValidator.NotNullOrEmpty})
-    private String routerIpv6;
-
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -73,11 +64,4 @@ public Boolean getHideIpAddressUsage() {
         return false;
     }
 
-    public String getRouterIp() {
-        return routerIp;
-    }
-
-    public String getRouterIpv6() {
-        return routerIpv6;
-    }
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index 8b8ce1040769..5f787cdc2346 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@ -16,9 +16,9 @@
 // under the License.
 package org.apache.cloudstack.api.command.user.network;
 
-import com.cloud.network.NetworkService;
 import org.apache.log4j.Logger;
 
+import org.apache.cloudstack.api.ApiArgValidator;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
@@ -43,6 +43,7 @@
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.ResourceAllocationException;
 import com.cloud.network.Network;
+import com.cloud.network.NetworkService;
 import com.cloud.network.Network.GuestType;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.utils.net.NetUtils;
@@ -162,6 +163,12 @@ public class CreateNetworkCmd extends BaseCmd implements UserCmd {
             since = "4.17.0",
             description = "The network this network is associated to. only available if create a Shared network")
     private Long associatedNetworkId;
+    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to a router in a shared network", since = "4.16",
+            validations = {ApiArgValidator.NotNullOrEmpty})
+    private String routerIp;
+    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to a router in a shared network", since = "4.16",
+            validations = {ApiArgValidator.NotNullOrEmpty})
+    private String routerIpv6;
 
     @Parameter(name = ApiConstants.PUBLIC_MTU, type = CommandType.INTEGER,
             description = "MTU to be configured on the network VR's public facing interfaces", since = "4.18.0")
@@ -379,6 +386,14 @@ public String getIp6Dns2() {
         return ip6Dns2;
     }
 
+    public String getRouterIp() {
+        return routerIp;
+    }
+
+    public String getRouterIpv6() {
+        return routerIpv6;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java b/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
index ae5e6fb95ea9..38fb1c00cea2 100644
--- a/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
+++ b/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
@@ -168,6 +168,17 @@ public String getDisplayText() {
     @Column(name="service_package_id")
     String servicePackageUuid = null;
 
+    @Column(name = "select_snat_address_allowed")
+    boolean selectSnatIpAllowed = false;
+
+    public boolean isSelectSnatIpAllowed() {
+        return selectSnatIpAllowed;
+    }
+
+    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
+        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    }
+
     @Override
     public boolean isKeepAliveEnabled() {
         return keepAliveEnabled;
diff --git a/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java b/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
index 2f89b195868c..00dc014dfcb8 100644
--- a/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
+++ b/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
@@ -184,6 +184,9 @@ public class NetworkOfferingJoinVO extends BaseViewVO implements NetworkOffering
     @Column(name = "internet_protocol")
     private String internetProtocol = null;
 
+    @Column(name = "select_snat_address_allowed")
+    boolean selectSnatIpAllowed = false;
+
     public NetworkOfferingJoinVO() {
     }
 
@@ -347,6 +350,10 @@ public boolean isForTungsten() {
         return forTungsten;
     }
 
+    public boolean isSelectSnatIpAllowed() {
+        return selectSnatIpAllowed;
+    }
+
     public void setForVpc(boolean forVpc) { this.forVpc = forVpc; }
 
     public String getServicePackage() {
@@ -417,4 +424,9 @@ public String getInternetProtocol() {
     public boolean isSupportsVmAutoScaling() {
         return supportsVmAutoScaling;
     }
+
+    @Override
+    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
+        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    }
 }

From 10e7b52b11ca69bcc1b8d66d4327aa74e6a0abf1 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 8 Jun 2022 10:52:01 +0200
Subject: [PATCH 02/51] upgrade-path-fix

---
 .../main/resources/META-INF/db/schema-41720to41800-cleanup.sql  | 2 ++
 .../src/main/resources/META-INF/db/schema-41720to41800.sql      | 1 +
 .../src/main/resources/META-INF/db/schema-41810to41900.sql      | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
index 9e200d76fb4c..1a7004b30c6f 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
@@ -18,3 +18,5 @@
 --;
 -- Schema upgrade cleanup from 4.17.2.0 to 4.18.0.0
 --;
+
+ALTER TABLE cloud.network_offerings ADD select_snat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to spicify the primary public ip for this network on creation';
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
index b8eee33cad74..9ea05176b6d0 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
@@ -1521,6 +1521,7 @@ INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`)
 
 ALTER TABLE `cloud_usage`.`quota_usage` MODIFY COLUMN quota_used decimal(20,8) unsigned NOT NULL;
 
+
 ALTER TABLE `cloud`.`user` ADD COLUMN `is_user_2fa_enabled` tinyint NOT NULL DEFAULT 0;
 ALTER TABLE `cloud`.`user` ADD COLUMN `key_for_2fa` varchar(255) default NULL;
 ALTER TABLE `cloud`.`user` ADD COLUMN `user_2fa_provider` varchar(255) default NULL;
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
index 5e13b1c0157e..ea154da98f8d 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
@@ -19,3 +19,5 @@
 -- Schema upgrade from 4.18.1.0 to 4.19.0.0
 --;
 
+-- select initial ip for VPCs --
+ALTER TABLE cloud.network_offerings ADD select_snat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to spicify the primary public ip for this network on creation';

From 055a9ddbed68d1ec23609e1928144ed50b015bb0 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 8 Jun 2022 15:13:33 +0200
Subject: [PATCH 03/51] add field to view

---
 .../db/schema-41720to41800-cleanup.sql        | 70 +++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
index 1a7004b30c6f..bbaecfb533fb 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
@@ -20,3 +20,73 @@
 --;
 
 ALTER TABLE cloud.network_offerings ADD select_snat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to spicify the primary public ip for this network on creation';
+
+-- cloud.network_offering_view source
+
+CREATE OR REPLACE
+ALGORITHM = UNDEFINED VIEW `network_offering_view` AS
+select
+    `network_offerings`.`id` AS `id`,
+    `network_offerings`.`uuid` AS `uuid`,
+    `network_offerings`.`name` AS `name`,
+    `network_offerings`.`unique_name` AS `unique_name`,
+    `network_offerings`.`display_text` AS `display_text`,
+    `network_offerings`.`nw_rate` AS `nw_rate`,
+    `network_offerings`.`mc_rate` AS `mc_rate`,
+    `network_offerings`.`traffic_type` AS `traffic_type`,
+    `network_offerings`.`tags` AS `tags`,
+    `network_offerings`.`system_only` AS `system_only`,
+    `network_offerings`.`specify_vlan` AS `specify_vlan`,
+    `network_offerings`.`service_offering_id` AS `service_offering_id`,
+    `network_offerings`.`conserve_mode` AS `conserve_mode`,
+    `network_offerings`.`created` AS `created`,
+    `network_offerings`.`removed` AS `removed`,
+    `network_offerings`.`default` AS `default`,
+    `network_offerings`.`availability` AS `availability`,
+    `network_offerings`.`dedicated_lb_service` AS `dedicated_lb_service`,
+    `network_offerings`.`shared_source_nat_service` AS `shared_source_nat_service`,
+    `network_offerings`.`sort_key` AS `sort_key`,
+    `network_offerings`.`redundant_router_service` AS `redundant_router_service`,
+    `network_offerings`.`state` AS `state`,
+    `network_offerings`.`guest_type` AS `guest_type`,
+    `network_offerings`.`elastic_ip_service` AS `elastic_ip_service`,
+    `network_offerings`.`eip_associate_public_ip` AS `eip_associate_public_ip`,
+    `network_offerings`.`elastic_lb_service` AS `elastic_lb_service`,
+    `network_offerings`.`specify_ip_ranges` AS `specify_ip_ranges`,
+    `network_offerings`.`inline` AS `inline`,
+    `network_offerings`.`is_persistent` AS `is_persistent`,
+    `network_offerings`.`internal_lb` AS `internal_lb`,
+    `network_offerings`.`public_lb` AS `public_lb`,
+    `network_offerings`.`egress_default_policy` AS `egress_default_policy`,
+    `network_offerings`.`concurrent_connections` AS `concurrent_connections`,
+    `network_offerings`.`keep_alive_enabled` AS `keep_alive_enabled`,
+    `network_offerings`.`supports_streched_l2` AS `supports_streched_l2`,
+    `network_offerings`.`supports_public_access` AS `supports_public_access`,
+    `network_offerings`.`for_vpc` AS `for_vpc`,
+    `network_offerings`.`service_package_id` AS `service_package_id`,
+    `network_offerings`.`select_snat_address_allowed` as `select_snat_address_allowed`,
+    group_concat(distinct `domain`.`id` separator ',') AS `domain_id`,
+    group_concat(distinct `domain`.`uuid` separator ',') AS `domain_uuid`,
+    group_concat(distinct `domain`.`name` separator ',') AS `domain_name`,
+    group_concat(distinct `domain`.`path` separator ',') AS `domain_path`,
+    group_concat(distinct `zone`.`id` separator ',') AS `zone_id`,
+    group_concat(distinct `zone`.`uuid` separator ',') AS `zone_uuid`,
+    group_concat(distinct `zone`.`name` separator ',') AS `zone_name`,
+    `offering_details`.`value` AS `internet_protocol`
+from
+    (((((`network_offerings`
+left join `network_offering_details` `domain_details` on
+    (((`domain_details`.`network_offering_id` = `network_offerings`.`id`)
+        and (`domain_details`.`name` = 'domainid'))))
+left join `domain` on
+    ((0 <> find_in_set(`domain`.`id`, `domain_details`.`value`))))
+left join `network_offering_details` `zone_details` on
+    (((`zone_details`.`network_offering_id` = `network_offerings`.`id`)
+        and (`zone_details`.`name` = 'zoneid'))))
+left join `data_center` `zone` on
+    ((0 <> find_in_set(`zone`.`id`, `zone_details`.`value`))))
+left join `network_offering_details` `offering_details` on
+    (((`offering_details`.`network_offering_id` = `network_offerings`.`id`)
+        and (`offering_details`.`name` = 'internetProtocol'))))
+group by
+    `network_offerings`.`id`;
\ No newline at end of file

From b7db1fc194c0bbfb6bd3949e430743d5f105b6e7 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Thu, 16 Jun 2022 15:18:23 +0200
Subject: [PATCH 04/51] add router ip parameters to offerings

---
 .../com/cloud/network/vpc/VpcOffering.java    |  2 +
 .../apache/cloudstack/api/ApiConstants.java   |  1 +
 .../user/network/CreateNetworkCmd.java        |  6 ++-
 .../api/command/user/vpc/CreateVPCCmd.java    | 11 ++++-
 .../api/response/NetworkOfferingResponse.java |  8 +++
 .../api/response/VpcOfferingResponse.java     |  8 +++
 .../com/cloud/network/vpc/VpcOfferingVO.java  | 11 +++++
 .../db/schema-41720to41800-cleanup.sql        | 49 ++++++++++++++++++-
 .../query/dao/NetworkOfferingJoinDaoImpl.java |  1 +
 .../api/query/dao/VpcOfferingJoinDaoImpl.java |  1 +
 .../cloud/api/query/vo/VpcOfferingJoinVO.java | 11 +++++
 .../network/CreateIsolatedNetworkForm.vue     | 38 ++++++++++++++
 ui/src/views/network/CreateVpc.vue            | 21 ++++++++
 13 files changed, 164 insertions(+), 4 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcOffering.java b/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
index b4df8e38dbac..5df7627c29b6 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
@@ -73,4 +73,6 @@ public enum State {
     Date getRemoved();
 
     Date getCreated();
+
+    boolean isSelectSnatIpAllowed();
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index 6e93d45abdb2..ade7f427be0d 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -1017,6 +1017,7 @@ public class ApiConstants {
     public static final String LOGIN = "login";
     public static final String LOGOUT = "logout";
     public static final String LIST_IDPS = "listIdps";
+    public static final String IS_SELECTION_OF_STATIC_NAT_ALLOWED = "selectsnatipallowed";
 
     public static final String PUBLIC_MTU = "publicmtu";
     public static final String PRIVATE_MTU = "privatemtu";
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index 5f787cdc2346..47cf67b3da30 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@ -163,10 +163,12 @@ public class CreateNetworkCmd extends BaseCmd implements UserCmd {
             since = "4.17.0",
             description = "The network this network is associated to. only available if create a Shared network")
     private Long associatedNetworkId;
-    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to a router in a shared network", since = "4.16",
+
+    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the router of the network", since = "4.16",
             validations = {ApiArgValidator.NotNullOrEmpty})
     private String routerIp;
-    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to a router in a shared network", since = "4.16",
+
+    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the router of the network", since = "4.16",
             validations = {ApiArgValidator.NotNullOrEmpty})
     private String routerIpv6;
 
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
index 40048a2cd6c6..8f446fbb63f0 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
@@ -16,11 +16,11 @@
 // under the License.
 package org.apache.cloudstack.api.command.user.vpc;
 
-import com.cloud.network.NetworkService;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.api.ApiArgValidator;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
@@ -41,6 +41,7 @@
 import com.cloud.exception.InsufficientCapacityException;
 import com.cloud.exception.ResourceAllocationException;
 import com.cloud.exception.ResourceUnavailableException;
+import com.cloud.network.NetworkService;
 import com.cloud.network.vpc.Vpc;
 
 @APICommand(name = "createVPC", description = "Creates a VPC", responseObject = VpcResponse.class, responseView = ResponseView.Restricted, entityType = {Vpc.class},
@@ -113,6 +114,14 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd implements UserCmd {
     @Parameter(name = ApiConstants.IP6_DNS2, type = CommandType.STRING, description = "the second IPv6 DNS for the VPC", since = "4.18.0")
     private String ip6Dns2;
 
+    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the router of the network", since = "4.18",
+            validations = {ApiArgValidator.NotNullOrEmpty})
+    private String routerIp;
+
+    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the router of the network", since = "4.18",
+            validations = {ApiArgValidator.NotNullOrEmpty})
+    private String routerIpv6;
+
     // ///////////////////////////////////////////////////
     // ///////////////// Accessors ///////////////////////
     // ///////////////////////////////////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
index b92725d883e4..bb543b61c3d9 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
@@ -147,6 +147,10 @@ public class NetworkOfferingResponse extends BaseResponseWithAnnotations {
     @Param(description = "the internet protocol of the network offering")
     private String internetProtocol;
 
+    @SerializedName(ApiConstants.IS_SELECTION_OF_STATIC_NAT_ALLOWED)
+    @Param(description = "Are users allowed to select a primarey SNAT public address")
+    boolean selectSnatIpAllowed;
+
     public void setId(String id) {
         this.id = id;
     }
@@ -282,4 +286,8 @@ public String getInternetProtocol() {
     public void setInternetProtocol(String internetProtocol) {
         this.internetProtocol = internetProtocol;
     }
+
+    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
+        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    }
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
index 6881969646b2..cb8ab3d8e2f9 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
@@ -86,6 +86,10 @@ public class VpcOfferingResponse extends BaseResponse {
     @Param(description = "the internet protocol of the vpc offering")
     private String internetProtocol;
 
+    @SerializedName(ApiConstants.IS_SELECTION_OF_STATIC_NAT_ALLOWED)
+    @Param(description = "Are users allowed to select a primarey SNAT public address")
+    boolean selectSnatIpAllowed;
+
     public void setId(String id) {
         this.id = id;
     }
@@ -161,4 +165,8 @@ public String getInternetProtocol() {
     public void setInternetProtocol(String internetProtocol) {
         this.internetProtocol = internetProtocol;
     }
+
+    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
+        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    }
 }
diff --git a/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java b/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
index aa26f16568a9..1914ccb8ea94 100644
--- a/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
+++ b/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
@@ -79,6 +79,9 @@ public class VpcOfferingVO implements VpcOffering {
     @Column(name = "sort_key")
     int sortKey;
 
+    @Column(name = "select_snat_address_allowed")
+    boolean selectSnatIpAllowed = false;
+
     public VpcOfferingVO() {
         this.uuid = UUID.randomUUID().toString();
     }
@@ -204,4 +207,12 @@ public int getSortKey() {
         return sortKey;
     }
 
+    public boolean isSelectSnatIpAllowed() {
+        return selectSnatIpAllowed;
+    }
+
+    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
+        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    }
+
 }
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
index bbaecfb533fb..6a4f3d5227af 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
@@ -20,6 +20,7 @@
 --;
 
 ALTER TABLE cloud.network_offerings ADD select_snat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to spicify the primary public ip for this network on creation';
+ALTER TABLE cloud.vpc_offerings ADD select_snat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to spicify the primary public ip for this vpc on creation';
 
 -- cloud.network_offering_view source
 
@@ -89,4 +90,50 @@ left join `network_offering_details` `offering_details` on
     (((`offering_details`.`network_offering_id` = `network_offerings`.`id`)
         and (`offering_details`.`name` = 'internetProtocol'))))
 group by
-    `network_offerings`.`id`;
\ No newline at end of file
+    `network_offerings`.`id`;
+
+-- cloud.vpc_offering_view source
+
+CREATE OR REPLACE
+ALGORITHM = UNDEFINED VIEW `vpc_offering_view` AS
+select
+    `vpc_offerings`.`id` AS `id`,
+    `vpc_offerings`.`uuid` AS `uuid`,
+    `vpc_offerings`.`name` AS `name`,
+    `vpc_offerings`.`unique_name` AS `unique_name`,
+    `vpc_offerings`.`display_text` AS `display_text`,
+    `vpc_offerings`.`state` AS `state`,
+    `vpc_offerings`.`default` AS `default`,
+    `vpc_offerings`.`created` AS `created`,
+    `vpc_offerings`.`removed` AS `removed`,
+    `vpc_offerings`.`service_offering_id` AS `service_offering_id`,
+    `vpc_offerings`.`supports_distributed_router` AS `supports_distributed_router`,
+    `vpc_offerings`.`supports_region_level_vpc` AS `supports_region_level_vpc`,
+    `vpc_offerings`.`redundant_router_service` AS `redundant_router_service`,
+    `vpc_offerings`.`sort_key` AS `sort_key`,
+    `vpc_offerings`.`select_snat_address_allowed` as `select_snat_address_allowed`,
+    group_concat(distinct `domain`.`id` separator ',') AS `domain_id`,
+    group_concat(distinct `domain`.`uuid` separator ',') AS `domain_uuid`,
+    group_concat(distinct `domain`.`name` separator ',') AS `domain_name`,
+    group_concat(distinct `domain`.`path` separator ',') AS `domain_path`,
+    group_concat(distinct `zone`.`id` separator ',') AS `zone_id`,
+    group_concat(distinct `zone`.`uuid` separator ',') AS `zone_uuid`,
+    group_concat(distinct `zone`.`name` separator ',') AS `zone_name`,
+    `offering_details`.`value` AS `internet_protocol`
+from
+    (((((`vpc_offerings`
+left join `vpc_offering_details` `domain_details` on
+    (((`domain_details`.`offering_id` = `vpc_offerings`.`id`)
+        and (`domain_details`.`name` = 'domainid'))))
+left join `domain` on
+    ((0 <> find_in_set(`domain`.`id`, `domain_details`.`value`))))
+left join `vpc_offering_details` `zone_details` on
+    (((`zone_details`.`offering_id` = `vpc_offerings`.`id`)
+        and (`zone_details`.`name` = 'zoneid'))))
+left join `data_center` `zone` on
+    ((0 <> find_in_set(`zone`.`id`, `zone_details`.`value`))))
+left join `vpc_offering_details` `offering_details` on
+    (((`offering_details`.`offering_id` = `vpc_offerings`.`id`)
+        and (`offering_details`.`name` = 'internetprotocol'))))
+group by
+    `vpc_offerings`.`id`;
diff --git a/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java
index 474409a976c3..89529d4bb6e1 100644
--- a/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java
+++ b/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java
@@ -107,6 +107,7 @@ public NetworkOfferingResponse newNetworkOfferingResponse(NetworkOffering offeri
             }
             networkOfferingResponse.setInternetProtocol(protocol);
         }
+        networkOfferingResponse.setSelectSnatIpAllowed(offering.isSelectSnatIpAllowed());
         networkOfferingResponse.setObjectName("networkoffering");
 
         return networkOfferingResponse;
diff --git a/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
index af0940609ba8..7af84d9d7150 100644
--- a/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
+++ b/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
@@ -66,6 +66,7 @@ public VpcOfferingResponse newVpcOfferingResponse(VpcOffering offering) {
         offeringResponse.setSupportsDistributedRouter(offering.isSupportsDistributedRouter());
         offeringResponse.setSupportsRegionLevelVpc(offering.isOffersRegionLevelVPC());
         offeringResponse.setCreated(offering.getCreated());
+        offeringResponse.setSelectSnatIpAllowed(offering.isSelectSnatIpAllowed());
         if (offering instanceof VpcOfferingJoinVO) {
             VpcOfferingJoinVO offeringJoinVO = (VpcOfferingJoinVO) offering;
             offeringResponse.setDomainId(offeringJoinVO.getDomainUuid());
diff --git a/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java b/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
index 7eaaa0220df6..a91954c56b3b 100644
--- a/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
+++ b/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
@@ -101,6 +101,9 @@ public class VpcOfferingJoinVO implements VpcOffering {
     @Column(name = "internet_protocol")
     private String internetProtocol = null;
 
+    @Column(name = "select_snat_address_allowed")
+    boolean selectSnatIpAllowed = false;
+
     public VpcOfferingJoinVO() {
     }
 
@@ -204,6 +207,14 @@ public String getInternetProtocol() {
         return internetProtocol;
     }
 
+    public boolean isSelectSnatIpAllowed() {
+        return selectSnatIpAllowed;
+    }
+
+    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
+        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    }
+
     @Override
     public String toString() {
         StringBuilder buf = new StringBuilder("[VPC Offering [");
diff --git a/ui/src/views/network/CreateIsolatedNetworkForm.vue b/ui/src/views/network/CreateIsolatedNetworkForm.vue
index 33502d679636..3d9a635f0583 100644
--- a/ui/src/views/network/CreateIsolatedNetworkForm.vue
+++ b/ui/src/views/network/CreateIsolatedNetworkForm.vue
@@ -291,6 +291,44 @@
               </a-col>
             </a-row>
           </div>
+          <a-form-item v-if="selectedNetworkOffering && selectedNetworkOffering.selectsnatipallowed" name="routerip" ref="routerip">
+            <template #label>
+              <tooltip-label :title="$t('label.routerip')" :tooltip="apiParams.routerip.description"/>
+            </template>
+            <a-input
+              v-model:value="form.routerip"
+              :placeholder="apiParams.routerip.description"/>
+          </a-form-item>
+          <a-form-item v-if="selectedNetworkOffering && selectedNetworkOffering.selectsnatipallowed" name="routeripv6" ref="routeripv6">
+            <template #label>
+              <tooltip-label :title="$t('label.routeripv6')" :tooltip="apiParams.routeripv6.description"/>
+            </template>
+            <a-input
+              v-model:value="form.routeripv6"
+              :placeholder="apiParams.routeripv6.description"/>
+          </a-form-item>
+          <a-form-item
+            ref="networkdomain"
+            name="networkdomain"
+            v-if="!isObjectEmpty(selectedNetworkOffering) && !selectedNetworkOffering.forvpc">
+            <template #label>
+              <tooltip-label :title="$t('label.networkdomain')" :tooltip="apiParams.networkdomain.description"/>
+            </template>
+            <a-input
+             v-model:value="form.networkdomain"
+              :placeholder="apiParams.networkdomain.description"/>
+          </a-form-item>
+          <a-form-item
+            ref="account"
+            name="account"
+            v-if="accountVisible">
+            <template #label>
+              <tooltip-label :title="$t('label.account')" :tooltip="apiParams.account.description"/>
+            </template>
+            <a-input
+             v-model:value="form.account"
+              :placeholder="apiParams.account.description"/>
+          </a-form-item>
           <div :span="24" class="action-button">
             <a-button
               :loading="actionLoading"
diff --git a/ui/src/views/network/CreateVpc.vue b/ui/src/views/network/CreateVpc.vue
index 79d166e3ecb0..a90e936d6563 100644
--- a/ui/src/views/network/CreateVpc.vue
+++ b/ui/src/views/network/CreateVpc.vue
@@ -155,6 +155,22 @@
             </a-form-item>
           </a-col>
         </a-row>
+        <a-form-item v-if="selectedVpcOffering && selectedVpcOffering.selectsnatipallowed" name="routerip" ref="routerip">
+          <template #label>
+            <tooltip-label :title="$t('label.routerip')" :tooltip="apiParams.routerip.description"/>
+          </template>
+          <a-input
+            v-model:value="form.routerip"
+            :placeholder="apiParams.routerip.description"/>
+        </a-form-item>
+        <a-form-item v-if="selectedVpcOffering && selectedVpcOffering.selectsnatipallowed" name="routeripv6" ref="routeripv6">
+          <template #label>
+            <tooltip-label :title="$t('label.routeripv6')" :tooltip="apiParams.routeripv6.description"/>
+          </template>
+          <a-input
+            v-model:value="form.routeripv6"
+            :placeholder="apiParams.routeripv6.description"/>
+        </a-form-item>
         <a-form-item name="start" ref="start">
           <template #label>
             <tooltip-label :title="$t('label.start')" :tooltip="apiParams.start.description"/>
@@ -274,6 +290,10 @@ export default {
         this.selectedVpcOffering = this.vpcOfferings[0] || {}
       }).finally(() => {
         this.loadingOffering = false
+        if (this.arrayHasItems(this.vpcOfferings)) {
+          this.form.networkofferingid = 0
+          this.handleVpcOfferingChange(this.networkOfferings[0])
+        }
       })
     },
     handleVpcOfferingChange (value) {
@@ -284,6 +304,7 @@ export default {
       for (var offering of this.vpcOfferings) {
         if (offering.id === value) {
           this.selectedVpcOffering = offering
+          this.form.vpcofferingid = offering.id
           return
         }
       }

From 293794154e323f35dacb668079523b108657ac1c Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Fri, 8 Jul 2022 16:22:03 +0200
Subject: [PATCH 05/51] add select snat ip option to offerings

---
 .../main/java/com/cloud/network/Network.java  |  3 +-
 .../api/response/NetworkOfferingResponse.java |  2 +-
 .../api/response/VpcOfferingResponse.java     |  2 +-
 .../com/cloud/network/vpc/VpcOfferingVO.java  |  3 +-
 .../cloud/offerings/NetworkOfferingVO.java    |  7 +-
 .../cluster/KubernetesClusterManagerImpl.java |  2 +-
 .../api/query/vo/NetworkOfferingJoinVO.java   |  1 -
 .../ConfigurationManagerImpl.java             | 64 +++++++++++--------
 .../com/cloud/network/vpc/VpcManagerImpl.java | 17 +++--
 .../cloud/server/ConfigurationServerImpl.java |  2 +-
 .../network/CreatePrivateNetworkTest.java     |  2 +-
 ui/src/views/offering/AddNetworkOffering.vue  | 15 +++++
 ui/src/views/offering/AddVpcOffering.vue      |  9 +++
 13 files changed, 85 insertions(+), 44 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/Network.java b/api/src/main/java/com/cloud/network/Network.java
index a2633ec7bacf..742cfbcc4f75 100644
--- a/api/src/main/java/com/cloud/network/Network.java
+++ b/api/src/main/java/com/cloud/network/Network.java
@@ -256,7 +256,7 @@ public static Provider getProvider(String providerName) {
 
     public static class Capability {
 
-        private static List<Capability> supportedCapabilities = new ArrayList<Capability>();
+        private static List<Capability> supportedCapabilities = new ArrayList<>();
 
         public static final Capability SupportedProtocols = new Capability("SupportedProtocols");
         public static final Capability SupportedLBAlgorithms = new Capability("SupportedLbAlgorithms");
@@ -270,6 +270,7 @@ public static class Capability {
         public static final Capability LoadBalancingSupportedIps = new Capability("LoadBalancingSupportedIps");
         public static final Capability AllowDnsSuffixModification = new Capability("AllowDnsSuffixModification");
         public static final Capability RedundantRouter = new Capability("RedundantRouter");
+        public static final Capability SelectSnatIpAllowed = new Capability("SelectSnatIpAllowed");
         public static final Capability ElasticIp = new Capability("ElasticIp");
         public static final Capability AssociatePublicIP = new Capability("AssociatePublicIP");
         public static final Capability ElasticLb = new Capability("ElasticLb");
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
index bb543b61c3d9..975a6d0c1de7 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
@@ -148,7 +148,7 @@ public class NetworkOfferingResponse extends BaseResponseWithAnnotations {
     private String internetProtocol;
 
     @SerializedName(ApiConstants.IS_SELECTION_OF_STATIC_NAT_ALLOWED)
-    @Param(description = "Are users allowed to select a primarey SNAT public address")
+    @Param(description = "Are users allowed to select a primarey SNAT public address", since = "4.18")
     boolean selectSnatIpAllowed;
 
     public void setId(String id) {
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
index cb8ab3d8e2f9..020204cc46df 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
@@ -87,7 +87,7 @@ public class VpcOfferingResponse extends BaseResponse {
     private String internetProtocol;
 
     @SerializedName(ApiConstants.IS_SELECTION_OF_STATIC_NAT_ALLOWED)
-    @Param(description = "Are users allowed to select a primarey SNAT public address")
+    @Param(description = "Are users allowed to select a primarey SNAT public address", since = "4.18")
     boolean selectSnatIpAllowed;
 
     public void setId(String id) {
diff --git a/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java b/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
index 1914ccb8ea94..e3b41f7f437c 100644
--- a/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
+++ b/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
@@ -97,12 +97,13 @@ public VpcOfferingVO(String name, String displayText, Long serviceOfferingId) {
 
     public VpcOfferingVO(final String name, final String displayText, final boolean isDefault, final Long serviceOfferingId,
                          final boolean supportsDistributedRouter, final boolean offersRegionLevelVPC,
-                         final boolean redundantRouter) {
+                         final boolean redundantRouter, final boolean selectSnatIpAllowed) {
         this(name, displayText, serviceOfferingId);
         this.isDefault = isDefault;
         this.supportsDistributedRouter = supportsDistributedRouter;
         this.offersRegionLevelVPC = offersRegionLevelVPC;
         this.redundantRouter = redundantRouter;
+        this.selectSnatIpAllowed = selectSnatIpAllowed;
     }
 
     public VpcOfferingVO(String name, String displayText, boolean isDefault, Long serviceOfferingId,
diff --git a/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java b/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
index 38fb1c00cea2..5a3847698ed7 100644
--- a/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
+++ b/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
@@ -381,9 +381,9 @@ public NetworkOfferingVO(String name, String displayText, TrafficType trafficTyp
     }
 
     public NetworkOfferingVO(String name, String displayText, TrafficType trafficType, boolean systemOnly, boolean specifyVlan, Integer rateMbps,
-            Integer multicastRateMbps, boolean isDefault, Availability availability, String tags, Network.GuestType guestType, boolean conserveMode, boolean dedicatedLb,
-            boolean sharedSourceNat, boolean redundantRouter, boolean elasticIp, boolean elasticLb, boolean specifyIpRanges, boolean inline, boolean isPersistent,
-            boolean associatePublicIP, boolean publicLb, boolean internalLb, boolean isForVpc, boolean egressdefaultpolicy, boolean supportsStrechedL2, boolean supportsPublicAccess) {
+                             Integer multicastRateMbps, boolean isDefault, Availability availability, String tags, Network.GuestType guestType, boolean conserveMode, boolean dedicatedLb,
+                             boolean sharedSourceNat, boolean redundantRouter, boolean elasticIp, boolean elasticLb, boolean specifyIpRanges, boolean inline, boolean isPersistent,
+                             boolean associatePublicIP, boolean publicLb, boolean internalLb, boolean isForVpc, boolean egressdefaultpolicy, boolean supportsStrechedL2, boolean supportsPublicAccess, boolean selectSnatIpAllowed) {
         this(name,
             displayText,
             trafficType,
@@ -403,6 +403,7 @@ public NetworkOfferingVO(String name, String displayText, TrafficType trafficTyp
         this.dedicatedLB = dedicatedLb;
         this.sharedSourceNat = sharedSourceNat;
         this.redundantRouter = redundantRouter;
+        this.selectSnatIpAllowed = selectSnatIpAllowed;
         this.elasticIp = elasticIp;
         this.elasticLb = elasticLb;
         this.inline = inline;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index 150d203dd414..cae2f17ac0ee 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -1569,7 +1569,7 @@ public boolean start() {
                         NetworkOffering.Availability.Required, null, Network.GuestType.Isolated, true,
                         true, false, false, false, false,
                         false, false, false, true, true, false,
-                        false, true, false, false);
+                        false, true, false, false, false);
         defaultKubernetesServiceNetworkOffering.setSupportsVmAutoScaling(true);
         defaultKubernetesServiceNetworkOffering.setState(NetworkOffering.State.Enabled);
         defaultKubernetesServiceNetworkOffering = networkOfferingDao.persistDefaultNetworkOffering(defaultKubernetesServiceNetworkOffering);
diff --git a/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java b/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
index 00dc014dfcb8..32963d4817ee 100644
--- a/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
+++ b/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
@@ -425,7 +425,6 @@ public boolean isSupportsVmAutoScaling() {
         return supportsVmAutoScaling;
     }
 
-    @Override
     public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
         this.selectSnatIpAllowed = selectSnatIpAllowed;
     }
diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index c5a489ba8325..3ce93ff6fe97 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -295,6 +295,8 @@
 
 public class ConfigurationManagerImpl extends ManagerBase implements ConfigurationManager, ConfigurationService, Configurable {
     public static final Logger s_logger = Logger.getLogger(ConfigurationManagerImpl.class);
+    public static final String PERACCOUNT = "peraccount";
+    public static final String PERZONE = "perzone";
 
     @Inject
     EntityManager _entityMgr;
@@ -6208,33 +6210,34 @@ void validateLoadBalancerServiceCapabilities(final Map<Capability, String> lbSer
 
     void validateSourceNatServiceCapablities(final Map<Capability, String> sourceNatServiceCapabilityMap) {
         if (sourceNatServiceCapabilityMap != null && !sourceNatServiceCapabilityMap.isEmpty()) {
-            if (sourceNatServiceCapabilityMap.keySet().size() > 2) {
-                throw new InvalidParameterValueException("Only " + Capability.SupportedSourceNatTypes.getName() + " and " + Capability.RedundantRouter
+            if (sourceNatServiceCapabilityMap.keySet().size() > 3 || ! sourceNatCapabilitiesContainValidValues(sourceNatServiceCapabilityMap)) {
+                throw new InvalidParameterValueException("Only " + Capability.SupportedSourceNatTypes.getName()
+                        + ", " + Capability.RedundantRouter
+                        + " and " + Capability.SelectSnatIpAllowed
                         + " capabilities can be sepcified for source nat service");
             }
+        }
+    }
 
-            for (final Map.Entry<Capability ,String> srcNatPair : sourceNatServiceCapabilityMap.entrySet()) {
-                final Capability capability = srcNatPair.getKey();
-                final String value = srcNatPair.getValue();
-                if (capability == Capability.SupportedSourceNatTypes) {
-                    final boolean perAccount = value.contains("peraccount");
-                    final boolean perZone = value.contains("perzone");
-                    if (perAccount && perZone || !perAccount && !perZone) {
-                        throw new InvalidParameterValueException("Either peraccount or perzone source NAT type can be specified for "
-                                + Capability.SupportedSourceNatTypes.getName());
-                    }
-                } else if (capability == Capability.RedundantRouter) {
-                    final boolean enabled = value.contains("true");
-                    final boolean disabled = value.contains("false");
-                    if (!enabled && !disabled) {
-                        throw new InvalidParameterValueException("Unknown specified value for " + Capability.RedundantRouter.getName());
-                    }
-                } else {
-                    throw new InvalidParameterValueException("Only " + Capability.SupportedSourceNatTypes.getName() + " and " + Capability.RedundantRouter
-                            + " capabilities can be sepcified for source nat service");
+    private boolean sourceNatCapabilitiesContainValidValues(Map<Capability, String> sourceNatServiceCapabilityMap) {
+        for (final Entry<Capability ,String> srcNatPair : sourceNatServiceCapabilityMap.entrySet()) {
+            final Capability capability = srcNatPair.getKey();
+            final String value = srcNatPair.getValue();
+            if (capability == Capability.SupportedSourceNatTypes) {
+                List<String> snatTypes = Arrays.asList(PERACCOUNT, PERZONE);
+                if (! snatTypes.contains(value) || ( value.contains(PERACCOUNT) && value.contains(PERZONE))) {
+                    throw new InvalidParameterValueException("Either peraccount or perzone source NAT type can be specified for "
+                            + Capability.SupportedSourceNatTypes.getName());
                 }
+            } else if (Arrays.asList(Capability.RedundantRouter, Capability.SelectSnatIpAllowed).contains(capability)) {
+                if (! Arrays.asList("true", "false").contains(value)) {
+                    throw new InvalidParameterValueException("Unknown specified value for " + Capability.RedundantRouter.getName());
+                }
+            } else {
+                return false;
             }
         }
+        return true;
     }
 
     void validateStaticNatServiceCapablities(final Map<Capability, String> staticNatServiceCapabilityMap) {
@@ -6353,6 +6356,7 @@ public NetworkOfferingVO createNetworkOffering(final String name, final String d
         boolean elasticLb = false;
         boolean sharedSourceNat = false;
         boolean redundantRouter = false;
+        boolean selectSnatIpAllowed = false;
         boolean elasticIp = false;
         boolean associatePublicIp = false;
         boolean inline = false;
@@ -6411,17 +6415,23 @@ public NetworkOfferingVO createNetworkOffering(final String name, final String d
 
             final Map<Capability, String> sourceNatServiceCapabilityMap = serviceCapabilityMap.get(Service.SourceNat);
             if (sourceNatServiceCapabilityMap != null && !sourceNatServiceCapabilityMap.isEmpty()) {
-                final String sourceNatType = sourceNatServiceCapabilityMap.get(Capability.SupportedSourceNatTypes);
-                if (sourceNatType != null) {
-                    _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.SupportedSourceNatTypes, sourceNatType);
-                    sharedSourceNat = sourceNatType.contains("perzone");
+                String param = sourceNatServiceCapabilityMap.get(Capability.SupportedSourceNatTypes);
+                if (param != null) {
+                    _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.SupportedSourceNatTypes, param);
+                    sharedSourceNat = param.contains(PERZONE);
                 }
 
-                final String param = sourceNatServiceCapabilityMap.get(Capability.RedundantRouter);
+                param = sourceNatServiceCapabilityMap.get(Capability.RedundantRouter);
                 if (param != null) {
                     _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.RedundantRouter, param);
                     redundantRouter = param.contains("true");
                 }
+
+                param = sourceNatServiceCapabilityMap.get(Capability.SelectSnatIpAllowed);
+                if (param != null) {
+                    _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.SelectSnatIpAllowed, param);
+                    selectSnatIpAllowed = param.contains("true");
+                }
             }
 
             final Map<Capability, String> staticNatServiceCapabilityMap = serviceCapabilityMap.get(Service.StaticNat);
@@ -6461,7 +6471,7 @@ public NetworkOfferingVO createNetworkOffering(final String name, final String d
 
         final NetworkOfferingVO offeringFinal = new NetworkOfferingVO(name, displayText, trafficType, systemOnly, specifyVlan, networkRate, multicastRate, isDefault, availability,
                 tags, type, conserveMode, dedicatedLb, sharedSourceNat, redundantRouter, elasticIp, elasticLb, specifyIpRanges, inline, isPersistent, associatePublicIp, publicLb,
-                internalLb, forVpc, egressDefaultPolicy, strechedL2Subnet, publicAccess);
+                internalLb, forVpc, egressDefaultPolicy, strechedL2Subnet, publicAccess, selectSnatIpAllowed);
 
         if (serviceOfferingId != null) {
             offeringFinal.setServiceOfferingId(serviceOfferingId);
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index 9222520602f5..cbd6434dabea 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -322,7 +322,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                             svcProviderMap.put(svc, defaultProviders);
                         }
                     }
-                    createVpcOffering(VpcOffering.defaultVPCOfferingName, VpcOffering.defaultVPCOfferingName, svcProviderMap, true, State.Enabled, null, false, false, false);
+                    createVpcOffering(VpcOffering.defaultVPCOfferingName, VpcOffering.defaultVPCOfferingName, svcProviderMap, true, State.Enabled, null, false, false, false, false);
                 }
 
                 // configure default vpc offering with Netscaler as LB Provider
@@ -341,7 +341,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                             svcProviderMap.put(svc, defaultProviders);
                         }
                     }
-                    createVpcOffering(VpcOffering.defaultVPCNSOfferingName, VpcOffering.defaultVPCNSOfferingName, svcProviderMap, false, State.Enabled, null, false, false, false);
+                    createVpcOffering(VpcOffering.defaultVPCNSOfferingName, VpcOffering.defaultVPCNSOfferingName, svcProviderMap, false, State.Enabled, null, false, false, false, false);
 
                 }
 
@@ -361,7 +361,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                             svcProviderMap.put(svc, defaultProviders);
                         }
                     }
-                    createVpcOffering(VpcOffering.redundantVPCOfferingName, VpcOffering.redundantVPCOfferingName, svcProviderMap, true, State.Enabled, null, false, false, true);
+                    createVpcOffering(VpcOffering.redundantVPCOfferingName, VpcOffering.redundantVPCOfferingName, svcProviderMap, true, State.Enabled, null, false, false, true, false);
                 }
             }
         });
@@ -534,8 +534,9 @@ public VpcOffering createVpcOffering(final String name, final String displayText
         final boolean supportsDistributedRouter = isVpcOfferingSupportsDistributedRouter(serviceCapabilityList);
         final boolean offersRegionLevelVPC = isVpcOfferingForRegionLevelVpc(serviceCapabilityList);
         final boolean redundantRouter = isVpcOfferingRedundantRouter(serviceCapabilityList);
+        final boolean selectSnatIpAllowed = isVpcSelectSnatIpAllowed(serviceCapabilityList);
         final VpcOfferingVO offering = createVpcOffering(name, displayText, svcProviderMap, false, state, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC,
-                redundantRouter);
+                redundantRouter, selectSnatIpAllowed);
 
         if (offering != null) {
             List<VpcOfferingDetailsVO> detailsVO = new ArrayList<>();
@@ -563,13 +564,13 @@ public VpcOffering createVpcOffering(final String name, final String displayText
     @DB
     protected VpcOfferingVO createVpcOffering(final String name, final String displayText, final Map<Network.Service, Set<Network.Provider>> svcProviderMap,
                                               final boolean isDefault, final State state, final Long serviceOfferingId, final boolean supportsDistributedRouter, final boolean offersRegionLevelVPC,
-                                              final boolean redundantRouter) {
+                                              final boolean redundantRouter, final boolean selectSnatIpAllowed) {
 
         return Transaction.execute(new TransactionCallback<VpcOfferingVO>() {
             @Override
             public VpcOfferingVO doInTransaction(final TransactionStatus status) {
                 // create vpc offering object
-                VpcOfferingVO offering = new VpcOfferingVO(name, displayText, isDefault, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC, redundantRouter);
+                VpcOfferingVO offering = new VpcOfferingVO(name, displayText, isDefault, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC, redundantRouter, selectSnatIpAllowed);
 
                 if (state != null) {
                     offering.setState(state);
@@ -684,6 +685,10 @@ private boolean isVpcOfferingRedundantRouter(final Map serviceCapabilitystList)
         return findCapabilityForService(serviceCapabilitystList, Capability.RedundantRouter, Service.SourceNat);
     }
 
+    private boolean isVpcSelectSnatIpAllowed(final Map serviceCapabilitystList) {
+        return findCapabilityForService(serviceCapabilitystList, Capability.SelectSnatIpAllowed, Service.SourceNat);
+    }
+
     @Override
     public Vpc getActiveVpc(final long vpcId) {
         return vpcDao.getActiveVpcById(vpcId);
diff --git a/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java b/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
index 3f9447812a76..4379165fc1d7 100644
--- a/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
@@ -1106,7 +1106,7 @@ public void doInTransactionWithoutResult(TransactionStatus status) {
                 NetworkOfferingVO defaultNetscalerNetworkOffering =
                         new NetworkOfferingVO(NetworkOffering.DefaultSharedEIPandELBNetworkOffering,
                                 "Offering for Shared networks with Elastic IP and Elastic LB capabilities", TrafficType.Guest, false, true, null, null, true,
-                                Availability.Optional, null, Network.GuestType.Shared, true, false, false, false, true, true, true, false, false, true, true, false, false, false, false, false);
+                                Availability.Optional, null, Network.GuestType.Shared, true, false, false, false, true, true, true, false, false, true, true, false, false, false, false, false, false);
 
                 defaultNetscalerNetworkOffering.setState(NetworkOffering.State.Enabled);
                 defaultNetscalerNetworkOffering.setSupportsVmAutoScaling(true);
diff --git a/server/src/test/java/com/cloud/network/CreatePrivateNetworkTest.java b/server/src/test/java/com/cloud/network/CreatePrivateNetworkTest.java
index 0541da6449fc..365b241993ad 100644
--- a/server/src/test/java/com/cloud/network/CreatePrivateNetworkTest.java
+++ b/server/src/test/java/com/cloud/network/CreatePrivateNetworkTest.java
@@ -110,7 +110,7 @@ public void setup() throws Exception {
 
         NetworkOfferingVO ntwkOff =
             new NetworkOfferingVO("offer", "fakeOffer", TrafficType.Guest, true, true, null, null, false, null, null, GuestType.Isolated, false, false, false, false,
-                false, false, false, false, false, false, false, false, false, false, false, false);
+                false, false, false, false, false, false, false, false, false, false, false, false, false);
 
         when(networkService._networkOfferingDao.findById(anyLong())).thenReturn(ntwkOff);
         List<NetworkOfferingVO> netofferlist = new ArrayList<NetworkOfferingVO>();
diff --git a/ui/src/views/offering/AddNetworkOffering.vue b/ui/src/views/offering/AddNetworkOffering.vue
index 17359e4e0c0f..709351257d57 100644
--- a/ui/src/views/offering/AddNetworkOffering.vue
+++ b/ui/src/views/offering/AddNetworkOffering.vue
@@ -268,6 +268,13 @@
           v-if="(guestType === 'shared' || guestType === 'isolated') && sourceNatServiceChecked && !isVpcVirtualRouterForAtLeastOneService">
           <a-switch v-model:checked="form.redundantroutercapability" />
         </a-form-item>
+        <a-form-item
+          name=""
+          ref="selectsnatipallowed"
+          :label="$t('label.selectsnatipallowed')"
+          v-if="(guestType === 'shared' || guestType === 'isolated') && sourceNatServiceChecked && !isVpcVirtualRouterForAtLeastOneService">
+          <a-switch v-model:checked="form.selectsnatipallowed" />
+        </a-form-item>
         <a-form-item name="sourcenattype" ref="sourcenattype" :label="$t('label.sourcenattype')" v-if="(guestType === 'shared' || guestType === 'isolated') && sourceNatServiceChecked">
           <a-radio-group
             v-model:value="form.sourcenattype"
@@ -931,11 +938,19 @@ export default {
               params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
               serviceCapabilityIndex++
             }
+            if (values.selectsnatipallowed === true) {
+              params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
+              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'SelectSnatIpAllowed'
+              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
+              serviceCapabilityIndex++
+            }
+
             params['servicecapabilitylist[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
             params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilitytype'] = 'SupportedSourceNatTypes'
             params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilityvalue'] = values.sourcenattype
             serviceCapabilityIndex++
             delete params.redundantroutercapability
+            delete params.selectsnatipallowed
             delete params.sourcenattype
           }
           if (supportedServices.includes('SourceNat')) {
diff --git a/ui/src/views/offering/AddVpcOffering.vue b/ui/src/views/offering/AddVpcOffering.vue
index 738a03a9b2ea..58a8155ccd95 100644
--- a/ui/src/views/offering/AddVpcOffering.vue
+++ b/ui/src/views/offering/AddVpcOffering.vue
@@ -117,6 +117,9 @@
             </a-select-option>
           </a-select>
         </a-form-item>
+        <a-form-item name="ipSelectionAllowed" ref="selectSnatIpAllowed" :label="$t('label.selectsnatipallowed')" v-if="sourceNatServiceChecked">
+          <a-switch v-model:checked="form.selectsnatipallowed" />
+        </a-form-item>
         <a-form-item name="ispublic" ref="ispublic" :label="$t('label.ispublic')" v-if="isAdmin()">
           <a-switch v-model:checked="form.ispublic" />
         </a-form-item>
@@ -484,6 +487,12 @@ export default {
           if (values.serviceofferingid && this.isVpcVirtualRouterForAtLeastOneService) {
             params.serviceofferingid = values.serviceofferingid
           }
+          if (supportedServices.includes('SourceNat') && values.selectsnatipallowed === true) {
+            params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
+            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'SelectSnatIpAllowed'
+            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
+            serviceCapabilityIndex++
+          }
         } else {
           params.supportedservices = ''
         }

From bc2d076e0e5a3b1ff993a663cb9dedf1db99b67a Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 11 Jul 2022 09:25:45 +0200
Subject: [PATCH 06/51] add SelectSnatIpAllowed to sourcenat capabilities

---
 api/src/main/java/com/cloud/network/Network.java                | 2 +-
 .../java/com/cloud/network/element/VirtualRouterElement.java    | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/api/src/main/java/com/cloud/network/Network.java b/api/src/main/java/com/cloud/network/Network.java
index 742cfbcc4f75..c2ebdd1ac55e 100644
--- a/api/src/main/java/com/cloud/network/Network.java
+++ b/api/src/main/java/com/cloud/network/Network.java
@@ -109,7 +109,7 @@ class Service {
         public static final Service Lb = new Service("Lb", Capability.SupportedLBAlgorithms, Capability.SupportedLBIsolation, Capability.SupportedProtocols,
                 Capability.TrafficStatistics, Capability.LoadBalancingSupportedIps, Capability.SupportedStickinessMethods, Capability.ElasticLb, Capability.LbSchemes);
         public static final Service UserData = new Service("UserData");
-        public static final Service SourceNat = new Service("SourceNat", Capability.SupportedSourceNatTypes, Capability.RedundantRouter);
+        public static final Service SourceNat = new Service("SourceNat", Capability.SupportedSourceNatTypes, Capability.RedundantRouter, Capability.SelectSnatIpAllowed);
         public static final Service StaticNat = new Service("StaticNat", Capability.ElasticIp);
         public static final Service PortForwarding = new Service("PortForwarding");
         public static final Service SecurityGroup = new Service("SecurityGroup");
diff --git a/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java b/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
index 839ab9ae0af2..0a2210a2e2f5 100644
--- a/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
+++ b/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
@@ -574,6 +574,7 @@ private static Map<Service, Map<Capability, String>> setCapabilities() {
         final Map<Capability, String> sourceNatCapabilities = new HashMap<Capability, String>();
         sourceNatCapabilities.put(Capability.SupportedSourceNatTypes, "peraccount");
         sourceNatCapabilities.put(Capability.RedundantRouter, "true");
+        sourceNatCapabilities.put(Capability.SelectSnatIpAllowed, "true");
         capabilities.put(Service.SourceNat, sourceNatCapabilities);
 
         capabilities.put(Service.StaticNat, null);

From a3aec15fb74776ae0ec25ece389891d0d6a1ec2f Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 11 Jul 2022 11:31:21 +0200
Subject: [PATCH 07/51] sonar issues + tests

---
 .../ConfigurationManagerImpl.java             | 14 ++--
 .../com/cloud/network/vpc/VpcManagerImpl.java |  2 +-
 .../ConfigurationManagerTest.java             | 64 +++++++++++++++++--
 3 files changed, 65 insertions(+), 15 deletions(-)

diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 3ce93ff6fe97..56b5508f6951 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -6209,13 +6209,11 @@ void validateLoadBalancerServiceCapabilities(final Map<Capability, String> lbSer
     }
 
     void validateSourceNatServiceCapablities(final Map<Capability, String> sourceNatServiceCapabilityMap) {
-        if (sourceNatServiceCapabilityMap != null && !sourceNatServiceCapabilityMap.isEmpty()) {
-            if (sourceNatServiceCapabilityMap.keySet().size() > 3 || ! sourceNatCapabilitiesContainValidValues(sourceNatServiceCapabilityMap)) {
-                throw new InvalidParameterValueException("Only " + Capability.SupportedSourceNatTypes.getName()
-                        + ", " + Capability.RedundantRouter
-                        + " and " + Capability.SelectSnatIpAllowed
-                        + " capabilities can be sepcified for source nat service");
-            }
+        if (MapUtils.isNotEmpty(sourceNatServiceCapabilityMap) && sourceNatServiceCapabilityMap.size() > 3 || ! sourceNatCapabilitiesContainValidValues(sourceNatServiceCapabilityMap)) {
+            throw new InvalidParameterValueException("Only " + Capability.SupportedSourceNatTypes.getName()
+                    + ", " + Capability.RedundantRouter
+                    + " and " + Capability.SelectSnatIpAllowed
+                    + " capabilities can be sepcified for source nat service");
         }
     }
 
@@ -6231,7 +6229,7 @@ private boolean sourceNatCapabilitiesContainValidValues(Map<Capability, String>
                 }
             } else if (Arrays.asList(Capability.RedundantRouter, Capability.SelectSnatIpAllowed).contains(capability)) {
                 if (! Arrays.asList("true", "false").contains(value)) {
-                    throw new InvalidParameterValueException("Unknown specified value for " + Capability.RedundantRouter.getName());
+                    throw new InvalidParameterValueException("Unknown specified value for " + capability.getName());
                 }
             } else {
                 return false;
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index cbd6434dabea..b6c3f436d18d 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -685,7 +685,7 @@ private boolean isVpcOfferingRedundantRouter(final Map serviceCapabilitystList)
         return findCapabilityForService(serviceCapabilitystList, Capability.RedundantRouter, Service.SourceNat);
     }
 
-    private boolean isVpcSelectSnatIpAllowed(final Map serviceCapabilitystList) {
+    private boolean isVpcSelectSnatIpAllowed(final Map<String, String> serviceCapabilitystList) {
         return findCapabilityForService(serviceCapabilitystList, Capability.SelectSnatIpAllowed, Service.SourceNat);
     }
 
diff --git a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
index 715924d5c547..b05f0671b2df 100644
--- a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
+++ b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
@@ -547,16 +547,68 @@ public void searchForNetworkOfferingsTest() {
         assertThat(configurationMgr.searchForNetworkOfferings(cmd).second(), is(2));
     }
 
+    @Test
+    public void validateEmptySourceNatServiceCapablitiesTest() {
+        Map<Capability, String> sourceNatServiceCapabilityMap = new HashMap<>();
+
+        configurationMgr.validateSourceNatServiceCapablities(sourceNatServiceCapabilityMap);
+    }
+
+    @Test
+    public void validateInvalidSourceNatTypeForSourceNatServiceCapablitiesTest() {
+        Map<Capability, String> sourceNatServiceCapabilityMap = new HashMap<>();
+        sourceNatServiceCapabilityMap.put(Capability.SupportedSourceNatTypes, "perDomain");
+
+        boolean caught = false;
+        try {
+            configurationMgr.validateSourceNatServiceCapablities(sourceNatServiceCapabilityMap);
+        } catch (InvalidParameterValueException e) {
+            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Either peraccount or perzone source NAT type can be specified for SupportedSourceNatTypes"));
+            caught = true;
+        }
+        Assert.assertTrue("should not be accepted", caught);
+    }
+
+    @Test
+    public void validateInvalidBooleanValueForSourceNatServiceCapablitiesTest() {
+        Map<Capability, String> sourceNatServiceCapabilityMap = new HashMap<>();
+        sourceNatServiceCapabilityMap.put(Capability.SelectSnatIpAllowed, "maybe");
+
+        boolean caught = false;
+        try {
+            configurationMgr.validateSourceNatServiceCapablities(sourceNatServiceCapabilityMap);
+        } catch (InvalidParameterValueException e) {
+            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Unknown specified value for SelectSnatIpAllowed"));
+            caught = true;
+        }
+        Assert.assertTrue("should not be accepted", caught);
+    }
+
+    @Test
+    public void validateInvalidCapabilityForSourceNatServiceCapablitiesTest() {
+        Map<Capability, String> sourceNatServiceCapabilityMap = new HashMap<>();
+        sourceNatServiceCapabilityMap.put(Capability.ElasticIp, "perDomain");
+
+        boolean caught = false;
+        try {
+            configurationMgr.validateSourceNatServiceCapablities(sourceNatServiceCapabilityMap);
+        } catch (InvalidParameterValueException e) {
+            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Only SupportedSourceNatTypes, Network.Capability[name=RedundantRouter] and Network.Capability[name=SelectSnatIpAllowed] capabilities can be sepcified for source nat service"));
+            caught = true;
+        }
+        Assert.assertTrue("should not be accepted", caught);
+    }
+
     @Test
     public void validateEmptyStaticNatServiceCapablitiesTest() {
-        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<Capability, String>();
+        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<>();
 
         configurationMgr.validateStaticNatServiceCapablities(staticNatServiceCapabilityMap);
     }
 
     @Test
     public void validateInvalidStaticNatServiceCapablitiesTest() {
-        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<Capability, String>();
+        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<>();
         staticNatServiceCapabilityMap.put(Capability.AssociatePublicIP, "Frue and Talse");
 
         boolean caught = false;
@@ -571,7 +623,7 @@ public void validateInvalidStaticNatServiceCapablitiesTest() {
 
     @Test
     public void validateTTStaticNatServiceCapablitiesTest() {
-        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<Capability, String>();
+        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<>();
         staticNatServiceCapabilityMap.put(Capability.AssociatePublicIP, "true and Talse");
         staticNatServiceCapabilityMap.put(Capability.ElasticIp, "True");
 
@@ -580,7 +632,7 @@ public void validateTTStaticNatServiceCapablitiesTest() {
 
     @Test
     public void validateFTStaticNatServiceCapablitiesTest() {
-        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<Capability, String>();
+        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<>();
         staticNatServiceCapabilityMap.put(Capability.AssociatePublicIP, "false");
         staticNatServiceCapabilityMap.put(Capability.ElasticIp, "True");
 
@@ -589,7 +641,7 @@ public void validateFTStaticNatServiceCapablitiesTest() {
 
     @Test
     public void validateTFStaticNatServiceCapablitiesTest() {
-        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<Capability, String>();
+        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<>();
         staticNatServiceCapabilityMap.put(Capability.AssociatePublicIP, "true and Talse");
         staticNatServiceCapabilityMap.put(Capability.ElasticIp, "false");
 
@@ -608,7 +660,7 @@ public void validateTFStaticNatServiceCapablitiesTest() {
 
     @Test
     public void validateFFStaticNatServiceCapablitiesTest() {
-        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<Capability, String>();
+        Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<>();
         staticNatServiceCapabilityMap.put(Capability.AssociatePublicIP, "false");
         staticNatServiceCapabilityMap.put(Capability.ElasticIp, "False");
 

From 427a3eafb1c1812733f607cf7d175a18388c3bc8 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 11 Jul 2022 14:42:39 +0200
Subject: [PATCH 08/51] label for select public source nat ip

---
 ui/public/locales/en.json | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index cdc013f82dcc..d76e3cd324c9 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -1707,6 +1707,7 @@
 "label.see.more.info.network.usage": "See more info about network usage",
 "label.see.more.info.disk.usage": "See more info about disk usage",
 "label.see.more.info.shown.charts": "See more info about the shown charts",
+"label.selectsnatipallowed": "Is selection of the public IP allowed on source NAT interfaces",
 "label.select-view": "Select view",
 "label.select.a.zone": "Select a zone",
 "label.select.deployment.infrastructure": "Select deployment infrastructure",

From b129832065f55133d36de93de790f16e6702dbda Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Tue, 12 Jul 2022 17:02:14 +0200
Subject: [PATCH 09/51] event handler fix

---
 ui/src/views/network/CreateVpc.vue | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ui/src/views/network/CreateVpc.vue b/ui/src/views/network/CreateVpc.vue
index a90e936d6563..db82970bcf29 100644
--- a/ui/src/views/network/CreateVpc.vue
+++ b/ui/src/views/network/CreateVpc.vue
@@ -163,7 +163,7 @@
             v-model:value="form.routerip"
             :placeholder="apiParams.routerip.description"/>
         </a-form-item>
-        <a-form-item v-if="selectedVpcOffering && selectedVpcOffering.selectsnatipallowed" name="routeripv6" ref="routeripv6">
+        <a-form-item v-if="form.selectedVpcOffering && form.selectedVpcOffering.selectsnatipallowed" name="routeripv6" ref="routeripv6">
           <template #label>
             <tooltip-label :title="$t('label.routeripv6')" :tooltip="apiParams.routeripv6.description"/>
           </template>
@@ -290,9 +290,9 @@ export default {
         this.selectedVpcOffering = this.vpcOfferings[0] || {}
       }).finally(() => {
         this.loadingOffering = false
-        if (this.arrayHasItems(this.vpcOfferings)) {
-          this.form.networkofferingid = 0
-          this.handleVpcOfferingChange(this.networkOfferings[0])
+        if (this.vpcOfferings.length > 0) {
+          this.form.vpcofferingid = 0
+          this.handleVpcOfferingChange(this.vpcOfferings[0].id)
         }
       })
     },

From 9c2801518ae6c6d21aaee8349f71fb77a4d6bc08 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Tue, 12 Jul 2022 17:02:35 +0200
Subject: [PATCH 10/51] add select ip field

---
 ui/src/config/section/offering.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ui/src/config/section/offering.js b/ui/src/config/section/offering.js
index d78ba2ec59fd..cdff01536058 100644
--- a/ui/src/config/section/offering.js
+++ b/ui/src/config/section/offering.js
@@ -248,7 +248,7 @@ export default {
       docHelp: 'adminguide/networking.html#network-offerings',
       permission: ['listNetworkOfferings', 'listInfrastructure'],
       columns: ['name', 'state', 'guestiptype', 'traffictype', 'networkrate', 'domain', 'zone', 'order'],
-      details: ['name', 'id', 'displaytext', 'guestiptype', 'traffictype', 'internetprotocol', 'networkrate', 'ispersistent', 'egressdefaultpolicy', 'availability', 'conservemode', 'specifyvlan', 'specifyipranges', 'supportspublicaccess', 'supportsstrechedl2subnet', 'service', 'tags', 'domain', 'zone'],
+      details: ['name', 'id', 'displaytext', 'guestiptype', 'traffictype', 'internetprotocol', 'networkrate', 'ispersistent', 'egressdefaultpolicy', 'availability', 'conservemode', 'specifyvlan', 'specifyipranges', 'supportspublicaccess', 'supportsstrechedl2subnet', 'service', 'tags', 'domain', 'zone', 'selectsnatipallowed'],
       resourceType: 'NetworkOffering',
       tabs: [
         {
@@ -340,7 +340,7 @@ export default {
       permission: ['listVPCOfferings', 'listInfrastructure'],
       resourceType: 'VpcOffering',
       columns: ['name', 'state', 'displaytext', 'domain', 'zone', 'order'],
-      details: ['name', 'id', 'displaytext', 'internetprotocol', 'distributedvpcrouter', 'tags', 'service', 'domain', 'zone', 'created'],
+      details: ['name', 'id', 'displaytext', 'internetprotocol', 'distributedvpcrouter', 'tags', 'service', 'domain', 'zone', 'created', 'selectsnatipallowed'],
       related: [{
         name: 'vpc',
         title: 'label.vpc',

From 1bf3c4a5fa137665e96de4ec1c7d930d5ec4aeef Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 13 Jul 2022 11:10:09 +0200
Subject: [PATCH 11/51] fix add vpc offering

---
 ui/src/views/offering/AddVpcOffering.vue | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/ui/src/views/offering/AddVpcOffering.vue b/ui/src/views/offering/AddVpcOffering.vue
index 58a8155ccd95..3cd304a1fa2b 100644
--- a/ui/src/views/offering/AddVpcOffering.vue
+++ b/ui/src/views/offering/AddVpcOffering.vue
@@ -478,20 +478,22 @@ export default {
               serviceCapabilityIndex++
             }
           }
-          if (supportedServices.includes('SourceNat') && values.redundantrouter === true) {
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'RedundantRouter'
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-            serviceCapabilityIndex++
-          }
           if (values.serviceofferingid && this.isVpcVirtualRouterForAtLeastOneService) {
             params.serviceofferingid = values.serviceofferingid
           }
-          if (supportedServices.includes('SourceNat') && values.selectsnatipallowed === true) {
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'SelectSnatIpAllowed'
-            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-            serviceCapabilityIndex++
+          if (supportedServices.includes('SourceNat')) {
+            if (values.redundantrouter === true) {
+              params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
+              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'RedundantRouter'
+              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
+              serviceCapabilityIndex++
+            }
+            if (values.selectsnatipallowed === true) {
+              params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
+              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'SelectSnatIpAllowed'
+              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
+              serviceCapabilityIndex++
+            }
           }
         } else {
           params.supportedservices = ''

From 7712a3547f8552d6be4b0c1a2bbfe957948f15d5 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Thu, 14 Jul 2022 14:39:49 +0200
Subject: [PATCH 12/51] add routerip as valid field

---
 ui/src/views/network/CreateIsolatedNetworkForm.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/src/views/network/CreateIsolatedNetworkForm.vue b/ui/src/views/network/CreateIsolatedNetworkForm.vue
index 3d9a635f0583..b1b67bccaf0e 100644
--- a/ui/src/views/network/CreateIsolatedNetworkForm.vue
+++ b/ui/src/views/network/CreateIsolatedNetworkForm.vue
@@ -634,7 +634,7 @@ export default {
           displayText: values.displaytext,
           networkOfferingId: this.selectedNetworkOffering.id
         }
-        var usefulFields = ['gateway', 'netmask', 'startip', 'endip', 'dns1', 'dns2', 'ip6dns1', 'ip6dns2', 'externalid', 'vpcid', 'vlan', 'networkdomain']
+        var usefulFields = ['gateway', 'netmask', 'startip', 'startipv4', 'endip', 'endipv4', 'dns1', 'dns2', 'ip6dns1', 'ip6dns2', 'routerip', 'externalid', 'vpcid', 'vlan', 'networkdomain']
         for (var field of usefulFields) {
           if (this.isValidTextValueForKey(values, field)) {
             params[field] = values[field]

From b189c84418fa3f5b1be6fc62a9ce0d6dffcdf214 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Thu, 14 Jul 2022 14:43:10 +0200
Subject: [PATCH 13/51] router ips as parameters

---
 .../com/cloud/network/vpc/VpcService.java     | 23 +++++----
 .../user/network/CreateNetworkCmd.java        | 16 +++----
 .../user/network/UpdateNetworkCmd.java        |  9 ++++
 .../com/cloud/network/NetworkServiceImpl.java | 48 ++++++++++++-------
 .../com/cloud/network/vpc/VpcManagerImpl.java | 13 +++++
 5 files changed, 71 insertions(+), 38 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index 362a1101c7b6..aeae0a8beeea 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -56,6 +56,16 @@ public Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName
                          String dns1, String dns2, String ip6Dns1, String ip6Dns2, Boolean displayVpc, Integer publicMtu)
             throws ResourceAllocationException;
 
+    /**
+     * Persists VPC record in the database
+     *
+     * @param cmd the command with specification data for the new vpc
+     * @return a data object describing the new vpc
+     * @throws ResourceAllocationException TODO
+     */
+    public Vpc createVpc(CreateVPCCmd cmd)
+            throws ResourceAllocationException;
+
     /**
      * Deletes a VPC
      *
@@ -154,18 +164,7 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, Stri
     /**
      * Persists VPC private gateway in the Database.
      *
-     *
-     * @param vpcId TODO
-     * @param physicalNetworkId
-     * @param vlan
-     * @param ipAddress
-     * @param gateway
-     * @param netmask
-     * @param gatewayOwnerId
-     * @param networkOfferingId
-     * @param isSourceNat
-     * @param aclId
-     * @return
+     * @return data object describing the private gateway
      * @throws InsufficientCapacityException
      * @throws ConcurrentOperationException
      * @throws ResourceAllocationException
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index 47cf67b3da30..9316dd92120d 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@ -164,13 +164,13 @@ public class CreateNetworkCmd extends BaseCmd implements UserCmd {
             description = "The network this network is associated to. only available if create a Shared network")
     private Long associatedNetworkId;
 
-    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the router of the network", since = "4.16",
+    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the router", since = "4.18",
             validations = {ApiArgValidator.NotNullOrEmpty})
-    private String routerIp;
+    private String routerIPv4;
 
-    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the router of the network", since = "4.16",
+    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the public interface of the router", since = "4.18",
             validations = {ApiArgValidator.NotNullOrEmpty})
-    private String routerIpv6;
+    private String routerIPv6;
 
     @Parameter(name = ApiConstants.PUBLIC_MTU, type = CommandType.INTEGER,
             description = "MTU to be configured on the network VR's public facing interfaces", since = "4.18.0")
@@ -388,12 +388,12 @@ public String getIp6Dns2() {
         return ip6Dns2;
     }
 
-    public String getRouterIp() {
-        return routerIp;
+    public String getRouterIPv4() {
+        return routerIPv4;
     }
 
-    public String getRouterIpv6() {
-        return routerIpv6;
+    public String getRouterIPv6() {
+        return routerIPv6;
     }
 
     /////////////////////////////////////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
index 3aef9730c1cd..585829a5cf8a 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
@@ -20,6 +20,7 @@
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiArgValidator;
 import org.apache.cloudstack.api.ApiCommandResourceType;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
@@ -104,6 +105,14 @@ public class UpdateNetworkCmd extends BaseAsyncCustomIdCmd implements UserCmd {
     @Parameter(name = ApiConstants.IP6_DNS2, type = CommandType.STRING, description = "the second IPv6 DNS for the network. Empty string will update the second IPv6 DNS with the value from the zone", since = "4.18.0")
     private String ip6Dns2;
 
+    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the router of the network", since = "4.16",
+            validations = {ApiArgValidator.NotNullOrEmpty})
+    private String routerIPv4;
+
+    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the router of the network", since = "4.16",
+            validations = {ApiArgValidator.NotNullOrEmpty})
+    private String routerIPv6;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index 746e4365e1ba..29507cfc05a7 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1298,8 +1298,7 @@ private void checkSharedNetworkCidrOverlap(Long zoneId, long physicalNetworkId,
         }
     }
 
-    private void validateRouterIps(String routerIp, String routerIpv6, String startIp, String endIp, String gateway,
-                                   String netmask, String startIpv6, String endIpv6, String ip6Cidr) {
+    private void validateSharedRouterIPv4(String routerIp, String startIp, String endIp, String gateway, String netmask) {
         if (StringUtils.isNotBlank(routerIp)) {
             if (startIp != null && endIp == null) {
                 endIp = startIp;
@@ -1318,26 +1317,35 @@ private void validateRouterIps(String routerIp, String routerIpv6, String startI
                 }
             }
         }
-        if (StringUtils.isNotBlank(routerIpv6)) {
-            if (startIpv6 != null && endIpv6 == null) {
-                endIpv6 = startIpv6;
+    }
+
+    private void validateSheredRouterIPv6(String routerIPv6, String startIPv6, String endIPv6, String cidrIPv6) {
+        if (StringUtils.isNotBlank(routerIPv6)) {
+            if (startIPv6 != null && endIPv6 == null) {
+                endIPv6 = startIPv6;
             }
-            if (!NetUtils.isValidIp6(routerIpv6)) {
+            if (!NetUtils.isValidIp6(routerIPv6)) {
                 throw new CloudRuntimeException("Router IPv6 address provided is of incorrect format");
             }
-            if (StringUtils.isNoneBlank(startIpv6, endIpv6)) {
-                String ipv6Range = startIpv6 + "-" + endIpv6;
-                if (!NetUtils.isIp6InRange(routerIpv6, ipv6Range)) {
-                    throw new CloudRuntimeException("Router IPv6 address provided is not within the specified range: " + startIpv6 + " - " + endIpv6);
+            if (StringUtils.isNoneBlank(startIPv6, endIPv6)) {
+                String ipv6Range = startIPv6 + "-" + endIPv6;
+                if (!NetUtils.isIp6InRange(routerIPv6, ipv6Range)) {
+                    throw new CloudRuntimeException("Router IPv6 address provided is not within the specified range: " + startIPv6 + " - " + endIPv6);
                 }
             } else {
-                if (!NetUtils.isIp6InNetwork(routerIpv6, ip6Cidr)) {
+                if (!NetUtils.isIp6InNetwork(routerIPv6, cidrIPv6)) {
                     throw new CloudRuntimeException("Router IPv6 address provided is not with the network range");
                 }
             }
         }
     }
 
+    private void validateIsolatedRouterIPv4(String routerIPv4) {
+    }
+
+    private void validateIsolatedRouterIPv6(String routerIPv6) {
+    }
+
     @Override
     @DB
     @ActionEvent(eventType = EventTypes.EVENT_NETWORK_CREATE, eventDescription = "creating network")
@@ -1351,14 +1359,12 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         String vlanId = null;
         boolean bypassVlanOverlapCheck = false;
         boolean hideIpAddressUsage = false;
-        String routerIp = null;
-        String routerIpv6 = null;
+        String routerIp = cmd.getRouterIPv4();
+        String routerIpv6 = cmd.getRouterIPv6();
         if (cmd instanceof CreateNetworkCmdByAdmin) {
             vlanId = ((CreateNetworkCmdByAdmin)cmd).getVlan();
             bypassVlanOverlapCheck = ((CreateNetworkCmdByAdmin)cmd).getBypassVlanOverlapCheck();
             hideIpAddressUsage = ((CreateNetworkCmdByAdmin)cmd).getHideIpAddressUsage();
-            routerIp = ((CreateNetworkCmdByAdmin)cmd).getRouterIp();
-            routerIpv6 = ((CreateNetworkCmdByAdmin)cmd).getRouterIpv6();
         }
 
         String name = cmd.getNetworkName();
@@ -1472,8 +1478,8 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
             }
         }
 
-        if (ntwkOff.getGuestType() != GuestType.Shared && (!StringUtils.isAllBlank(routerIp, routerIpv6))) {
-            throw new InvalidParameterValueException("Router IP can be specified only for Shared networks");
+        if (ntwkOff.getGuestType() == GuestType.L2 && (!StringUtils.isAllBlank(routerIp, routerIpv6))) {
+            throw new InvalidParameterValueException("Router IP cannot be specified for level 2 networks");
         }
 
         if (ntwkOff.getGuestType() == GuestType.Shared && !_networkModel.isProviderForNetworkOffering(Provider.VirtualRouter, networkOfferingId)
@@ -1610,7 +1616,13 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
             }
         }
 
-        validateRouterIps(routerIp, routerIpv6, startIP, endIP, gateway, netmask, startIPv6, endIPv6, ip6Cidr);
+        if (ntwkOff.getGuestType() == GuestType.Shared) {
+            validateSharedRouterIPv4(routerIp, startIP, endIP, gateway, netmask);
+            validateSheredRouterIPv6(routerIpv6, startIPv6, endIPv6, ip6Cidr);
+
+        } else if (ntwkOff.getGuestType() == GuestType.Isolated) {
+            validateIsolatedRouterIPv4(routerIp);
+        }
         Pair<String, String> ip6GatewayCidr = null;
         if (zone.getNetworkType() == NetworkType.Advanced && ntwkOff.getGuestType() == GuestType.Isolated) {
             ipv6 = _networkOfferingDao.isIpv6Supported(ntwkOff.getId());
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index b6c3f436d18d..9e19f4852eb5 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1019,6 +1019,19 @@ public List<Long> getVpcOfferingZones(Long vpcOfferingId) {
         return vpcOfferingDetailsDao.findZoneIds(vpcOfferingId);
     }
 
+    @Override
+    @ActionEvent(eventType = EventTypes.EVENT_VPC_CREATE, eventDescription = "creating vpc", create = true)
+    public Vpc createVpc(CreateVPCCmd cmd) throws ResourceAllocationException {
+        return createVpc(cmd.getZoneId(),
+                cmd.getVpcOffering(),
+                cmd.getEntityOwnerId(),
+                cmd.getVpcName(),
+                cmd.getDisplayText(),
+                cmd.getCidr(),
+                cmd.getNetworkDomain(),
+                cmd.getDisplayVpc());
+    }
+
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_VPC_CREATE, eventDescription = "creating vpc", create = true)
     public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwnerId, final String vpcName, final String displayText, final String cidr, String networkDomain,

From d13439a3e9d82b4e22d02207617ec4e944970170 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Thu, 14 Jul 2022 16:54:24 +0200
Subject: [PATCH 14/51] sonarcloud stuff

---
 .../com/cloud/network/vpc/VpcService.java     | 15 +++----
 .../com/cloud/network/NetworkServiceImpl.java | 43 ++++++++++++-------
 .../com/cloud/network/vpc/VpcManagerImpl.java | 13 ------
 .../cloud/network/NetworkServiceImplTest.java |  4 +-
 4 files changed, 36 insertions(+), 39 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index aeae0a8beeea..86ed35387c3d 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -37,7 +37,6 @@
 
 public interface VpcService {
 
-    public Vpc createVpc(CreateVPCCmd cmd) throws ResourceAllocationException;
     /**
      * Persists VPC record in the database
      *
@@ -61,10 +60,9 @@ public Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName
      *
      * @param cmd the command with specification data for the new vpc
      * @return a data object describing the new vpc
-     * @throws ResourceAllocationException TODO
+     * @throws ResourceAllocationException the resources for this VPC cannot be allocated
      */
-    public Vpc createVpc(CreateVPCCmd cmd)
-            throws ResourceAllocationException;
+    public Vpc createVpc(CreateVPCCmd cmd) throws ResourceAllocationException;
 
     /**
      * Deletes a VPC
@@ -140,17 +138,17 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, Stri
      */
     boolean shutdownVpc(long vpcId) throws ConcurrentOperationException, ResourceUnavailableException;
 
+    boolean restartVpc(RestartVPCCmd cmd) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException;
+
     /**
      * Restarts the VPC. VPC gets shutdown and started as a part of it
      *
      * @param id
      * @param cleanUp
      * @param makeredundant
-     * @return
-     * @throws InsufficientCapacityException
+     * @return success or not
+     * @throws InsufficientCapacityException when there is no suitable deployment plan possible
      */
-    boolean restartVpc(RestartVPCCmd cmd) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException;
-
     boolean restartVpc(Long networkId, boolean cleanup, boolean makeRedundant, boolean livePatch, User user) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientCapacityException;
 
     /**
@@ -262,5 +260,4 @@ IpAddress associateIPToVpc(long ipId, long vpcId) throws ResourceAllocationExcep
      * @return
      */
     public boolean applyStaticRoute(long routeId) throws ResourceUnavailableException;
-
 }
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index 29507cfc05a7..25e471020f82 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1303,9 +1303,7 @@ private void validateSharedRouterIPv4(String routerIp, String startIp, String en
             if (startIp != null && endIp == null) {
                 endIp = startIp;
             }
-            if (!NetUtils.isValidIp4(routerIp)) {
-                throw new CloudRuntimeException("Router IPv4 IP provided is of incorrect format");
-            }
+            isIPv4AddressValid(routerIp);
             if (StringUtils.isNoneBlank(startIp, endIp)) {
                 if (!NetUtils.isIpInRange(routerIp, startIp, endIp)) {
                     throw new CloudRuntimeException("Router IPv4 IP provided is not within the specified range: " + startIp + " - " + endIp);
@@ -1319,14 +1317,12 @@ private void validateSharedRouterIPv4(String routerIp, String startIp, String en
         }
     }
 
-    private void validateSheredRouterIPv6(String routerIPv6, String startIPv6, String endIPv6, String cidrIPv6) {
+    private void validateSharedRouterIPv6(String routerIPv6, String startIPv6, String endIPv6, String cidrIPv6) {
         if (StringUtils.isNotBlank(routerIPv6)) {
             if (startIPv6 != null && endIPv6 == null) {
                 endIPv6 = startIPv6;
             }
-            if (!NetUtils.isValidIp6(routerIPv6)) {
-                throw new CloudRuntimeException("Router IPv6 address provided is of incorrect format");
-            }
+            isIPv6AddressValid(routerIPv6);
             if (StringUtils.isNoneBlank(startIPv6, endIPv6)) {
                 String ipv6Range = startIPv6 + "-" + endIPv6;
                 if (!NetUtils.isIp6InRange(routerIPv6, ipv6Range)) {
@@ -1341,9 +1337,27 @@ private void validateSheredRouterIPv6(String routerIPv6, String startIPv6, Strin
     }
 
     private void validateIsolatedRouterIPv4(String routerIPv4) {
+        if (StringUtils.isNotBlank(routerIPv4)) {
+            isIPv4AddressValid(routerIPv4);
+        }
     }
 
     private void validateIsolatedRouterIPv6(String routerIPv6) {
+        if (StringUtils.isNotBlank(routerIPv6)) {
+            isIPv6AddressValid(routerIPv6);
+        }
+    }
+
+    private void isIPv4AddressValid(String routerIp) {
+        if (!NetUtils.isValidIp4(routerIp)) {
+            throw new CloudRuntimeException("Router IPv4 IP provided is of incorrect format");
+        }
+    }
+
+    private void isIPv6AddressValid(String routerIPv6) {
+        if (!NetUtils.isValidIp6(routerIPv6)) {
+            throw new CloudRuntimeException("Router IPv6 address provided is of incorrect format");
+        }
     }
 
     @Override
@@ -1359,8 +1373,6 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         String vlanId = null;
         boolean bypassVlanOverlapCheck = false;
         boolean hideIpAddressUsage = false;
-        String routerIp = cmd.getRouterIPv4();
-        String routerIpv6 = cmd.getRouterIPv6();
         if (cmd instanceof CreateNetworkCmdByAdmin) {
             vlanId = ((CreateNetworkCmdByAdmin)cmd).getVlan();
             bypassVlanOverlapCheck = ((CreateNetworkCmdByAdmin)cmd).getBypassVlanOverlapCheck();
@@ -1478,12 +1490,12 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
             }
         }
 
-        if (ntwkOff.getGuestType() == GuestType.L2 && (!StringUtils.isAllBlank(routerIp, routerIpv6))) {
+        if (ntwkOff.getGuestType() == GuestType.L2 && (!StringUtils.isAllBlank(cmd.getRouterIPv4(), cmd.getRouterIPv6()))) {
             throw new InvalidParameterValueException("Router IP cannot be specified for level 2 networks");
         }
 
         if (ntwkOff.getGuestType() == GuestType.Shared && !_networkModel.isProviderForNetworkOffering(Provider.VirtualRouter, networkOfferingId)
-                && (!StringUtils.isAllBlank(routerIp, routerIpv6))) {
+                && (!StringUtils.isAllBlank(cmd.getRouterIPv4(), cmd.getRouterIPv6()))) {
             throw new InvalidParameterValueException("Virtual Router is not a supported provider for the Shared network, hence router ip should not be provided");
         }
 
@@ -1617,11 +1629,12 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         }
 
         if (ntwkOff.getGuestType() == GuestType.Shared) {
-            validateSharedRouterIPv4(routerIp, startIP, endIP, gateway, netmask);
-            validateSheredRouterIPv6(routerIpv6, startIPv6, endIPv6, ip6Cidr);
+            validateSharedRouterIPv4(cmd.getRouterIPv4(), startIP, endIP, gateway, netmask);
+            validateSharedRouterIPv6(cmd.getRouterIPv6(), startIPv6, endIPv6, ip6Cidr);
 
         } else if (ntwkOff.getGuestType() == GuestType.Isolated) {
-            validateIsolatedRouterIPv4(routerIp);
+            validateIsolatedRouterIPv4(cmd.getRouterIPv4());
+            validateIsolatedRouterIPv6(cmd.getRouterIPv6());
         }
         Pair<String, String> ip6GatewayCidr = null;
         if (zone.getNetworkType() == NetworkType.Advanced && ntwkOff.getGuestType() == GuestType.Isolated) {
@@ -1743,7 +1756,7 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
 
         Network network = commitNetwork(networkOfferingId, gateway, startIP, endIP, netmask, networkDomain, vlanId, bypassVlanOverlapCheck, name, displayText, caller, physicalNetworkId, zoneId,
                 domainId, isDomainSpecific, subdomainAccess, vpcId, startIPv6, endIPv6, ip6Gateway, ip6Cidr, displayNetwork, aclId, secondaryVlanId, privateVlanType, ntwkOff, pNtwk, aclType, owner, cidr, createVlan,
-                externalId, routerIp, routerIpv6, associatedNetwork, ip4Dns1, ip4Dns2, ip6Dns1, ip6Dns2, interfaceMTUs);
+                externalId, cmd.getRouterIPv4(), cmd.getRouterIPv6(), associatedNetwork, ip4Dns1, ip4Dns2, ip6Dns1, ip6Dns2, interfaceMTUs);
 
         if (hideIpAddressUsage) {
             _networkDetailsDao.persist(new NetworkDetailVO(network.getId(), Network.hideIpAddressUsage, String.valueOf(hideIpAddressUsage), false));
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index 9e19f4852eb5..b6c3f436d18d 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1019,19 +1019,6 @@ public List<Long> getVpcOfferingZones(Long vpcOfferingId) {
         return vpcOfferingDetailsDao.findZoneIds(vpcOfferingId);
     }
 
-    @Override
-    @ActionEvent(eventType = EventTypes.EVENT_VPC_CREATE, eventDescription = "creating vpc", create = true)
-    public Vpc createVpc(CreateVPCCmd cmd) throws ResourceAllocationException {
-        return createVpc(cmd.getZoneId(),
-                cmd.getVpcOffering(),
-                cmd.getEntityOwnerId(),
-                cmd.getVpcName(),
-                cmd.getDisplayText(),
-                cmd.getCidr(),
-                cmd.getNetworkDomain(),
-                cmd.getDisplayVpc());
-    }
-
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_VPC_CREATE, eventDescription = "creating vpc", create = true)
     public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwnerId, final String vpcName, final String displayText, final String cidr, String networkDomain,
diff --git a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
index fcf7ad3665a6..06510ac76d51 100644
--- a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
+++ b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
@@ -562,7 +562,7 @@ public void testCreateNetworkDnsVpcFailure() {
         }
     }
 
-    @Test(expected = InvalidParameterValueException.class)
+    @Test(expected = CloudRuntimeException.class)
     public void testCreateNetworkDnsOfferingServiceFailure() {
         registerCallContext();
         CreateNetworkCmd cmd = Mockito.mock(CreateNetworkCmd.class);
@@ -577,7 +577,7 @@ public void testCreateNetworkDnsOfferingServiceFailure() {
         }
     }
 
-    @Test(expected = InvalidParameterValueException.class)
+    @Test(expected = CloudRuntimeException.class)
     public void testCreateIp4NetworkIp6DnsFailure() {
         registerCallContext();
         CreateNetworkCmd cmd = Mockito.mock(CreateNetworkCmd.class);

From 5a9733ef617dacc053b4759c6fde44f486f6bd8c Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 16 Jan 2023 17:17:38 +0100
Subject: [PATCH 15/51] fix sql scripts

---
 .../db/schema-41720to41800-cleanup.sql        | 119 ------------------
 .../META-INF/db/schema-41720to41800.sql       |   2 +-
 .../META-INF/db/schema-41810to41900.sql       | 115 +++++++++++++++++
 3 files changed, 116 insertions(+), 120 deletions(-)

diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
index 6a4f3d5227af..9e200d76fb4c 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800-cleanup.sql
@@ -18,122 +18,3 @@
 --;
 -- Schema upgrade cleanup from 4.17.2.0 to 4.18.0.0
 --;
-
-ALTER TABLE cloud.network_offerings ADD select_snat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to spicify the primary public ip for this network on creation';
-ALTER TABLE cloud.vpc_offerings ADD select_snat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to spicify the primary public ip for this vpc on creation';
-
--- cloud.network_offering_view source
-
-CREATE OR REPLACE
-ALGORITHM = UNDEFINED VIEW `network_offering_view` AS
-select
-    `network_offerings`.`id` AS `id`,
-    `network_offerings`.`uuid` AS `uuid`,
-    `network_offerings`.`name` AS `name`,
-    `network_offerings`.`unique_name` AS `unique_name`,
-    `network_offerings`.`display_text` AS `display_text`,
-    `network_offerings`.`nw_rate` AS `nw_rate`,
-    `network_offerings`.`mc_rate` AS `mc_rate`,
-    `network_offerings`.`traffic_type` AS `traffic_type`,
-    `network_offerings`.`tags` AS `tags`,
-    `network_offerings`.`system_only` AS `system_only`,
-    `network_offerings`.`specify_vlan` AS `specify_vlan`,
-    `network_offerings`.`service_offering_id` AS `service_offering_id`,
-    `network_offerings`.`conserve_mode` AS `conserve_mode`,
-    `network_offerings`.`created` AS `created`,
-    `network_offerings`.`removed` AS `removed`,
-    `network_offerings`.`default` AS `default`,
-    `network_offerings`.`availability` AS `availability`,
-    `network_offerings`.`dedicated_lb_service` AS `dedicated_lb_service`,
-    `network_offerings`.`shared_source_nat_service` AS `shared_source_nat_service`,
-    `network_offerings`.`sort_key` AS `sort_key`,
-    `network_offerings`.`redundant_router_service` AS `redundant_router_service`,
-    `network_offerings`.`state` AS `state`,
-    `network_offerings`.`guest_type` AS `guest_type`,
-    `network_offerings`.`elastic_ip_service` AS `elastic_ip_service`,
-    `network_offerings`.`eip_associate_public_ip` AS `eip_associate_public_ip`,
-    `network_offerings`.`elastic_lb_service` AS `elastic_lb_service`,
-    `network_offerings`.`specify_ip_ranges` AS `specify_ip_ranges`,
-    `network_offerings`.`inline` AS `inline`,
-    `network_offerings`.`is_persistent` AS `is_persistent`,
-    `network_offerings`.`internal_lb` AS `internal_lb`,
-    `network_offerings`.`public_lb` AS `public_lb`,
-    `network_offerings`.`egress_default_policy` AS `egress_default_policy`,
-    `network_offerings`.`concurrent_connections` AS `concurrent_connections`,
-    `network_offerings`.`keep_alive_enabled` AS `keep_alive_enabled`,
-    `network_offerings`.`supports_streched_l2` AS `supports_streched_l2`,
-    `network_offerings`.`supports_public_access` AS `supports_public_access`,
-    `network_offerings`.`for_vpc` AS `for_vpc`,
-    `network_offerings`.`service_package_id` AS `service_package_id`,
-    `network_offerings`.`select_snat_address_allowed` as `select_snat_address_allowed`,
-    group_concat(distinct `domain`.`id` separator ',') AS `domain_id`,
-    group_concat(distinct `domain`.`uuid` separator ',') AS `domain_uuid`,
-    group_concat(distinct `domain`.`name` separator ',') AS `domain_name`,
-    group_concat(distinct `domain`.`path` separator ',') AS `domain_path`,
-    group_concat(distinct `zone`.`id` separator ',') AS `zone_id`,
-    group_concat(distinct `zone`.`uuid` separator ',') AS `zone_uuid`,
-    group_concat(distinct `zone`.`name` separator ',') AS `zone_name`,
-    `offering_details`.`value` AS `internet_protocol`
-from
-    (((((`network_offerings`
-left join `network_offering_details` `domain_details` on
-    (((`domain_details`.`network_offering_id` = `network_offerings`.`id`)
-        and (`domain_details`.`name` = 'domainid'))))
-left join `domain` on
-    ((0 <> find_in_set(`domain`.`id`, `domain_details`.`value`))))
-left join `network_offering_details` `zone_details` on
-    (((`zone_details`.`network_offering_id` = `network_offerings`.`id`)
-        and (`zone_details`.`name` = 'zoneid'))))
-left join `data_center` `zone` on
-    ((0 <> find_in_set(`zone`.`id`, `zone_details`.`value`))))
-left join `network_offering_details` `offering_details` on
-    (((`offering_details`.`network_offering_id` = `network_offerings`.`id`)
-        and (`offering_details`.`name` = 'internetProtocol'))))
-group by
-    `network_offerings`.`id`;
-
--- cloud.vpc_offering_view source
-
-CREATE OR REPLACE
-ALGORITHM = UNDEFINED VIEW `vpc_offering_view` AS
-select
-    `vpc_offerings`.`id` AS `id`,
-    `vpc_offerings`.`uuid` AS `uuid`,
-    `vpc_offerings`.`name` AS `name`,
-    `vpc_offerings`.`unique_name` AS `unique_name`,
-    `vpc_offerings`.`display_text` AS `display_text`,
-    `vpc_offerings`.`state` AS `state`,
-    `vpc_offerings`.`default` AS `default`,
-    `vpc_offerings`.`created` AS `created`,
-    `vpc_offerings`.`removed` AS `removed`,
-    `vpc_offerings`.`service_offering_id` AS `service_offering_id`,
-    `vpc_offerings`.`supports_distributed_router` AS `supports_distributed_router`,
-    `vpc_offerings`.`supports_region_level_vpc` AS `supports_region_level_vpc`,
-    `vpc_offerings`.`redundant_router_service` AS `redundant_router_service`,
-    `vpc_offerings`.`sort_key` AS `sort_key`,
-    `vpc_offerings`.`select_snat_address_allowed` as `select_snat_address_allowed`,
-    group_concat(distinct `domain`.`id` separator ',') AS `domain_id`,
-    group_concat(distinct `domain`.`uuid` separator ',') AS `domain_uuid`,
-    group_concat(distinct `domain`.`name` separator ',') AS `domain_name`,
-    group_concat(distinct `domain`.`path` separator ',') AS `domain_path`,
-    group_concat(distinct `zone`.`id` separator ',') AS `zone_id`,
-    group_concat(distinct `zone`.`uuid` separator ',') AS `zone_uuid`,
-    group_concat(distinct `zone`.`name` separator ',') AS `zone_name`,
-    `offering_details`.`value` AS `internet_protocol`
-from
-    (((((`vpc_offerings`
-left join `vpc_offering_details` `domain_details` on
-    (((`domain_details`.`offering_id` = `vpc_offerings`.`id`)
-        and (`domain_details`.`name` = 'domainid'))))
-left join `domain` on
-    ((0 <> find_in_set(`domain`.`id`, `domain_details`.`value`))))
-left join `vpc_offering_details` `zone_details` on
-    (((`zone_details`.`offering_id` = `vpc_offerings`.`id`)
-        and (`zone_details`.`name` = 'zoneid'))))
-left join `data_center` `zone` on
-    ((0 <> find_in_set(`zone`.`id`, `zone_details`.`value`))))
-left join `vpc_offering_details` `offering_details` on
-    (((`offering_details`.`offering_id` = `vpc_offerings`.`id`)
-        and (`offering_details`.`name` = 'internetprotocol'))))
-group by
-    `vpc_offerings`.`id`;
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
index 9ea05176b6d0..bce8c13133df 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
@@ -1583,4 +1583,4 @@ UPDATE
 SET
   usage_type = 22
 WHERE
-  usage_type = 24 AND usage_display like '% io write';
\ No newline at end of file
+  usage_type = 24 AND usage_display like '% io write';
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
index ea154da98f8d..2f45ff06b021 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
@@ -21,3 +21,118 @@
 
 -- select initial ip for VPCs --
 ALTER TABLE cloud.network_offerings ADD select_snat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to spicify the primary public ip for this network on creation';
+ALTER TABLE cloud.vpc_offerings ADD select_snat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to spicify the primary public ip for this vpc on creation';
+
+-- cloud.network_offering_view source
+
+DROP VIEW IF EXISTS `cloud`.`network_offering_view`;
+CREATE VIEW `cloud`.`network_offering_view` AS
+    SELECT
+        `network_offerings`.`id` AS `id`,
+        `network_offerings`.`uuid` AS `uuid`,
+        `network_offerings`.`name` AS `name`,
+        `network_offerings`.`unique_name` AS `unique_name`,
+        `network_offerings`.`display_text` AS `display_text`,
+        `network_offerings`.`nw_rate` AS `nw_rate`,
+        `network_offerings`.`mc_rate` AS `mc_rate`,
+        `network_offerings`.`traffic_type` AS `traffic_type`,
+        `network_offerings`.`tags` AS `tags`,
+        `network_offerings`.`system_only` AS `system_only`,
+        `network_offerings`.`specify_vlan` AS `specify_vlan`,
+        `network_offerings`.`service_offering_id` AS `service_offering_id`,
+        `network_offerings`.`conserve_mode` AS `conserve_mode`,
+        `network_offerings`.`created` AS `created`,
+        `network_offerings`.`removed` AS `removed`,
+        `network_offerings`.`default` AS `default`,
+        `network_offerings`.`availability` AS `availability`,
+        `network_offerings`.`dedicated_lb_service` AS `dedicated_lb_service`,
+        `network_offerings`.`shared_source_nat_service` AS `shared_source_nat_service`,
+        `network_offerings`.`sort_key` AS `sort_key`,
+        `network_offerings`.`redundant_router_service` AS `redundant_router_service`,
+        `network_offerings`.`state` AS `state`,
+        `network_offerings`.`guest_type` AS `guest_type`,
+        `network_offerings`.`elastic_ip_service` AS `elastic_ip_service`,
+        `network_offerings`.`eip_associate_public_ip` AS `eip_associate_public_ip`,
+        `network_offerings`.`elastic_lb_service` AS `elastic_lb_service`,
+        `network_offerings`.`specify_ip_ranges` AS `specify_ip_ranges`,
+        `network_offerings`.`inline` AS `inline`,
+        `network_offerings`.`is_persistent` AS `is_persistent`,
+        `network_offerings`.`internal_lb` AS `internal_lb`,
+        `network_offerings`.`public_lb` AS `public_lb`,
+        `network_offerings`.`egress_default_policy` AS `egress_default_policy`,
+        `network_offerings`.`concurrent_connections` AS `concurrent_connections`,
+        `network_offerings`.`keep_alive_enabled` AS `keep_alive_enabled`,
+        `network_offerings`.`supports_streched_l2` AS `supports_streched_l2`,
+        `network_offerings`.`supports_public_access` AS `supports_public_access`,
+        `network_offerings`.`supports_vm_autoscaling` AS `supports_vm_autoscaling`,
+        `network_offerings`.`for_vpc` AS `for_vpc`,
+        `network_offerings`.`service_package_id` AS `service_package_id`,
+        `network_offerings`.`select_snat_address_allowed` as `select_snat_address_allowed`,
+        GROUP_CONCAT(DISTINCT domain.id) AS domain_id,
+        GROUP_CONCAT(DISTINCT domain.uuid) AS domain_uuid,
+        GROUP_CONCAT(DISTINCT domain.name) AS domain_name,
+        GROUP_CONCAT(DISTINCT domain.path) AS domain_path,
+        GROUP_CONCAT(DISTINCT zone.id) AS zone_id,
+        GROUP_CONCAT(DISTINCT zone.uuid) AS zone_uuid,
+        GROUP_CONCAT(DISTINCT zone.name) AS zone_name,
+        `offering_details`.value AS internet_protocol
+    FROM
+        `cloud`.`network_offerings`
+            LEFT JOIN
+        `cloud`.`network_offering_details` AS `domain_details` ON `domain_details`.`network_offering_id` = `network_offerings`.`id` AND `domain_details`.`name` = 'domainid'
+            LEFT JOIN
+        `cloud`.`domain` AS `domain` ON FIND_IN_SET(`domain`.`id`, `domain_details`.`value`)
+            LEFT JOIN
+        `cloud`.`network_offering_details` AS `zone_details` ON `zone_details`.`network_offering_id` = `network_offerings`.`id` AND `zone_details`.`name` = 'zoneid'
+            LEFT JOIN
+        `cloud`.`data_center` AS `zone` ON FIND_IN_SET(`zone`.`id`, `zone_details`.`value`)
+            LEFT JOIN
+        `cloud`.`network_offering_details` AS `offering_details` ON `offering_details`.`network_offering_id` = `network_offerings`.`id` AND `offering_details`.`name` = 'internetProtocol'
+    GROUP BY
+        `network_offerings`.`id`;
+
+-- cloud.vpc_offering_view source
+
+CREATE OR REPLACE
+ALGORITHM = UNDEFINED VIEW `vpc_offering_view` AS
+select
+    `vpc_offerings`.`id` AS `id`,
+    `vpc_offerings`.`uuid` AS `uuid`,
+    `vpc_offerings`.`name` AS `name`,
+    `vpc_offerings`.`unique_name` AS `unique_name`,
+    `vpc_offerings`.`display_text` AS `display_text`,
+    `vpc_offerings`.`state` AS `state`,
+    `vpc_offerings`.`default` AS `default`,
+    `vpc_offerings`.`created` AS `created`,
+    `vpc_offerings`.`removed` AS `removed`,
+    `vpc_offerings`.`service_offering_id` AS `service_offering_id`,
+    `vpc_offerings`.`supports_distributed_router` AS `supports_distributed_router`,
+    `vpc_offerings`.`supports_region_level_vpc` AS `supports_region_level_vpc`,
+    `vpc_offerings`.`redundant_router_service` AS `redundant_router_service`,
+    `vpc_offerings`.`sort_key` AS `sort_key`,
+    `vpc_offerings`.`select_snat_address_allowed` as `select_snat_address_allowed`,
+    group_concat(distinct `domain`.`id` separator ',') AS `domain_id`,
+    group_concat(distinct `domain`.`uuid` separator ',') AS `domain_uuid`,
+    group_concat(distinct `domain`.`name` separator ',') AS `domain_name`,
+    group_concat(distinct `domain`.`path` separator ',') AS `domain_path`,
+    group_concat(distinct `zone`.`id` separator ',') AS `zone_id`,
+    group_concat(distinct `zone`.`uuid` separator ',') AS `zone_uuid`,
+    group_concat(distinct `zone`.`name` separator ',') AS `zone_name`,
+    `offering_details`.`value` AS `internet_protocol`
+from
+    (((((`vpc_offerings`
+left join `vpc_offering_details` `domain_details` on
+    (((`domain_details`.`offering_id` = `vpc_offerings`.`id`)
+        and (`domain_details`.`name` = 'domainid'))))
+left join `domain` on
+    ((0 <> find_in_set(`domain`.`id`, `domain_details`.`value`))))
+left join `vpc_offering_details` `zone_details` on
+    (((`zone_details`.`offering_id` = `vpc_offerings`.`id`)
+        and (`zone_details`.`name` = 'zoneid'))))
+left join `data_center` `zone` on
+    ((0 <> find_in_set(`zone`.`id`, `zone_details`.`value`))))
+left join `vpc_offering_details` `offering_details` on
+    (((`offering_details`.`offering_id` = `vpc_offerings`.`id`)
+        and (`offering_details`.`name` = 'internetprotocol'))))
+group by
+    `vpc_offerings`.`id`;

From 9dce79bdb060c39a444172a91b4b1419244b1c12 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 23 Jan 2023 13:26:45 +0100
Subject: [PATCH 16/51] renamings

---
 api/src/main/java/com/cloud/network/Network.java |  4 ++--
 .../java/com/cloud/network/vpc/VpcOffering.java  |  2 +-
 .../java/com/cloud/offering/NetworkOffering.java |  2 +-
 .../org/apache/cloudstack/api/ApiConstants.java  |  2 +-
 .../api/response/NetworkOfferingResponse.java    |  8 ++++----
 .../api/response/VpcOfferingResponse.java        |  8 ++++----
 .../com/cloud/network/vpc/VpcOfferingVO.java     | 16 ++++++++--------
 .../com/cloud/offerings/NetworkOfferingVO.java   | 16 ++++++++--------
 .../META-INF/db/schema-41810to41900.sql          |  8 ++++----
 .../query/dao/NetworkOfferingJoinDaoImpl.java    |  2 +-
 .../api/query/dao/VpcOfferingJoinDaoImpl.java    |  2 +-
 .../api/query/vo/NetworkOfferingJoinVO.java      | 12 ++++++------
 .../cloud/api/query/vo/VpcOfferingJoinVO.java    | 12 ++++++------
 .../configuration/ConfigurationManagerImpl.java  | 14 +++++++-------
 .../com/cloud/network/NetworkServiceImpl.java    | 16 ++++++++--------
 .../network/element/VirtualRouterElement.java    |  2 +-
 .../com/cloud/network/vpc/VpcManagerImpl.java    | 12 ++++++------
 .../configuration/ConfigurationManagerTest.java  |  6 +++---
 ui/src/views/offering/AddNetworkOffering.vue     |  2 +-
 ui/src/views/offering/AddVpcOffering.vue         |  4 ++--
 20 files changed, 75 insertions(+), 75 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/Network.java b/api/src/main/java/com/cloud/network/Network.java
index c2ebdd1ac55e..58be55d4ba92 100644
--- a/api/src/main/java/com/cloud/network/Network.java
+++ b/api/src/main/java/com/cloud/network/Network.java
@@ -109,7 +109,7 @@ class Service {
         public static final Service Lb = new Service("Lb", Capability.SupportedLBAlgorithms, Capability.SupportedLBIsolation, Capability.SupportedProtocols,
                 Capability.TrafficStatistics, Capability.LoadBalancingSupportedIps, Capability.SupportedStickinessMethods, Capability.ElasticLb, Capability.LbSchemes);
         public static final Service UserData = new Service("UserData");
-        public static final Service SourceNat = new Service("SourceNat", Capability.SupportedSourceNatTypes, Capability.RedundantRouter, Capability.SelectSnatIpAllowed);
+        public static final Service SourceNat = new Service("SourceNat", Capability.SupportedSourceNatTypes, Capability.RedundantRouter, Capability.SpecifySourceNatIp);
         public static final Service StaticNat = new Service("StaticNat", Capability.ElasticIp);
         public static final Service PortForwarding = new Service("PortForwarding");
         public static final Service SecurityGroup = new Service("SecurityGroup");
@@ -270,7 +270,7 @@ public static class Capability {
         public static final Capability LoadBalancingSupportedIps = new Capability("LoadBalancingSupportedIps");
         public static final Capability AllowDnsSuffixModification = new Capability("AllowDnsSuffixModification");
         public static final Capability RedundantRouter = new Capability("RedundantRouter");
-        public static final Capability SelectSnatIpAllowed = new Capability("SelectSnatIpAllowed");
+        public static final Capability SpecifySourceNatIp = new Capability("SpecifySourceNatAllowed");
         public static final Capability ElasticIp = new Capability("ElasticIp");
         public static final Capability AssociatePublicIP = new Capability("AssociatePublicIP");
         public static final Capability ElasticLb = new Capability("ElasticLb");
diff --git a/api/src/main/java/com/cloud/network/vpc/VpcOffering.java b/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
index 5df7627c29b6..9057ca6871fc 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
@@ -74,5 +74,5 @@ public enum State {
 
     Date getCreated();
 
-    boolean isSelectSnatIpAllowed();
+    boolean isSpecifySourceNatAllowed();
 }
diff --git a/api/src/main/java/com/cloud/offering/NetworkOffering.java b/api/src/main/java/com/cloud/offering/NetworkOffering.java
index 211cb081c9c5..9c9050b192e3 100644
--- a/api/src/main/java/com/cloud/offering/NetworkOffering.java
+++ b/api/src/main/java/com/cloud/offering/NetworkOffering.java
@@ -152,5 +152,5 @@ public enum Detail {
 
     Date getCreated();
 
-    boolean isSelectSnatIpAllowed();
+    boolean isSpecifySourceNatAllowed();
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index ade7f427be0d..ee79e3f03891 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -1017,7 +1017,7 @@ public class ApiConstants {
     public static final String LOGIN = "login";
     public static final String LOGOUT = "logout";
     public static final String LIST_IDPS = "listIdps";
-    public static final String IS_SELECTION_OF_STATIC_NAT_ALLOWED = "selectsnatipallowed";
+    public static final String IS_SELECTION_OF_SOURCE_NAT_ALLOWED = "selectsnatipallowed";
 
     public static final String PUBLIC_MTU = "publicmtu";
     public static final String PRIVATE_MTU = "privatemtu";
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
index 975a6d0c1de7..6d595d6363ac 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
@@ -147,9 +147,9 @@ public class NetworkOfferingResponse extends BaseResponseWithAnnotations {
     @Param(description = "the internet protocol of the network offering")
     private String internetProtocol;
 
-    @SerializedName(ApiConstants.IS_SELECTION_OF_STATIC_NAT_ALLOWED)
+    @SerializedName(ApiConstants.IS_SELECTION_OF_SOURCE_NAT_ALLOWED)
     @Param(description = "Are users allowed to select a primarey SNAT public address", since = "4.18")
-    boolean selectSnatIpAllowed;
+    boolean specifySourceNatAllowed;
 
     public void setId(String id) {
         this.id = id;
@@ -287,7 +287,7 @@ public void setInternetProtocol(String internetProtocol) {
         this.internetProtocol = internetProtocol;
     }
 
-    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
-        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
+        this.specifySourceNatAllowed = specifySourceNatAllowed;
     }
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
index 020204cc46df..e3a91ac1fa58 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
@@ -86,9 +86,9 @@ public class VpcOfferingResponse extends BaseResponse {
     @Param(description = "the internet protocol of the vpc offering")
     private String internetProtocol;
 
-    @SerializedName(ApiConstants.IS_SELECTION_OF_STATIC_NAT_ALLOWED)
+    @SerializedName(ApiConstants.IS_SELECTION_OF_SOURCE_NAT_ALLOWED)
     @Param(description = "Are users allowed to select a primarey SNAT public address", since = "4.18")
-    boolean selectSnatIpAllowed;
+    boolean specifySourceNatAllowed;
 
     public void setId(String id) {
         this.id = id;
@@ -166,7 +166,7 @@ public void setInternetProtocol(String internetProtocol) {
         this.internetProtocol = internetProtocol;
     }
 
-    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
-        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
+        this.specifySourceNatAllowed = specifySourceNatAllowed;
     }
 }
diff --git a/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java b/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
index e3b41f7f437c..0c9390035535 100644
--- a/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
+++ b/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
@@ -79,8 +79,8 @@ public class VpcOfferingVO implements VpcOffering {
     @Column(name = "sort_key")
     int sortKey;
 
-    @Column(name = "select_snat_address_allowed")
-    boolean selectSnatIpAllowed = false;
+    @Column(name = "specify_source_nat_address_allowed")
+    boolean specifySourceNatAllowed = false;
 
     public VpcOfferingVO() {
         this.uuid = UUID.randomUUID().toString();
@@ -97,13 +97,13 @@ public VpcOfferingVO(String name, String displayText, Long serviceOfferingId) {
 
     public VpcOfferingVO(final String name, final String displayText, final boolean isDefault, final Long serviceOfferingId,
                          final boolean supportsDistributedRouter, final boolean offersRegionLevelVPC,
-                         final boolean redundantRouter, final boolean selectSnatIpAllowed) {
+                         final boolean redundantRouter, final boolean specifySourceNatAllowed) {
         this(name, displayText, serviceOfferingId);
         this.isDefault = isDefault;
         this.supportsDistributedRouter = supportsDistributedRouter;
         this.offersRegionLevelVPC = offersRegionLevelVPC;
         this.redundantRouter = redundantRouter;
-        this.selectSnatIpAllowed = selectSnatIpAllowed;
+        this.specifySourceNatAllowed = specifySourceNatAllowed;
     }
 
     public VpcOfferingVO(String name, String displayText, boolean isDefault, Long serviceOfferingId,
@@ -208,12 +208,12 @@ public int getSortKey() {
         return sortKey;
     }
 
-    public boolean isSelectSnatIpAllowed() {
-        return selectSnatIpAllowed;
+    public boolean isSpecifySourceNatAllowed() {
+        return specifySourceNatAllowed;
     }
 
-    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
-        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
+        this.specifySourceNatAllowed = specifySourceNatAllowed;
     }
 
 }
diff --git a/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java b/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
index 5a3847698ed7..377fdb5d76be 100644
--- a/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
+++ b/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
@@ -168,15 +168,15 @@ public String getDisplayText() {
     @Column(name="service_package_id")
     String servicePackageUuid = null;
 
-    @Column(name = "select_snat_address_allowed")
-    boolean selectSnatIpAllowed = false;
+    @Column(name = "specify_source_nat_address_allowed")
+    boolean specifySourceNatAllowed = false;
 
-    public boolean isSelectSnatIpAllowed() {
-        return selectSnatIpAllowed;
+    public boolean isSpecifySourceNatAllowed() {
+        return specifySourceNatAllowed;
     }
 
-    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
-        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
+        this.specifySourceNatAllowed = specifySourceNatAllowed;
     }
 
     @Override
@@ -383,7 +383,7 @@ public NetworkOfferingVO(String name, String displayText, TrafficType trafficTyp
     public NetworkOfferingVO(String name, String displayText, TrafficType trafficType, boolean systemOnly, boolean specifyVlan, Integer rateMbps,
                              Integer multicastRateMbps, boolean isDefault, Availability availability, String tags, Network.GuestType guestType, boolean conserveMode, boolean dedicatedLb,
                              boolean sharedSourceNat, boolean redundantRouter, boolean elasticIp, boolean elasticLb, boolean specifyIpRanges, boolean inline, boolean isPersistent,
-                             boolean associatePublicIP, boolean publicLb, boolean internalLb, boolean isForVpc, boolean egressdefaultpolicy, boolean supportsStrechedL2, boolean supportsPublicAccess, boolean selectSnatIpAllowed) {
+                             boolean associatePublicIP, boolean publicLb, boolean internalLb, boolean isForVpc, boolean egressdefaultpolicy, boolean supportsStrechedL2, boolean supportsPublicAccess, boolean specifySourceNatAllowed) {
         this(name,
             displayText,
             trafficType,
@@ -403,7 +403,7 @@ public NetworkOfferingVO(String name, String displayText, TrafficType trafficTyp
         this.dedicatedLB = dedicatedLb;
         this.sharedSourceNat = sharedSourceNat;
         this.redundantRouter = redundantRouter;
-        this.selectSnatIpAllowed = selectSnatIpAllowed;
+        this.specifySourceNatAllowed = specifySourceNatAllowed;
         this.elasticIp = elasticIp;
         this.elasticLb = elasticLb;
         this.inline = inline;
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
index 2f45ff06b021..eba69502aa69 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
@@ -20,8 +20,8 @@
 --;
 
 -- select initial ip for VPCs --
-ALTER TABLE cloud.network_offerings ADD select_snat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to spicify the primary public ip for this network on creation';
-ALTER TABLE cloud.vpc_offerings ADD select_snat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to spicify the primary public ip for this vpc on creation';
+ALTER TABLE cloud.network_offerings ADD specify_source_nat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to specify the primary public ip for this network on creation';
+ALTER TABLE cloud.vpc_offerings ADD specify_source_nat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to specify the primary public ip for this vpc on creation';
 
 -- cloud.network_offering_view source
 
@@ -67,7 +67,7 @@ CREATE VIEW `cloud`.`network_offering_view` AS
         `network_offerings`.`supports_vm_autoscaling` AS `supports_vm_autoscaling`,
         `network_offerings`.`for_vpc` AS `for_vpc`,
         `network_offerings`.`service_package_id` AS `service_package_id`,
-        `network_offerings`.`select_snat_address_allowed` as `select_snat_address_allowed`,
+        `network_offerings`.`specify_source_nat_address_allowed` as `specify_source_nat_address_allowed`,
         GROUP_CONCAT(DISTINCT domain.id) AS domain_id,
         GROUP_CONCAT(DISTINCT domain.uuid) AS domain_uuid,
         GROUP_CONCAT(DISTINCT domain.name) AS domain_name,
@@ -110,7 +110,7 @@ select
     `vpc_offerings`.`supports_region_level_vpc` AS `supports_region_level_vpc`,
     `vpc_offerings`.`redundant_router_service` AS `redundant_router_service`,
     `vpc_offerings`.`sort_key` AS `sort_key`,
-    `vpc_offerings`.`select_snat_address_allowed` as `select_snat_address_allowed`,
+    `vpc_offerings`.`specify_source_nat_address_allowed` as `specify_source_nat_address_allowed`,
     group_concat(distinct `domain`.`id` separator ',') AS `domain_id`,
     group_concat(distinct `domain`.`uuid` separator ',') AS `domain_uuid`,
     group_concat(distinct `domain`.`name` separator ',') AS `domain_name`,
diff --git a/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java
index 89529d4bb6e1..5fd85978f419 100644
--- a/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java
+++ b/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java
@@ -107,7 +107,7 @@ public NetworkOfferingResponse newNetworkOfferingResponse(NetworkOffering offeri
             }
             networkOfferingResponse.setInternetProtocol(protocol);
         }
-        networkOfferingResponse.setSelectSnatIpAllowed(offering.isSelectSnatIpAllowed());
+        networkOfferingResponse.setSpecifySourceNatAllowed(offering.isSpecifySourceNatAllowed());
         networkOfferingResponse.setObjectName("networkoffering");
 
         return networkOfferingResponse;
diff --git a/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
index 7af84d9d7150..e13ff592e093 100644
--- a/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
+++ b/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
@@ -66,7 +66,7 @@ public VpcOfferingResponse newVpcOfferingResponse(VpcOffering offering) {
         offeringResponse.setSupportsDistributedRouter(offering.isSupportsDistributedRouter());
         offeringResponse.setSupportsRegionLevelVpc(offering.isOffersRegionLevelVPC());
         offeringResponse.setCreated(offering.getCreated());
-        offeringResponse.setSelectSnatIpAllowed(offering.isSelectSnatIpAllowed());
+        offeringResponse.setSpecifySourceNatAllowed(offering.isSpecifySourceNatAllowed());
         if (offering instanceof VpcOfferingJoinVO) {
             VpcOfferingJoinVO offeringJoinVO = (VpcOfferingJoinVO) offering;
             offeringResponse.setDomainId(offeringJoinVO.getDomainUuid());
diff --git a/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java b/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
index 32963d4817ee..e18349c33a84 100644
--- a/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
+++ b/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
@@ -184,8 +184,8 @@ public class NetworkOfferingJoinVO extends BaseViewVO implements NetworkOffering
     @Column(name = "internet_protocol")
     private String internetProtocol = null;
 
-    @Column(name = "select_snat_address_allowed")
-    boolean selectSnatIpAllowed = false;
+    @Column(name = "specify_source_nat_address_allowed")
+    boolean specifySourceNatAllowed = false;
 
     public NetworkOfferingJoinVO() {
     }
@@ -350,8 +350,8 @@ public boolean isForTungsten() {
         return forTungsten;
     }
 
-    public boolean isSelectSnatIpAllowed() {
-        return selectSnatIpAllowed;
+    public boolean isSpecifySourceNatAllowed() {
+        return specifySourceNatAllowed;
     }
 
     public void setForVpc(boolean forVpc) { this.forVpc = forVpc; }
@@ -425,7 +425,7 @@ public boolean isSupportsVmAutoScaling() {
         return supportsVmAutoScaling;
     }
 
-    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
-        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
+        this.specifySourceNatAllowed = specifySourceNatAllowed;
     }
 }
diff --git a/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java b/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
index a91954c56b3b..6634c2c00555 100644
--- a/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
+++ b/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
@@ -101,8 +101,8 @@ public class VpcOfferingJoinVO implements VpcOffering {
     @Column(name = "internet_protocol")
     private String internetProtocol = null;
 
-    @Column(name = "select_snat_address_allowed")
-    boolean selectSnatIpAllowed = false;
+    @Column(name = "specify_source_nat_address_allowed")
+    boolean specifySourceNatAllowed = false;
 
     public VpcOfferingJoinVO() {
     }
@@ -207,12 +207,12 @@ public String getInternetProtocol() {
         return internetProtocol;
     }
 
-    public boolean isSelectSnatIpAllowed() {
-        return selectSnatIpAllowed;
+    public boolean isSpecifySourceNatAllowed() {
+        return specifySourceNatAllowed;
     }
 
-    public void setSelectSnatIpAllowed(boolean selectSnatIpAllowed) {
-        this.selectSnatIpAllowed = selectSnatIpAllowed;
+    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
+        this.specifySourceNatAllowed = specifySourceNatAllowed;
     }
 
     @Override
diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 56b5508f6951..be6800065e63 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -6212,7 +6212,7 @@ void validateSourceNatServiceCapablities(final Map<Capability, String> sourceNat
         if (MapUtils.isNotEmpty(sourceNatServiceCapabilityMap) && sourceNatServiceCapabilityMap.size() > 3 || ! sourceNatCapabilitiesContainValidValues(sourceNatServiceCapabilityMap)) {
             throw new InvalidParameterValueException("Only " + Capability.SupportedSourceNatTypes.getName()
                     + ", " + Capability.RedundantRouter
-                    + " and " + Capability.SelectSnatIpAllowed
+                    + " and " + Capability.SpecifySourceNatIp
                     + " capabilities can be sepcified for source nat service");
         }
     }
@@ -6227,7 +6227,7 @@ private boolean sourceNatCapabilitiesContainValidValues(Map<Capability, String>
                     throw new InvalidParameterValueException("Either peraccount or perzone source NAT type can be specified for "
                             + Capability.SupportedSourceNatTypes.getName());
                 }
-            } else if (Arrays.asList(Capability.RedundantRouter, Capability.SelectSnatIpAllowed).contains(capability)) {
+            } else if (Arrays.asList(Capability.RedundantRouter, Capability.SpecifySourceNatIp).contains(capability)) {
                 if (! Arrays.asList("true", "false").contains(value)) {
                     throw new InvalidParameterValueException("Unknown specified value for " + capability.getName());
                 }
@@ -6354,7 +6354,7 @@ public NetworkOfferingVO createNetworkOffering(final String name, final String d
         boolean elasticLb = false;
         boolean sharedSourceNat = false;
         boolean redundantRouter = false;
-        boolean selectSnatIpAllowed = false;
+        boolean specifySourceNatAllowed = false;
         boolean elasticIp = false;
         boolean associatePublicIp = false;
         boolean inline = false;
@@ -6425,10 +6425,10 @@ public NetworkOfferingVO createNetworkOffering(final String name, final String d
                     redundantRouter = param.contains("true");
                 }
 
-                param = sourceNatServiceCapabilityMap.get(Capability.SelectSnatIpAllowed);
+                param = sourceNatServiceCapabilityMap.get(Capability.SpecifySourceNatIp);
                 if (param != null) {
-                    _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.SelectSnatIpAllowed, param);
-                    selectSnatIpAllowed = param.contains("true");
+                    _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.SpecifySourceNatIp, param);
+                    specifySourceNatAllowed = param.contains("true");
                 }
             }
 
@@ -6469,7 +6469,7 @@ public NetworkOfferingVO createNetworkOffering(final String name, final String d
 
         final NetworkOfferingVO offeringFinal = new NetworkOfferingVO(name, displayText, trafficType, systemOnly, specifyVlan, networkRate, multicastRate, isDefault, availability,
                 tags, type, conserveMode, dedicatedLb, sharedSourceNat, redundantRouter, elasticIp, elasticLb, specifyIpRanges, inline, isPersistent, associatePublicIp, publicLb,
-                internalLb, forVpc, egressDefaultPolicy, strechedL2Subnet, publicAccess, selectSnatIpAllowed);
+                internalLb, forVpc, egressDefaultPolicy, strechedL2Subnet, publicAccess, specifySourceNatAllowed);
 
         if (serviceOfferingId != null) {
             offeringFinal.setServiceOfferingId(serviceOfferingId);
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index 25e471020f82..e6f4102850d5 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1298,7 +1298,7 @@ private void checkSharedNetworkCidrOverlap(Long zoneId, long physicalNetworkId,
         }
     }
 
-    private void validateSharedRouterIPv4(String routerIp, String startIp, String endIp, String gateway, String netmask) {
+    private void validateSharedNetworkRouterIPv4(String routerIp, String startIp, String endIp, String gateway, String netmask) {
         if (StringUtils.isNotBlank(routerIp)) {
             if (startIp != null && endIp == null) {
                 endIp = startIp;
@@ -1317,7 +1317,7 @@ private void validateSharedRouterIPv4(String routerIp, String startIp, String en
         }
     }
 
-    private void validateSharedRouterIPv6(String routerIPv6, String startIPv6, String endIPv6, String cidrIPv6) {
+    private void validateSharedNetworkRouterIPv6(String routerIPv6, String startIPv6, String endIPv6, String cidrIPv6) {
         if (StringUtils.isNotBlank(routerIPv6)) {
             if (startIPv6 != null && endIPv6 == null) {
                 endIPv6 = startIPv6;
@@ -1336,13 +1336,13 @@ private void validateSharedRouterIPv6(String routerIPv6, String startIPv6, Strin
         }
     }
 
-    private void validateIsolatedRouterIPv4(String routerIPv4) {
+    private void validateIsolatedNetworkRouterIPv4(String routerIPv4) {
         if (StringUtils.isNotBlank(routerIPv4)) {
             isIPv4AddressValid(routerIPv4);
         }
     }
 
-    private void validateIsolatedRouterIPv6(String routerIPv6) {
+    private void validateIsolatedNetworkRouterIPv6(String routerIPv6) {
         if (StringUtils.isNotBlank(routerIPv6)) {
             isIPv6AddressValid(routerIPv6);
         }
@@ -1629,12 +1629,12 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         }
 
         if (ntwkOff.getGuestType() == GuestType.Shared) {
-            validateSharedRouterIPv4(cmd.getRouterIPv4(), startIP, endIP, gateway, netmask);
-            validateSharedRouterIPv6(cmd.getRouterIPv6(), startIPv6, endIPv6, ip6Cidr);
+            validateSharedNetworkRouterIPv4(cmd.getRouterIPv4(), startIP, endIP, gateway, netmask);
+            validateSharedNetworkRouterIPv6(cmd.getRouterIPv6(), startIPv6, endIPv6, ip6Cidr);
 
         } else if (ntwkOff.getGuestType() == GuestType.Isolated) {
-            validateIsolatedRouterIPv4(cmd.getRouterIPv4());
-            validateIsolatedRouterIPv6(cmd.getRouterIPv6());
+            validateIsolatedNetworkRouterIPv4(cmd.getRouterIPv4());
+            validateIsolatedNetworkRouterIPv6(cmd.getRouterIPv6());
         }
         Pair<String, String> ip6GatewayCidr = null;
         if (zone.getNetworkType() == NetworkType.Advanced && ntwkOff.getGuestType() == GuestType.Isolated) {
diff --git a/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java b/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
index 0a2210a2e2f5..75598e46b967 100644
--- a/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
+++ b/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
@@ -574,7 +574,7 @@ private static Map<Service, Map<Capability, String>> setCapabilities() {
         final Map<Capability, String> sourceNatCapabilities = new HashMap<Capability, String>();
         sourceNatCapabilities.put(Capability.SupportedSourceNatTypes, "peraccount");
         sourceNatCapabilities.put(Capability.RedundantRouter, "true");
-        sourceNatCapabilities.put(Capability.SelectSnatIpAllowed, "true");
+        sourceNatCapabilities.put(Capability.SpecifySourceNatIp, "true");
         capabilities.put(Service.SourceNat, sourceNatCapabilities);
 
         capabilities.put(Service.StaticNat, null);
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index b6c3f436d18d..08fe9932fe02 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -534,9 +534,9 @@ public VpcOffering createVpcOffering(final String name, final String displayText
         final boolean supportsDistributedRouter = isVpcOfferingSupportsDistributedRouter(serviceCapabilityList);
         final boolean offersRegionLevelVPC = isVpcOfferingForRegionLevelVpc(serviceCapabilityList);
         final boolean redundantRouter = isVpcOfferingRedundantRouter(serviceCapabilityList);
-        final boolean selectSnatIpAllowed = isVpcSelectSnatIpAllowed(serviceCapabilityList);
+        final boolean specifySourceNatAllowed = isVpcSpecifySourceNatAllowed(serviceCapabilityList);
         final VpcOfferingVO offering = createVpcOffering(name, displayText, svcProviderMap, false, state, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC,
-                redundantRouter, selectSnatIpAllowed);
+                redundantRouter, specifySourceNatAllowed);
 
         if (offering != null) {
             List<VpcOfferingDetailsVO> detailsVO = new ArrayList<>();
@@ -564,13 +564,13 @@ public VpcOffering createVpcOffering(final String name, final String displayText
     @DB
     protected VpcOfferingVO createVpcOffering(final String name, final String displayText, final Map<Network.Service, Set<Network.Provider>> svcProviderMap,
                                               final boolean isDefault, final State state, final Long serviceOfferingId, final boolean supportsDistributedRouter, final boolean offersRegionLevelVPC,
-                                              final boolean redundantRouter, final boolean selectSnatIpAllowed) {
+                                              final boolean redundantRouter, final boolean specifySourceNatAllowed) {
 
         return Transaction.execute(new TransactionCallback<VpcOfferingVO>() {
             @Override
             public VpcOfferingVO doInTransaction(final TransactionStatus status) {
                 // create vpc offering object
-                VpcOfferingVO offering = new VpcOfferingVO(name, displayText, isDefault, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC, redundantRouter, selectSnatIpAllowed);
+                VpcOfferingVO offering = new VpcOfferingVO(name, displayText, isDefault, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC, redundantRouter, specifySourceNatAllowed);
 
                 if (state != null) {
                     offering.setState(state);
@@ -685,8 +685,8 @@ private boolean isVpcOfferingRedundantRouter(final Map serviceCapabilitystList)
         return findCapabilityForService(serviceCapabilitystList, Capability.RedundantRouter, Service.SourceNat);
     }
 
-    private boolean isVpcSelectSnatIpAllowed(final Map<String, String> serviceCapabilitystList) {
-        return findCapabilityForService(serviceCapabilitystList, Capability.SelectSnatIpAllowed, Service.SourceNat);
+    private boolean isVpcSpecifySourceNatAllowed(final Map<String, String> serviceCapabilitystList) {
+        return findCapabilityForService(serviceCapabilitystList, Capability.SpecifySourceNatIp, Service.SourceNat);
     }
 
     @Override
diff --git a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
index b05f0671b2df..dcab9bb326a9 100644
--- a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
+++ b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
@@ -572,13 +572,13 @@ public void validateInvalidSourceNatTypeForSourceNatServiceCapablitiesTest() {
     @Test
     public void validateInvalidBooleanValueForSourceNatServiceCapablitiesTest() {
         Map<Capability, String> sourceNatServiceCapabilityMap = new HashMap<>();
-        sourceNatServiceCapabilityMap.put(Capability.SelectSnatIpAllowed, "maybe");
+        sourceNatServiceCapabilityMap.put(Capability.SpecifySourceNatIp, "maybe");
 
         boolean caught = false;
         try {
             configurationMgr.validateSourceNatServiceCapablities(sourceNatServiceCapabilityMap);
         } catch (InvalidParameterValueException e) {
-            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Unknown specified value for SelectSnatIpAllowed"));
+            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Unknown specified value for SpecifySourceNatAllowed"));
             caught = true;
         }
         Assert.assertTrue("should not be accepted", caught);
@@ -593,7 +593,7 @@ public void validateInvalidCapabilityForSourceNatServiceCapablitiesTest() {
         try {
             configurationMgr.validateSourceNatServiceCapablities(sourceNatServiceCapabilityMap);
         } catch (InvalidParameterValueException e) {
-            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Only SupportedSourceNatTypes, Network.Capability[name=RedundantRouter] and Network.Capability[name=SelectSnatIpAllowed] capabilities can be sepcified for source nat service"));
+            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Only SupportedSourceNatTypes, Network.Capability[name=RedundantRouter] and Network.Capability[name=SpecifySourceNatAllowed] capabilities can be sepcified for source nat service"));
             caught = true;
         }
         Assert.assertTrue("should not be accepted", caught);
diff --git a/ui/src/views/offering/AddNetworkOffering.vue b/ui/src/views/offering/AddNetworkOffering.vue
index 709351257d57..1254241d1296 100644
--- a/ui/src/views/offering/AddNetworkOffering.vue
+++ b/ui/src/views/offering/AddNetworkOffering.vue
@@ -940,7 +940,7 @@ export default {
             }
             if (values.selectsnatipallowed === true) {
               params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'SelectSnatIpAllowed'
+              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'SpecifySourceNatAllowed'
               params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
               serviceCapabilityIndex++
             }
diff --git a/ui/src/views/offering/AddVpcOffering.vue b/ui/src/views/offering/AddVpcOffering.vue
index 3cd304a1fa2b..597b2a3246d0 100644
--- a/ui/src/views/offering/AddVpcOffering.vue
+++ b/ui/src/views/offering/AddVpcOffering.vue
@@ -117,7 +117,7 @@
             </a-select-option>
           </a-select>
         </a-form-item>
-        <a-form-item name="ipSelectionAllowed" ref="selectSnatIpAllowed" :label="$t('label.selectsnatipallowed')" v-if="sourceNatServiceChecked">
+        <a-form-item name="ipSelectionAllowed" ref="specifySourceNatAllowed" :label="$t('label.selectsnatipallowed')" v-if="sourceNatServiceChecked">
           <a-switch v-model:checked="form.selectsnatipallowed" />
         </a-form-item>
         <a-form-item name="ispublic" ref="ispublic" :label="$t('label.ispublic')" v-if="isAdmin()">
@@ -490,7 +490,7 @@ export default {
             }
             if (values.selectsnatipallowed === true) {
               params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'SelectSnatIpAllowed'
+              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'SpecifySourceNatAllowed'
               params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
               serviceCapabilityIndex++
             }

From 3cba1c7202319b2190d9d6df75a182fe11f0e448 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 1 Feb 2023 15:37:22 +0100
Subject: [PATCH 17/51] logic of condition improved

---
 .../java/com/cloud/configuration/ConfigurationManagerImpl.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index be6800065e63..04b043ce1e01 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -6209,7 +6209,7 @@ void validateLoadBalancerServiceCapabilities(final Map<Capability, String> lbSer
     }
 
     void validateSourceNatServiceCapablities(final Map<Capability, String> sourceNatServiceCapabilityMap) {
-        if (MapUtils.isNotEmpty(sourceNatServiceCapabilityMap) && sourceNatServiceCapabilityMap.size() > 3 || ! sourceNatCapabilitiesContainValidValues(sourceNatServiceCapabilityMap)) {
+        if (MapUtils.isNotEmpty(sourceNatServiceCapabilityMap) && (sourceNatServiceCapabilityMap.size() > 3 || ! sourceNatCapabilitiesContainValidValues(sourceNatServiceCapabilityMap))) {
             throw new InvalidParameterValueException("Only " + Capability.SupportedSourceNatTypes.getName()
                     + ", " + Capability.RedundantRouter
                     + " and " + Capability.SpecifySourceNatIp

From b3310e804497fffdde1a5ec90d8cd648fe2dfaee Mon Sep 17 00:00:00 2001
From: NuxRo <nux@li.nux.ro>
Date: Tue, 7 Feb 2023 15:01:54 +0000
Subject: [PATCH 18/51] Update
 engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql

Co-authored-by: Daniel Augusto Veronezi Salvador <38945620+GutoVeronezi@users.noreply.github.com>
---
 .../main/resources/META-INF/db/schema-41720to41800.sql    | 1 -
 .../main/resources/META-INF/db/schema-41810to41900.sql    | 8 ++------
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
index bce8c13133df..2728a2f3f098 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
@@ -1576,7 +1576,6 @@ CREATE VIEW `cloud`.`user_view` AS
 DELETE FROM `cloud`.`snapshot_store_ref`
 WHERE store_role = "Primary" AND store_id IN (SELECT id FROM storage_pool WHERE removed IS NOT NULL);
 
-
 -- Change usage of VM_DISK_IO_WRITE to use right usage_type
 UPDATE
   `cloud_usage`.`cloud_usage`
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
index eba69502aa69..a2d382b392d2 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
@@ -19,10 +19,6 @@
 -- Schema upgrade from 4.18.1.0 to 4.19.0.0
 --;
 
--- select initial ip for VPCs --
-ALTER TABLE cloud.network_offerings ADD specify_source_nat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to specify the primary public ip for this network on creation';
-ALTER TABLE cloud.vpc_offerings ADD specify_source_nat_address_allowed tinyint(1) DEFAULT 0 NOT NULL COMMENT 'true if it is allowed to specify the primary public ip for this vpc on creation';
-
 -- cloud.network_offering_view source
 
 DROP VIEW IF EXISTS `cloud`.`network_offering_view`;
@@ -93,8 +89,8 @@ CREATE VIEW `cloud`.`network_offering_view` AS
 
 -- cloud.vpc_offering_view source
 
-CREATE OR REPLACE
-ALGORITHM = UNDEFINED VIEW `vpc_offering_view` AS
+DROP VIEW IF EXISTS `cloud`.`vpc_offering_view`;
+CREATE VIEW `cloud`.`vpc_offering_view` AS
 select
     `vpc_offerings`.`id` AS `id`,
     `vpc_offerings`.`uuid` AS `uuid`,

From 6cf7468c8ae2d1b8f66b4cfa6cb15dc6ce7c8328 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Tue, 28 Feb 2023 09:22:17 +0100
Subject: [PATCH 19/51] remove the requirement to have IP selection enabled by
 setting

---
 .../main/java/com/cloud/network/Network.java  |   3 +-
 .../com/cloud/network/vpc/VpcOffering.java    |   2 -
 .../com/cloud/network/vpc/VpcService.java     |   6 +-
 .../com/cloud/offering/NetworkOffering.java   |   2 -
 .../apache/cloudstack/api/ApiConstants.java   |   1 -
 .../user/network/CreateNetworkCmd.java        |   4 +-
 .../user/network/UpdateNetworkCmd.java        |   4 +-
 .../api/response/NetworkOfferingResponse.java |   8 --
 .../api/response/VpcOfferingResponse.java     |   8 --
 .../com/cloud/network/vpc/VpcOfferingVO.java  |  14 +--
 .../cloud/offerings/NetworkOfferingVO.java    |  18 +--
 .../META-INF/db/schema-41720to41800.sql       |   1 -
 .../META-INF/db/schema-41810to41900.sql       | 114 ------------------
 .../cluster/KubernetesClusterManagerImpl.java |   2 +-
 .../query/dao/NetworkOfferingJoinDaoImpl.java |   1 -
 .../api/query/dao/VpcOfferingJoinDaoImpl.java |   1 -
 .../api/query/vo/NetworkOfferingJoinVO.java   |  11 --
 .../cloud/api/query/vo/VpcOfferingJoinVO.java |  11 --
 .../ConfigurationManagerImpl.java             |  18 +--
 .../network/element/VirtualRouterElement.java |   1 -
 .../com/cloud/network/vpc/VpcManagerImpl.java |  17 +--
 .../cloud/server/ConfigurationServerImpl.java |   2 +-
 .../ConfigurationManagerTest.java             |   6 +-
 .../network/CreatePrivateNetworkTest.java     |   2 +-
 ui/public/locales/en.json                     |   1 -
 ui/src/config/section/offering.js             |   4 +-
 .../network/CreateIsolatedNetworkForm.vue     |   1 +
 ui/src/views/network/CreateVpc.vue            |   1 +
 ui/src/views/offering/AddNetworkOffering.vue  |  15 ---
 ui/src/views/offering/AddVpcOffering.vue      |  23 +---
 30 files changed, 39 insertions(+), 263 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/Network.java b/api/src/main/java/com/cloud/network/Network.java
index 58be55d4ba92..458169c80aa3 100644
--- a/api/src/main/java/com/cloud/network/Network.java
+++ b/api/src/main/java/com/cloud/network/Network.java
@@ -109,7 +109,7 @@ class Service {
         public static final Service Lb = new Service("Lb", Capability.SupportedLBAlgorithms, Capability.SupportedLBIsolation, Capability.SupportedProtocols,
                 Capability.TrafficStatistics, Capability.LoadBalancingSupportedIps, Capability.SupportedStickinessMethods, Capability.ElasticLb, Capability.LbSchemes);
         public static final Service UserData = new Service("UserData");
-        public static final Service SourceNat = new Service("SourceNat", Capability.SupportedSourceNatTypes, Capability.RedundantRouter, Capability.SpecifySourceNatIp);
+        public static final Service SourceNat = new Service("SourceNat", Capability.SupportedSourceNatTypes, Capability.RedundantRouter);
         public static final Service StaticNat = new Service("StaticNat", Capability.ElasticIp);
         public static final Service PortForwarding = new Service("PortForwarding");
         public static final Service SecurityGroup = new Service("SecurityGroup");
@@ -270,7 +270,6 @@ public static class Capability {
         public static final Capability LoadBalancingSupportedIps = new Capability("LoadBalancingSupportedIps");
         public static final Capability AllowDnsSuffixModification = new Capability("AllowDnsSuffixModification");
         public static final Capability RedundantRouter = new Capability("RedundantRouter");
-        public static final Capability SpecifySourceNatIp = new Capability("SpecifySourceNatAllowed");
         public static final Capability ElasticIp = new Capability("ElasticIp");
         public static final Capability AssociatePublicIP = new Capability("AssociatePublicIP");
         public static final Capability ElasticLb = new Capability("ElasticLb");
diff --git a/api/src/main/java/com/cloud/network/vpc/VpcOffering.java b/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
index 9057ca6871fc..b4df8e38dbac 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcOffering.java
@@ -73,6 +73,4 @@ public enum State {
     Date getRemoved();
 
     Date getCreated();
-
-    boolean isSpecifySourceNatAllowed();
 }
diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index 86ed35387c3d..11cbb926188f 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -143,9 +143,9 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, Stri
     /**
      * Restarts the VPC. VPC gets shutdown and started as a part of it
      *
-     * @param id
-     * @param cleanUp
-     * @param makeredundant
+     * @param networkId the network to restart
+     * @param cleanup throw away the existing VR and rebuild a new one?
+     * @param makeRedundant create two VRs for this network
      * @return success or not
      * @throws InsufficientCapacityException when there is no suitable deployment plan possible
      */
diff --git a/api/src/main/java/com/cloud/offering/NetworkOffering.java b/api/src/main/java/com/cloud/offering/NetworkOffering.java
index 9c9050b192e3..207880ea28c0 100644
--- a/api/src/main/java/com/cloud/offering/NetworkOffering.java
+++ b/api/src/main/java/com/cloud/offering/NetworkOffering.java
@@ -151,6 +151,4 @@ public enum Detail {
     String getServicePackage();
 
     Date getCreated();
-
-    boolean isSpecifySourceNatAllowed();
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index ee79e3f03891..6e93d45abdb2 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -1017,7 +1017,6 @@ public class ApiConstants {
     public static final String LOGIN = "login";
     public static final String LOGOUT = "logout";
     public static final String LIST_IDPS = "listIdps";
-    public static final String IS_SELECTION_OF_SOURCE_NAT_ALLOWED = "selectsnatipallowed";
 
     public static final String PUBLIC_MTU = "publicmtu";
     public static final String PRIVATE_MTU = "privatemtu";
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index 9316dd92120d..30b3d62ffe03 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@ -164,11 +164,11 @@ public class CreateNetworkCmd extends BaseCmd implements UserCmd {
             description = "The network this network is associated to. only available if create a Shared network")
     private Long associatedNetworkId;
 
-    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the router", since = "4.18",
+    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the router", since = "4.16",
             validations = {ApiArgValidator.NotNullOrEmpty})
     private String routerIPv4;
 
-    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the public interface of the router", since = "4.18",
+    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the public interface of the router", since = "4.16",
             validations = {ApiArgValidator.NotNullOrEmpty})
     private String routerIPv6;
 
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
index 585829a5cf8a..9a83e85c4fdf 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
@@ -105,11 +105,11 @@ public class UpdateNetworkCmd extends BaseAsyncCustomIdCmd implements UserCmd {
     @Parameter(name = ApiConstants.IP6_DNS2, type = CommandType.STRING, description = "the second IPv6 DNS for the network. Empty string will update the second IPv6 DNS with the value from the zone", since = "4.18.0")
     private String ip6Dns2;
 
-    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the router of the network", since = "4.16",
+    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the router of the network", since = "4.19",
             validations = {ApiArgValidator.NotNullOrEmpty})
     private String routerIPv4;
 
-    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the router of the network", since = "4.16",
+    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the router of the network", since = "4.19",
             validations = {ApiArgValidator.NotNullOrEmpty})
     private String routerIPv6;
 
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
index 6d595d6363ac..b92725d883e4 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/NetworkOfferingResponse.java
@@ -147,10 +147,6 @@ public class NetworkOfferingResponse extends BaseResponseWithAnnotations {
     @Param(description = "the internet protocol of the network offering")
     private String internetProtocol;
 
-    @SerializedName(ApiConstants.IS_SELECTION_OF_SOURCE_NAT_ALLOWED)
-    @Param(description = "Are users allowed to select a primarey SNAT public address", since = "4.18")
-    boolean specifySourceNatAllowed;
-
     public void setId(String id) {
         this.id = id;
     }
@@ -286,8 +282,4 @@ public String getInternetProtocol() {
     public void setInternetProtocol(String internetProtocol) {
         this.internetProtocol = internetProtocol;
     }
-
-    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
-        this.specifySourceNatAllowed = specifySourceNatAllowed;
-    }
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
index e3a91ac1fa58..6881969646b2 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/VpcOfferingResponse.java
@@ -86,10 +86,6 @@ public class VpcOfferingResponse extends BaseResponse {
     @Param(description = "the internet protocol of the vpc offering")
     private String internetProtocol;
 
-    @SerializedName(ApiConstants.IS_SELECTION_OF_SOURCE_NAT_ALLOWED)
-    @Param(description = "Are users allowed to select a primarey SNAT public address", since = "4.18")
-    boolean specifySourceNatAllowed;
-
     public void setId(String id) {
         this.id = id;
     }
@@ -165,8 +161,4 @@ public String getInternetProtocol() {
     public void setInternetProtocol(String internetProtocol) {
         this.internetProtocol = internetProtocol;
     }
-
-    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
-        this.specifySourceNatAllowed = specifySourceNatAllowed;
-    }
 }
diff --git a/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java b/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
index 0c9390035535..aa26f16568a9 100644
--- a/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
+++ b/engine/schema/src/main/java/com/cloud/network/vpc/VpcOfferingVO.java
@@ -79,9 +79,6 @@ public class VpcOfferingVO implements VpcOffering {
     @Column(name = "sort_key")
     int sortKey;
 
-    @Column(name = "specify_source_nat_address_allowed")
-    boolean specifySourceNatAllowed = false;
-
     public VpcOfferingVO() {
         this.uuid = UUID.randomUUID().toString();
     }
@@ -97,13 +94,12 @@ public VpcOfferingVO(String name, String displayText, Long serviceOfferingId) {
 
     public VpcOfferingVO(final String name, final String displayText, final boolean isDefault, final Long serviceOfferingId,
                          final boolean supportsDistributedRouter, final boolean offersRegionLevelVPC,
-                         final boolean redundantRouter, final boolean specifySourceNatAllowed) {
+                         final boolean redundantRouter) {
         this(name, displayText, serviceOfferingId);
         this.isDefault = isDefault;
         this.supportsDistributedRouter = supportsDistributedRouter;
         this.offersRegionLevelVPC = offersRegionLevelVPC;
         this.redundantRouter = redundantRouter;
-        this.specifySourceNatAllowed = specifySourceNatAllowed;
     }
 
     public VpcOfferingVO(String name, String displayText, boolean isDefault, Long serviceOfferingId,
@@ -208,12 +204,4 @@ public int getSortKey() {
         return sortKey;
     }
 
-    public boolean isSpecifySourceNatAllowed() {
-        return specifySourceNatAllowed;
-    }
-
-    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
-        this.specifySourceNatAllowed = specifySourceNatAllowed;
-    }
-
 }
diff --git a/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java b/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
index 377fdb5d76be..ae5e6fb95ea9 100644
--- a/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
+++ b/engine/schema/src/main/java/com/cloud/offerings/NetworkOfferingVO.java
@@ -168,17 +168,6 @@ public String getDisplayText() {
     @Column(name="service_package_id")
     String servicePackageUuid = null;
 
-    @Column(name = "specify_source_nat_address_allowed")
-    boolean specifySourceNatAllowed = false;
-
-    public boolean isSpecifySourceNatAllowed() {
-        return specifySourceNatAllowed;
-    }
-
-    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
-        this.specifySourceNatAllowed = specifySourceNatAllowed;
-    }
-
     @Override
     public boolean isKeepAliveEnabled() {
         return keepAliveEnabled;
@@ -381,9 +370,9 @@ public NetworkOfferingVO(String name, String displayText, TrafficType trafficTyp
     }
 
     public NetworkOfferingVO(String name, String displayText, TrafficType trafficType, boolean systemOnly, boolean specifyVlan, Integer rateMbps,
-                             Integer multicastRateMbps, boolean isDefault, Availability availability, String tags, Network.GuestType guestType, boolean conserveMode, boolean dedicatedLb,
-                             boolean sharedSourceNat, boolean redundantRouter, boolean elasticIp, boolean elasticLb, boolean specifyIpRanges, boolean inline, boolean isPersistent,
-                             boolean associatePublicIP, boolean publicLb, boolean internalLb, boolean isForVpc, boolean egressdefaultpolicy, boolean supportsStrechedL2, boolean supportsPublicAccess, boolean specifySourceNatAllowed) {
+            Integer multicastRateMbps, boolean isDefault, Availability availability, String tags, Network.GuestType guestType, boolean conserveMode, boolean dedicatedLb,
+            boolean sharedSourceNat, boolean redundantRouter, boolean elasticIp, boolean elasticLb, boolean specifyIpRanges, boolean inline, boolean isPersistent,
+            boolean associatePublicIP, boolean publicLb, boolean internalLb, boolean isForVpc, boolean egressdefaultpolicy, boolean supportsStrechedL2, boolean supportsPublicAccess) {
         this(name,
             displayText,
             trafficType,
@@ -403,7 +392,6 @@ public NetworkOfferingVO(String name, String displayText, TrafficType trafficTyp
         this.dedicatedLB = dedicatedLb;
         this.sharedSourceNat = sharedSourceNat;
         this.redundantRouter = redundantRouter;
-        this.specifySourceNatAllowed = specifySourceNatAllowed;
         this.elasticIp = elasticIp;
         this.elasticLb = elasticLb;
         this.inline = inline;
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
index 2728a2f3f098..217248a7044e 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
@@ -1521,7 +1521,6 @@ INSERT INTO `cloud`.`role_permissions` (`uuid`, `role_id`, `rule`, `permission`)
 
 ALTER TABLE `cloud_usage`.`quota_usage` MODIFY COLUMN quota_used decimal(20,8) unsigned NOT NULL;
 
-
 ALTER TABLE `cloud`.`user` ADD COLUMN `is_user_2fa_enabled` tinyint NOT NULL DEFAULT 0;
 ALTER TABLE `cloud`.`user` ADD COLUMN `key_for_2fa` varchar(255) default NULL;
 ALTER TABLE `cloud`.`user` ADD COLUMN `user_2fa_provider` varchar(255) default NULL;
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
index a2d382b392d2..42359bd30a83 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41810to41900.sql
@@ -18,117 +18,3 @@
 --;
 -- Schema upgrade from 4.18.1.0 to 4.19.0.0
 --;
-
--- cloud.network_offering_view source
-
-DROP VIEW IF EXISTS `cloud`.`network_offering_view`;
-CREATE VIEW `cloud`.`network_offering_view` AS
-    SELECT
-        `network_offerings`.`id` AS `id`,
-        `network_offerings`.`uuid` AS `uuid`,
-        `network_offerings`.`name` AS `name`,
-        `network_offerings`.`unique_name` AS `unique_name`,
-        `network_offerings`.`display_text` AS `display_text`,
-        `network_offerings`.`nw_rate` AS `nw_rate`,
-        `network_offerings`.`mc_rate` AS `mc_rate`,
-        `network_offerings`.`traffic_type` AS `traffic_type`,
-        `network_offerings`.`tags` AS `tags`,
-        `network_offerings`.`system_only` AS `system_only`,
-        `network_offerings`.`specify_vlan` AS `specify_vlan`,
-        `network_offerings`.`service_offering_id` AS `service_offering_id`,
-        `network_offerings`.`conserve_mode` AS `conserve_mode`,
-        `network_offerings`.`created` AS `created`,
-        `network_offerings`.`removed` AS `removed`,
-        `network_offerings`.`default` AS `default`,
-        `network_offerings`.`availability` AS `availability`,
-        `network_offerings`.`dedicated_lb_service` AS `dedicated_lb_service`,
-        `network_offerings`.`shared_source_nat_service` AS `shared_source_nat_service`,
-        `network_offerings`.`sort_key` AS `sort_key`,
-        `network_offerings`.`redundant_router_service` AS `redundant_router_service`,
-        `network_offerings`.`state` AS `state`,
-        `network_offerings`.`guest_type` AS `guest_type`,
-        `network_offerings`.`elastic_ip_service` AS `elastic_ip_service`,
-        `network_offerings`.`eip_associate_public_ip` AS `eip_associate_public_ip`,
-        `network_offerings`.`elastic_lb_service` AS `elastic_lb_service`,
-        `network_offerings`.`specify_ip_ranges` AS `specify_ip_ranges`,
-        `network_offerings`.`inline` AS `inline`,
-        `network_offerings`.`is_persistent` AS `is_persistent`,
-        `network_offerings`.`internal_lb` AS `internal_lb`,
-        `network_offerings`.`public_lb` AS `public_lb`,
-        `network_offerings`.`egress_default_policy` AS `egress_default_policy`,
-        `network_offerings`.`concurrent_connections` AS `concurrent_connections`,
-        `network_offerings`.`keep_alive_enabled` AS `keep_alive_enabled`,
-        `network_offerings`.`supports_streched_l2` AS `supports_streched_l2`,
-        `network_offerings`.`supports_public_access` AS `supports_public_access`,
-        `network_offerings`.`supports_vm_autoscaling` AS `supports_vm_autoscaling`,
-        `network_offerings`.`for_vpc` AS `for_vpc`,
-        `network_offerings`.`service_package_id` AS `service_package_id`,
-        `network_offerings`.`specify_source_nat_address_allowed` as `specify_source_nat_address_allowed`,
-        GROUP_CONCAT(DISTINCT domain.id) AS domain_id,
-        GROUP_CONCAT(DISTINCT domain.uuid) AS domain_uuid,
-        GROUP_CONCAT(DISTINCT domain.name) AS domain_name,
-        GROUP_CONCAT(DISTINCT domain.path) AS domain_path,
-        GROUP_CONCAT(DISTINCT zone.id) AS zone_id,
-        GROUP_CONCAT(DISTINCT zone.uuid) AS zone_uuid,
-        GROUP_CONCAT(DISTINCT zone.name) AS zone_name,
-        `offering_details`.value AS internet_protocol
-    FROM
-        `cloud`.`network_offerings`
-            LEFT JOIN
-        `cloud`.`network_offering_details` AS `domain_details` ON `domain_details`.`network_offering_id` = `network_offerings`.`id` AND `domain_details`.`name` = 'domainid'
-            LEFT JOIN
-        `cloud`.`domain` AS `domain` ON FIND_IN_SET(`domain`.`id`, `domain_details`.`value`)
-            LEFT JOIN
-        `cloud`.`network_offering_details` AS `zone_details` ON `zone_details`.`network_offering_id` = `network_offerings`.`id` AND `zone_details`.`name` = 'zoneid'
-            LEFT JOIN
-        `cloud`.`data_center` AS `zone` ON FIND_IN_SET(`zone`.`id`, `zone_details`.`value`)
-            LEFT JOIN
-        `cloud`.`network_offering_details` AS `offering_details` ON `offering_details`.`network_offering_id` = `network_offerings`.`id` AND `offering_details`.`name` = 'internetProtocol'
-    GROUP BY
-        `network_offerings`.`id`;
-
--- cloud.vpc_offering_view source
-
-DROP VIEW IF EXISTS `cloud`.`vpc_offering_view`;
-CREATE VIEW `cloud`.`vpc_offering_view` AS
-select
-    `vpc_offerings`.`id` AS `id`,
-    `vpc_offerings`.`uuid` AS `uuid`,
-    `vpc_offerings`.`name` AS `name`,
-    `vpc_offerings`.`unique_name` AS `unique_name`,
-    `vpc_offerings`.`display_text` AS `display_text`,
-    `vpc_offerings`.`state` AS `state`,
-    `vpc_offerings`.`default` AS `default`,
-    `vpc_offerings`.`created` AS `created`,
-    `vpc_offerings`.`removed` AS `removed`,
-    `vpc_offerings`.`service_offering_id` AS `service_offering_id`,
-    `vpc_offerings`.`supports_distributed_router` AS `supports_distributed_router`,
-    `vpc_offerings`.`supports_region_level_vpc` AS `supports_region_level_vpc`,
-    `vpc_offerings`.`redundant_router_service` AS `redundant_router_service`,
-    `vpc_offerings`.`sort_key` AS `sort_key`,
-    `vpc_offerings`.`specify_source_nat_address_allowed` as `specify_source_nat_address_allowed`,
-    group_concat(distinct `domain`.`id` separator ',') AS `domain_id`,
-    group_concat(distinct `domain`.`uuid` separator ',') AS `domain_uuid`,
-    group_concat(distinct `domain`.`name` separator ',') AS `domain_name`,
-    group_concat(distinct `domain`.`path` separator ',') AS `domain_path`,
-    group_concat(distinct `zone`.`id` separator ',') AS `zone_id`,
-    group_concat(distinct `zone`.`uuid` separator ',') AS `zone_uuid`,
-    group_concat(distinct `zone`.`name` separator ',') AS `zone_name`,
-    `offering_details`.`value` AS `internet_protocol`
-from
-    (((((`vpc_offerings`
-left join `vpc_offering_details` `domain_details` on
-    (((`domain_details`.`offering_id` = `vpc_offerings`.`id`)
-        and (`domain_details`.`name` = 'domainid'))))
-left join `domain` on
-    ((0 <> find_in_set(`domain`.`id`, `domain_details`.`value`))))
-left join `vpc_offering_details` `zone_details` on
-    (((`zone_details`.`offering_id` = `vpc_offerings`.`id`)
-        and (`zone_details`.`name` = 'zoneid'))))
-left join `data_center` `zone` on
-    ((0 <> find_in_set(`zone`.`id`, `zone_details`.`value`))))
-left join `vpc_offering_details` `offering_details` on
-    (((`offering_details`.`offering_id` = `vpc_offerings`.`id`)
-        and (`offering_details`.`name` = 'internetprotocol'))))
-group by
-    `vpc_offerings`.`id`;
diff --git a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
index cae2f17ac0ee..150d203dd414 100644
--- a/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
+++ b/plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java
@@ -1569,7 +1569,7 @@ public boolean start() {
                         NetworkOffering.Availability.Required, null, Network.GuestType.Isolated, true,
                         true, false, false, false, false,
                         false, false, false, true, true, false,
-                        false, true, false, false, false);
+                        false, true, false, false);
         defaultKubernetesServiceNetworkOffering.setSupportsVmAutoScaling(true);
         defaultKubernetesServiceNetworkOffering.setState(NetworkOffering.State.Enabled);
         defaultKubernetesServiceNetworkOffering = networkOfferingDao.persistDefaultNetworkOffering(defaultKubernetesServiceNetworkOffering);
diff --git a/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java
index 5fd85978f419..474409a976c3 100644
--- a/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java
+++ b/server/src/main/java/com/cloud/api/query/dao/NetworkOfferingJoinDaoImpl.java
@@ -107,7 +107,6 @@ public NetworkOfferingResponse newNetworkOfferingResponse(NetworkOffering offeri
             }
             networkOfferingResponse.setInternetProtocol(protocol);
         }
-        networkOfferingResponse.setSpecifySourceNatAllowed(offering.isSpecifySourceNatAllowed());
         networkOfferingResponse.setObjectName("networkoffering");
 
         return networkOfferingResponse;
diff --git a/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java b/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
index e13ff592e093..af0940609ba8 100644
--- a/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
+++ b/server/src/main/java/com/cloud/api/query/dao/VpcOfferingJoinDaoImpl.java
@@ -66,7 +66,6 @@ public VpcOfferingResponse newVpcOfferingResponse(VpcOffering offering) {
         offeringResponse.setSupportsDistributedRouter(offering.isSupportsDistributedRouter());
         offeringResponse.setSupportsRegionLevelVpc(offering.isOffersRegionLevelVPC());
         offeringResponse.setCreated(offering.getCreated());
-        offeringResponse.setSpecifySourceNatAllowed(offering.isSpecifySourceNatAllowed());
         if (offering instanceof VpcOfferingJoinVO) {
             VpcOfferingJoinVO offeringJoinVO = (VpcOfferingJoinVO) offering;
             offeringResponse.setDomainId(offeringJoinVO.getDomainUuid());
diff --git a/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java b/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
index e18349c33a84..2f89b195868c 100644
--- a/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
+++ b/server/src/main/java/com/cloud/api/query/vo/NetworkOfferingJoinVO.java
@@ -184,9 +184,6 @@ public class NetworkOfferingJoinVO extends BaseViewVO implements NetworkOffering
     @Column(name = "internet_protocol")
     private String internetProtocol = null;
 
-    @Column(name = "specify_source_nat_address_allowed")
-    boolean specifySourceNatAllowed = false;
-
     public NetworkOfferingJoinVO() {
     }
 
@@ -350,10 +347,6 @@ public boolean isForTungsten() {
         return forTungsten;
     }
 
-    public boolean isSpecifySourceNatAllowed() {
-        return specifySourceNatAllowed;
-    }
-
     public void setForVpc(boolean forVpc) { this.forVpc = forVpc; }
 
     public String getServicePackage() {
@@ -424,8 +417,4 @@ public String getInternetProtocol() {
     public boolean isSupportsVmAutoScaling() {
         return supportsVmAutoScaling;
     }
-
-    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
-        this.specifySourceNatAllowed = specifySourceNatAllowed;
-    }
 }
diff --git a/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java b/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
index 6634c2c00555..7eaaa0220df6 100644
--- a/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
+++ b/server/src/main/java/com/cloud/api/query/vo/VpcOfferingJoinVO.java
@@ -101,9 +101,6 @@ public class VpcOfferingJoinVO implements VpcOffering {
     @Column(name = "internet_protocol")
     private String internetProtocol = null;
 
-    @Column(name = "specify_source_nat_address_allowed")
-    boolean specifySourceNatAllowed = false;
-
     public VpcOfferingJoinVO() {
     }
 
@@ -207,14 +204,6 @@ public String getInternetProtocol() {
         return internetProtocol;
     }
 
-    public boolean isSpecifySourceNatAllowed() {
-        return specifySourceNatAllowed;
-    }
-
-    public void setSpecifySourceNatAllowed(boolean specifySourceNatAllowed) {
-        this.specifySourceNatAllowed = specifySourceNatAllowed;
-    }
-
     @Override
     public String toString() {
         StringBuilder buf = new StringBuilder("[VPC Offering [");
diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 04b043ce1e01..56ee63ad3ca3 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -6209,10 +6209,9 @@ void validateLoadBalancerServiceCapabilities(final Map<Capability, String> lbSer
     }
 
     void validateSourceNatServiceCapablities(final Map<Capability, String> sourceNatServiceCapabilityMap) {
-        if (MapUtils.isNotEmpty(sourceNatServiceCapabilityMap) && (sourceNatServiceCapabilityMap.size() > 3 || ! sourceNatCapabilitiesContainValidValues(sourceNatServiceCapabilityMap))) {
+        if (MapUtils.isNotEmpty(sourceNatServiceCapabilityMap) && (sourceNatServiceCapabilityMap.size() > 2 || ! sourceNatCapabilitiesContainValidValues(sourceNatServiceCapabilityMap))) {
             throw new InvalidParameterValueException("Only " + Capability.SupportedSourceNatTypes.getName()
                     + ", " + Capability.RedundantRouter
-                    + " and " + Capability.SpecifySourceNatIp
                     + " capabilities can be sepcified for source nat service");
         }
     }
@@ -6221,14 +6220,14 @@ private boolean sourceNatCapabilitiesContainValidValues(Map<Capability, String>
         for (final Entry<Capability ,String> srcNatPair : sourceNatServiceCapabilityMap.entrySet()) {
             final Capability capability = srcNatPair.getKey();
             final String value = srcNatPair.getValue();
-            if (capability == Capability.SupportedSourceNatTypes) {
+            if (Capability.SupportedSourceNatTypes.equals(capability)) {
                 List<String> snatTypes = Arrays.asList(PERACCOUNT, PERZONE);
                 if (! snatTypes.contains(value) || ( value.contains(PERACCOUNT) && value.contains(PERZONE))) {
                     throw new InvalidParameterValueException("Either peraccount or perzone source NAT type can be specified for "
                             + Capability.SupportedSourceNatTypes.getName());
                 }
-            } else if (Arrays.asList(Capability.RedundantRouter, Capability.SpecifySourceNatIp).contains(capability)) {
-                if (! Arrays.asList("true", "false").contains(value)) {
+            } else if (Capability.RedundantRouter.equals(capability)) {
+                if (! Arrays.asList("true", "false").contains(value.toLowerCase())) {
                     throw new InvalidParameterValueException("Unknown specified value for " + capability.getName());
                 }
             } else {
@@ -6354,7 +6353,6 @@ public NetworkOfferingVO createNetworkOffering(final String name, final String d
         boolean elasticLb = false;
         boolean sharedSourceNat = false;
         boolean redundantRouter = false;
-        boolean specifySourceNatAllowed = false;
         boolean elasticIp = false;
         boolean associatePublicIp = false;
         boolean inline = false;
@@ -6424,12 +6422,6 @@ public NetworkOfferingVO createNetworkOffering(final String name, final String d
                     _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.RedundantRouter, param);
                     redundantRouter = param.contains("true");
                 }
-
-                param = sourceNatServiceCapabilityMap.get(Capability.SpecifySourceNatIp);
-                if (param != null) {
-                    _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.SpecifySourceNatIp, param);
-                    specifySourceNatAllowed = param.contains("true");
-                }
             }
 
             final Map<Capability, String> staticNatServiceCapabilityMap = serviceCapabilityMap.get(Service.StaticNat);
@@ -6469,7 +6461,7 @@ public NetworkOfferingVO createNetworkOffering(final String name, final String d
 
         final NetworkOfferingVO offeringFinal = new NetworkOfferingVO(name, displayText, trafficType, systemOnly, specifyVlan, networkRate, multicastRate, isDefault, availability,
                 tags, type, conserveMode, dedicatedLb, sharedSourceNat, redundantRouter, elasticIp, elasticLb, specifyIpRanges, inline, isPersistent, associatePublicIp, publicLb,
-                internalLb, forVpc, egressDefaultPolicy, strechedL2Subnet, publicAccess, specifySourceNatAllowed);
+                internalLb, forVpc, egressDefaultPolicy, strechedL2Subnet, publicAccess);
 
         if (serviceOfferingId != null) {
             offeringFinal.setServiceOfferingId(serviceOfferingId);
diff --git a/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java b/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
index 75598e46b967..839ab9ae0af2 100644
--- a/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
+++ b/server/src/main/java/com/cloud/network/element/VirtualRouterElement.java
@@ -574,7 +574,6 @@ private static Map<Service, Map<Capability, String>> setCapabilities() {
         final Map<Capability, String> sourceNatCapabilities = new HashMap<Capability, String>();
         sourceNatCapabilities.put(Capability.SupportedSourceNatTypes, "peraccount");
         sourceNatCapabilities.put(Capability.RedundantRouter, "true");
-        sourceNatCapabilities.put(Capability.SpecifySourceNatIp, "true");
         capabilities.put(Service.SourceNat, sourceNatCapabilities);
 
         capabilities.put(Service.StaticNat, null);
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index 08fe9932fe02..9222520602f5 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -322,7 +322,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                             svcProviderMap.put(svc, defaultProviders);
                         }
                     }
-                    createVpcOffering(VpcOffering.defaultVPCOfferingName, VpcOffering.defaultVPCOfferingName, svcProviderMap, true, State.Enabled, null, false, false, false, false);
+                    createVpcOffering(VpcOffering.defaultVPCOfferingName, VpcOffering.defaultVPCOfferingName, svcProviderMap, true, State.Enabled, null, false, false, false);
                 }
 
                 // configure default vpc offering with Netscaler as LB Provider
@@ -341,7 +341,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                             svcProviderMap.put(svc, defaultProviders);
                         }
                     }
-                    createVpcOffering(VpcOffering.defaultVPCNSOfferingName, VpcOffering.defaultVPCNSOfferingName, svcProviderMap, false, State.Enabled, null, false, false, false, false);
+                    createVpcOffering(VpcOffering.defaultVPCNSOfferingName, VpcOffering.defaultVPCNSOfferingName, svcProviderMap, false, State.Enabled, null, false, false, false);
 
                 }
 
@@ -361,7 +361,7 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
                             svcProviderMap.put(svc, defaultProviders);
                         }
                     }
-                    createVpcOffering(VpcOffering.redundantVPCOfferingName, VpcOffering.redundantVPCOfferingName, svcProviderMap, true, State.Enabled, null, false, false, true, false);
+                    createVpcOffering(VpcOffering.redundantVPCOfferingName, VpcOffering.redundantVPCOfferingName, svcProviderMap, true, State.Enabled, null, false, false, true);
                 }
             }
         });
@@ -534,9 +534,8 @@ public VpcOffering createVpcOffering(final String name, final String displayText
         final boolean supportsDistributedRouter = isVpcOfferingSupportsDistributedRouter(serviceCapabilityList);
         final boolean offersRegionLevelVPC = isVpcOfferingForRegionLevelVpc(serviceCapabilityList);
         final boolean redundantRouter = isVpcOfferingRedundantRouter(serviceCapabilityList);
-        final boolean specifySourceNatAllowed = isVpcSpecifySourceNatAllowed(serviceCapabilityList);
         final VpcOfferingVO offering = createVpcOffering(name, displayText, svcProviderMap, false, state, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC,
-                redundantRouter, specifySourceNatAllowed);
+                redundantRouter);
 
         if (offering != null) {
             List<VpcOfferingDetailsVO> detailsVO = new ArrayList<>();
@@ -564,13 +563,13 @@ public VpcOffering createVpcOffering(final String name, final String displayText
     @DB
     protected VpcOfferingVO createVpcOffering(final String name, final String displayText, final Map<Network.Service, Set<Network.Provider>> svcProviderMap,
                                               final boolean isDefault, final State state, final Long serviceOfferingId, final boolean supportsDistributedRouter, final boolean offersRegionLevelVPC,
-                                              final boolean redundantRouter, final boolean specifySourceNatAllowed) {
+                                              final boolean redundantRouter) {
 
         return Transaction.execute(new TransactionCallback<VpcOfferingVO>() {
             @Override
             public VpcOfferingVO doInTransaction(final TransactionStatus status) {
                 // create vpc offering object
-                VpcOfferingVO offering = new VpcOfferingVO(name, displayText, isDefault, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC, redundantRouter, specifySourceNatAllowed);
+                VpcOfferingVO offering = new VpcOfferingVO(name, displayText, isDefault, serviceOfferingId, supportsDistributedRouter, offersRegionLevelVPC, redundantRouter);
 
                 if (state != null) {
                     offering.setState(state);
@@ -685,10 +684,6 @@ private boolean isVpcOfferingRedundantRouter(final Map serviceCapabilitystList)
         return findCapabilityForService(serviceCapabilitystList, Capability.RedundantRouter, Service.SourceNat);
     }
 
-    private boolean isVpcSpecifySourceNatAllowed(final Map<String, String> serviceCapabilitystList) {
-        return findCapabilityForService(serviceCapabilitystList, Capability.SpecifySourceNatIp, Service.SourceNat);
-    }
-
     @Override
     public Vpc getActiveVpc(final long vpcId) {
         return vpcDao.getActiveVpcById(vpcId);
diff --git a/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java b/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
index 4379165fc1d7..3f9447812a76 100644
--- a/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
+++ b/server/src/main/java/com/cloud/server/ConfigurationServerImpl.java
@@ -1106,7 +1106,7 @@ public void doInTransactionWithoutResult(TransactionStatus status) {
                 NetworkOfferingVO defaultNetscalerNetworkOffering =
                         new NetworkOfferingVO(NetworkOffering.DefaultSharedEIPandELBNetworkOffering,
                                 "Offering for Shared networks with Elastic IP and Elastic LB capabilities", TrafficType.Guest, false, true, null, null, true,
-                                Availability.Optional, null, Network.GuestType.Shared, true, false, false, false, true, true, true, false, false, true, true, false, false, false, false, false, false);
+                                Availability.Optional, null, Network.GuestType.Shared, true, false, false, false, true, true, true, false, false, true, true, false, false, false, false, false);
 
                 defaultNetscalerNetworkOffering.setState(NetworkOffering.State.Enabled);
                 defaultNetscalerNetworkOffering.setSupportsVmAutoScaling(true);
diff --git a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
index dcab9bb326a9..513c6ce9bb2b 100644
--- a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
+++ b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
@@ -572,13 +572,13 @@ public void validateInvalidSourceNatTypeForSourceNatServiceCapablitiesTest() {
     @Test
     public void validateInvalidBooleanValueForSourceNatServiceCapablitiesTest() {
         Map<Capability, String> sourceNatServiceCapabilityMap = new HashMap<>();
-        sourceNatServiceCapabilityMap.put(Capability.SpecifySourceNatIp, "maybe");
+        sourceNatServiceCapabilityMap.put(Capability.RedundantRouter, "maybe");
 
         boolean caught = false;
         try {
             configurationMgr.validateSourceNatServiceCapablities(sourceNatServiceCapabilityMap);
         } catch (InvalidParameterValueException e) {
-            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Unknown specified value for SpecifySourceNatAllowed"));
+            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Unknown specified value for RedundantRouter"));
             caught = true;
         }
         Assert.assertTrue("should not be accepted", caught);
@@ -593,7 +593,7 @@ public void validateInvalidCapabilityForSourceNatServiceCapablitiesTest() {
         try {
             configurationMgr.validateSourceNatServiceCapablities(sourceNatServiceCapabilityMap);
         } catch (InvalidParameterValueException e) {
-            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Only SupportedSourceNatTypes, Network.Capability[name=RedundantRouter] and Network.Capability[name=SpecifySourceNatAllowed] capabilities can be sepcified for source nat service"));
+            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Only SupportedSourceNatTypes, Network.Capability[name=RedundantRouter] capabilities can be sepcified for source nat service"));
             caught = true;
         }
         Assert.assertTrue("should not be accepted", caught);
diff --git a/server/src/test/java/com/cloud/network/CreatePrivateNetworkTest.java b/server/src/test/java/com/cloud/network/CreatePrivateNetworkTest.java
index 365b241993ad..0541da6449fc 100644
--- a/server/src/test/java/com/cloud/network/CreatePrivateNetworkTest.java
+++ b/server/src/test/java/com/cloud/network/CreatePrivateNetworkTest.java
@@ -110,7 +110,7 @@ public void setup() throws Exception {
 
         NetworkOfferingVO ntwkOff =
             new NetworkOfferingVO("offer", "fakeOffer", TrafficType.Guest, true, true, null, null, false, null, null, GuestType.Isolated, false, false, false, false,
-                false, false, false, false, false, false, false, false, false, false, false, false, false);
+                false, false, false, false, false, false, false, false, false, false, false, false);
 
         when(networkService._networkOfferingDao.findById(anyLong())).thenReturn(ntwkOff);
         List<NetworkOfferingVO> netofferlist = new ArrayList<NetworkOfferingVO>();
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index d76e3cd324c9..cdc013f82dcc 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -1707,7 +1707,6 @@
 "label.see.more.info.network.usage": "See more info about network usage",
 "label.see.more.info.disk.usage": "See more info about disk usage",
 "label.see.more.info.shown.charts": "See more info about the shown charts",
-"label.selectsnatipallowed": "Is selection of the public IP allowed on source NAT interfaces",
 "label.select-view": "Select view",
 "label.select.a.zone": "Select a zone",
 "label.select.deployment.infrastructure": "Select deployment infrastructure",
diff --git a/ui/src/config/section/offering.js b/ui/src/config/section/offering.js
index cdff01536058..d78ba2ec59fd 100644
--- a/ui/src/config/section/offering.js
+++ b/ui/src/config/section/offering.js
@@ -248,7 +248,7 @@ export default {
       docHelp: 'adminguide/networking.html#network-offerings',
       permission: ['listNetworkOfferings', 'listInfrastructure'],
       columns: ['name', 'state', 'guestiptype', 'traffictype', 'networkrate', 'domain', 'zone', 'order'],
-      details: ['name', 'id', 'displaytext', 'guestiptype', 'traffictype', 'internetprotocol', 'networkrate', 'ispersistent', 'egressdefaultpolicy', 'availability', 'conservemode', 'specifyvlan', 'specifyipranges', 'supportspublicaccess', 'supportsstrechedl2subnet', 'service', 'tags', 'domain', 'zone', 'selectsnatipallowed'],
+      details: ['name', 'id', 'displaytext', 'guestiptype', 'traffictype', 'internetprotocol', 'networkrate', 'ispersistent', 'egressdefaultpolicy', 'availability', 'conservemode', 'specifyvlan', 'specifyipranges', 'supportspublicaccess', 'supportsstrechedl2subnet', 'service', 'tags', 'domain', 'zone'],
       resourceType: 'NetworkOffering',
       tabs: [
         {
@@ -340,7 +340,7 @@ export default {
       permission: ['listVPCOfferings', 'listInfrastructure'],
       resourceType: 'VpcOffering',
       columns: ['name', 'state', 'displaytext', 'domain', 'zone', 'order'],
-      details: ['name', 'id', 'displaytext', 'internetprotocol', 'distributedvpcrouter', 'tags', 'service', 'domain', 'zone', 'created', 'selectsnatipallowed'],
+      details: ['name', 'id', 'displaytext', 'internetprotocol', 'distributedvpcrouter', 'tags', 'service', 'domain', 'zone', 'created'],
       related: [{
         name: 'vpc',
         title: 'label.vpc',
diff --git a/ui/src/views/network/CreateIsolatedNetworkForm.vue b/ui/src/views/network/CreateIsolatedNetworkForm.vue
index b1b67bccaf0e..611baf120382 100644
--- a/ui/src/views/network/CreateIsolatedNetworkForm.vue
+++ b/ui/src/views/network/CreateIsolatedNetworkForm.vue
@@ -291,6 +291,7 @@
               </a-col>
             </a-row>
           </div>
+          <!-- TODO; change to isSourceNatEnabled -->
           <a-form-item v-if="selectedNetworkOffering && selectedNetworkOffering.selectsnatipallowed" name="routerip" ref="routerip">
             <template #label>
               <tooltip-label :title="$t('label.routerip')" :tooltip="apiParams.routerip.description"/>
diff --git a/ui/src/views/network/CreateVpc.vue b/ui/src/views/network/CreateVpc.vue
index db82970bcf29..f86ce9200699 100644
--- a/ui/src/views/network/CreateVpc.vue
+++ b/ui/src/views/network/CreateVpc.vue
@@ -155,6 +155,7 @@
             </a-form-item>
           </a-col>
         </a-row>
+        <!-- TODO; change to if isSourceNatEnabled -->
         <a-form-item v-if="selectedVpcOffering && selectedVpcOffering.selectsnatipallowed" name="routerip" ref="routerip">
           <template #label>
             <tooltip-label :title="$t('label.routerip')" :tooltip="apiParams.routerip.description"/>
diff --git a/ui/src/views/offering/AddNetworkOffering.vue b/ui/src/views/offering/AddNetworkOffering.vue
index 1254241d1296..17359e4e0c0f 100644
--- a/ui/src/views/offering/AddNetworkOffering.vue
+++ b/ui/src/views/offering/AddNetworkOffering.vue
@@ -268,13 +268,6 @@
           v-if="(guestType === 'shared' || guestType === 'isolated') && sourceNatServiceChecked && !isVpcVirtualRouterForAtLeastOneService">
           <a-switch v-model:checked="form.redundantroutercapability" />
         </a-form-item>
-        <a-form-item
-          name=""
-          ref="selectsnatipallowed"
-          :label="$t('label.selectsnatipallowed')"
-          v-if="(guestType === 'shared' || guestType === 'isolated') && sourceNatServiceChecked && !isVpcVirtualRouterForAtLeastOneService">
-          <a-switch v-model:checked="form.selectsnatipallowed" />
-        </a-form-item>
         <a-form-item name="sourcenattype" ref="sourcenattype" :label="$t('label.sourcenattype')" v-if="(guestType === 'shared' || guestType === 'isolated') && sourceNatServiceChecked">
           <a-radio-group
             v-model:value="form.sourcenattype"
@@ -938,19 +931,11 @@ export default {
               params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
               serviceCapabilityIndex++
             }
-            if (values.selectsnatipallowed === true) {
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'SpecifySourceNatAllowed'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-              serviceCapabilityIndex++
-            }
-
             params['servicecapabilitylist[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
             params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilitytype'] = 'SupportedSourceNatTypes'
             params['servicecapabilitylist[' + serviceCapabilityIndex + '].capabilityvalue'] = values.sourcenattype
             serviceCapabilityIndex++
             delete params.redundantroutercapability
-            delete params.selectsnatipallowed
             delete params.sourcenattype
           }
           if (supportedServices.includes('SourceNat')) {
diff --git a/ui/src/views/offering/AddVpcOffering.vue b/ui/src/views/offering/AddVpcOffering.vue
index 597b2a3246d0..738a03a9b2ea 100644
--- a/ui/src/views/offering/AddVpcOffering.vue
+++ b/ui/src/views/offering/AddVpcOffering.vue
@@ -117,9 +117,6 @@
             </a-select-option>
           </a-select>
         </a-form-item>
-        <a-form-item name="ipSelectionAllowed" ref="specifySourceNatAllowed" :label="$t('label.selectsnatipallowed')" v-if="sourceNatServiceChecked">
-          <a-switch v-model:checked="form.selectsnatipallowed" />
-        </a-form-item>
         <a-form-item name="ispublic" ref="ispublic" :label="$t('label.ispublic')" v-if="isAdmin()">
           <a-switch v-model:checked="form.ispublic" />
         </a-form-item>
@@ -478,23 +475,15 @@ export default {
               serviceCapabilityIndex++
             }
           }
+          if (supportedServices.includes('SourceNat') && values.redundantrouter === true) {
+            params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
+            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'RedundantRouter'
+            params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
+            serviceCapabilityIndex++
+          }
           if (values.serviceofferingid && this.isVpcVirtualRouterForAtLeastOneService) {
             params.serviceofferingid = values.serviceofferingid
           }
-          if (supportedServices.includes('SourceNat')) {
-            if (values.redundantrouter === true) {
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'RedundantRouter'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-              serviceCapabilityIndex++
-            }
-            if (values.selectsnatipallowed === true) {
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].service'] = 'SourceNat'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilitytype'] = 'SpecifySourceNatAllowed'
-              params['serviceCapabilityList[' + serviceCapabilityIndex + '].capabilityvalue'] = true
-              serviceCapabilityIndex++
-            }
-          }
         } else {
           params.supportedservices = ''
         }

From 0924d3598dd3ef223c71f8304fb1cb6bba5ce429 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Tue, 28 Feb 2023 12:43:02 +0100
Subject: [PATCH 20/51] address sonar warning: catch Throwable

---
 server/src/main/java/com/cloud/network/NetworkServiceImpl.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index e6f4102850d5..0e6bd7638aff 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -3118,7 +3118,7 @@ public Network updateGuestNetwork(final UpdateNetworkCmd cmd) {
             if (servicesNotInNewOffering != null && !servicesNotInNewOffering.isEmpty()) {
                 _networkMgr.cleanupConfigForServicesInNetwork(servicesNotInNewOffering, network);
             }
-        } catch (Throwable e) {
+        } catch (Exception e) { // old pokemon catch that used to catch throwable
             s_logger.debug("failed to cleanup config related to unused services error:" + e.getMessage());
         }
 

From e683a1ededbffa5acf923d3f7f3c05541ee9e622 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 1 Mar 2023 12:22:37 +0100
Subject: [PATCH 21/51] more revert and refactors, intermediate phase

---
 .../com/cloud/network/vpc/VpcService.java     |  28 +-
 .../apache/cloudstack/api/ApiConstants.java   |   3 +
 .../network/CreateNetworkCmdByAdmin.java      |  16 +
 .../user/network/CreateNetworkCmd.java        |  25 +-
 .../user/network/UpdateNetworkCmd.java        |  11 +-
 .../api/command/user/vpc/CreateVPCCmd.java    |  11 +-
 .../com/cloud/network/NetworkServiceImpl.java | 312 ++++++++++--------
 .../cloud/network/NetworkServiceImplTest.java |   2 +
 .../network/CreateIsolatedNetworkForm.vue     |  27 +-
 ui/src/views/network/CreateVpc.vue            |  25 +-
 10 files changed, 259 insertions(+), 201 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index 11cbb926188f..dd5f82755532 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -51,7 +51,7 @@ public interface VpcService {
      * @return
      * @throws ResourceAllocationException TODO
      */
-    public Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName, String displayText, String cidr, String networkDomain,
+    Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName, String displayText, String cidr, String networkDomain,
                          String dns1, String dns2, String ip6Dns1, String ip6Dns2, Boolean displayVpc, Integer publicMtu)
             throws ResourceAllocationException;
 
@@ -62,7 +62,7 @@ public Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName
      * @return a data object describing the new vpc
      * @throws ResourceAllocationException the resources for this VPC cannot be allocated
      */
-    public Vpc createVpc(CreateVPCCmd cmd) throws ResourceAllocationException;
+    Vpc createVpc(CreateVPCCmd cmd) throws ResourceAllocationException;
 
     /**
      * Deletes a VPC
@@ -73,7 +73,7 @@ public Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName
      * @throws ResourceUnavailableException
      * @throws ConcurrentOperationException
      */
-    public boolean deleteVpc(long vpcId) throws ConcurrentOperationException, ResourceUnavailableException;
+    boolean deleteVpc(long vpcId) throws ConcurrentOperationException, ResourceUnavailableException;
 
     /**
      * Updates VPC with new name/displayText
@@ -86,7 +86,7 @@ public Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName
      * @param mtu
      * @return
      */
-    public Vpc updateVpc(long vpcId, String vpcName, String displayText, String customId, Boolean displayVpc, Integer mtu);
+    Vpc updateVpc(long vpcId, String vpcName, String displayText, String customId, Boolean displayVpc, Integer mtu);
 
     /**
      * Lists VPC(s) based on the parameters passed to the method call
@@ -112,7 +112,7 @@ public Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName
      * @param vpc
      * @return
      */
-    public Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, String displayText, List<String> supportedServicesStr, String cidr, Long vpcOffId, String state,
+    Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, String displayText, List<String> supportedServicesStr, String cidr, Long vpcOffId, String state,
             String accountName, Long domainId, String keyword, Long startIndex, Long pageSizeVal, Long zoneId, Boolean isRecursive, Boolean listAll, Boolean restartRequired,
             Map<String, String> tags, Long projectId, Boolean display);
 
@@ -167,7 +167,7 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, Stri
      * @throws ConcurrentOperationException
      * @throws ResourceAllocationException
      */
-    public PrivateGateway createVpcPrivateGateway(CreatePrivateGatewayCmd command) throws ResourceAllocationException, ConcurrentOperationException, InsufficientCapacityException;
+    PrivateGateway createVpcPrivateGateway(CreatePrivateGatewayCmd command) throws ResourceAllocationException, ConcurrentOperationException, InsufficientCapacityException;
 
     /**
      * Applies VPC private gateway on the backend, so it becomes functional
@@ -178,7 +178,7 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, Stri
      * @throws ResourceUnavailableException
      * @throws ConcurrentOperationException
      */
-    public PrivateGateway applyVpcPrivateGateway(long gatewayId, boolean destroyOnFailure) throws ConcurrentOperationException, ResourceUnavailableException;
+    PrivateGateway applyVpcPrivateGateway(long gatewayId, boolean destroyOnFailure) throws ConcurrentOperationException, ResourceUnavailableException;
 
     /**
      * Deletes VPC private gateway
@@ -196,7 +196,7 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, Stri
      * @param listPrivateGatewaysCmd
      * @return
      */
-    public Pair<List<PrivateGateway>, Integer> listPrivateGateway(ListPrivateGatewaysCmd listPrivateGatewaysCmd);
+    Pair<List<PrivateGateway>, Integer> listPrivateGateway(ListPrivateGatewaysCmd listPrivateGatewaysCmd);
 
     /**
      * Returns Static Route found by Id
@@ -213,7 +213,7 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, Stri
      * @return
      * @throws ResourceUnavailableException
      */
-    public boolean applyStaticRoutesForVpc(long vpcId) throws ResourceUnavailableException;
+    boolean applyStaticRoutesForVpc(long vpcId) throws ResourceUnavailableException;
 
     /**
      * Deletes static route from the backend and the database
@@ -222,7 +222,7 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, Stri
      * @return TODO
      * @throws ResourceUnavailableException
      */
-    public boolean revokeStaticRoute(long routeId) throws ResourceUnavailableException;
+    boolean revokeStaticRoute(long routeId) throws ResourceUnavailableException;
 
     /**
      * Persists static route entry in the Database
@@ -231,15 +231,15 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, Stri
      * @param cidr
      * @return
      */
-    public StaticRoute createStaticRoute(long gatewayId, String cidr) throws NetworkRuleConflictException;
+    StaticRoute createStaticRoute(long gatewayId, String cidr) throws NetworkRuleConflictException;
 
     /**
      * Lists static routes based on parameters passed to the call
      *
-     * @param listStaticRoutesCmd
+     * @param cmd Command object with parameters for { @see ListStaticRoutesCmd }
      * @return
      */
-    public Pair<List<? extends StaticRoute>, Integer> listStaticRoutes(ListStaticRoutesCmd cmd);
+    Pair<List<? extends StaticRoute>, Integer> listStaticRoutes(ListStaticRoutesCmd cmd);
 
     /**
      * Associates IP address from the Public network, to the VPC
@@ -259,5 +259,5 @@ IpAddress associateIPToVpc(long ipId, long vpcId) throws ResourceAllocationExcep
      * @param routeId
      * @return
      */
-    public boolean applyStaticRoute(long routeId) throws ResourceUnavailableException;
+    boolean applyStaticRoute(long routeId) throws ResourceUnavailableException;
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index 6e93d45abdb2..964dd2538293 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -1024,6 +1024,9 @@ public class ApiConstants {
     public static final String AUTO_ENABLE_KVM_HOST = "autoenablekvmhost";
     public static final String LIST_APIS = "listApis";
 
+    public static final String SOURCE_NAT_IP = "sourcenatipaddress";
+    public static final String SOURCE_NAT_IP_ID = "sourcenatipaddressid";
+
     /**
      * This enum specifies IO Drivers, each option controls specific policies on I/O.
      * Qemu guests support "threads" and "native" options Since 0.8.8 ; "io_uring" is supported Since 6.3.0 (QEMU 5.0).
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkCmdByAdmin.java b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkCmdByAdmin.java
index 4d065e5c2091..53b02718ea35 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkCmdByAdmin.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/admin/network/CreateNetworkCmdByAdmin.java
@@ -16,6 +16,7 @@
 // under the License.
 package org.apache.cloudstack.api.command.admin.network;
 
+import org.apache.cloudstack.api.ApiArgValidator;
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.api.APICommand;
@@ -42,6 +43,14 @@ public class CreateNetworkCmdByAdmin extends CreateNetworkCmd implements AdminCm
     @Parameter(name=ApiConstants.HIDE_IP_ADDRESS_USAGE, type=CommandType.BOOLEAN, description="when true ip address usage for the network will not be exported by the listUsageRecords API")
     private Boolean hideIpAddressUsage;
 
+    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to a router in a shared network", since = "4.16",
+            validations = {ApiArgValidator.NotNullOrEmpty})
+    private String routerIp;
+
+    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to a router in a shared network", since = "4.16",
+            validations = {ApiArgValidator.NotNullOrEmpty})
+    private String routerIpv6;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -64,4 +73,11 @@ public Boolean getHideIpAddressUsage() {
         return false;
     }
 
+    public String getRouterIp() {
+        return routerIp;
+    }
+
+    public String getRouterIpv6() {
+        return routerIpv6;
+    }
 }
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index 30b3d62ffe03..5b7f5336a34c 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@ -16,9 +16,9 @@
 // under the License.
 package org.apache.cloudstack.api.command.user.network;
 
+import com.cloud.network.NetworkService;
 import org.apache.log4j.Logger;
 
-import org.apache.cloudstack.api.ApiArgValidator;
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
@@ -43,7 +43,6 @@
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.ResourceAllocationException;
 import com.cloud.network.Network;
-import com.cloud.network.NetworkService;
 import com.cloud.network.Network.GuestType;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.utils.net.NetUtils;
@@ -164,14 +163,6 @@ public class CreateNetworkCmd extends BaseCmd implements UserCmd {
             description = "The network this network is associated to. only available if create a Shared network")
     private Long associatedNetworkId;
 
-    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the router", since = "4.16",
-            validations = {ApiArgValidator.NotNullOrEmpty})
-    private String routerIPv4;
-
-    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the public interface of the router", since = "4.16",
-            validations = {ApiArgValidator.NotNullOrEmpty})
-    private String routerIPv6;
-
     @Parameter(name = ApiConstants.PUBLIC_MTU, type = CommandType.INTEGER,
             description = "MTU to be configured on the network VR's public facing interfaces", since = "4.18.0")
     private Integer publicMtu;
@@ -192,6 +183,12 @@ public class CreateNetworkCmd extends BaseCmd implements UserCmd {
     @Parameter(name = ApiConstants.IP6_DNS2, type = CommandType.STRING, description = "the second IPv6 DNS for the network", since = "4.18.0")
     private String ip6Dns2;
 
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
+    private String sourceNatIp;
+
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
+    private String sourceNatIpUuid;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -388,14 +385,6 @@ public String getIp6Dns2() {
         return ip6Dns2;
     }
 
-    public String getRouterIPv4() {
-        return routerIPv4;
-    }
-
-    public String getRouterIPv6() {
-        return routerIPv6;
-    }
-
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
index 9a83e85c4fdf..344ebe553b83 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
@@ -20,7 +20,6 @@
 import org.apache.cloudstack.acl.SecurityChecker.AccessType;
 import org.apache.cloudstack.api.ACL;
 import org.apache.cloudstack.api.APICommand;
-import org.apache.cloudstack.api.ApiArgValidator;
 import org.apache.cloudstack.api.ApiCommandResourceType;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
@@ -105,13 +104,11 @@ public class UpdateNetworkCmd extends BaseAsyncCustomIdCmd implements UserCmd {
     @Parameter(name = ApiConstants.IP6_DNS2, type = CommandType.STRING, description = "the second IPv6 DNS for the network. Empty string will update the second IPv6 DNS with the value from the zone", since = "4.18.0")
     private String ip6Dns2;
 
-    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the router of the network", since = "4.19",
-            validations = {ApiArgValidator.NotNullOrEmpty})
-    private String routerIPv4;
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
+    private String sourceNatIP;
 
-    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the router of the network", since = "4.19",
-            validations = {ApiArgValidator.NotNullOrEmpty})
-    private String routerIPv6;
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
+    private String sourceNatIpUuid;
 
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
index 8f446fbb63f0..bdd04587209f 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
@@ -20,7 +20,6 @@
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.RoleType;
-import org.apache.cloudstack.api.ApiArgValidator;
 import org.apache.cloudstack.api.APICommand;
 import org.apache.cloudstack.api.ApiConstants;
 import org.apache.cloudstack.api.ApiErrorCode;
@@ -114,13 +113,11 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd implements UserCmd {
     @Parameter(name = ApiConstants.IP6_DNS2, type = CommandType.STRING, description = "the second IPv6 DNS for the VPC", since = "4.18.0")
     private String ip6Dns2;
 
-    @Parameter(name = ApiConstants.ROUTER_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the router of the network", since = "4.18",
-            validations = {ApiArgValidator.NotNullOrEmpty})
-    private String routerIp;
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
+    private String sourceNatIp;
 
-    @Parameter(name = ApiConstants.ROUTER_IPV6, type = CommandType.STRING, description = "IPV6 address to be assigned to the router of the network", since = "4.18",
-            validations = {ApiArgValidator.NotNullOrEmpty})
-    private String routerIpv6;
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
+    private String sourceNatIpUuid;
 
     // ///////////////////////////////////////////////////
     // ///////////////// Accessors ///////////////////////
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index 0e6bd7638aff..baa469a7c954 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -80,6 +80,8 @@
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
+import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 
@@ -1298,6 +1300,14 @@ private void checkSharedNetworkCidrOverlap(Long zoneId, long physicalNetworkId,
         }
     }
 
+    private void validateSharedNetworkRouterIPs(String gateway, String startIP, String endIP, String netmask, String routerIPv4, String routerIPv6, String startIPv6, String endIPv6, String ip6Cidr, NetworkOffering ntwkOff) {
+        if (ntwkOff.getGuestType() == GuestType.Shared) {
+            validateSharedNetworkRouterIPv4(routerIPv4, startIP, endIP, gateway, netmask);
+            validateSharedNetworkRouterIPv6(routerIPv6, startIPv6, endIPv6, ip6Cidr);
+
+        }
+    }
+
     private void validateSharedNetworkRouterIPv4(String routerIp, String startIp, String endIp, String gateway, String netmask) {
         if (StringUtils.isNotBlank(routerIp)) {
             if (startIp != null && endIp == null) {
@@ -1370,30 +1380,26 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         String endIP = cmd.getEndIp();
         String netmask = cmd.getNetmask();
         String networkDomain = cmd.getNetworkDomain();
-        String vlanId = null;
-        boolean bypassVlanOverlapCheck = false;
-        boolean hideIpAddressUsage = false;
-        if (cmd instanceof CreateNetworkCmdByAdmin) {
-            vlanId = ((CreateNetworkCmdByAdmin)cmd).getVlan();
-            bypassVlanOverlapCheck = ((CreateNetworkCmdByAdmin)cmd).getBypassVlanOverlapCheck();
-            hideIpAddressUsage = ((CreateNetworkCmdByAdmin)cmd).getHideIpAddressUsage();
-        }
+
+        boolean adminCalledUs = cmd instanceof CreateNetworkCmdByAdmin;
+        String vlanId = adminCalledUs ? ((CreateNetworkCmdByAdmin)cmd).getVlan() : null;
+        boolean bypassVlanOverlapCheck = adminCalledUs ? ((CreateNetworkCmdByAdmin)cmd).getBypassVlanOverlapCheck() : false;
+        boolean hideIpAddressUsage = adminCalledUs ? ((CreateNetworkCmdByAdmin)cmd).getHideIpAddressUsage() : false;
+        String routerIPv4 = adminCalledUs ? ((CreateNetworkCmdByAdmin)cmd).getRouterIp() : null;
+        String routerIPv6 = adminCalledUs ? ((CreateNetworkCmdByAdmin)cmd).getRouterIpv6() : null;
 
         String name = cmd.getNetworkName();
         String displayText = cmd.getDisplayText();
         Account caller = CallContext.current().getCallingAccount();
         Long physicalNetworkId = cmd.getPhysicalNetworkId();
-        Long zoneId = cmd.getZoneId();
-        String aclTypeStr = cmd.getAclType();
         Long domainId = cmd.getDomainId();
-        boolean isDomainSpecific = false;
         Boolean subdomainAccess = cmd.getSubdomainAccess();
         Long vpcId = cmd.getVpcId();
         String startIPv6 = cmd.getStartIpv6();
         String endIPv6 = cmd.getEndIpv6();
         String ip6Gateway = cmd.getIp6Gateway();
         String ip6Cidr = cmd.getIp6Cidr();
-        Boolean displayNetwork = cmd.getDisplayNetwork();
+        Boolean displayNetwork = cmd.getDisplayNetwork() == null ? true : cmd.getDisplayNetwork() ;
         Long aclId = cmd.getAclId();
         String isolatedPvlan = cmd.getIsolatedPvlan();
         String externalId = cmd.getExternalId();
@@ -1406,127 +1412,31 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         String ip6Dns1 = cmd.getIp6Dns1();
         String ip6Dns2 = cmd.getIp6Dns2();
 
-        // Validate network offering
-        NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(networkOfferingId);
-        if (ntwkOff == null || ntwkOff.isSystemOnly()) {
-            InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find network offering by specified id");
-            if (ntwkOff != null) {
-                ex.addProxyObject(ntwkOff.getUuid(), "networkOfferingId");
-            }
-            throw ex;
-        }
+        // Validate network offering id
+        NetworkOffering ntwkOff = getAndValidateNetworkOffering(networkOfferingId);
 
-        Account owner = null;
-        if ((cmd.getAccountName() != null && domainId != null) || cmd.getProjectId() != null) {
-            owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), domainId, cmd.getProjectId());
-        } else {
-            s_logger.info(String.format("Assigning the network to caller:%s because either projectId or accountname and domainId are not provided", caller.getAccountName()));
-            owner = caller;
-        }
+        Account owner = getOwningAccount(cmd, caller);
 
-        // validate physical network and zone
-        // Check if physical network exists
-        PhysicalNetwork pNtwk = null;
-        if (physicalNetworkId != null) {
-            pNtwk = _physicalNetworkDao.findById(physicalNetworkId);
-            if (pNtwk == null) {
-                throw new InvalidParameterValueException("Unable to find a physical network having the specified physical network id");
-            }
-        }
-
-        if (zoneId == null) {
-            zoneId = pNtwk.getDataCenterId();
-        }
-
-        if (displayNetwork == null) {
-            displayNetwork = true;
-        }
+        PhysicalNetwork pNtwk = getAndValidatePhysicalNetwork(physicalNetworkId);
 
-        DataCenter zone = _dcDao.findById(zoneId);
-        if (zone == null) {
-            throw new InvalidParameterValueException("Specified zone id was not found");
-        }
+        DataCenter zone = getAndValidateZone(cmd, pNtwk);
 
         _accountMgr.checkAccess(owner, ntwkOff, zone);
 
-        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
-            // See DataCenterVO.java
-            PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation since specified Zone is currently disabled");
-            ex.addProxyObject(zone.getUuid(), "zoneId");
-            throw ex;
-        }
+        validateZoneAvailability(caller, zone);
 
-        // Only domain and account ACL types are supported in Acton.
-        ACLType aclType = null;
-        if (aclTypeStr != null) {
-            if (aclTypeStr.equalsIgnoreCase(ACLType.Account.toString())) {
-                aclType = ACLType.Account;
-            } else if (aclTypeStr.equalsIgnoreCase(ACLType.Domain.toString())) {
-                aclType = ACLType.Domain;
-            } else {
-                throw new InvalidParameterValueException("Incorrect aclType specified. Check the API documentation for supported types");
-            }
-            // In 3.0 all Shared networks should have aclType == Domain, all Isolated networks aclType==Account
-            if (ntwkOff.getGuestType() == GuestType.Isolated) {
-                if (aclType != ACLType.Account) {
-                    throw new InvalidParameterValueException("AclType should be " + ACLType.Account + " for network of type " + Network.GuestType.Isolated);
-                }
-            } else if (ntwkOff.getGuestType() == GuestType.Shared) {
-                if (!(aclType == ACLType.Domain || aclType == ACLType.Account)) {
-                    throw new InvalidParameterValueException("AclType should be " + ACLType.Domain + " or " + ACLType.Account + " for network of type " + Network.GuestType.Shared);
-                }
-            }
-        } else {
-            if (ntwkOff.getGuestType() == GuestType.Isolated || ntwkOff.getGuestType() == GuestType.L2) {
-                aclType = ACLType.Account;
-            } else if (ntwkOff.getGuestType() == GuestType.Shared) {
-                if (_accountMgr.isRootAdmin(caller.getId())) {
-                    aclType = ACLType.Domain;
-                } else if (_accountMgr.isNormalUser(caller.getId())) {
-                    aclType = ACLType.Account;
-                } else {
-                    throw new InvalidParameterValueException("AclType must be specified for shared network created by domain admin");
-                }
-            }
-        }
+        ACLType aclType = getAclType(caller, cmd.getAclType(), ntwkOff);
 
-        if (ntwkOff.getGuestType() == GuestType.L2 && (!StringUtils.isAllBlank(cmd.getRouterIPv4(), cmd.getRouterIPv6()))) {
-            throw new InvalidParameterValueException("Router IP cannot be specified for level 2 networks");
+        if (ntwkOff.getGuestType() != GuestType.Shared && (!StringUtils.isAllBlank(routerIPv4, routerIPv6))) {
+            throw new InvalidParameterValueException("Router IP can be specified only for Shared networks");
         }
 
         if (ntwkOff.getGuestType() == GuestType.Shared && !_networkModel.isProviderForNetworkOffering(Provider.VirtualRouter, networkOfferingId)
-                && (!StringUtils.isAllBlank(cmd.getRouterIPv4(), cmd.getRouterIPv6()))) {
+                && (!StringUtils.isAllBlank(routerIPv4, routerIPv6))) {
             throw new InvalidParameterValueException("Virtual Router is not a supported provider for the Shared network, hence router ip should not be provided");
         }
 
-        // Check if the network is domain specific
-        if (aclType == ACLType.Domain) {
-            // only Admin can create domain with aclType=Domain
-            if (!_accountMgr.isAdmin(caller.getId())) {
-                throw new PermissionDeniedException("Only admin can create networks with aclType=Domain");
-            }
-
-            // only shared networks can be Domain specific
-            if (ntwkOff.getGuestType() != GuestType.Shared) {
-                throw new InvalidParameterValueException("Only " + GuestType.Shared + " networks can have aclType=" + ACLType.Domain);
-            }
-
-            if (domainId != null) {
-                if (ntwkOff.getTrafficType() != TrafficType.Guest || ntwkOff.getGuestType() != Network.GuestType.Shared) {
-                    throw new InvalidParameterValueException("Domain level networks are supported just for traffic type " + TrafficType.Guest + " and guest type " + Network.GuestType.Shared);
-                }
-
-                DomainVO domain = _domainDao.findById(domainId);
-                if (domain == null) {
-                    throw new InvalidParameterValueException("Unable to find domain by specified id");
-                }
-                _accountMgr.checkAccess(caller, domain);
-            }
-            isDomainSpecific = true;
-
-        } else if (subdomainAccess != null) {
-            throw new InvalidParameterValueException("Parameter subDomainAccess can be specified only with aclType=Domain");
-        }
+        boolean isDomainSpecific = isDomainSpecificNetworkRequested(caller, domainId, subdomainAccess, ntwkOff, aclType);
 
         if (aclType == ACLType.Domain) {
             owner = _accountDao.findById(Account.ACCOUNT_ID_SYSTEM);
@@ -1628,14 +1538,8 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
             }
         }
 
-        if (ntwkOff.getGuestType() == GuestType.Shared) {
-            validateSharedNetworkRouterIPv4(cmd.getRouterIPv4(), startIP, endIP, gateway, netmask);
-            validateSharedNetworkRouterIPv6(cmd.getRouterIPv6(), startIPv6, endIPv6, ip6Cidr);
+        validateSharedNetworkRouterIPs(gateway, startIP, endIP, netmask, routerIPv4, routerIPv6, startIPv6, endIPv6, ip6Cidr, ntwkOff);
 
-        } else if (ntwkOff.getGuestType() == GuestType.Isolated) {
-            validateIsolatedNetworkRouterIPv4(cmd.getRouterIPv4());
-            validateIsolatedNetworkRouterIPv6(cmd.getRouterIPv6());
-        }
         Pair<String, String> ip6GatewayCidr = null;
         if (zone.getNetworkType() == NetworkType.Advanced && ntwkOff.getGuestType() == GuestType.Isolated) {
             ipv6 = _networkOfferingDao.isIpv6Supported(ntwkOff.getId());
@@ -1707,7 +1611,7 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         if (cidr != null && providersConfiguredForExternalNetworking(ntwkProviders)) {
             if (ntwkOff.getGuestType() == GuestType.Shared && (zone.getNetworkType() == NetworkType.Advanced) && isSharedNetworkOfferingWithServices(networkOfferingId)) {
                 // validate if CIDR specified overlaps with any of the CIDR's allocated for isolated networks and shared networks in the zone
-                checkSharedNetworkCidrOverlap(zoneId, pNtwk.getId(), cidr);
+                checkSharedNetworkCidrOverlap(zone.getId(), pNtwk.getId(), cidr);
             } else {
                 // if the guest network is for the VPC, if any External Provider are supported in VPC
                 // cidr will not be null as it is generated from the super cidr of vpc.
@@ -1735,7 +1639,7 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
             throwInvalidIdException("Network offering with specified id doesn't support adding multiple ip ranges", ntwkOff.getUuid(), "networkOfferingId");
         }
 
-        Pair<Integer, Integer> interfaceMTUs = validateMtuConfig(publicMtu, privateMtu, zoneId);
+        Pair<Integer, Integer> interfaceMTUs = validateMtuConfig(publicMtu, privateMtu, zone.getId());
         mtuCheckForVpcNetwork(vpcId, interfaceMTUs, publicMtu, privateMtu);
 
         Network associatedNetwork = null;
@@ -1754,9 +1658,12 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
 
         checkNetworkDns(ipv6, ntwkOff, vpcId, ip4Dns1, ip4Dns2, ip6Dns1, ip6Dns2);
 
-        Network network = commitNetwork(networkOfferingId, gateway, startIP, endIP, netmask, networkDomain, vlanId, bypassVlanOverlapCheck, name, displayText, caller, physicalNetworkId, zoneId,
+        Network network = commitNetwork(networkOfferingId, gateway, startIP, endIP, netmask, networkDomain, vlanId, bypassVlanOverlapCheck, name, displayText, caller, physicalNetworkId, zone.getId(),
                 domainId, isDomainSpecific, subdomainAccess, vpcId, startIPv6, endIPv6, ip6Gateway, ip6Cidr, displayNetwork, aclId, secondaryVlanId, privateVlanType, ntwkOff, pNtwk, aclType, owner, cidr, createVlan,
-                externalId, cmd.getRouterIPv4(), cmd.getRouterIPv6(), associatedNetwork, ip4Dns1, ip4Dns2, ip6Dns1, ip6Dns2, interfaceMTUs);
+                externalId, routerIPv4, routerIPv6, associatedNetwork, ip4Dns1, ip4Dns2, ip6Dns1, ip6Dns2, interfaceMTUs);
+
+        // retrieve, acquire and associate the correct ip adresses
+        arrangeForRouterSourcenatIp(cmd, network);
 
         if (hideIpAddressUsage) {
             _networkDetailsDao.persist(new NetworkDetailVO(network.getId(), Network.hideIpAddressUsage, String.valueOf(hideIpAddressUsage), false));
@@ -1773,6 +1680,147 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         return network;
     }
 
+    private void arrangeForRouterSourcenatIp(CreateNetworkCmd cmd, Network network) {
+        // list the network with the given IP
+        // associate the ip to the network by its (uu)id
+        // (mark as sourceNat?
+
+    }
+
+    @Nullable
+    private ACLType getAclType(Account caller, String aclTypeStr, NetworkOffering ntwkOff) {
+        // Only domain and account ACL types are supported in Acton.
+        ACLType aclType = null;
+        if (aclTypeStr != null) {
+            if (aclTypeStr.equalsIgnoreCase(ACLType.Account.toString())) {
+                aclType = ACLType.Account;
+            } else if (aclTypeStr.equalsIgnoreCase(ACLType.Domain.toString())) {
+                aclType = ACLType.Domain;
+            } else {
+                throw new InvalidParameterValueException("Incorrect aclType specified. Check the API documentation for supported types");
+            }
+            // In 3.0 all Shared networks should have aclType == Domain, all Isolated networks aclType==Account
+            if (ntwkOff.getGuestType() == GuestType.Isolated) {
+                if (aclType != ACLType.Account) {
+                    throw new InvalidParameterValueException("AclType should be " + ACLType.Account + " for network of type " + GuestType.Isolated);
+                }
+            } else if (ntwkOff.getGuestType() == GuestType.Shared) {
+                if (!(aclType == ACLType.Domain || aclType == ACLType.Account)) {
+                    throw new InvalidParameterValueException("AclType should be " + ACLType.Domain + " or " + ACLType.Account + " for network of type " + GuestType.Shared);
+                }
+            }
+        } else {
+            if (ntwkOff.getGuestType() == GuestType.Isolated || ntwkOff.getGuestType() == GuestType.L2) {
+                aclType = ACLType.Account;
+            } else if (ntwkOff.getGuestType() == GuestType.Shared) {
+                if (_accountMgr.isRootAdmin(caller.getId())) {
+                    aclType = ACLType.Domain;
+                } else if (_accountMgr.isNormalUser(caller.getId())) {
+                    aclType = ACLType.Account;
+                } else {
+                    throw new InvalidParameterValueException("AclType must be specified for shared network created by domain admin");
+                }
+            }
+        }
+        return aclType;
+    }
+
+    private void validateZoneAvailability(Account caller, DataCenter zone) {
+        if (Grouping.AllocationState.Disabled == zone.getAllocationState() && !_accountMgr.isRootAdmin(caller.getId())) {
+            // See DataCenterVO.java
+            PermissionDeniedException ex = new PermissionDeniedException("Cannot perform this operation since specified Zone is currently disabled");
+            ex.addProxyObject(zone.getUuid(), "zoneId");
+            throw ex;
+        }
+    }
+
+    private boolean isDomainSpecificNetworkRequested(Account caller, Long domainId, Boolean subdomainAccess, NetworkOffering ntwkOff, ACLType aclType) {
+        boolean isDomainSpecific = false;
+        // Check if the network is domain specific
+        if (aclType == ACLType.Domain) {
+            // only Admin can create domain with aclType=Domain
+            if (!_accountMgr.isAdmin(caller.getId())) {
+                throw new PermissionDeniedException("Only admin can create networks with aclType=Domain");
+            }
+
+            // only shared networks can be Domain specific
+            if (ntwkOff.getGuestType() != GuestType.Shared) {
+                throw new InvalidParameterValueException("Only " + GuestType.Shared + " networks can have aclType=" + ACLType.Domain);
+            }
+
+            if (domainId != null) {
+                if (ntwkOff.getTrafficType() != TrafficType.Guest || ntwkOff.getGuestType() != GuestType.Shared) {
+                    throw new InvalidParameterValueException("Domain level networks are supported just for traffic type " + TrafficType.Guest + " and guest type " + GuestType.Shared);
+                }
+
+                DomainVO domain = _domainDao.findById(domainId);
+                if (domain == null) {
+                    throw new InvalidParameterValueException("Unable to find domain by specified id");
+                }
+                _accountMgr.checkAccess(caller, domain);
+            }
+            isDomainSpecific = true;
+
+        } else if (subdomainAccess != null) {
+            throw new InvalidParameterValueException("Parameter subDomainAccess can be specified only with aclType=Domain");
+        }
+        return isDomainSpecific;
+    }
+
+    @NotNull
+    private DataCenter getAndValidateZone(CreateNetworkCmd cmd, PhysicalNetwork pNtwk) {
+        Long zoneId = (cmd.getZoneId() == null) ? pNtwk.getDataCenterId() : cmd.getZoneId();
+        DataCenter zone = _dcDao.findById(zoneId);
+        if (zone == null) {
+            throw new InvalidParameterValueException("Specified zone id was not found");
+        }
+        return zone;
+    }
+
+    /**
+     // validate physical network and zone
+     // Check if physical network exists
+     *
+     * @param physicalNetworkId the id of the required physical network
+     * @return the data object for the physical network
+     */
+    @Nullable
+    private PhysicalNetwork getAndValidatePhysicalNetwork(Long physicalNetworkId) {
+        PhysicalNetwork pNtwk = null;
+        if (physicalNetworkId != null) {
+            pNtwk = getPhysicalNetwork(physicalNetworkId);
+            if (pNtwk == null) {
+                throw new InvalidParameterValueException("Unable to find a physical network having the specified physical network id");
+            }
+        }
+        return pNtwk;
+    }
+
+    private Account getOwningAccount(CreateNetworkCmd cmd, Account caller) {
+        Account owner = null;
+        Long domainId = cmd.getDomainId();
+        if ((cmd.getAccountName() != null && domainId != null) || cmd.getProjectId() != null) {
+            owner = _accountMgr.finalizeOwner(caller, cmd.getAccountName(), domainId, cmd.getProjectId());
+        } else {
+            s_logger.info(String.format("Assigning the network to caller:%s because either projectId or accountname and domainId are not provided", caller.getAccountName()));
+            owner = caller;
+        }
+        return owner;
+    }
+
+    @NotNull
+    private NetworkOffering getAndValidateNetworkOffering(Long networkOfferingId) {
+        NetworkOfferingVO ntwkOff = _networkOfferingDao.findById(networkOfferingId);
+        if (ntwkOff == null || ntwkOff.isSystemOnly()) {
+            InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find network offering by specified id");
+            if (ntwkOff != null) {
+                ex.addProxyObject(ntwkOff.getUuid(), "networkOfferingId");
+            }
+            throw ex;
+        }
+        return ntwkOff;
+    }
+
     protected void mtuCheckForVpcNetwork(Long vpcId, Pair<Integer, Integer> interfaceMTUs, Integer publicMtu, Integer privateMtu) {
         if (vpcId != null && publicMtu != null) {
             VpcVO vpc = _vpcDao.findById(vpcId);
@@ -1887,7 +1935,7 @@ private Network implementedNetworkInCreation(final Account caller, final DataCen
         }
     }
 
-    private void validateNetworkOfferingForNonRootAdminUser(NetworkOfferingVO ntwkOff) {
+    private void validateNetworkOfferingForNonRootAdminUser(NetworkOffering ntwkOff) {
         if (ntwkOff.getTrafficType() != TrafficType.Guest) {
             throw new InvalidParameterValueException("This user can only create a Guest network");
         }
@@ -1949,7 +1997,7 @@ protected void performBasicPrivateVlanChecks(String vlanId, String secondaryVlan
     private Network commitNetwork(final Long networkOfferingId, final String gateway, final String startIP, final String endIP, final String netmask, final String networkDomain, final String vlanIdFinal,
                                   final Boolean bypassVlanOverlapCheck, final String name, final String displayText, final Account caller, final Long physicalNetworkId, final Long zoneId, final Long domainId,
                                   final boolean isDomainSpecific, final Boolean subdomainAccessFinal, final Long vpcId, final String startIPv6, final String endIPv6, final String ip6Gateway, final String ip6Cidr,
-                                  final Boolean displayNetwork, final Long aclId, final String isolatedPvlan, final PVlanType isolatedPvlanType, final NetworkOfferingVO ntwkOff, final PhysicalNetwork pNtwk, final ACLType aclType, final Account ownerFinal,
+                                  final Boolean displayNetwork, final Long aclId, final String isolatedPvlan, final PVlanType isolatedPvlanType, final NetworkOffering ntwkOff, final PhysicalNetwork pNtwk, final ACLType aclType, final Account ownerFinal,
                                   final String cidr, final boolean createVlan, final String externalId, String routerIp, String routerIpv6,
                                   final Network associatedNetwork, final String ip4Dns1, final String ip4Dns2, final String ip6Dns1, final String ip6Dns2, Pair<Integer, Integer> vrIfaceMTUs) throws InsufficientCapacityException, ResourceAllocationException {
         try {
diff --git a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
index 06510ac76d51..353ce46c9a7b 100644
--- a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
+++ b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
@@ -352,6 +352,7 @@ public void testCreateGuestNetwork() throws InsufficientCapacityException, Resou
         ReflectionTestUtils.setField(createNetworkCmd, "privateMtu", privateMtu);
         ReflectionTestUtils.setField(createNetworkCmd, "physicalNetworkId", null);
         Mockito.when(offering.isSystemOnly()).thenReturn(false);
+        Mockito.when(dc.getId()).thenReturn(1L);
         Mockito.when(dc.getAllocationState()).thenReturn(Grouping.AllocationState.Enabled);
         Map<String, String> networkProvidersMap = new HashMap<String, String>();
         Mockito.when(networkManager.finalizeServicesAndProvidersForNetwork(ArgumentMatchers.any(NetworkOffering.class), anyLong())).thenReturn(networkProvidersMap);
@@ -409,6 +410,7 @@ public void testValidateBypassingPublicMtuPassedDuringNetworkTierCreationForVpcs
         ReflectionTestUtils.setField(createNetworkCmd, "privateMtu", privateMtu);
         ReflectionTestUtils.setField(createNetworkCmd, "physicalNetworkId", null);
         ReflectionTestUtils.setField(createNetworkCmd, "vpcId", 1L);
+        Mockito.when(dc.getId()).thenReturn(1L);
         Mockito.when(configMgr.isOfferingForVpc(offering)).thenReturn(true);
         Mockito.when(vpcDao.findById(anyLong())).thenReturn(vpc);
 
diff --git a/ui/src/views/network/CreateIsolatedNetworkForm.vue b/ui/src/views/network/CreateIsolatedNetworkForm.vue
index 611baf120382..3ed219eb97d4 100644
--- a/ui/src/views/network/CreateIsolatedNetworkForm.vue
+++ b/ui/src/views/network/CreateIsolatedNetworkForm.vue
@@ -291,22 +291,13 @@
               </a-col>
             </a-row>
           </div>
-          <!-- TODO; change to isSourceNatEnabled -->
-          <a-form-item v-if="selectedNetworkOffering && selectedNetworkOffering.selectsnatipallowed" name="routerip" ref="routerip">
+          <a-form-item v-if="selectedNetworkOfferingSupportsSourceNat" name="sourcenatipaddress" ref="sourcenatipaddress">
             <template #label>
-              <tooltip-label :title="$t('label.routerip')" :tooltip="apiParams.routerip.description"/>
+              <tooltip-label :title="$t('label.routerip')" :tooltip="apiParams.sourcenatipaddress.description"/>
             </template>
             <a-input
-              v-model:value="form.routerip"
-              :placeholder="apiParams.routerip.description"/>
-          </a-form-item>
-          <a-form-item v-if="selectedNetworkOffering && selectedNetworkOffering.selectsnatipallowed" name="routeripv6" ref="routeripv6">
-            <template #label>
-              <tooltip-label :title="$t('label.routeripv6')" :tooltip="apiParams.routeripv6.description"/>
-            </template>
-            <a-input
-              v-model:value="form.routeripv6"
-              :placeholder="apiParams.routeripv6.description"/>
+              v-model:value="form.sourcenatipaddress"
+              :placeholder="apiParams.sourcenatipaddress.description"/>
           </a-form-item>
           <a-form-item
             ref="networkdomain"
@@ -436,6 +427,14 @@ export default {
         return dnsServices && dnsServices.length === 1
       }
       return false
+    },
+    selectedNetworkOfferingSupportsSourceNat () {
+      if (this.selectedNetworkOffering) {
+        const services = this.selectedNetworkOffering?.service || []
+        const sourcenatService = services.filter(service => service.name === 'SourceNat')
+        return sourcenatService && sourcenatService.length === 1
+      }
+      return false
     }
   },
   methods: {
@@ -635,7 +634,7 @@ export default {
           displayText: values.displaytext,
           networkOfferingId: this.selectedNetworkOffering.id
         }
-        var usefulFields = ['gateway', 'netmask', 'startip', 'startipv4', 'endip', 'endipv4', 'dns1', 'dns2', 'ip6dns1', 'ip6dns2', 'routerip', 'externalid', 'vpcid', 'vlan', 'networkdomain']
+        var usefulFields = ['gateway', 'netmask', 'startip', 'startipv4', 'endip', 'endipv4', 'dns1', 'dns2', 'ip6dns1', 'ip6dns2', 'sourcenatipaddress', 'externalid', 'vpcid', 'vlan', 'networkdomain']
         for (var field of usefulFields) {
           if (this.isValidTextValueForKey(values, field)) {
             params[field] = values[field]
diff --git a/ui/src/views/network/CreateVpc.vue b/ui/src/views/network/CreateVpc.vue
index f86ce9200699..5c6c445a3b31 100644
--- a/ui/src/views/network/CreateVpc.vue
+++ b/ui/src/views/network/CreateVpc.vue
@@ -155,22 +155,21 @@
             </a-form-item>
           </a-col>
         </a-row>
-        <!-- TODO; change to if isSourceNatEnabled -->
-        <a-form-item v-if="selectedVpcOffering && selectedVpcOffering.selectsnatipallowed" name="routerip" ref="routerip">
+        <a-form-item v-if="selectedNetworkOfferingSupportsSourceNat" name="sourcenatipaddress" ref="sourcenatipaddress">
           <template #label>
-            <tooltip-label :title="$t('label.routerip')" :tooltip="apiParams.routerip.description"/>
+            <tooltip-label :title="$t('label.routerip')" :tooltip="apiParams.sourcenatipaddress.description"/>
           </template>
           <a-input
-            v-model:value="form.routerip"
-            :placeholder="apiParams.routerip.description"/>
+            v-model:value="form.sourcenatipaddress"
+            :placeholder="apiParams.sourcenatipaddress.description"/>
         </a-form-item>
-        <a-form-item v-if="form.selectedVpcOffering && form.selectedVpcOffering.selectsnatipallowed" name="routeripv6" ref="routeripv6">
+        <a-form-item v-if="selectedNetworkOfferingSupportsSourceNat" name="sourcenatipaddressid" ref="sourcenatipaddressid">
           <template #label>
-            <tooltip-label :title="$t('label.routeripv6')" :tooltip="apiParams.routeripv6.description"/>
+            <tooltip-label :title="$t('label.routerip')" :tooltip="apiParams.sourcenatipaddressid.description"/>
           </template>
           <a-input
-            v-model:value="form.routeripv6"
-            :placeholder="apiParams.routeripv6.description"/>
+            v-model:value="form.sourcenatipaddress"
+            :placeholder="apiParams.sourcenatipaddress.description"/>
         </a-form-item>
         <a-form-item name="start" ref="start">
           <template #label>
@@ -229,6 +228,14 @@ export default {
         return dnsServices && dnsServices.length === 1
       }
       return false
+    },
+    selectedNetworkOfferingSupportsSourceNat () {
+      if (this.selectedVpcOffering) {
+        const services = this.selectedVpcOffering?.service || []
+        const sourcenatService = services.filter(service => service.name === 'SourceNat')
+        return sourcenatService && sourcenatService.length === 1
+      }
+      return false
     }
   },
   methods: {

From f5254226b5b68ef0015922bdbbd6e73f1e497a72 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 6 Mar 2023 16:28:31 +0100
Subject: [PATCH 22/51] ip snat change for isolated nets v1

---
 .../com/cloud/network/vpc/VpcService.java     |  27 +--
 .../user/network/CreateNetworkCmd.java        |  16 +-
 .../user/network/UpdateNetworkCmd.java        |   9 +-
 .../com/cloud/network/dao/IPAddressDao.java   |   2 +-
 .../cloud/network/dao/IPAddressDaoImpl.java   |   4 +-
 .../com/cloud/network/NetworkServiceImpl.java | 160 +++++++++++++-----
 .../com/cloud/network/vpc/VpcManagerImpl.java |   8 +-
 7 files changed, 139 insertions(+), 87 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index dd5f82755532..aaca62ee8500 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -90,31 +90,10 @@ Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName, Strin
 
     /**
      * Lists VPC(s) based on the parameters passed to the method call
-     *
-     * @param id
-     * @param vpcName
-     * @param displayText
-     * @param supportedServicesStr
-     * @param cidr
-     * @param state TODO
-     * @param accountName
-     * @param domainId
-     * @param keyword
-     * @param startIndex
-     * @param pageSizeVal
-     * @param zoneId TODO
-     * @param isRecursive TODO
-     * @param listAll TODO
-     * @param restartRequired TODO
-     * @param tags TODO
-     * @param projectId TODO
-     * @param display TODO
-     * @param vpc
-     * @return
      */
     Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, String displayText, List<String> supportedServicesStr, String cidr, Long vpcOffId, String state,
-            String accountName, Long domainId, String keyword, Long startIndex, Long pageSizeVal, Long zoneId, Boolean isRecursive, Boolean listAll, Boolean restartRequired,
-            Map<String, String> tags, Long projectId, Boolean display);
+                                                String accountName, Long domainId, String keyword, Long startIndex, Long pageSizeVal, Long zoneId, Boolean isRecursive, Boolean listAll, Boolean restartRequired,
+                                                Map<String, String> tags, Long projectId, Boolean display);
 
     /**
      * Starts VPC which includes starting VPC provider and applying all the networking rules on the backend
@@ -183,7 +162,7 @@ Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, String disp
     /**
      * Deletes VPC private gateway
      *
-     * @param id
+     * @param gatewayId
      * @return
      * @throws ResourceUnavailableException
      * @throws ConcurrentOperationException
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index 5b7f5336a34c..e763da67b6a5 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@ -183,11 +183,13 @@ public class CreateNetworkCmd extends BaseCmd implements UserCmd {
     @Parameter(name = ApiConstants.IP6_DNS2, type = CommandType.STRING, description = "the second IPv6 DNS for the network", since = "4.18.0")
     private String ip6Dns2;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
-    private String sourceNatIp;
-
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
-    private String sourceNatIpUuid;
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP,
+            type = CommandType.STRING,
+            description = "IPV4 address to be assigned to the piublic interface of the network router. This is a hint." +
+                    " If an address is given and it cannot be acquired, an error will be returned and the network won´t be implemented," +
+                    " even if so requested.",
+            since = "4.19")
+    private String sourceNatIP;
 
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
@@ -272,6 +274,10 @@ public String getTungstenVirtualRouterUuid() {
         return tungstenVirtualRouterUuid;
     }
 
+    public String getSourceNatIP() {
+        return sourceNatIP;
+    }
+
     @Override
     public boolean isDisplay() {
         if(displayNetwork == null)
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
index 344ebe553b83..534ae95c13d8 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
@@ -104,12 +104,9 @@ public class UpdateNetworkCmd extends BaseAsyncCustomIdCmd implements UserCmd {
     @Parameter(name = ApiConstants.IP6_DNS2, type = CommandType.STRING, description = "the second IPv6 DNS for the network. Empty string will update the second IPv6 DNS with the value from the zone", since = "4.18.0")
     private String ip6Dns2;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router. This address must already be acquired for this network", since = "4.19")
     private String sourceNatIP;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
-    private String sourceNatIpUuid;
-
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -187,6 +184,10 @@ public String getIp6Dns2() {
         return ip6Dns2;
     }
 
+    public String getSourceNatIP() {
+        return sourceNatIP;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/engine/schema/src/main/java/com/cloud/network/dao/IPAddressDao.java b/engine/schema/src/main/java/com/cloud/network/dao/IPAddressDao.java
index 51dfa91a404d..e7e7e52532ad 100644
--- a/engine/schema/src/main/java/com/cloud/network/dao/IPAddressDao.java
+++ b/engine/schema/src/main/java/com/cloud/network/dao/IPAddressDao.java
@@ -75,7 +75,7 @@ public interface IPAddressDao extends GenericDao<IPAddressVO, Long> {
 
     long countFreeIPsInNetwork(long networkId);
 
-    IPAddressVO findByVmIp(String vmIp);
+    IPAddressVO findByIp(String ipAddress);
 
     IPAddressVO findByAssociatedVmIdAndVmIp(long vmId, String vmIp);
 
diff --git a/engine/schema/src/main/java/com/cloud/network/dao/IPAddressDaoImpl.java b/engine/schema/src/main/java/com/cloud/network/dao/IPAddressDaoImpl.java
index b995959f01e8..ec637a45b4be 100644
--- a/engine/schema/src/main/java/com/cloud/network/dao/IPAddressDaoImpl.java
+++ b/engine/schema/src/main/java/com/cloud/network/dao/IPAddressDaoImpl.java
@@ -314,9 +314,9 @@ public List<IPAddressVO> findAllByAssociatedVmId(long vmId) {
     }
 
     @Override
-    public IPAddressVO findByVmIp(String vmIp) {
+    public IPAddressVO findByIp(String ipAddress) {
         SearchCriteria<IPAddressVO> sc = AllFieldsSearch.create();
-        sc.setParameters("associatedVmIp", vmIp);
+        sc.setParameters("ipAddress", ipAddress);
         return findOneBy(sc);
     }
 
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index baa469a7c954..a748acb423a9 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1346,18 +1346,6 @@ private void validateSharedNetworkRouterIPv6(String routerIPv6, String startIPv6
         }
     }
 
-    private void validateIsolatedNetworkRouterIPv4(String routerIPv4) {
-        if (StringUtils.isNotBlank(routerIPv4)) {
-            isIPv4AddressValid(routerIPv4);
-        }
-    }
-
-    private void validateIsolatedNetworkRouterIPv6(String routerIPv6) {
-        if (StringUtils.isNotBlank(routerIPv6)) {
-            isIPv6AddressValid(routerIPv6);
-        }
-    }
-
     private void isIPv4AddressValid(String routerIp) {
         if (!NetUtils.isValidIp4(routerIp)) {
             throw new CloudRuntimeException("Router IPv4 IP provided is of incorrect format");
@@ -1383,8 +1371,8 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
 
         boolean adminCalledUs = cmd instanceof CreateNetworkCmdByAdmin;
         String vlanId = adminCalledUs ? ((CreateNetworkCmdByAdmin)cmd).getVlan() : null;
-        boolean bypassVlanOverlapCheck = adminCalledUs ? ((CreateNetworkCmdByAdmin)cmd).getBypassVlanOverlapCheck() : false;
-        boolean hideIpAddressUsage = adminCalledUs ? ((CreateNetworkCmdByAdmin)cmd).getHideIpAddressUsage() : false;
+        boolean bypassVlanOverlapCheck = adminCalledUs && ((CreateNetworkCmdByAdmin)cmd).getBypassVlanOverlapCheck();
+        boolean hideIpAddressUsage = adminCalledUs && ((CreateNetworkCmdByAdmin)cmd).getHideIpAddressUsage();
         String routerIPv4 = adminCalledUs ? ((CreateNetworkCmdByAdmin)cmd).getRouterIp() : null;
         String routerIPv6 = adminCalledUs ? ((CreateNetworkCmdByAdmin)cmd).getRouterIpv6() : null;
 
@@ -1399,7 +1387,7 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         String endIPv6 = cmd.getEndIpv6();
         String ip6Gateway = cmd.getIp6Gateway();
         String ip6Cidr = cmd.getIp6Cidr();
-        Boolean displayNetwork = cmd.getDisplayNetwork() == null ? true : cmd.getDisplayNetwork() ;
+        boolean displayNetwork = ! Boolean.FALSE.equals(cmd.getDisplayNetwork());
         Long aclId = cmd.getAclId();
         String isolatedPvlan = cmd.getIsolatedPvlan();
         String externalId = cmd.getExternalId();
@@ -1663,7 +1651,7 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
                 externalId, routerIPv4, routerIPv6, associatedNetwork, ip4Dns1, ip4Dns2, ip6Dns1, ip6Dns2, interfaceMTUs);
 
         // retrieve, acquire and associate the correct ip adresses
-        arrangeForRouterSourcenatIp(cmd, network);
+        arrangeForRouterSourceNatIp(owner, cmd, network);
 
         if (hideIpAddressUsage) {
             _networkDetailsDao.persist(new NetworkDetailVO(network.getId(), Network.hideIpAddressUsage, String.valueOf(hideIpAddressUsage), false));
@@ -1680,11 +1668,78 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         return network;
     }
 
-    private void arrangeForRouterSourcenatIp(CreateNetworkCmd cmd, Network network) {
-        // list the network with the given IP
-        // associate the ip to the network by its (uu)id
-        // (mark as sourceNat?
+    private void arrangeForRouterSourceNatIp(Account owner, CreateNetworkCmd cmd, Network network) throws InsufficientAddressCapacityException, ResourceAllocationException {
+        String sourceNatIp = cmd.getSourceNatIP();
+        if (sourceNatIp == null) {
+            return; // nothing to try
+        }
+        IpAddress ip = allocateIP(owner, cmd.getZoneId(), network.getId(), null, sourceNatIp);
+        try {
+            associateIPToNetwork(ip.getId(), network.getId());
+        } catch (ResourceUnavailableException e) {
+            String msg = String.format("can´t use %s as sourcenat IP address for network %s/%s as it is un available", sourceNatIp, network.getName(), network.getUuid());
+            s_logger.error(msg);
+            throw new CloudRuntimeException(msg,e);
+        }
+    }
 
+    /**
+     *
+     * @param owner
+     * @param cmd
+     * @param network
+     * @return if the sourceNat is changes, and consequently restart is needed
+     * @throws InsufficientAddressCapacityException
+     * @throws ResourceAllocationException
+     */
+    private boolean arrangeForRouterSourceNatIp(Account owner, UpdateNetworkCmd cmd, Network network) throws InsufficientAddressCapacityException, ResourceAllocationException {
+        String sourceNatIp = cmd.getSourceNatIP();
+        if (sourceNatIp == null) {
+            return false; // nothing to try
+        }
+        // check if the address is already aqcuired for this network
+        IPAddressVO requestedIp = _ipAddressDao.findByIp(cmd.getSourceNatIP());
+        if (requestedIp.getNetworkId() == null || ! requestedIp.getNetworkId().equals(network.getId())) {
+            return false; // ip not associated with this network
+        }
+        // check if it is the current source NAT address
+        if (requestedIp.isSourceNat()) {
+            return false; // already sourcenat
+        }
+
+        List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), true);
+        if (! userIps.isEmpty()) {
+            try {
+                updateSourceNat(requestedIp, userIps);
+            } catch (Exception e) { // pokemon execption from transaction
+                String msg = String.format("Update of source NAT ip to %s for network \"%s\"/%s failed due to %s",
+                        requestedIp.getAddress().addr(), network.getName(), network.getUuid(), e.getLocalizedMessage());
+                s_logger.error(msg);
+                throw new CloudRuntimeException(msg, e);
+            }
+        }
+        return true;
+    }
+
+    private void updateSourceNat(IPAddressVO requestedIp, List<IPAddressVO> userIps) throws Exception{
+        // TODO start a transaction to set the new sourcenat ip
+        Transaction.execute(new TransactionCallbackWithException<IpAddress, Exception>() {
+            @Override
+            public IpAddress doInTransaction(TransactionStatus status) throws Exception {
+                // update all other IPs to not be sourcenat, should be at most one
+                for(
+                        IPAddressVO oldIpAddress :userIps)
+
+                {
+                    oldIpAddress.setSourceNat(false);
+                    _ipAddressDao.update(oldIpAddress.getId(), oldIpAddress);
+                }
+                requestedIp.setSourceNat(true);
+                _ipAddressDao.update(requestedIp.getId(),requestedIp);
+                return requestedIp;
+            };
+        }
+        );
     }
 
     @Nullable
@@ -1692,34 +1747,42 @@ private ACLType getAclType(Account caller, String aclTypeStr, NetworkOffering nt
         // Only domain and account ACL types are supported in Acton.
         ACLType aclType = null;
         if (aclTypeStr != null) {
-            if (aclTypeStr.equalsIgnoreCase(ACLType.Account.toString())) {
-                aclType = ACLType.Account;
-            } else if (aclTypeStr.equalsIgnoreCase(ACLType.Domain.toString())) {
-                aclType = ACLType.Domain;
-            } else {
-                throw new InvalidParameterValueException("Incorrect aclType specified. Check the API documentation for supported types");
-            }
-            // In 3.0 all Shared networks should have aclType == Domain, all Isolated networks aclType==Account
-            if (ntwkOff.getGuestType() == GuestType.Isolated) {
-                if (aclType != ACLType.Account) {
-                    throw new InvalidParameterValueException("AclType should be " + ACLType.Account + " for network of type " + GuestType.Isolated);
-                }
-            } else if (ntwkOff.getGuestType() == GuestType.Shared) {
-                if (!(aclType == ACLType.Domain || aclType == ACLType.Account)) {
-                    throw new InvalidParameterValueException("AclType should be " + ACLType.Domain + " or " + ACLType.Account + " for network of type " + GuestType.Shared);
-                }
-            }
+            aclType = getAclType(aclTypeStr, ntwkOff);
+        } else {
+            aclType = getAclType(caller, ntwkOff, aclType);
+        }
+        return aclType;
+    }
+
+    @NotNull
+    private static ACLType getAclType(String aclTypeStr, NetworkOffering ntwkOff) {
+        ACLType aclType;
+        if (aclTypeStr.equalsIgnoreCase(ACLType.Account.toString())) {
+            aclType = ACLType.Account;
+        } else if (aclTypeStr.equalsIgnoreCase(ACLType.Domain.toString())) {
+            aclType = ACLType.Domain;
         } else {
-            if (ntwkOff.getGuestType() == GuestType.Isolated || ntwkOff.getGuestType() == GuestType.L2) {
+            throw new InvalidParameterValueException("Incorrect aclType specified. Check the API documentation for supported types");
+        }
+        // In 3.0 all Shared networks should have aclType == Domain, all Isolated networks aclType==Account
+        if (ntwkOff.getGuestType() == GuestType.Isolated) {
+            if (aclType != ACLType.Account) {
+                throw new InvalidParameterValueException("AclType should be " + ACLType.Account + " for network of type " + GuestType.Isolated);
+            }
+        }
+        return aclType;
+    }
+
+    private ACLType getAclType(Account caller, NetworkOffering ntwkOff, ACLType aclType) {
+        if (ntwkOff.getGuestType() == GuestType.Isolated || ntwkOff.getGuestType() == GuestType.L2) {
+            aclType = ACLType.Account;
+        } else if (ntwkOff.getGuestType() == GuestType.Shared) {
+            if (_accountMgr.isRootAdmin(caller.getId())) {
+                aclType = ACLType.Domain;
+            } else if (_accountMgr.isNormalUser(caller.getId())) {
                 aclType = ACLType.Account;
-            } else if (ntwkOff.getGuestType() == GuestType.Shared) {
-                if (_accountMgr.isRootAdmin(caller.getId())) {
-                    aclType = ACLType.Domain;
-                } else if (_accountMgr.isNormalUser(caller.getId())) {
-                    aclType = ACLType.Account;
-                } else {
-                    throw new InvalidParameterValueException("AclType must be specified for shared network created by domain admin");
-                }
+            } else {
+                throw new InvalidParameterValueException("AclType must be specified for shared network created by domain admin");
             }
         }
         return aclType;
@@ -1784,7 +1847,7 @@ private DataCenter getAndValidateZone(CreateNetworkCmd cmd, PhysicalNetwork pNtw
      * @param physicalNetworkId the id of the required physical network
      * @return the data object for the physical network
      */
-    @Nullable
+    @NotNull
     private PhysicalNetwork getAndValidatePhysicalNetwork(Long physicalNetworkId) {
         PhysicalNetwork pNtwk = null;
         if (physicalNetworkId != null) {
@@ -1792,6 +1855,8 @@ private PhysicalNetwork getAndValidatePhysicalNetwork(Long physicalNetworkId) {
             if (pNtwk == null) {
                 throw new InvalidParameterValueException("Unable to find a physical network having the specified physical network id");
             }
+        } else {
+            throw new CloudRuntimeException("cannot create Guestnetwork without physical network.");
         }
         return pNtwk;
     }
@@ -2838,6 +2903,7 @@ public Network updateGuestNetwork(final UpdateNetworkCmd cmd) {
         String ip4Dns2 = cmd.getIp4Dns2();
         String ip6Dns1 = cmd.getIp6Dns1();
         String ip6Dns2 = cmd.getIp6Dns2();
+        String sourceNatIP = cmd.getSourceNatIP();
 
         boolean restartNetwork = false;
 
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index 9222520602f5..b49775f684e3 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1476,7 +1476,7 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(final Long id, final String v
         final boolean listBySupportedServices = supportedServicesStr != null && !supportedServicesStr.isEmpty() && !vpcs.isEmpty();
 
         if (listBySupportedServices) {
-            final List<VpcVO> supportedVpcs = new ArrayList<VpcVO>();
+            final List<Vpc> supportedVpcs = new ArrayList<>();
             Service[] supportedServices = null;
 
             if (listBySupportedServices) {
@@ -1501,14 +1501,14 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(final Long id, final String v
 
             final List<? extends Vpc> wPagination = StringUtils.applyPagination(supportedVpcs, startIndex, pageSizeVal);
             if (wPagination != null) {
-                final Pair<List<? extends Vpc>, Integer> listWPagination = new Pair<List<? extends Vpc>, Integer>(wPagination, supportedVpcs.size());
+                final Pair<List<? extends Vpc>, Integer> listWPagination = new Pair<>(wPagination, supportedVpcs.size());
                 return listWPagination;
             }
-            return new Pair<List<? extends Vpc>, Integer>(supportedVpcs, supportedVpcs.size());
+            return new Pair<>(supportedVpcs, supportedVpcs.size());
         } else {
             final List<? extends Vpc> wPagination = StringUtils.applyPagination(vpcs, startIndex, pageSizeVal);
             if (wPagination != null) {
-                final Pair<List<? extends Vpc>, Integer> listWPagination = new Pair<List<? extends Vpc>, Integer>(wPagination, vpcs.size());
+                final Pair<List<? extends Vpc>, Integer> listWPagination = new Pair<>(wPagination, vpcs.size());
                 return listWPagination;
             }
             return new Pair<List<? extends Vpc>, Integer>(vpcs, vpcs.size());

From 4f9c4190c8be5790d0a4f9701fabeb17f86dbcac Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 27 Mar 2023 09:44:52 +0200
Subject: [PATCH 23/51] fix update sourcenat on isguest nets

---
 .../api/command/user/vpc/UpdateVPCCmd.java    |  7 ++
 .../com/cloud/network/NetworkServiceImpl.java | 81 ++++++++++---------
 2 files changed, 50 insertions(+), 38 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
index 4c3408e054e2..f18834f10d17 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
@@ -63,6 +63,9 @@ public class UpdateVPCCmd extends BaseAsyncCustomIdCmd implements UserCmd {
             description = "MTU to be configured on the network VR's public facing interfaces", since = "4.18.0")
     private Integer publicMtu;
 
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router. This address must already be acquired for this VPC", since = "4.19")
+    private String sourceNatIP;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -87,6 +90,10 @@ public Integer getPublicMtu() {
         return publicMtu;
     }
 
+    public String getSourceNatIP() {
+        return sourceNatIP;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index a748acb423a9..f1bd2e0378f6 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1671,6 +1671,7 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
     private void arrangeForRouterSourceNatIp(Account owner, CreateNetworkCmd cmd, Network network) throws InsufficientAddressCapacityException, ResourceAllocationException {
         String sourceNatIp = cmd.getSourceNatIP();
         if (sourceNatIp == null) {
+            s_logger.debug(String.format("no source nat ip given for create network %s command, using something arbitrary.", cmd.getNetworkName()));
             return; // nothing to try
         }
         IpAddress ip = allocateIP(owner, cmd.getZoneId(), network.getId(), null, sourceNatIp);
@@ -1688,24 +1689,13 @@ private void arrangeForRouterSourceNatIp(Account owner, CreateNetworkCmd cmd, Ne
      * @param owner
      * @param cmd
      * @param network
-     * @return if the sourceNat is changes, and consequently restart is needed
+     * @return whether the sourceNat is changed, and consequently restart is needed
      * @throws InsufficientAddressCapacityException
      * @throws ResourceAllocationException
      */
-    private boolean arrangeForRouterSourceNatIp(Account owner, UpdateNetworkCmd cmd, Network network) throws InsufficientAddressCapacityException, ResourceAllocationException {
-        String sourceNatIp = cmd.getSourceNatIP();
-        if (sourceNatIp == null) {
-            return false; // nothing to try
-        }
-        // check if the address is already aqcuired for this network
-        IPAddressVO requestedIp = _ipAddressDao.findByIp(cmd.getSourceNatIP());
-        if (requestedIp.getNetworkId() == null || ! requestedIp.getNetworkId().equals(network.getId())) {
-            return false; // ip not associated with this network
-        }
-        // check if it is the current source NAT address
-        if (requestedIp.isSourceNat()) {
-            return false; // already sourcenat
-        }
+    private boolean arrangeForRouterSourceNatIp(Account owner, UpdateNetworkCmd cmd, Network network) {
+        IPAddressVO requestedIp = checkSourceNatIpAddressForUpdate(cmd, network);
+        if (requestedIp == null) return false; // ip not associated with this network
 
         List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), true);
         if (! userIps.isEmpty()) {
@@ -1721,25 +1711,41 @@ private boolean arrangeForRouterSourceNatIp(Account owner, UpdateNetworkCmd cmd,
         return true;
     }
 
-    private void updateSourceNat(IPAddressVO requestedIp, List<IPAddressVO> userIps) throws Exception{
-        // TODO start a transaction to set the new sourcenat ip
-        Transaction.execute(new TransactionCallbackWithException<IpAddress, Exception>() {
-            @Override
-            public IpAddress doInTransaction(TransactionStatus status) throws Exception {
-                // update all other IPs to not be sourcenat, should be at most one
-                for(
-                        IPAddressVO oldIpAddress :userIps)
-
-                {
-                    oldIpAddress.setSourceNat(false);
-                    _ipAddressDao.update(oldIpAddress.getId(), oldIpAddress);
-                }
-                requestedIp.setSourceNat(true);
-                _ipAddressDao.update(requestedIp.getId(),requestedIp);
-                return requestedIp;
-            };
+    @Nullable
+    private IPAddressVO checkSourceNatIpAddressForUpdate(UpdateNetworkCmd cmd, Network network) {
+        String sourceNatIp = cmd.getSourceNatIP();
+        if (sourceNatIp == null) {
+            s_logger.trace(String.format("no source NAT ip given to update network %s with.", cmd.getNetworkName()));
+            return null;
+        } else {
+            s_logger.info(String.format("updating network %s to have source NAT ip %s", cmd.getNetworkName(), sourceNatIp));
+        }
+        // check if the address is already aqcuired for this network
+        IPAddressVO requestedIp = _ipAddressDao.findByIp(sourceNatIp);
+        if (requestedIp.getNetworkId() == null || ! requestedIp.getAssociatedWithNetworkId().equals(network.getId())) {
+            s_logger.warn(String.format("Source NAT IP %s is not associated with network %s/%s. It cannot be used as source NAT IP.",
+                    sourceNatIp, network.getName(), network.getUuid()));
+            return null;
+        }
+        // check if it is the current source NAT address
+        if (requestedIp.isSourceNat()) {
+            s_logger.info(String.format("IP address %s is allready the source Nat address. Not updating!", sourceNatIp));
+            return null;
         }
-        );
+        return requestedIp;
+    }
+
+    private void updateSourceNat(IPAddressVO requestedIp, List<IPAddressVO> userIps) throws Exception{
+        Transaction.execute((TransactionCallbackWithException<IpAddress, Exception>) status -> {
+            // update all other IPs to not be sourcenat, should be at most one
+            for(IPAddressVO oldIpAddress :userIps) {
+                oldIpAddress.setSourceNat(false);
+                _ipAddressDao.update(oldIpAddress.getId(), oldIpAddress);
+            }
+            requestedIp.setSourceNat(true);
+            _ipAddressDao.update(requestedIp.getId(),requestedIp);
+            return requestedIp;
+        });
     }
 
     @Nullable
@@ -2903,7 +2909,6 @@ public Network updateGuestNetwork(final UpdateNetworkCmd cmd) {
         String ip4Dns2 = cmd.getIp4Dns2();
         String ip6Dns1 = cmd.getIp6Dns1();
         String ip6Dns2 = cmd.getIp6Dns2();
-        String sourceNatIP = cmd.getSourceNatIP();
 
         boolean restartNetwork = false;
 
@@ -2935,6 +2940,8 @@ public Network updateGuestNetwork(final UpdateNetworkCmd cmd) {
         _accountMgr.checkAccess(callerAccount, AccessType.OperateEntry, true, network);
         _accountMgr.checkAccess(_accountMgr.getActiveAccountById(network.getAccountId()), offering, _dcDao.findById(network.getDataCenterId()));
 
+        restartNetwork |= arrangeForRouterSourceNatIp(callerAccount, cmd, network);
+
         if (cmd instanceof UpdateNetworkCmdByAdmin) {
             final Boolean hideIpAddressUsage = ((UpdateNetworkCmdByAdmin) cmd).getHideIpAddressUsage();
             if (hideIpAddressUsage != null) {
@@ -3032,10 +3039,8 @@ public Network updateGuestNetwork(final UpdateNetworkCmd cmd) {
             }
         }
 
-        if (checkAndUpdateNetworkDns(network, networkOfferingChanged ? networkOffering : oldNtwkOff, ip4Dns1, ip4Dns2,
-                ip6Dns1, ip6Dns2)) {
-            restartNetwork = true;
-        }
+        restartNetwork |= checkAndUpdateNetworkDns(network, networkOfferingChanged ? networkOffering : oldNtwkOff, ip4Dns1, ip4Dns2,
+                ip6Dns1, ip6Dns2);
 
         final Map<String, String> newSvcProviders = networkOfferingChanged
                 ? _networkMgr.finalizeServicesAndProvidersForNetwork(_entityMgr.findById(NetworkOffering.class, networkOfferingId), network.getPhysicalNetworkId())

From 5aea36819753ea367097186a630598922a402f4c Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 27 Mar 2023 13:31:13 +0200
Subject: [PATCH 24/51] update source NAT IP for VPCs

---
 .../com/cloud/network/vpc/VpcService.java     | 26 +++++--
 .../api/command/user/vpc/UpdateVPCCmd.java    |  2 +-
 .../command/user/vpc/UpdateVPCCmdTest.java    |  4 +-
 .../com/cloud/network/NetworkServiceImpl.java | 14 ++--
 .../com/cloud/network/vpc/VpcManagerImpl.java | 74 ++++++++++++++++++-
 .../cloud/network/vpc/VpcManagerImplTest.java |  2 +-
 6 files changed, 101 insertions(+), 21 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index aaca62ee8500..80d27209432d 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -34,6 +34,7 @@
 import com.cloud.network.IpAddress;
 import com.cloud.user.User;
 import com.cloud.utils.Pair;
+import org.apache.cloudstack.api.command.user.vpc.UpdateVPCCmd;
 
 public interface VpcService {
 
@@ -75,18 +76,27 @@ Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName, Strin
      */
     boolean deleteVpc(long vpcId) throws ConcurrentOperationException, ResourceUnavailableException;
 
+    /**
+     * Persists VPC record in the database
+     *
+     * @param cmd the command with specification data for updating the vpc
+     * @return a data object describing the new vpc state
+     */
+    Vpc updateVpc(UpdateVPCCmd cmd);
+
     /**
      * Updates VPC with new name/displayText
      *
-     * @param vpcId
-     * @param vpcName
-     * @param displayText
-     * @param customId    TODO
-     * @param displayVpc  TODO
-     * @param mtu
-     * @return
+     * @param vpcId the ID of the Vpc to update
+     * @param vpcName The new name to give the vpc
+     * @param displayText the new display text to use for describing the VPC
+     * @param customId A new custom (external) ID to associate this VPC with
+     * @param displayVpc should this VPC be displayed on public lists
+     * @param mtu what maximal transfer unit to us in this VPCs networks
+     * @param sourceNatIp the source NAT address to use for this VPC (must already be associated with the VPC)
+     * @return an object describing the current state of the VPC
      */
-    Vpc updateVpc(long vpcId, String vpcName, String displayText, String customId, Boolean displayVpc, Integer mtu);
+    Vpc updateVpc(long vpcId, String vpcName, String displayText, String customId, Boolean displayVpc, Integer mtu, String sourceNatIp);
 
     /**
      * Lists VPC(s) based on the parameters passed to the method call
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
index f18834f10d17..c73ad2245315 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
@@ -114,7 +114,7 @@ public long getEntityOwnerId() {
 
     @Override
     public void execute() {
-        Vpc result = _vpcService.updateVpc(getId(), getVpcName(), getDisplayText(), getCustomId(), isDisplayVpc(), getPublicMtu());
+        Vpc result = _vpcService.updateVpc(this);
         if (result != null) {
             VpcResponse response = _responseGenerator.createVpcResponse(getResponseView(), result);
             response.setResponseName(getCommandName());
diff --git a/api/src/test/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmdTest.java b/api/src/test/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmdTest.java
index 3f27f4c6da39..57f75b6d6713 100644
--- a/api/src/test/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmdTest.java
+++ b/api/src/test/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmdTest.java
@@ -85,10 +85,10 @@ public void testExecute() {
         responseGenerator = Mockito.mock(ResponseGenerator.class);
         cmd._responseGenerator = responseGenerator;
         Mockito.when(_vpcService.updateVpc(Mockito.anyLong(), Mockito.anyString(), Mockito.anyString(),
-                Mockito.anyString(), Mockito.anyBoolean(), Mockito.anyInt())).thenReturn(vpc);
+                Mockito.anyString(), Mockito.anyBoolean(), Mockito.anyInt(), Mockito.anyString())).thenReturn(vpc);
         Mockito.when(responseGenerator.createVpcResponse(ResponseObject.ResponseView.Full, vpc)).thenReturn(response);
         Mockito.verify(_vpcService, Mockito.times(0)).updateVpc(Mockito.anyLong(), Mockito.anyString(), Mockito.anyString(),
-                Mockito.anyString(), Mockito.anyBoolean(), Mockito.anyInt());
+                Mockito.anyString(), Mockito.anyBoolean(), Mockito.anyInt(), Mockito.anyString());
 
     }
 }
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index f1bd2e0378f6..35c7a18d0454 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1651,7 +1651,7 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
                 externalId, routerIPv4, routerIPv6, associatedNetwork, ip4Dns1, ip4Dns2, ip6Dns1, ip6Dns2, interfaceMTUs);
 
         // retrieve, acquire and associate the correct ip adresses
-        arrangeForRouterSourceNatIp(owner, cmd, network);
+        checkAndSetRouterSourceNatIp(owner, cmd, network);
 
         if (hideIpAddressUsage) {
             _networkDetailsDao.persist(new NetworkDetailVO(network.getId(), Network.hideIpAddressUsage, String.valueOf(hideIpAddressUsage), false));
@@ -1668,7 +1668,7 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         return network;
     }
 
-    private void arrangeForRouterSourceNatIp(Account owner, CreateNetworkCmd cmd, Network network) throws InsufficientAddressCapacityException, ResourceAllocationException {
+    private void checkAndSetRouterSourceNatIp(Account owner, CreateNetworkCmd cmd, Network network) throws InsufficientAddressCapacityException, ResourceAllocationException {
         String sourceNatIp = cmd.getSourceNatIP();
         if (sourceNatIp == null) {
             s_logger.debug(String.format("no source nat ip given for create network %s command, using something arbitrary.", cmd.getNetworkName()));
@@ -1685,22 +1685,20 @@ private void arrangeForRouterSourceNatIp(Account owner, CreateNetworkCmd cmd, Ne
     }
 
     /**
-     *
-     * @param owner
      * @param cmd
      * @param network
      * @return whether the sourceNat is changed, and consequently restart is needed
      * @throws InsufficientAddressCapacityException
      * @throws ResourceAllocationException
      */
-    private boolean arrangeForRouterSourceNatIp(Account owner, UpdateNetworkCmd cmd, Network network) {
+    private boolean checkAndUpdateRouterSourceNatIp(UpdateNetworkCmd cmd, Network network) {
         IPAddressVO requestedIp = checkSourceNatIpAddressForUpdate(cmd, network);
         if (requestedIp == null) return false; // ip not associated with this network
 
         List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), true);
         if (! userIps.isEmpty()) {
             try {
-                updateSourceNat(requestedIp, userIps);
+                updateSourceNatIpAddress(requestedIp, userIps);
             } catch (Exception e) { // pokemon execption from transaction
                 String msg = String.format("Update of source NAT ip to %s for network \"%s\"/%s failed due to %s",
                         requestedIp.getAddress().addr(), network.getName(), network.getUuid(), e.getLocalizedMessage());
@@ -1735,7 +1733,7 @@ private IPAddressVO checkSourceNatIpAddressForUpdate(UpdateNetworkCmd cmd, Netwo
         return requestedIp;
     }
 
-    private void updateSourceNat(IPAddressVO requestedIp, List<IPAddressVO> userIps) throws Exception{
+    private void updateSourceNatIpAddress(IPAddressVO requestedIp, List<IPAddressVO> userIps) throws Exception{
         Transaction.execute((TransactionCallbackWithException<IpAddress, Exception>) status -> {
             // update all other IPs to not be sourcenat, should be at most one
             for(IPAddressVO oldIpAddress :userIps) {
@@ -2940,7 +2938,7 @@ public Network updateGuestNetwork(final UpdateNetworkCmd cmd) {
         _accountMgr.checkAccess(callerAccount, AccessType.OperateEntry, true, network);
         _accountMgr.checkAccess(_accountMgr.getActiveAccountById(network.getAccountId()), offering, _dcDao.findById(network.getDataCenterId()));
 
-        restartNetwork |= arrangeForRouterSourceNatIp(callerAccount, cmd, network);
+        restartNetwork |= checkAndUpdateRouterSourceNatIp(cmd, network);
 
         if (cmd instanceof UpdateNetworkCmdByAdmin) {
             final Boolean hideIpAddressUsage = ((UpdateNetworkCmdByAdmin) cmd).getHideIpAddressUsage();
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index b49775f684e3..4ec5c0ea5a78 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -54,6 +54,7 @@
 import org.apache.cloudstack.api.command.user.vpc.ListStaticRoutesCmd;
 import org.apache.cloudstack.api.command.user.vpc.ListVPCOfferingsCmd;
 import org.apache.cloudstack.api.command.user.vpc.RestartVPCCmd;
+import org.apache.cloudstack.api.command.user.vpc.UpdateVPCCmd;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
@@ -62,6 +63,7 @@
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.ObjectUtils;
 import org.apache.log4j.Logger;
+import org.jetbrains.annotations.Nullable;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 
@@ -1242,9 +1244,14 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
         }
     }
 
+    @Override
+    public Vpc updateVpc(UpdateVPCCmd cmd) {
+        return updateVpc(cmd.getId(), cmd.getVpcName(), cmd.getDisplayText(), cmd.getCustomId(), cmd.isDisplayVpc(), cmd.getPublicMtu(), cmd.getSourceNatIP());
+    }
+
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_VPC_UPDATE, eventDescription = "updating vpc")
-    public Vpc updateVpc(final long vpcId, final String vpcName, final String displayText, final String customId, final Boolean displayVpc, Integer mtu) {
+    public Vpc updateVpc(final long vpcId, final String vpcName, final String displayText, final String customId, final Boolean displayVpc, Integer mtu, String sourceNatIp) {
         CallContext.current().setEventDetails(" Id: " + vpcId);
         final Account caller = CallContext.current().getCallingAccount();
 
@@ -1279,6 +1286,11 @@ public Vpc updateVpc(final long vpcId, final String vpcName, final String displa
             updateMtuOfVpcNetwork(vpcToUpdate, vpc, mtu);
         }
 
+        boolean restartRequired = checkAndUpdateRouterSourceNatIp(vpcToUpdate, sourceNatIp);
+        if (restartRequired) {
+            vpc.setRestartRequired(true);
+        }
+
         if (vpcDao.update(vpcId, vpc)) {
             s_logger.debug("Updated VPC id=" + vpcId);
             return vpcDao.findById(vpcId);
@@ -1287,6 +1299,66 @@ public Vpc updateVpc(final long vpcId, final String vpcName, final String displa
         }
     }
 
+    private boolean checkAndUpdateRouterSourceNatIp(Vpc vpc, String sourceNatIp) {
+        IPAddressVO requestedIp = validateSourceNatip(vpc, sourceNatIp);
+        if (requestedIp == null) return false; // ip not associated with this network
+
+        List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedVpc(vpc.getId(), true);
+        if (! userIps.isEmpty()) {
+            try {
+                updateSourceNatIpAddress(requestedIp, userIps);
+            } catch (Exception e) { // pokemon execption from transaction
+                String msg = String.format("Update of source NAT ip to %s for network \"%s\"/%s failed due to %s",
+                        requestedIp.getAddress().addr(), vpc.getName(), vpc.getUuid(), e.getLocalizedMessage());
+                s_logger.error(msg);
+                throw new CloudRuntimeException(msg, e);
+            }
+        }
+        return true;
+    }
+
+    @Nullable
+    private IPAddressVO validateSourceNatip(Vpc vpc, String sourceNatIp) {
+        if (sourceNatIp == null) {
+            s_logger.trace(String.format("no source NAT ip given to update vpc %s with.", vpc.getName()));
+            return null;
+        } else {
+            s_logger.info(String.format("updating VPC %s to have source NAT ip %s", vpc.getName(), sourceNatIp));
+        }
+        // check if the address is already aqcuired for this network
+        IPAddressVO requestedIp = _ipAddressDao.findByIp(sourceNatIp);
+        if (requestedIp.getVpcId() == null || ! requestedIp.getVpcId().equals(vpc.getId())) {
+            s_logger.warn(String.format("Source NAT IP %s is not associated with network %s/%s. It cannot be used as source NAT IP.",
+                    sourceNatIp, vpc.getName(), vpc.getUuid()));
+            return null;
+        }
+        // check if it is the current source NAT address
+        if (requestedIp.isSourceNat()) {
+            s_logger.info(String.format("IP address %s is allready the source Nat address. Not updating!", sourceNatIp));
+            return null;
+        }
+        return requestedIp;
+    }
+
+    /**
+     * TODO move to ip-manager or - service and unify with {@see NetworkServiceImpl.updateSourceNat()}}
+     * @param requestedIp the new source nat
+     * @param userIps the list of now marked as sourcenat
+     * @throws Exception legacy generic but really an SQLException
+     */
+    private void updateSourceNatIpAddress(IPAddressVO requestedIp, List<IPAddressVO> userIps) throws Exception{
+        Transaction.execute((TransactionCallbackWithException<IpAddress, Exception>) status -> {
+            // update all other IPs to not be sourcenat, should be at most one
+            for(IPAddressVO oldIpAddress :userIps) {
+                oldIpAddress.setSourceNat(false);
+                _ipAddressDao.update(oldIpAddress.getId(), oldIpAddress);
+            }
+            requestedIp.setSourceNat(true);
+            _ipAddressDao.update(requestedIp.getId(),requestedIp);
+            return requestedIp;
+        });
+    }
+
     protected Integer validateMtu(VpcVO vpcToUpdate, Integer mtu) {
         Long zoneId = vpcToUpdate.getZoneId();
         if (mtu == null || NetworkService.AllowUsersToSpecifyVRMtu.valueIn(zoneId)) {
diff --git a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
index c820026309d1..f3916f08c883 100644
--- a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
+++ b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
@@ -398,7 +398,7 @@ public void testUpdateVpcNetwork() throws ResourceUnavailableException {
         Mockito.when(networkDao.update(anyLong(), any())).thenReturn(true);
         Mockito.when(vpcDao.update(vpcId, vpcVO)).thenReturn(true);
 
-        manager.updateVpc(vpcId, null, null, null, true, publicMtu);
+        manager.updateVpc(vpcId, null, null, null, true, publicMtu, null);
         Assert.assertEquals(publicMtu, vpcVO.getPublicMtu());
 
     }

From f518e2bbbf5fa902f0567987569c686ec9ecb334 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 29 Mar 2023 11:04:04 +0200
Subject: [PATCH 25/51] easy button switch of source NAT IP

---
 .../user/network/UpdateNetworkCmd.java        |  2 +-
 .../api/command/user/vpc/UpdateVPCCmd.java    |  2 +-
 .../com/cloud/network/NetworkServiceImpl.java |  2 +-
 .../com/cloud/network/vpc/VpcManagerImpl.java |  2 +-
 ui/src/config/section/network.js              |  2 +-
 ui/src/core/lazy_lib/icons_use.js             |  2 +
 ui/src/views/network/IpAddressesTab.vue       | 49 ++++++++++++++++++-
 ui/src/views/network/UpdateNetwork.vue        |  9 ++++
 8 files changed, 64 insertions(+), 6 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
index 534ae95c13d8..d3cc169b7da4 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
@@ -104,7 +104,7 @@ public class UpdateNetworkCmd extends BaseAsyncCustomIdCmd implements UserCmd {
     @Parameter(name = ApiConstants.IP6_DNS2, type = CommandType.STRING, description = "the second IPv6 DNS for the network. Empty string will update the second IPv6 DNS with the value from the zone", since = "4.18.0")
     private String ip6Dns2;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router. This address must already be acquired for this network", since = "4.19")
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the network router. This address must already be acquired for this network", since = "4.19")
     private String sourceNatIP;
 
     /////////////////////////////////////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
index c73ad2245315..0a28c755b126 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
@@ -63,7 +63,7 @@ public class UpdateVPCCmd extends BaseAsyncCustomIdCmd implements UserCmd {
             description = "MTU to be configured on the network VR's public facing interfaces", since = "4.18.0")
     private Integer publicMtu;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router. This address must already be acquired for this VPC", since = "4.19")
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the network router. This address must already be acquired for this VPC", since = "4.19")
     private String sourceNatIP;
 
     /////////////////////////////////////////////////////
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index 35c7a18d0454..089571c495e4 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1720,7 +1720,7 @@ private IPAddressVO checkSourceNatIpAddressForUpdate(UpdateNetworkCmd cmd, Netwo
         }
         // check if the address is already aqcuired for this network
         IPAddressVO requestedIp = _ipAddressDao.findByIp(sourceNatIp);
-        if (requestedIp.getNetworkId() == null || ! requestedIp.getAssociatedWithNetworkId().equals(network.getId())) {
+        if (requestedIp == null || requestedIp.getAssociatedWithNetworkId() == null || ! requestedIp.getAssociatedWithNetworkId().equals(network.getId())) {
             s_logger.warn(String.format("Source NAT IP %s is not associated with network %s/%s. It cannot be used as source NAT IP.",
                     sourceNatIp, network.getName(), network.getUuid()));
             return null;
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index 4ec5c0ea5a78..3cc35aeaa890 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1327,7 +1327,7 @@ private IPAddressVO validateSourceNatip(Vpc vpc, String sourceNatIp) {
         }
         // check if the address is already aqcuired for this network
         IPAddressVO requestedIp = _ipAddressDao.findByIp(sourceNatIp);
-        if (requestedIp.getVpcId() == null || ! requestedIp.getVpcId().equals(vpc.getId())) {
+        if (requestedIp == null || requestedIp.getVpcId() == null || ! requestedIp.getVpcId().equals(vpc.getId())) {
             s_logger.warn(String.format("Source NAT IP %s is not associated with network %s/%s. It cannot be used as source NAT IP.",
                     sourceNatIp, vpc.getName(), vpc.getUuid()));
             return null;
diff --git a/ui/src/config/section/network.js b/ui/src/config/section/network.js
index c83c1ddb8fdc..39a212bebf7e 100644
--- a/ui/src/config/section/network.js
+++ b/ui/src/config/section/network.js
@@ -225,7 +225,7 @@ export default {
           icon: 'edit-outlined',
           label: 'label.edit',
           dataView: true,
-          args: ['name', 'displaytext', 'publicmtu']
+          args: ['name', 'displaytext', 'publicmtu', 'sourcenatipaddress']
         },
         {
           api: 'restartVPC',
diff --git a/ui/src/core/lazy_lib/icons_use.js b/ui/src/core/lazy_lib/icons_use.js
index ec2d67deaf91..bf40d1b6356e 100644
--- a/ui/src/core/lazy_lib/icons_use.js
+++ b/ui/src/core/lazy_lib/icons_use.js
@@ -16,6 +16,7 @@
 // under the License.
 
 import {
+  AimOutlined,
   ApartmentOutlined,
   ApiOutlined,
   AppstoreOutlined,
@@ -170,6 +171,7 @@ import renderIcon from '@/utils/renderIcon'
 
 export default {
   install: (app) => {
+    app.component('AimOutlined', AimOutlined)
     app.component('ApartmentOutlined', ApartmentOutlined)
     app.component('ApiOutlined', ApiOutlined)
     app.component('AppstoreOutlined', AppstoreOutlined)
diff --git a/ui/src/views/network/IpAddressesTab.vue b/ui/src/views/network/IpAddressesTab.vue
index c63458c4718a..28371d2cc0ab 100644
--- a/ui/src/views/network/IpAddressesTab.vue
+++ b/ui/src/views/network/IpAddressesTab.vue
@@ -69,7 +69,20 @@
           <template v-if="column.key === 'ipaddress'">
             <router-link v-if="record.forvirtualnetwork === true" :to="{ path: '/publicip/' + record.id }" >{{ text }} </router-link>
             <div v-else>{{ text }}</div>
-            <a-tag v-if="record.issourcenat === true">source-nat</a-tag>
+            &nbsp;
+            <template v-if="record.issourcenat === true">
+              <a-tag>source-nat</a-tag>
+            </template>
+            <template v-else-if="record.isstaticnat === false">
+              <tooltip-button
+                v-if="record.forvirtualnetwork === true"
+                :tooltip="$t('label.action.set.as.source.nat.ip')"
+                type="primary"
+                :danger="false"
+                icon="aim-outlined"
+                :disabled="!('updateNetwork' in $store.getters.apis)"
+                @onClick="setSourceNatIp(record)" />
+            </template>
           </template>
 
           <template v-if="column.key === 'state'">
@@ -315,6 +328,40 @@ export default {
         return selection.indexOf(item.id) !== -1
       }))
     },
+    setSourceNatIp (ipaddress) {
+      if (this.settingsourcenat) return
+      const params = {}
+      params.sourcenatipaddress = ipaddress.ipaddress
+      if (this.$route.path.startsWith('/vpc')) {
+        params.vpcid = this.resource.id
+        this.settingsourcenat = true
+        api('updateVpc', params).then(response => {
+          this.fetchData()
+        }).catch(error => {
+          this.$notification.error({
+            message: `${this.$t('label.error')} ${error.response.status}`,
+            description: error.response.data.associateipaddressresponse.errortext || error.response.data.errorresponse.errortext,
+            duration: 0
+          })
+        }).finally(() => {
+          this.settingsourcenat = false
+        })
+      } else {
+        params.id = this.resource.id
+        this.settingsourcenat = true
+        api('updateNetwork', params).then(response => {
+          this.fetchData()
+        }).catch(error => {
+          this.$notification.error({
+            message: `${this.$t('label.error')} ${error.response.status}`,
+            description: error.response.data.associateipaddressresponse.errortext || error.response.data.errorresponse.errortext,
+            duration: 0
+          })
+        }).finally(() => {
+          this.settingsourcenat = false
+        })
+      }
+    },
     resetSelection () {
       this.setSelection([])
     },
diff --git a/ui/src/views/network/UpdateNetwork.vue b/ui/src/views/network/UpdateNetwork.vue
index cde1861769b3..f6d835446e25 100644
--- a/ui/src/views/network/UpdateNetwork.vue
+++ b/ui/src/views/network/UpdateNetwork.vue
@@ -80,6 +80,15 @@
             </a-col>
           </a-row>
         </div>
+        <a-form-item name="sourcenatipaddress" ref="sourcenatipaddress">
+          <template #label>
+            <tooltip-label :title="$t('label.sourcenatipaddress')" :tooltip="apiParams.sourcenatipaddress.description"/>
+          </template>
+          <a-input
+            v-model:value="form.sourcenatipaddress"
+            :placeholder="apiParams.sourcenatipaddress.description"
+            v-focus="true" />
+        </a-form-item>
         <a-form-item name="networkofferingid" ref="networkofferingid" v-if="isUpdatingIsolatedNetwork">
           <template #label>
             <tooltip-label :title="$t('label.networkofferingid')" :tooltip="apiParams.networkofferingid.description"/>

From c90f3e49bf0204cc43723a6c03df30f242e5bbf5 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 29 Mar 2023 16:47:07 +0200
Subject: [PATCH 26/51] addressing code smells

---
 .../com/cloud/network/vpc/VpcService.java     | 11 ++++++
 .../api/command/user/vpc/ListVPCsCmd.java     |  4 +-
 .../com/cloud/network/IpAddressManager.java   |  2 +
 .../cloud/network/IpAddressManagerImpl.java   | 15 +++++++
 .../com/cloud/network/NetworkServiceImpl.java | 28 ++++++-------
 .../com/cloud/network/vpc/VpcManagerImpl.java | 39 +++++++------------
 6 files changed, 57 insertions(+), 42 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index 80d27209432d..0b5e0debd7e1 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -23,6 +23,7 @@
 import org.apache.cloudstack.api.command.user.vpc.CreateVPCCmd;
 import org.apache.cloudstack.api.command.user.vpc.ListPrivateGatewaysCmd;
 import org.apache.cloudstack.api.command.user.vpc.ListStaticRoutesCmd;
+import org.apache.cloudstack.api.command.user.vpc.ListVPCsCmd;
 import org.apache.cloudstack.api.command.user.vpc.RestartVPCCmd;
 
 import com.cloud.exception.ConcurrentOperationException;
@@ -98,8 +99,18 @@ Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName, Strin
      */
     Vpc updateVpc(long vpcId, String vpcName, String displayText, String customId, Boolean displayVpc, Integer mtu, String sourceNatIp);
 
+    /**
+     * Lists VPC(s) based on the parameters passed to the API call
+     *
+     * @param cmd object containing the search specs
+     * @return the List of VPCs
+     */
+    Pair<List<? extends Vpc>, Integer> listVpcs(ListVPCsCmd cmd);
+
     /**
      * Lists VPC(s) based on the parameters passed to the method call
+     *
+     * TODO phase out to replace with the one with the cmd as parameter object
      */
     Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, String displayText, List<String> supportedServicesStr, String cidr, Long vpcOffId, String state,
                                                 String accountName, Long domainId, String keyword, Long startIndex, Long pageSizeVal, Long zoneId, Boolean isRecursive, Boolean listAll, Boolean restartRequired,
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
index b230603f852f..76cbcca61bb3 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/ListVPCsCmd.java
@@ -142,9 +142,7 @@ public Boolean getShowIcon() {
     @Override
     public void execute() {
         Pair<List<? extends Vpc>, Integer> vpcs =
-            _vpcService.listVpcs(getId(), getVpcName(), getDisplayText(), getSupportedServices(), getCidr(), getVpcOffId(), getState(), getAccountName(), getDomainId(),
-                getKeyword(), getStartIndex(), getPageSizeVal(), getZoneId(), isRecursive(), listAll(), getRestartRequired(), getTags(),
-                getProjectId(), getDisplay());
+            _vpcService.listVpcs(this);
         ListResponse<VpcResponse> response = new ListResponse<VpcResponse>();
         List<VpcResponse> vpcResponses = new ArrayList<VpcResponse>();
         for (Vpc vpc : vpcs.first()) {
diff --git a/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java b/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java
index 2fa66d7166b2..80d9ab3602f4 100644
--- a/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java
+++ b/engine/components-api/src/main/java/com/cloud/network/IpAddressManager.java
@@ -233,4 +233,6 @@ List<IPAddressVO> listAvailablePublicIps(final long dcId,
 
     public static final String MESSAGE_ASSIGN_IPADDR_EVENT = "Message.AssignIpAddr.Event";
     public static final String MESSAGE_RELEASE_IPADDR_EVENT = "Message.ReleaseIpAddr.Event";
+
+    void updateSourceNatIpAddress(IPAddressVO requestedIp, List<IPAddressVO> userIps) throws Exception;
 }
diff --git a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java
index b690acd7dd9d..8fae26eacf6d 100644
--- a/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/IpAddressManagerImpl.java
@@ -2358,4 +2358,19 @@ public boolean isUsageHidden(IPAddressVO ip) {
     public static ConfigKey<Boolean> getSystemvmpublicipreservationmodestrictness() {
         return SystemVmPublicIpReservationModeStrictness;
     }
+
+    @Override
+    public void updateSourceNatIpAddress(IPAddressVO requestedIp, List<IPAddressVO> userIps) throws Exception{
+        Transaction.execute((TransactionCallbackWithException<IpAddress, Exception>) status -> {
+            // update all other IPs to not be sourcenat, should be at most one
+            for(IPAddressVO oldIpAddress :userIps) {
+                oldIpAddress.setSourceNat(false);
+                _ipAddressDao.update(oldIpAddress.getId(), oldIpAddress);
+            }
+            requestedIp.setSourceNat(true);
+            _ipAddressDao.update(requestedIp.getId(),requestedIp);
+            return requestedIp;
+        });
+    }
+
 }
diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index 089571c495e4..df8f344b052e 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -269,9 +269,13 @@ public class NetworkServiceImpl extends ManagerBase implements NetworkService, C
     private static final long MIN_GRE_KEY = 0L;
     private static final long MAX_GRE_KEY = 4294967295L; // 2^32 -1
     private static final long MIN_VXLAN_VNI = 0L;
+    /**
+     // MAX_VXLAN_VNI should be 16777215L (2^24-1), but Linux vxlan interface doesn't accept VNI:2^24-1 now.
+     // It seems a bug.
+     // Is this still valid (per 2023?)
+     */
     private static final long MAX_VXLAN_VNI = 16777214L; // 2^24 -2
-    // MAX_VXLAN_VNI should be 16777215L (2^24-1), but Linux vxlan interface doesn't accept VNI:2^24-1 now.
-    // It seems a bug.
+    private static final String NETWORK_OFFERING_ID = "networkOfferingId";
 
     @Inject
     DataCenterDao _dcDao = null;
@@ -1624,7 +1628,7 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
 
         // Can add vlan range only to the network which allows it
         if (createVlan && !ntwkOff.isSpecifyIpRanges()) {
-            throwInvalidIdException("Network offering with specified id doesn't support adding multiple ip ranges", ntwkOff.getUuid(), "networkOfferingId");
+            throwInvalidIdException("Network offering with specified id doesn't support adding multiple ip ranges", ntwkOff.getUuid(), NETWORK_OFFERING_ID);
         }
 
         Pair<Integer, Integer> interfaceMTUs = validateMtuConfig(publicMtu, privateMtu, zone.getId());
@@ -1698,7 +1702,7 @@ private boolean checkAndUpdateRouterSourceNatIp(UpdateNetworkCmd cmd, Network ne
         List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedNetwork(network.getId(), true);
         if (! userIps.isEmpty()) {
             try {
-                updateSourceNatIpAddress(requestedIp, userIps);
+                _ipAddrMgr.updateSourceNatIpAddress(requestedIp, userIps);
             } catch (Exception e) { // pokemon execption from transaction
                 String msg = String.format("Update of source NAT ip to %s for network \"%s\"/%s failed due to %s",
                         requestedIp.getAddress().addr(), network.getName(), network.getUuid(), e.getLocalizedMessage());
@@ -1769,10 +1773,8 @@ private static ACLType getAclType(String aclTypeStr, NetworkOffering ntwkOff) {
             throw new InvalidParameterValueException("Incorrect aclType specified. Check the API documentation for supported types");
         }
         // In 3.0 all Shared networks should have aclType == Domain, all Isolated networks aclType==Account
-        if (ntwkOff.getGuestType() == GuestType.Isolated) {
-            if (aclType != ACLType.Account) {
-                throw new InvalidParameterValueException("AclType should be " + ACLType.Account + " for network of type " + GuestType.Isolated);
-            }
+        if (ntwkOff.getGuestType() == GuestType.Isolated && aclType != ACLType.Account) {
+            throw new InvalidParameterValueException("AclType should be " + ACLType.Account + " for network of type " + GuestType.Isolated);
         }
         return aclType;
     }
@@ -1883,7 +1885,7 @@ private NetworkOffering getAndValidateNetworkOffering(Long networkOfferingId) {
         if (ntwkOff == null || ntwkOff.isSystemOnly()) {
             InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find network offering by specified id");
             if (ntwkOff != null) {
-                ex.addProxyObject(ntwkOff.getUuid(), "networkOfferingId");
+                ex.addProxyObject(ntwkOff.getUuid(), NETWORK_OFFERING_ID);
             }
             throw ex;
         }
@@ -2515,7 +2517,7 @@ private SearchCriteria<NetworkVO> buildNetworkSearchCriteria(SearchBuilder<Netwo
         }
 
         if (networkOfferingId != null) {
-            sc.addAnd("networkOfferingId", SearchCriteria.Op.EQ, networkOfferingId);
+            sc.addAnd(NETWORK_OFFERING_ID, SearchCriteria.Op.EQ, networkOfferingId);
         }
 
         if (associatedNetworkId != null) {
@@ -2988,13 +2990,13 @@ public Network updateGuestNetwork(final UpdateNetworkCmd cmd) {
         NetworkOfferingVO networkOffering = _networkOfferingDao.findById(networkOfferingId);
         if (networkOfferingId != null) {
             if (networkOffering == null || networkOffering.isSystemOnly()) {
-                throwInvalidIdException("Unable to find network offering with specified id", networkOfferingId.toString(), "networkOfferingId");
+                throwInvalidIdException("Unable to find network offering with specified id", networkOfferingId.toString(), NETWORK_OFFERING_ID);
             }
 
             // network offering should be in Enabled state
             if (networkOffering.getState() != NetworkOffering.State.Enabled) {
                 throwInvalidIdException("Network offering with specified id is not in " + NetworkOffering.State.Enabled + " state, can't upgrade to it", networkOffering.getUuid(),
-                        "networkOfferingId");
+                        NETWORK_OFFERING_ID);
             }
             //can't update from vpc to non-vpc network offering
             boolean forVpcNew = _configMgr.isOfferingForVpc(networkOffering);
@@ -3789,7 +3791,7 @@ private boolean networkNeedsMigration(Network network, long newPhysicalNetworkId
         if (newNtwkOff == null || newNtwkOff.isSystemOnly()) {
             InvalidParameterValueException ex = new InvalidParameterValueException("Unable to find network offering.");
             if (newNtwkOff != null) {
-                ex.addProxyObject(String.valueOf(newNtwkOff.getId()), "networkOfferingId");
+                ex.addProxyObject(String.valueOf(newNtwkOff.getId()), NETWORK_OFFERING_ID);
             }
             throw ex;
         }
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index 3cc35aeaa890..6c6a6b4649cb 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -53,6 +53,7 @@
 import org.apache.cloudstack.api.command.user.vpc.ListPrivateGatewaysCmd;
 import org.apache.cloudstack.api.command.user.vpc.ListStaticRoutesCmd;
 import org.apache.cloudstack.api.command.user.vpc.ListVPCOfferingsCmd;
+import org.apache.cloudstack.api.command.user.vpc.ListVPCsCmd;
 import org.apache.cloudstack.api.command.user.vpc.RestartVPCCmd;
 import org.apache.cloudstack.api.command.user.vpc.UpdateVPCCmd;
 import org.apache.cloudstack.context.CallContext;
@@ -1306,7 +1307,7 @@ private boolean checkAndUpdateRouterSourceNatIp(Vpc vpc, String sourceNatIp) {
         List<IPAddressVO> userIps = _ipAddressDao.listByAssociatedVpc(vpc.getId(), true);
         if (! userIps.isEmpty()) {
             try {
-                updateSourceNatIpAddress(requestedIp, userIps);
+                _ipAddrMgr.updateSourceNatIpAddress(requestedIp, userIps);
             } catch (Exception e) { // pokemon execption from transaction
                 String msg = String.format("Update of source NAT ip to %s for network \"%s\"/%s failed due to %s",
                         requestedIp.getAddress().addr(), vpc.getName(), vpc.getUuid(), e.getLocalizedMessage());
@@ -1340,25 +1341,6 @@ private IPAddressVO validateSourceNatip(Vpc vpc, String sourceNatIp) {
         return requestedIp;
     }
 
-    /**
-     * TODO move to ip-manager or - service and unify with {@see NetworkServiceImpl.updateSourceNat()}}
-     * @param requestedIp the new source nat
-     * @param userIps the list of now marked as sourcenat
-     * @throws Exception legacy generic but really an SQLException
-     */
-    private void updateSourceNatIpAddress(IPAddressVO requestedIp, List<IPAddressVO> userIps) throws Exception{
-        Transaction.execute((TransactionCallbackWithException<IpAddress, Exception>) status -> {
-            // update all other IPs to not be sourcenat, should be at most one
-            for(IPAddressVO oldIpAddress :userIps) {
-                oldIpAddress.setSourceNat(false);
-                _ipAddressDao.update(oldIpAddress.getId(), oldIpAddress);
-            }
-            requestedIp.setSourceNat(true);
-            _ipAddressDao.update(requestedIp.getId(),requestedIp);
-            return requestedIp;
-        });
-    }
-
     protected Integer validateMtu(VpcVO vpcToUpdate, Integer mtu) {
         Long zoneId = vpcToUpdate.getZoneId();
         if (mtu == null || NetworkService.AllowUsersToSpecifyVRMtu.valueIn(zoneId)) {
@@ -1445,6 +1427,13 @@ protected boolean updateMtuOnVpcVr(Long vpcId, Set<IpAddressTO> ips) {
         return success;
     }
 
+    @Override
+    public Pair<List<? extends Vpc>, Integer> listVpcs(ListVPCsCmd cmd) {
+        return listVpcs(cmd.getId(), cmd.getVpcName(), cmd.getDisplayText(), cmd.getSupportedServices(), cmd.getCidr(), cmd.getVpcOffId(),
+                cmd.getState(), cmd.getAccountName(), cmd.getDomainId(), cmd.getKeyword(), cmd.getStartIndex(), cmd.getPageSizeVal(),
+                cmd.getZoneId(), cmd.isRecursive(), cmd.listAll(), cmd.getRestartRequired(), cmd.getTags(), cmd.getProjectId(),
+                cmd.getDisplay());
+    }
     @Override
     public Pair<List<? extends Vpc>, Integer> listVpcs(final Long id, final String vpcName, final String displayText, final List<String> supportedServicesStr, final String cidr,
                                                        final Long vpcOffId, final String state, final String accountName, Long domainId, final String keyword, final Long startIndex, final Long pageSizeVal,
@@ -1573,22 +1562,20 @@ public Pair<List<? extends Vpc>, Integer> listVpcs(final Long id, final String v
 
             final List<? extends Vpc> wPagination = StringUtils.applyPagination(supportedVpcs, startIndex, pageSizeVal);
             if (wPagination != null) {
-                final Pair<List<? extends Vpc>, Integer> listWPagination = new Pair<>(wPagination, supportedVpcs.size());
-                return listWPagination;
+                return new Pair<>(wPagination, supportedVpcs.size());
             }
             return new Pair<>(supportedVpcs, supportedVpcs.size());
         } else {
             final List<? extends Vpc> wPagination = StringUtils.applyPagination(vpcs, startIndex, pageSizeVal);
             if (wPagination != null) {
-                final Pair<List<? extends Vpc>, Integer> listWPagination = new Pair<>(wPagination, vpcs.size());
-                return listWPagination;
+                return new Pair<>(wPagination, vpcs.size());
             }
-            return new Pair<List<? extends Vpc>, Integer>(vpcs, vpcs.size());
+            return new Pair<>(vpcs, vpcs.size());
         }
     }
 
     protected List<Service> getSupportedServices() {
-        final List<Service> services = new ArrayList<Service>();
+        final List<Service> services = new ArrayList<>();
         services.add(Network.Service.Dhcp);
         services.add(Network.Service.Dns);
         services.add(Network.Service.UserData);

From 30a54639b3ed6250b3a777253af88b9fb7c55d28 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Thu, 30 Mar 2023 15:56:55 +0200
Subject: [PATCH 27/51] removed unused method

---
 .../java/com/cloud/network/NetworkServiceImpl.java  | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index df8f344b052e..fe7acaa4ad9e 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1737,19 +1737,6 @@ private IPAddressVO checkSourceNatIpAddressForUpdate(UpdateNetworkCmd cmd, Netwo
         return requestedIp;
     }
 
-    private void updateSourceNatIpAddress(IPAddressVO requestedIp, List<IPAddressVO> userIps) throws Exception{
-        Transaction.execute((TransactionCallbackWithException<IpAddress, Exception>) status -> {
-            // update all other IPs to not be sourcenat, should be at most one
-            for(IPAddressVO oldIpAddress :userIps) {
-                oldIpAddress.setSourceNat(false);
-                _ipAddressDao.update(oldIpAddress.getId(), oldIpAddress);
-            }
-            requestedIp.setSourceNat(true);
-            _ipAddressDao.update(requestedIp.getId(),requestedIp);
-            return requestedIp;
-        });
-    }
-
     @Nullable
     private ACLType getAclType(Account caller, String aclTypeStr, NetworkOffering ntwkOff) {
         // Only domain and account ACL types are supported in Acton.

From 18cc9271daf8e9a9efbc4991861af5b5bcf3f73f Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Fri, 31 Mar 2023 10:09:22 +0200
Subject: [PATCH 28/51] make SN for VPC button and error handling in UI

---
 ui/src/views/network/IpAddressesTab.vue | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ui/src/views/network/IpAddressesTab.vue b/ui/src/views/network/IpAddressesTab.vue
index 28371d2cc0ab..25ded21df3ff 100644
--- a/ui/src/views/network/IpAddressesTab.vue
+++ b/ui/src/views/network/IpAddressesTab.vue
@@ -333,14 +333,14 @@ export default {
       const params = {}
       params.sourcenatipaddress = ipaddress.ipaddress
       if (this.$route.path.startsWith('/vpc')) {
-        params.vpcid = this.resource.id
+        params.id = this.resource.id
         this.settingsourcenat = true
-        api('updateVpc', params).then(response => {
+        api('updateVPC', params).then(response => {
           this.fetchData()
         }).catch(error => {
           this.$notification.error({
             message: `${this.$t('label.error')} ${error.response.status}`,
-            description: error.response.data.associateipaddressresponse.errortext || error.response.data.errorresponse.errortext,
+            description: error.response.data.updatevpcresponse.errortext || error.response.data.errorresponse.errortext,
             duration: 0
           })
         }).finally(() => {
@@ -354,7 +354,7 @@ export default {
         }).catch(error => {
           this.$notification.error({
             message: `${this.$t('label.error')} ${error.response.status}`,
-            description: error.response.data.associateipaddressresponse.errortext || error.response.data.errorresponse.errortext,
+            description: error.response.data.updatenetworkresponse.errortext || error.response.data.errorresponse.errortext,
             duration: 0
           })
         }).finally(() => {

From 7ceb34bfb88fa66499437cbc616df2110c9fa914 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Fri, 31 Mar 2023 15:50:57 +0200
Subject: [PATCH 29/51] hasrules mechs to decide what IPs can be used

---
 .../apache/cloudstack/api/ApiConstants.java   |  1 +
 .../address/ListPublicIpAddressesCmd.java     |  4 ++--
 .../api/response/IPAddressResponse.java       | 11 ++++++----
 .../java/com/cloud/api/ApiResponseHelper.java |  4 ++++
 .../com/cloud/network/vpc/VpcManagerImpl.java | 21 ++++++++++++++-----
 ui/src/views/network/IpAddressesTab.vue       |  1 +
 6 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
index 964dd2538293..a7741fc4d90b 100644
--- a/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
+++ b/api/src/main/java/org/apache/cloudstack/api/ApiConstants.java
@@ -1026,6 +1026,7 @@ public class ApiConstants {
 
     public static final String SOURCE_NAT_IP = "sourcenatipaddress";
     public static final String SOURCE_NAT_IP_ID = "sourcenatipaddressid";
+    public static final String HAS_RULES = "hasrules";
 
     /**
      * This enum specifies IO Drivers, each option controls specific policies on I/O.
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/address/ListPublicIpAddressesCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/address/ListPublicIpAddressesCmd.java
index e456074145d9..505de6829a07 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/address/ListPublicIpAddressesCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/address/ListPublicIpAddressesCmd.java
@@ -192,8 +192,8 @@ public String getCommandName() {
     @Override
     public void execute() {
         Pair<List<? extends IpAddress>, Integer> result = _mgr.searchForIPAddresses(this);
-        ListResponse<IPAddressResponse> response = new ListResponse<IPAddressResponse>();
-        List<IPAddressResponse> ipAddrResponses = new ArrayList<IPAddressResponse>();
+        ListResponse<IPAddressResponse> response = new ListResponse<>();
+        List<IPAddressResponse> ipAddrResponses = new ArrayList<>();
         for (IpAddress ipAddress : result.first()) {
             IPAddressResponse ipResponse = _responseGenerator.createIPAddressResponse(getResponseView(), ipAddress);
             ipResponse.setObjectName("publicipaddress");
diff --git a/api/src/main/java/org/apache/cloudstack/api/response/IPAddressResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/IPAddressResponse.java
index 13497d893085..26c5c80db1d9 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/IPAddressResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/IPAddressResponse.java
@@ -159,10 +159,9 @@ public class IPAddressResponse extends BaseResponseWithAnnotations implements Co
     @Param(description="the name of the Network where ip belongs to")
     private String networkName;
 
-    /*
-        @SerializedName(ApiConstants.JOB_ID) @Param(description="shows the current pending asynchronous job ID. This tag is not returned if no current pending jobs are acting on the volume")
-        private IdentityProxy jobId = new IdentityProxy("async_job");
-    */
+    @SerializedName(ApiConstants.HAS_RULES)
+    @Param(description="whether the ip address has Frewall-/PortForwarding-/LoadBalancing-rules defined")
+    private boolean hasRules;
 
     public void setIpAddress(String ipAddress) {
         this.ipAddress = ipAddress;
@@ -305,4 +304,8 @@ public void setForDisplay(Boolean forDisplay) {
     public void setNetworkName(String networkName) {
         this.networkName = networkName;
     }
+
+    public void setHasRules(final boolean hasRules) {
+        this.hasRules = hasRules;
+    }
 }
diff --git a/server/src/main/java/com/cloud/api/ApiResponseHelper.java b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
index 8fffebb33034..ad26161d4401 100644
--- a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
@@ -37,6 +37,7 @@
 
 import javax.inject.Inject;
 
+import com.cloud.network.dao.FirewallRulesDao;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.ControlledEntity.ACLType;
 import org.apache.cloudstack.affinity.AffinityGroup;
@@ -455,6 +456,8 @@ public class ApiResponseHelper implements ResponseGenerator {
     UserVmJoinDao userVmJoinDao;
     @Inject
     NetworkServiceMapDao ntwkSrvcDao;
+    @Inject
+    FirewallRulesDao firewallRulesDao;
 
     @Override
     public UserResponse createUserResponse(User user) {
@@ -1058,6 +1061,7 @@ public IPAddressResponse createIPAddressResponse(ResponseView view, IpAddress ip
         ipResponse.setHasAnnotation(annotationDao.hasAnnotations(ipAddr.getUuid(), AnnotationService.EntityType.PUBLIC_IP_ADDRESS.name(),
                 _accountMgr.isRootAdmin(CallContext.current().getCallingAccount().getId())));
 
+        ipResponse.setHasRules(firewallRulesDao.countRulesByIpId(ipAddr.getId()) > 0);
         ipResponse.setObjectName("ipaddress");
         return ipResponse;
     }
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index 6c6a6b4649cb..21533be6a49f 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1326,6 +1326,22 @@ private IPAddressVO validateSourceNatip(Vpc vpc, String sourceNatIp) {
         } else {
             s_logger.info(String.format("updating VPC %s to have source NAT ip %s", vpc.getName(), sourceNatIp));
         }
+        IPAddressVO requestedIp = getIpAddressVO(vpc, sourceNatIp);
+        if (requestedIp == null) return null;
+        // check if it is the current source NAT address
+        if (requestedIp.isSourceNat()) {
+            s_logger.info(String.format("IP address %s is already the source Nat address. Not updating!", sourceNatIp));
+            return null;
+        }
+        if (_firewallDao.countRulesByIpId(requestedIp.getId()) > 0) {
+            s_logger.info(String.format("IP address %s has firewall/portforwarding rules. Not updating!", sourceNatIp));
+            return null;
+        }
+        return requestedIp;
+    }
+
+    @Nullable
+    private IPAddressVO getIpAddressVO(Vpc vpc, String sourceNatIp) {
         // check if the address is already aqcuired for this network
         IPAddressVO requestedIp = _ipAddressDao.findByIp(sourceNatIp);
         if (requestedIp == null || requestedIp.getVpcId() == null || ! requestedIp.getVpcId().equals(vpc.getId())) {
@@ -1333,11 +1349,6 @@ private IPAddressVO validateSourceNatip(Vpc vpc, String sourceNatIp) {
                     sourceNatIp, vpc.getName(), vpc.getUuid()));
             return null;
         }
-        // check if it is the current source NAT address
-        if (requestedIp.isSourceNat()) {
-            s_logger.info(String.format("IP address %s is allready the source Nat address. Not updating!", sourceNatIp));
-            return null;
-        }
         return requestedIp;
     }
 
diff --git a/ui/src/views/network/IpAddressesTab.vue b/ui/src/views/network/IpAddressesTab.vue
index 25ded21df3ff..c00047b0f5ba 100644
--- a/ui/src/views/network/IpAddressesTab.vue
+++ b/ui/src/views/network/IpAddressesTab.vue
@@ -83,6 +83,7 @@
                 :disabled="!('updateNetwork' in $store.getters.apis)"
                 @onClick="setSourceNatIp(record)" />
             </template>
+            <template v-else-if="record.isstaticnat === false && record.hasrules === false">
           </template>
 
           <template v-if="column.key === 'state'">

From b27435466282b9eafad78343ecc60cdb5cb0823f Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Tue, 4 Apr 2023 18:01:12 +0200
Subject: [PATCH 30/51] labels and API cleanup

---
 .../user/network/CreateNetworkCmd.java        | 12 ++++++++++-
 .../user/network/UpdateNetworkCmd.java        |  7 +++++++
 .../api/command/user/vpc/CreateVPCCmd.java    | 21 +++++++++++++++----
 .../api/command/user/vpc/UpdateVPCCmd.java    | 15 ++++++++++++-
 .../META-INF/db/schema-41720to41800.sql       |  3 ++-
 ui/public/locales/el_GR.json                  |  2 ++
 ui/public/locales/en.json                     |  9 ++++++--
 ui/public/locales/ja_JP.json                  |  2 ++
 ui/public/locales/ko_KR.json                  |  2 ++
 ui/public/locales/pt_BR.json                  |  2 ++
 ui/public/locales/zh_CN.json                  |  2 ++
 ui/src/views/network/IpAddressesTab.vue       |  7 +++++--
 12 files changed, 73 insertions(+), 11 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index e763da67b6a5..825661a06040 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@ -185,12 +185,18 @@ public class CreateNetworkCmd extends BaseCmd implements UserCmd {
 
     @Parameter(name = ApiConstants.SOURCE_NAT_IP,
             type = CommandType.STRING,
-            description = "IPV4 address to be assigned to the piublic interface of the network router. This is a hint." +
+            description = "IPV4 address to be assigned to the public interface of the network router. This is a hint." +
                     " If an address is given and it cannot be acquired, an error will be returned and the network won´t be implemented," +
                     " even if so requested.",
             since = "4.19")
     private String sourceNatIP;
 
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID,
+            type = CommandType.UUID,
+            description = "IPV4 address to be assigned to the public interface of the network router.",
+            since = "4.19")
+    private Long sourceNatIpUuid;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -278,6 +284,10 @@ public String getSourceNatIP() {
         return sourceNatIP;
     }
 
+    public long getSourceNatIpId() {
+        return sourceNatIpUuid;
+    }
+
     @Override
     public boolean isDisplay() {
         if(displayNetwork == null)
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
index d3cc169b7da4..647a0c421c44 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
@@ -107,6 +107,9 @@ public class UpdateNetworkCmd extends BaseAsyncCustomIdCmd implements UserCmd {
     @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the network router. This address must already be acquired for this network", since = "4.19")
     private String sourceNatIP;
 
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID, type = CommandType.UUID, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
+    private Long sourceNatIpUuid;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -188,6 +191,10 @@ public String getSourceNatIP() {
         return sourceNatIP;
     }
 
+    public Long getSourceNatIpUuid() {
+        return sourceNatIpUuid;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
index bdd04587209f..f54981488459 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
@@ -113,11 +113,11 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd implements UserCmd {
     @Parameter(name = ApiConstants.IP6_DNS2, type = CommandType.STRING, description = "the second IPv6 DNS for the VPC", since = "4.18.0")
     private String ip6Dns2;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
-    private String sourceNatIp;
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the network router.", since = "4.19")
+    private String sourceNatIP;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID, type = CommandType.STRING, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
-    private String sourceNatIpUuid;
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID, type = CommandType.UUID, description = "IPV4 address to be assigned to the public interface of the network router.", since = "4.19")
+    private Long sourceNatIpUuid;
 
     // ///////////////////////////////////////////////////
     // ///////////////// Accessors ///////////////////////
@@ -186,6 +186,19 @@ public Boolean getDisplayVpc() {
         return display;
     }
 
+
+    public String getSourceNatIP() {
+        return sourceNatIP;
+    }
+
+    public Long getSourceNatIPId() {
+        return sourceNatIpUuid;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
     @Override
     public void create() throws ResourceAllocationException {
         Vpc vpc = _vpcService.createVpc(this);
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
index 0a28c755b126..3b706dc1a691 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
@@ -63,9 +63,18 @@ public class UpdateVPCCmd extends BaseAsyncCustomIdCmd implements UserCmd {
             description = "MTU to be configured on the network VR's public facing interfaces", since = "4.18.0")
     private Integer publicMtu;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the network router. This address must already be acquired for this VPC", since = "4.19")
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP,
+            type = CommandType.STRING,
+            description = "IPV4 address to be assigned to the public interface of the network router. This address must already be acquired for this VPC",
+            since = "4.19")
     private String sourceNatIP;
 
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID,
+            type = CommandType.UUID,
+            description = "IPV4 address to be assigned to the public interface of the network router.",
+            since = "4.19")
+    private Long sourceNatIpUuid;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -94,6 +103,10 @@ public String getSourceNatIP() {
         return sourceNatIP;
     }
 
+    public Long getSourceNatIPId() {
+        return sourceNatIpUuid;
+    }
+
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
index 217248a7044e..b8eee33cad74 100644
--- a/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
+++ b/engine/schema/src/main/resources/META-INF/db/schema-41720to41800.sql
@@ -1575,10 +1575,11 @@ CREATE VIEW `cloud`.`user_view` AS
 DELETE FROM `cloud`.`snapshot_store_ref`
 WHERE store_role = "Primary" AND store_id IN (SELECT id FROM storage_pool WHERE removed IS NOT NULL);
 
+
 -- Change usage of VM_DISK_IO_WRITE to use right usage_type
 UPDATE
   `cloud_usage`.`cloud_usage`
 SET
   usage_type = 22
 WHERE
-  usage_type = 24 AND usage_display like '% io write';
+  usage_type = 24 AND usage_display like '% io write';
\ No newline at end of file
diff --git a/ui/public/locales/el_GR.json b/ui/public/locales/el_GR.json
index ffe6aaf99eaa..a72981d8f1b0 100644
--- a/ui/public/locales/el_GR.json
+++ b/ui/public/locales/el_GR.json
@@ -1578,6 +1578,8 @@
 "label.shared": "Κοινόχρηστο",
 "label.sharedexecutable": "Κοινόχρηστο",
 "label.sharedmountpoint": "Κοινόχρηστο μέσο",
+"label.sharedrouterip": "Διεύθυνση IPv4 του δρομολογητή στο κοινόχρηστο δίκτυο ",
+"label.sharedrouteripv6": "Διεύθυνση IPv6 του δρομολογητή στο κοινόχρηστο δίκτυο",
 "label.sharewith": "Κοινή χρήση με",
 "label.showing": "Προβολή",
 "label.shrinkok": "Συρρίκνωση OK",
diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index cdc013f82dcc..99c52a3ad675 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -164,6 +164,7 @@
 "label.action.router.health.checks": "Get health checks result",
 "label.action.run.diagnostics": "Run diagnostics",
 "label.action.secure.host": "Provision host security keys",
+"label.action.set.as.source.nat.ip": "make source NAT",
 "label.action.setup.2FA.user.auth": "Setup User Two Factor Authentication",
 "label.action.start.instance": "Start instance",
 "label.action.start.router": "Start router",
@@ -1645,8 +1646,8 @@
 "label.router.health.check.success": "Success",
 "label.router.health.checks": "Health checks",
 "label.routercount": "Total of virtual routers",
-"label.routerip": "IPv4 address for the VR in this shared network.",
-"label.routeripv6": "IPv6 address for the VR in this shared network.",
+"label.routerip": "IPv4 address for the VR in this network.",
+"label.routeripv6": "IPv6 address for the VR in this network.",
 "label.resourcegroup": "Resource group",
 "label.routing.policy": "Routing policy",
 "label.routing.policy.terms": "Routing policy terms",
@@ -1751,6 +1752,8 @@
 "label.shared": "Shared",
 "label.sharedexecutable": "Shared",
 "label.sharedmountpoint": "SharedMountPoint",
+"label.sharedrouterip": "IPv4 address for the VR in this shared network.",
+"label.sharedrouteripv6": "IPv6 address for the VR in this shared network.",
 "label.sharewith": "Share with",
 "label.showing": "Showing",
 "label.shrinkok": "Shrink OK",
@@ -1778,6 +1781,7 @@
 "label.sourceipaddress": "Source IP address",
 "label.sourceipaddressnetworkid": "Network ID of source IP address",
 "label.sourcenat": "Source NAT",
+"label.sourcenatipaddress": "Source NAT IP address",
 "label.sourcenatsupported": "Source NAT supported",
 "label.sourcenattype": "Supported source NAT type",
 "label.sourceport": "Source port",
@@ -1828,6 +1832,7 @@
 "label.startport": "Start port",
 "label.startquota": "Quota value",
 "label.state": "State",
+"label.staticnat": "Static NAT",
 "label.static.routes": "Static routes",
 "label.status": "Status",
 "label.step.1": "Step 1",
diff --git a/ui/public/locales/ja_JP.json b/ui/public/locales/ja_JP.json
index 19938b906478..f1518286f80b 100644
--- a/ui/public/locales/ja_JP.json
+++ b/ui/public/locales/ja_JP.json
@@ -2046,6 +2046,8 @@
   "label.shared": "共有",
   "label.sharedexecutable": "共有",
   "label.sharedmountpoint": "SharedMountPoint",
+  "label.sharedrouterip": "共有ネットワークのルーターのIPv4アドレス",
+  "label.sharedrouteripv6": "共有ネットワークのルーターのIPv6アドレス",
   "label.sharewith": "共有",
   "label.show.ingress.rule": "受信ルールの表示",
   "label.showing": "表示中",
diff --git a/ui/public/locales/ko_KR.json b/ui/public/locales/ko_KR.json
index 68c6fe9e6d6d..ef7b4f492542 100644
--- a/ui/public/locales/ko_KR.json
+++ b/ui/public/locales/ko_KR.json
@@ -1373,6 +1373,8 @@
 "label.shared": "shared",
 "label.sharedexecutable": "\uacf5\uc720",
 "label.sharedmountpoint": "\uacf5\uc720 \ub9c8\uc6b4\ud2b8 \ud3ec\uc778\ud2b8",
+"label.sharedrouterip": "\uc11c\ube44\uc2a4\uc6a9 \ub124\ud2b8\uc6cc\ud06c\uc758 \ub77c\uc6b0\ud130\uc5d0 \ub300\ud55c IPv4 \uc8fc\uc18c",
+"label.sharedrouteripv6": "\uc11c\ube44\uc2a4\uc6a9 \ub124\ud2b8\uc6cc\ud06c\uc758 \ub77c\uc6b0\ud130\uc5d0 \ub300\ud55c IPv6 \uc8fc\uc18c",
 "label.sharewith": "\uacf5\uc720",
 "label.showing": "\ubcf4\uae30",
 "label.shrinkok": "\ubcc0\uacbd \uc644\ub8cc",
diff --git a/ui/public/locales/pt_BR.json b/ui/public/locales/pt_BR.json
index 712d9f136232..40256c8e340a 100644
--- a/ui/public/locales/pt_BR.json
+++ b/ui/public/locales/pt_BR.json
@@ -1468,6 +1468,8 @@
 "label.shared": "Compatilhado",
 "label.sharedexecutable": "Compatilhado",
 "label.sharedmountpoint": "SharedMountPoint",
+"label.sharedrouterip": "Endere\u00e7os IPv4 para o roteador dentro da rede compartilhada",
+"label.sharedrouteripv6": "Endere\u00e7os IPv6 para o roteador dentro da rede compartilhada",
 "label.sharewith": "Compartilhar com",
 "label.showing": "Exibindo",
 "label.shrinkok": "Encolhimento OK",
diff --git a/ui/public/locales/zh_CN.json b/ui/public/locales/zh_CN.json
index 7ba77fdf4684..49fe7830e117 100644
--- a/ui/public/locales/zh_CN.json
+++ b/ui/public/locales/zh_CN.json
@@ -2333,6 +2333,8 @@
   "label.shared": "\u5DF2\u5171\u4EAB",
   "label.sharedexecutable": "\u5DF2\u5171\u4EAB",
   "label.sharedmountpoint": "\u5171\u4EAB\u6302\u8F7D\u70B9",
+  "label.sharedrouterip": "\u5171\u4EAB\u7F51\u7EDC\u4E2D\u8DEF\u7531\u5668\u7684 IPv4 \u5730\u5740",
+  "label.sharedrouteripv6": "\u5171\u4EAB\u7F51\u7EDC\u4E2D\u8DEF\u7531\u5668\u7684 IPv6 \u5730\u5740",
   "label.sharewith": "\u5206\u4EAB",
 
   "label.show.ingress.rule": "\u663E\u793A\u5165\u53E3\u89C4\u5219",
diff --git a/ui/src/views/network/IpAddressesTab.vue b/ui/src/views/network/IpAddressesTab.vue
index c00047b0f5ba..9fd4f78f7734 100644
--- a/ui/src/views/network/IpAddressesTab.vue
+++ b/ui/src/views/network/IpAddressesTab.vue
@@ -71,7 +71,10 @@
             <div v-else>{{ text }}</div>
             &nbsp;
             <template v-if="record.issourcenat === true">
-              <a-tag>source-nat</a-tag>
+              <a-tag>{{ $t('label.sourcenat') }}</a-tag>
+            </template>
+            <template v-else-if="record.isstaticnat === true">
+              <a-tag>{{ $t('label.staticnat') }}</a-tag>
             </template>
             <template v-else-if="record.isstaticnat === false">
               <tooltip-button
@@ -83,7 +86,6 @@
                 :disabled="!('updateNetwork' in $store.getters.apis)"
                 @onClick="setSourceNatIp(record)" />
             </template>
-            <template v-else-if="record.isstaticnat === false && record.hasrules === false">
           </template>
 
           <template v-if="column.key === 'state'">
@@ -109,6 +111,7 @@
               icon="delete-outlined"
               :disabled="!('disassociateIpAddress' in $store.getters.apis)"
               @onClick="releaseIpAddress(record)" />
+            </template>
           </template>
         </template>
       </a-table>

From d4a4b1acb3118ea5aa1068cf714c0833deb24488 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Tue, 4 Apr 2023 18:11:12 +0200
Subject: [PATCH 31/51] merge-conflict+cleanup

---
 .../cloudstack/api/command/user/network/UpdateNetworkCmd.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
index 647a0c421c44..4cfa998a4fe7 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
@@ -191,7 +191,7 @@ public String getSourceNatIP() {
         return sourceNatIP;
     }
 
-    public Long getSourceNatIpUuid() {
+    public Long getSourceNatIpId() {
         return sourceNatIpUuid;
     }
 

From fbdd40b6d2737b9341d3570bc4c9d75d27978905 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 5 Apr 2023 15:50:49 +0200
Subject: [PATCH 32/51] unit tests

---
 .../ConfigurationManagerImpl.java             | 35 ++++++++++++-------
 .../com/cloud/network/vpc/VpcManagerImpl.java |  2 +-
 .../ConfigurationManagerTest.java             | 35 +++++++++++++++++++
 .../cloud/network/IpAddressManagerTest.java   | 12 +++++++
 .../cloud/network/vpc/VpcManagerImplTest.java | 30 +++++++++++++++-
 5 files changed, 100 insertions(+), 14 deletions(-)

diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 56ee63ad3ca3..2f0686181bc2 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -6216,7 +6216,7 @@ void validateSourceNatServiceCapablities(final Map<Capability, String> sourceNat
         }
     }
 
-    private boolean sourceNatCapabilitiesContainValidValues(Map<Capability, String> sourceNatServiceCapabilityMap) {
+    boolean sourceNatCapabilitiesContainValidValues(Map<Capability, String> sourceNatServiceCapabilityMap) {
         for (final Entry<Capability ,String> srcNatPair : sourceNatServiceCapabilityMap.entrySet()) {
             final Capability capability = srcNatPair.getKey();
             final String value = srcNatPair.getValue();
@@ -6411,17 +6411,8 @@ public NetworkOfferingVO createNetworkOffering(final String name, final String d
 
             final Map<Capability, String> sourceNatServiceCapabilityMap = serviceCapabilityMap.get(Service.SourceNat);
             if (sourceNatServiceCapabilityMap != null && !sourceNatServiceCapabilityMap.isEmpty()) {
-                String param = sourceNatServiceCapabilityMap.get(Capability.SupportedSourceNatTypes);
-                if (param != null) {
-                    _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.SupportedSourceNatTypes, param);
-                    sharedSourceNat = param.contains(PERZONE);
-                }
-
-                param = sourceNatServiceCapabilityMap.get(Capability.RedundantRouter);
-                if (param != null) {
-                    _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.RedundantRouter, param);
-                    redundantRouter = param.contains("true");
-                }
+                sharedSourceNat = isSharedSourceNat(serviceProviderMap, sourceNatServiceCapabilityMap);
+                redundantRouter = isRedundantRouter(serviceProviderMap, sourceNatServiceCapabilityMap);
             }
 
             final Map<Capability, String> staticNatServiceCapabilityMap = serviceCapabilityMap.get(Service.StaticNat);
@@ -6571,6 +6562,26 @@ public NetworkOfferingVO doInTransaction(final TransactionStatus status) {
         });
     }
 
+    boolean isRedundantRouter(Map<Service, Set<Provider>> serviceProviderMap, Map<Capability, String> sourceNatServiceCapabilityMap) {
+        boolean redundantRouter = false;
+        String param = sourceNatServiceCapabilityMap.get(Capability.RedundantRouter);
+        if (param != null) {
+            _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.RedundantRouter, param);
+            redundantRouter = param.contains("true");
+        }
+        return redundantRouter;
+    }
+
+    boolean isSharedSourceNat(Map<Service, Set<Provider>> serviceProviderMap, Map<Capability, String> sourceNatServiceCapabilityMap) {
+        boolean sharedSourceNat = false;
+        String param = sourceNatServiceCapabilityMap.get(Capability.SupportedSourceNatTypes);
+        if (param != null) {
+            _networkModel.checkCapabilityForProvider(serviceProviderMap.get(Service.SourceNat), Service.SourceNat, Capability.SupportedSourceNatTypes, param);
+            sharedSourceNat = param.contains(PERZONE);
+        }
+        return sharedSourceNat;
+    }
+
     protected void validateNtwkOffDetails(final Map<Detail, String> details, final Map<Service, Set<Provider>> serviceProviderMap) {
         for (final Detail detail : details.keySet()) {
 
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index 21533be6a49f..3ca51b05fe16 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1319,7 +1319,7 @@ private boolean checkAndUpdateRouterSourceNatIp(Vpc vpc, String sourceNatIp) {
     }
 
     @Nullable
-    private IPAddressVO validateSourceNatip(Vpc vpc, String sourceNatIp) {
+    protected IPAddressVO validateSourceNatip(Vpc vpc, String sourceNatIp) {
         if (sourceNatIp == null) {
             s_logger.trace(String.format("no source NAT ip given to update vpc %s with.", vpc.getName()));
             return null;
diff --git a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
index 513c6ce9bb2b..0b8c08e5c0e2 100644
--- a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
+++ b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
@@ -37,6 +37,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Random;
+import java.util.Set;
 import java.util.UUID;
 
 import org.apache.cloudstack.api.command.admin.network.CreateGuestNetworkIpv6PrefixCmd;
@@ -621,6 +622,40 @@ public void validateInvalidStaticNatServiceCapablitiesTest() {
         Assert.assertTrue("should not be accepted", caught);
     }
 
+    @Test
+    public void isRedundantRouter() {
+        Map<Network.Service, Set<Network.Provider>> serviceCapabilityMap = new HashMap<>();
+        Map<Capability, String> sourceNatServiceCapabilityMap = new HashMap<>();
+        sourceNatServiceCapabilityMap.put(Capability.SupportedSourceNatTypes, "peraccount");
+        sourceNatServiceCapabilityMap.put(Capability.RedundantRouter, "True");
+        Assert.assertTrue(configurationMgr.isRedundantRouter(serviceCapabilityMap, sourceNatServiceCapabilityMap));
+    }
+
+    @Test
+    public void isSharedSourceNat() {
+        Map<Network.Service, Set<Network.Provider>> serviceCapabilityMap = new HashMap<>();
+        Map<Capability, String> sourceNatServiceCapabilityMap = new HashMap<>();
+        sourceNatServiceCapabilityMap.put(Capability.SupportedSourceNatTypes, "perzone");
+        Assert.assertTrue(configurationMgr.isSharedSourceNat(serviceCapabilityMap, sourceNatServiceCapabilityMap));
+    }
+
+    @Test
+    public void isNotSharedSourceNat() {
+        Map<Network.Service, Set<Network.Provider>> serviceCapabilityMap = new HashMap<>();
+        Map<Capability, String> sourceNatServiceCapabilityMap = new HashMap<>();
+        sourceNatServiceCapabilityMap.put(Capability.SupportedSourceNatTypes, "peraccount");
+        Assert.assertFalse(configurationMgr.isSharedSourceNat(serviceCapabilityMap, sourceNatServiceCapabilityMap));
+    }
+
+    @Test
+    public void sourceNatCapabilitiesContainValidValues() {
+        Map<Capability, String> sourceNatServiceCapabilityMap = new HashMap<>();
+        sourceNatServiceCapabilityMap.put(Capability.SupportedSourceNatTypes, "peraccount");
+        sourceNatServiceCapabilityMap.put(Capability.RedundantRouter, "True");
+
+        Assert.assertTrue(configurationMgr.sourceNatCapabilitiesContainValidValues(sourceNatServiceCapabilityMap));
+    }
+
     @Test
     public void validateTTStaticNatServiceCapablitiesTest() {
         Map<Capability, String> staticNatServiceCapabilityMap = new HashMap<>();
diff --git a/server/src/test/java/com/cloud/network/IpAddressManagerTest.java b/server/src/test/java/com/cloud/network/IpAddressManagerTest.java
index 50ad62e05433..ef5ad8c09675 100644
--- a/server/src/test/java/com/cloud/network/IpAddressManagerTest.java
+++ b/server/src/test/java/com/cloud/network/IpAddressManagerTest.java
@@ -23,11 +23,13 @@
 import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Vector;
 
 import com.cloud.user.Account;
 import org.junit.Assert;
@@ -230,4 +232,14 @@ private Network setTestIsIpEqualsGatewayOrNetworkOfferingsEmpty(long networkOffe
         return network;
     }
 
+    @Test
+    public void updateSourceNatIpAddress() throws Exception {
+        IPAddressVO requestedIp = Mockito.mock(IPAddressVO.class);
+        IPAddressVO oldIp = Mockito.mock(IPAddressVO.class);
+        List<IPAddressVO> userIps = new Vector<>();
+        userIps.add(oldIp);
+        ipAddressManager.updateSourceNatIpAddress(requestedIp, userIps);
+        verify(requestedIp).setSourceNat(true);
+        verify(oldIp).setSourceNat(false);
+    }
 }
diff --git a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
index f3916f08c883..14f6275d9f52 100644
--- a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
+++ b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
@@ -42,8 +42,10 @@
 
 import com.cloud.alert.AlertManager;
 import com.cloud.network.NetworkService;
+import com.cloud.network.dao.FirewallRulesDao;
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.alert.AlertService;
+import org.apache.cloudstack.api.command.user.vpc.UpdateVPCCmd;
 import org.apache.cloudstack.context.CallContext;
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.junit.After;
@@ -149,6 +151,8 @@ public class VpcManagerImplTest {
     AlertManager alertManager;
     @Mock
     NetworkService networkServiceMock;
+    @Mock
+    FirewallRulesDao firewallDao;
 
     public static final long ACCOUNT_ID = 1;
     private AccountVO account;
@@ -200,6 +204,7 @@ public void setup()
         manager._vpcOffDao = vpcOfferingDao;
         manager._dcDao = dataCenterDao;
         manager._ntwkSvc = networkServiceMock;
+        manager._firewallDao = firewallDao;
         CallContext.register(Mockito.mock(User.class), Mockito.mock(Account.class));
         registerCallContext();
     }
@@ -357,6 +362,7 @@ public void testCreateVpcNetwork() throws InsufficientCapacityException, Resourc
     public void testUpdateVpcNetwork() throws ResourceUnavailableException {
         long vpcId = 1L;
         Integer publicMtu = 1450;
+        String sourceNatIp = "1.2.3.4";
         Account accountMock = Mockito.mock(Account.class);
         VpcVO vpcVO = new VpcVO();
 
@@ -398,9 +404,31 @@ public void testUpdateVpcNetwork() throws ResourceUnavailableException {
         Mockito.when(networkDao.update(anyLong(), any())).thenReturn(true);
         Mockito.when(vpcDao.update(vpcId, vpcVO)).thenReturn(true);
 
-        manager.updateVpc(vpcId, null, null, null, true, publicMtu, null);
+        UpdateVPCCmd cmd = Mockito.mock(UpdateVPCCmd.class);
+        Mockito.when(cmd.getId()).thenReturn(vpcId);
+        Mockito.when(cmd.getVpcName()).thenReturn(null);
+        Mockito.when(cmd.getDisplayText()).thenReturn(null);
+        Mockito.when(cmd.getCustomId()).thenReturn(null);
+        Mockito.when(cmd.isDisplayVpc()).thenReturn(true);
+        Mockito.when(cmd.getPublicMtu()).thenReturn(publicMtu);
+        Mockito.when(cmd.getSourceNatIP()).thenReturn(sourceNatIp);
+
+        manager.updateVpc(vpcId, null, null, null, true, publicMtu, sourceNatIp);
         Assert.assertEquals(publicMtu, vpcVO.getPublicMtu());
+    }
 
+    @Test
+    public void verifySourceNatIp() {
+        String sourceNatIp = "1.2.3.4";
+        VpcVO vpcVO = Mockito.mock(VpcVO.class); //new VpcVO(1l, "vpc", null, 10l, 1l, 1l, "10.1.0.0/16", null, false, false, false, null, null, null, null);
+        Mockito.when(vpcVO.getId()).thenReturn(1l);
+        IPAddressVO requestedIp = Mockito.mock(IPAddressVO.class);//new IPAddressVO(new Ip(sourceNatIp), 1l, 1l, 1l, true);
+        Mockito.when(ipAddressDao.findByIp(sourceNatIp)).thenReturn(requestedIp);
+        Mockito.when(requestedIp.getVpcId()).thenReturn(1l);
+        Mockito.when(requestedIp.getVpcId()).thenReturn(1l);
+        Mockito.when(firewallDao.countRulesByIpId(1l)).thenReturn(0l);
+        Assert.assertNull(manager.validateSourceNatip(vpcVO, null));
+        Assert.assertEquals(requestedIp, manager.validateSourceNatip(vpcVO, sourceNatIp));
     }
 
     @Test

From d36992465da7ff353f7cc8b5ef2a05ab66d88d4c Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Thu, 6 Apr 2023 10:22:57 +0200
Subject: [PATCH 33/51] case

---
 .../java/com/cloud/configuration/ConfigurationManagerTest.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
index 0b8c08e5c0e2..feff0ba91d35 100644
--- a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
+++ b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
@@ -627,7 +627,7 @@ public void isRedundantRouter() {
         Map<Network.Service, Set<Network.Provider>> serviceCapabilityMap = new HashMap<>();
         Map<Capability, String> sourceNatServiceCapabilityMap = new HashMap<>();
         sourceNatServiceCapabilityMap.put(Capability.SupportedSourceNatTypes, "peraccount");
-        sourceNatServiceCapabilityMap.put(Capability.RedundantRouter, "True");
+        sourceNatServiceCapabilityMap.put(Capability.RedundantRouter, "true");
         Assert.assertTrue(configurationMgr.isRedundantRouter(serviceCapabilityMap, sourceNatServiceCapabilityMap));
     }
 

From c823bedae4af9f679e9f835740843ebce3c2fd18 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Thu, 6 Apr 2023 16:31:36 +0200
Subject: [PATCH 34/51] validate routers and updateVpc unit tests

---
 .../com/cloud/network/NetworkServiceImpl.java |  2 +-
 .../cloud/network/NetworkServiceImplTest.java | 46 +++++++++++++++++++
 .../cloud/network/vpc/VpcManagerImplTest.java |  2 +-
 3 files changed, 48 insertions(+), 2 deletions(-)

diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index fe7acaa4ad9e..cd1d7fb6f67c 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1304,7 +1304,7 @@ private void checkSharedNetworkCidrOverlap(Long zoneId, long physicalNetworkId,
         }
     }
 
-    private void validateSharedNetworkRouterIPs(String gateway, String startIP, String endIP, String netmask, String routerIPv4, String routerIPv6, String startIPv6, String endIPv6, String ip6Cidr, NetworkOffering ntwkOff) {
+    void validateSharedNetworkRouterIPs(String gateway, String startIP, String endIP, String netmask, String routerIPv4, String routerIPv6, String startIPv6, String endIPv6, String ip6Cidr, NetworkOffering ntwkOff) {
         if (ntwkOff.getGuestType() == GuestType.Shared) {
             validateSharedNetworkRouterIPv4(routerIPv4, startIP, endIP, gateway, netmask);
             validateSharedNetworkRouterIPv6(routerIPv6, startIPv6, endIPv6, ip6Cidr);
diff --git a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
index 353ce46c9a7b..e3c8c5bd458b 100644
--- a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
+++ b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
@@ -772,4 +772,50 @@ public void validateIfServiceOfferingIsActiveAndSystemVmTypeIsDomainRouterTestMu
 
         networkServiceImplMock.validateIfServiceOfferingIsActiveAndSystemVmTypeIsDomainRouter(1l);
     }
+
+    @Test
+    public void validateNotSharedNetworkRouterIPv4() {
+        NetworkOffering ntwkOff = Mockito.mock(NetworkOffering.class);
+        when(ntwkOff.getGuestType()).thenReturn(Network.GuestType.L2);
+        service.validateSharedNetworkRouterIPs(null, null, null, null, null, null, null, null, null, ntwkOff);
+    }
+
+    @Test
+    public void validateSharedNetworkRouterIPs() {
+        String startIP = "10.0.16.2";
+        String endIP = "10.0.16.100";
+        String routerIPv4 = "10.0.16.100";
+        String routerPv6 = "fd17:ac56:1234:2000::fb";
+        String startIPv6 = "fd17:ac56:1234:2000::1";
+        String endIPv6 = "fd17:ac56:1234:2000::fc";
+        NetworkOffering ntwkOff = Mockito.mock(NetworkOffering.class);
+        when(ntwkOff.getGuestType()).thenReturn(Network.GuestType.Shared);
+        service.validateSharedNetworkRouterIPs(IP4_GATEWAY, startIP, endIP, IP4_NETMASK, routerIPv4, routerPv6, startIPv6, endIPv6, IP6_CIDR, ntwkOff);
+    }
+
+    @Test
+    public void validateSharedNetworkWrongRouterIPv4() {
+        String startIP = "10.0.16.2";
+        String endIP = "10.0.16.100";
+        String routerIPv4 = "10.0.16.101";
+        String routerPv6 = "fd17:ac56:1234:2000::fb";
+        String startIPv6 = "fd17:ac56:1234:2000::1";
+        String endIPv6 = "fd17:ac56:1234:2000::fc";
+        NetworkOffering ntwkOff = Mockito.mock(NetworkOffering.class);
+        when(ntwkOff.getGuestType()).thenReturn(Network.GuestType.Shared);
+        service.validateSharedNetworkRouterIPs(IP4_GATEWAY, startIP, endIP, IP4_NETMASK, routerIPv4, routerPv6, startIPv6, endIPv6, IP6_CIDR, ntwkOff);
+    }
+
+    @Test
+    public void validateSharedNetworkNoEndOfIPv6Range() {
+        String startIP = "10.0.16.2";
+        String endIP = "10.0.16.100";
+        String routerIPv4 = "10.0.16.100";
+        String routerPv6 = "fd17:ac56:1234:2000::1";
+        String startIPv6 = "fd17:ac56:1234:2000::1";
+        String endIPv6 = null;
+        NetworkOffering ntwkOff = Mockito.mock(NetworkOffering.class);
+        when(ntwkOff.getGuestType()).thenReturn(Network.GuestType.Shared);
+        service.validateSharedNetworkRouterIPs(IP4_GATEWAY, startIP, endIP, IP4_NETMASK, routerIPv4, routerPv6, startIPv6, endIPv6, IP6_CIDR, ntwkOff);
+    }
 }
diff --git a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
index 14f6275d9f52..05d61bba4834 100644
--- a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
+++ b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
@@ -413,7 +413,7 @@ public void testUpdateVpcNetwork() throws ResourceUnavailableException {
         Mockito.when(cmd.getPublicMtu()).thenReturn(publicMtu);
         Mockito.when(cmd.getSourceNatIP()).thenReturn(sourceNatIp);
 
-        manager.updateVpc(vpcId, null, null, null, true, publicMtu, sourceNatIp);
+        manager.updateVpc(cmd);
         Assert.assertEquals(publicMtu, vpcVO.getPublicMtu());
     }
 

From d9a02acc364855400c2455a0d3cc1511b64e9d67 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Thu, 6 Apr 2023 16:53:21 +0200
Subject: [PATCH 35/51] fix unit test

---
 .../java/com/cloud/network/NetworkServiceImplTest.java    | 8 +++++++-
 ui/src/views/network/IpAddressesTab.vue                   | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
index e3c8c5bd458b..340740856764 100644
--- a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
+++ b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
@@ -803,7 +803,13 @@ public void validateSharedNetworkWrongRouterIPv4() {
         String endIPv6 = "fd17:ac56:1234:2000::fc";
         NetworkOffering ntwkOff = Mockito.mock(NetworkOffering.class);
         when(ntwkOff.getGuestType()).thenReturn(Network.GuestType.Shared);
-        service.validateSharedNetworkRouterIPs(IP4_GATEWAY, startIP, endIP, IP4_NETMASK, routerIPv4, routerPv6, startIPv6, endIPv6, IP6_CIDR, ntwkOff);
+        boolean passing = false;
+        try {
+            service.validateSharedNetworkRouterIPs(IP4_GATEWAY, startIP, endIP, IP4_NETMASK, routerIPv4, routerPv6, startIPv6, endIPv6, IP6_CIDR, ntwkOff);
+        } catch (CloudRuntimeException e) {
+            passing = true;
+        }
+        Assert.assertTrue(passing);
     }
 
     @Test
diff --git a/ui/src/views/network/IpAddressesTab.vue b/ui/src/views/network/IpAddressesTab.vue
index 9fd4f78f7734..20cd661f35b0 100644
--- a/ui/src/views/network/IpAddressesTab.vue
+++ b/ui/src/views/network/IpAddressesTab.vue
@@ -111,7 +111,6 @@
               icon="delete-outlined"
               :disabled="!('disassociateIpAddress' in $store.getters.apis)"
               @onClick="releaseIpAddress(record)" />
-            </template>
           </template>
         </template>
       </a-table>
@@ -184,6 +183,7 @@
       @close-modal="closeModal" />
   </div>
 </template>
+
 <script>
 import { api } from '@/api'
 import Status from '@/components/widgets/Status'

From 478477d4090deaa6d42337f4961c825af1bbe6cc Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Thu, 13 Apr 2023 12:18:51 +0200
Subject: [PATCH 36/51] more unit tests

---
 .../com/cloud/network/NetworkServiceImpl.java |   2 +-
 .../cloud/network/NetworkServiceImplTest.java | 111 ++++++++++++++++--
 2 files changed, 101 insertions(+), 12 deletions(-)

diff --git a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
index cd1d7fb6f67c..411695f2c900 100644
--- a/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkServiceImpl.java
@@ -1672,7 +1672,7 @@ public Network createGuestNetwork(CreateNetworkCmd cmd) throws InsufficientCapac
         return network;
     }
 
-    private void checkAndSetRouterSourceNatIp(Account owner, CreateNetworkCmd cmd, Network network) throws InsufficientAddressCapacityException, ResourceAllocationException {
+    void checkAndSetRouterSourceNatIp(Account owner, CreateNetworkCmd cmd, Network network) throws InsufficientAddressCapacityException, ResourceAllocationException {
         String sourceNatIp = cmd.getSourceNatIP();
         if (sourceNatIp == null) {
             s_logger.debug(String.format("no source nat ip given for create network %s command, using something arbitrary.", cmd.getNetworkName()));
diff --git a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
index 340740856764..da52be7c60cb 100644
--- a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
+++ b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
@@ -17,8 +17,10 @@
 package com.cloud.network;
 
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
 import static org.mockito.ArgumentMatchers.anyLong;
 import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.nullable;
 import static org.mockito.Mockito.lenient;
 import static org.mockito.Mockito.mock;
@@ -34,6 +36,7 @@
 import java.util.Map;
 import java.util.UUID;
 
+import com.cloud.exception.InsufficientAddressCapacityException;
 import org.apache.cloudstack.alert.AlertService;
 import org.apache.cloudstack.api.command.user.network.CreateNetworkCmd;
 import org.apache.cloudstack.api.command.user.network.UpdateNetworkCmd;
@@ -81,7 +84,6 @@
 import com.cloud.org.Grouping;
 import com.cloud.user.Account;
 import com.cloud.user.AccountManager;
-import com.cloud.user.AccountManagerImpl;
 import com.cloud.user.AccountService;
 import com.cloud.user.AccountVO;
 import com.cloud.user.User;
@@ -122,8 +124,6 @@ public class NetworkServiceImplTest {
     @Mock
     NetworkOfferingServiceMapDao networkOfferingServiceMapDao;
     @Mock
-    AccountManager accountMgr;
-    @Mock
     EntityManager entityMgr;
     @Mock
     NetworkService networkService;
@@ -162,8 +162,8 @@ public class NetworkServiceImplTest {
     @Mock
     ServiceOfferingVO serviceOfferingVoMock;
 
-    @InjectMocks
-    AccountManagerImpl accountManagerImpl;
+    @Mock
+    IpAddressManager ipAddressManager;
     @Mock
     ConfigKey<Integer> privateMtuKey;
     @Mock
@@ -223,7 +223,7 @@ public void setup() throws Exception {
         service._networkOfferingDao = networkOfferingDao;
         service._physicalNetworkDao = physicalNetworkDao;
         service._dcDao = dcDao;
-        service._accountMgr = accountMgr;
+        service._accountMgr = accountManager;
         service._networkMgr = networkManager;
         service.alertManager = alertManager;
         service._configMgr = configMgr;
@@ -236,6 +236,7 @@ public void setup() throws Exception {
         service.routerDao = routerDao;
         service.commandSetupHelper = commandSetupHelper;
         service.networkHelper = networkHelper;
+        service._ipAddrMgr = ipAddressManager;
         PowerMockito.mockStatic(CallContext.class);
         CallContext callContextMock = PowerMockito.mock(CallContext.class);
         PowerMockito.when(CallContext.current()).thenReturn(callContextMock);
@@ -248,8 +249,8 @@ public void setup() throws Exception {
         Mockito.when(networkOfferingDao.findById(1L)).thenReturn(offering);
         Mockito.when(physicalNetworkDao.findById(Mockito.anyLong())).thenReturn(phyNet);
         Mockito.when(dcDao.findById(Mockito.anyLong())).thenReturn(dc);
-        Mockito.lenient().doNothing().when(accountMgr).checkAccess(accountMock, networkOffering, dc);
-        Mockito.when(accountMgr.isRootAdmin(accountMock.getId())).thenReturn(true);
+        Mockito.lenient().doNothing().when(accountManager).checkAccess(accountMock, networkOffering, dc);
+        Mockito.when(accountManager.isRootAdmin(accountMock.getId())).thenReturn(true);
     }
 
     @Test
@@ -807,6 +808,7 @@ public void validateSharedNetworkWrongRouterIPv4() {
         try {
             service.validateSharedNetworkRouterIPs(IP4_GATEWAY, startIP, endIP, IP4_NETMASK, routerIPv4, routerPv6, startIPv6, endIPv6, IP6_CIDR, ntwkOff);
         } catch (CloudRuntimeException e) {
+            Assert.assertTrue(e.getMessage().contains("Router IPv4 IP provided is not within the specified range: "));
             passing = true;
         }
         Assert.assertTrue(passing);
@@ -814,9 +816,9 @@ public void validateSharedNetworkWrongRouterIPv4() {
 
     @Test
     public void validateSharedNetworkNoEndOfIPv6Range() {
-        String startIP = "10.0.16.2";
-        String endIP = "10.0.16.100";
-        String routerIPv4 = "10.0.16.100";
+        String startIP = null;
+        String endIP = null;
+        String routerIPv4 = null;
         String routerPv6 = "fd17:ac56:1234:2000::1";
         String startIPv6 = "fd17:ac56:1234:2000::1";
         String endIPv6 = null;
@@ -824,4 +826,91 @@ public void validateSharedNetworkNoEndOfIPv6Range() {
         when(ntwkOff.getGuestType()).thenReturn(Network.GuestType.Shared);
         service.validateSharedNetworkRouterIPs(IP4_GATEWAY, startIP, endIP, IP4_NETMASK, routerIPv4, routerPv6, startIPv6, endIPv6, IP6_CIDR, ntwkOff);
     }
+
+    @Test
+    public void validateSharedNetworkIPv6RouterNotInRange() {
+        String routerIPv4 = null;
+        String routerIPv6 = "fd17:ac56:1234:2001::1";
+        NetworkOffering ntwkOff = Mockito.mock(NetworkOffering.class);
+        when(ntwkOff.getGuestType()).thenReturn(Network.GuestType.Shared);
+        boolean passing = false;
+        try {
+            service.validateSharedNetworkRouterIPs(IP4_GATEWAY, null, null, IP4_NETMASK, routerIPv4, routerIPv6, null, null, IP6_CIDR, ntwkOff);
+        } catch (CloudRuntimeException e) {
+            Assert.assertTrue(e.getMessage().contains("Router IPv6 address provided is not with the network range"));
+            passing = true;
+        }
+        Assert.assertTrue(passing);
+    }
+
+    @Test
+    public void invalidateSharedNetworkIPv6RouterAddress() {
+        String routerIPv6 = "fd17:ac56:1234:2000::fg";
+        NetworkOffering ntwkOff = Mockito.mock(NetworkOffering.class);
+        when(ntwkOff.getGuestType()).thenReturn(Network.GuestType.Shared);
+        boolean passing = false;
+        try {
+            service.validateSharedNetworkRouterIPs(IP4_GATEWAY, null, null, IP4_NETMASK, null, routerIPv6, null, null, IP6_CIDR, ntwkOff);
+        } catch (CloudRuntimeException e) {
+            Assert.assertTrue(e.getMessage().contains("Router IPv6 address provided is of incorrect format"));
+            passing = true;
+        }
+        Assert.assertTrue(passing);
+    }
+
+    @Test
+    public void invalidateSharedNetworkIPv4RouterAddress() {
+        String routerIPv4 = "10.100.1000.1";
+        NetworkOffering ntwkOff = Mockito.mock(NetworkOffering.class);
+        when(ntwkOff.getGuestType()).thenReturn(Network.GuestType.Shared);
+        boolean passing = false;
+        try {
+            service.validateSharedNetworkRouterIPs(IP4_GATEWAY, null, null, IP4_NETMASK, routerIPv4, null, null, null, IP6_CIDR, ntwkOff);
+        } catch (CloudRuntimeException e) {
+            Assert.assertTrue(e.getMessage().contains("Router IPv4 IP provided is of incorrect format"));
+            passing = true;
+        }
+        Assert.assertTrue(passing);
+    }
+
+    @Test
+    public void checkAndDontSetSourceNatIp() {
+        CreateNetworkCmd cmd = new CreateNetworkCmd();
+        String srcNatIp = "10.100.1000.1";
+        try {
+            service.checkAndSetRouterSourceNatIp(account, cmd, null);
+        } catch (InsufficientAddressCapacityException | ResourceAllocationException e) {
+            Assert.fail(e.getMessage());
+        }
+    }
+
+    @Test
+    public void checkAndSetSourceNatIp() {
+        String srcNatIp = "10.100.1000.10000";
+        Long networkOfferingId = 2l;
+        Long zoneId = 3l;
+        registerCallContext();
+        ReflectionTestUtils.setField(createNetworkCmd, "networkOfferingId", networkOfferingId);
+        ReflectionTestUtils.setField(createNetworkCmd, "sourceNatIP", srcNatIp);
+        ReflectionTestUtils.setField(createNetworkCmd, "zoneId", zoneId);
+        ReflectionTestUtils.setField(createNetworkCmd, "physicalNetworkId", null);
+        NetworkVO networkVO = Mockito.spy(NetworkVO.class);
+        IpAddress ipAddress = Mockito.mock(IPAddressVO.class);
+        NetworkOffering ntwkOff = Mockito.mock(NetworkOffering.class);
+        Long networkId = 7l;
+        when(networkVO.getId()).thenReturn(networkId);
+        when(networkVO.getGuestType()).thenReturn(Network.GuestType.Isolated);
+        when(networkDao.findById(networkId)).thenReturn(networkVO);
+        when(entityMgr.findById(eq(NetworkOffering.class), eq(networkOfferingId))).thenReturn(ntwkOff);
+        when(entityMgr.findById(eq(DataCenter.class), anyLong())).thenReturn(dc);
+        when(ipAddress.getId()).thenReturn(5l);
+        when(networkVO.getId()).thenReturn(networkId);
+        when(networkVO.getGuestType()).thenReturn(Network.GuestType.Isolated);
+        try {
+            when(ipAddressManager.allocateIp(any(), anyBoolean(), any(), anyLong(), any(), any(), eq(srcNatIp))).thenReturn(ipAddress);
+            service.checkAndSetRouterSourceNatIp(account, createNetworkCmd, networkVO);
+        } catch (InsufficientAddressCapacityException | ResourceAllocationException e) {
+            Assert.fail(e.getMessage());
+        }
+    }
 }

From f0520ad47ba7ea018fe06e06f1e79d50cd442874 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Fri, 14 Apr 2023 10:06:01 +0200
Subject: [PATCH 37/51] reverse assertion condition creation

---
 .../test/java/com/cloud/network/NetworkServiceImplTest.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
index da52be7c60cb..17ad765a808e 100644
--- a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
+++ b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
@@ -833,12 +833,12 @@ public void validateSharedNetworkIPv6RouterNotInRange() {
         String routerIPv6 = "fd17:ac56:1234:2001::1";
         NetworkOffering ntwkOff = Mockito.mock(NetworkOffering.class);
         when(ntwkOff.getGuestType()).thenReturn(Network.GuestType.Shared);
-        boolean passing = false;
+        boolean passing = true;
         try {
             service.validateSharedNetworkRouterIPs(IP4_GATEWAY, null, null, IP4_NETMASK, routerIPv4, routerIPv6, null, null, IP6_CIDR, ntwkOff);
+            passing = false;
         } catch (CloudRuntimeException e) {
             Assert.assertTrue(e.getMessage().contains("Router IPv6 address provided is not with the network range"));
-            passing = true;
         }
         Assert.assertTrue(passing);
     }

From dfcc213b0377f017f45b50513382a39b1eafda5e Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Fri, 14 Apr 2023 14:32:53 +0200
Subject: [PATCH 38/51] review comments

---
 .../java/com/cloud/network/vpc/VpcService.java     |  2 +-
 .../api/command/user/network/CreateNetworkCmd.java | 14 ++------------
 .../api/command/user/network/UpdateNetworkCmd.java |  7 -------
 .../api/command/user/vpc/CreateVPCCmd.java         |  7 -------
 .../api/command/user/vpc/UpdateVPCCmd.java         | 10 ----------
 .../main/java/com/cloud/api/ApiResponseHelper.java |  2 +-
 .../com/cloud/network/NetworkServiceImplTest.java  |  3 +--
 ui/src/views/network/CreateVpc.vue                 |  8 --------
 8 files changed, 5 insertions(+), 48 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index 0b5e0debd7e1..d2dd4a7676ef 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -25,6 +25,7 @@
 import org.apache.cloudstack.api.command.user.vpc.ListStaticRoutesCmd;
 import org.apache.cloudstack.api.command.user.vpc.ListVPCsCmd;
 import org.apache.cloudstack.api.command.user.vpc.RestartVPCCmd;
+import org.apache.cloudstack.api.command.user.vpc.UpdateVPCCmd;
 
 import com.cloud.exception.ConcurrentOperationException;
 import com.cloud.exception.InsufficientAddressCapacityException;
@@ -35,7 +36,6 @@
 import com.cloud.network.IpAddress;
 import com.cloud.user.User;
 import com.cloud.utils.Pair;
-import org.apache.cloudstack.api.command.user.vpc.UpdateVPCCmd;
 
 public interface VpcService {
 
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index 825661a06040..33fc4a751d66 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@ -16,7 +16,7 @@
 // under the License.
 package org.apache.cloudstack.api.command.user.network;
 
-import com.cloud.network.NetworkService;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 
 import org.apache.cloudstack.acl.RoleType;
@@ -43,10 +43,10 @@
 import com.cloud.exception.InvalidParameterValueException;
 import com.cloud.exception.ResourceAllocationException;
 import com.cloud.network.Network;
+import com.cloud.network.NetworkService;
 import com.cloud.network.Network.GuestType;
 import com.cloud.offering.NetworkOffering;
 import com.cloud.utils.net.NetUtils;
-import org.apache.commons.lang3.StringUtils;
 
 @APICommand(name = "createNetwork", description = "Creates a network", responseObject = NetworkResponse.class, responseView = ResponseView.Restricted, entityType = {Network.class},
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
@@ -191,12 +191,6 @@ public class CreateNetworkCmd extends BaseCmd implements UserCmd {
             since = "4.19")
     private String sourceNatIP;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID,
-            type = CommandType.UUID,
-            description = "IPV4 address to be assigned to the public interface of the network router.",
-            since = "4.19")
-    private Long sourceNatIpUuid;
-
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -284,10 +278,6 @@ public String getSourceNatIP() {
         return sourceNatIP;
     }
 
-    public long getSourceNatIpId() {
-        return sourceNatIpUuid;
-    }
-
     @Override
     public boolean isDisplay() {
         if(displayNetwork == null)
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
index 4cfa998a4fe7..d3cc169b7da4 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/UpdateNetworkCmd.java
@@ -107,9 +107,6 @@ public class UpdateNetworkCmd extends BaseAsyncCustomIdCmd implements UserCmd {
     @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the network router. This address must already be acquired for this network", since = "4.19")
     private String sourceNatIP;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID, type = CommandType.UUID, description = "IPV4 address to be assigned to the piublic interface of the network router.", since = "4.19")
-    private Long sourceNatIpUuid;
-
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -191,10 +188,6 @@ public String getSourceNatIP() {
         return sourceNatIP;
     }
 
-    public Long getSourceNatIpId() {
-        return sourceNatIpUuid;
-    }
-
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
index f54981488459..d81dad3b7000 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
@@ -116,9 +116,6 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd implements UserCmd {
     @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the network router.", since = "4.19")
     private String sourceNatIP;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID, type = CommandType.UUID, description = "IPV4 address to be assigned to the public interface of the network router.", since = "4.19")
-    private Long sourceNatIpUuid;
-
     // ///////////////////////////////////////////////////
     // ///////////////// Accessors ///////////////////////
     // ///////////////////////////////////////////////////
@@ -191,10 +188,6 @@ public String getSourceNatIP() {
         return sourceNatIP;
     }
 
-    public Long getSourceNatIPId() {
-        return sourceNatIpUuid;
-    }
-
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
index 3b706dc1a691..08e202a53ba9 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
@@ -69,12 +69,6 @@ public class UpdateVPCCmd extends BaseAsyncCustomIdCmd implements UserCmd {
             since = "4.19")
     private String sourceNatIP;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP_ID,
-            type = CommandType.UUID,
-            description = "IPV4 address to be assigned to the public interface of the network router.",
-            since = "4.19")
-    private Long sourceNatIpUuid;
-
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -103,10 +97,6 @@ public String getSourceNatIP() {
         return sourceNatIP;
     }
 
-    public Long getSourceNatIPId() {
-        return sourceNatIpUuid;
-    }
-
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/server/src/main/java/com/cloud/api/ApiResponseHelper.java b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
index ad26161d4401..8f03acf54594 100644
--- a/server/src/main/java/com/cloud/api/ApiResponseHelper.java
+++ b/server/src/main/java/com/cloud/api/ApiResponseHelper.java
@@ -37,7 +37,6 @@
 
 import javax.inject.Inject;
 
-import com.cloud.network.dao.FirewallRulesDao;
 import org.apache.cloudstack.acl.ControlledEntity;
 import org.apache.cloudstack.acl.ControlledEntity.ACLType;
 import org.apache.cloudstack.affinity.AffinityGroup;
@@ -292,6 +291,7 @@
 import com.cloud.network.as.Condition;
 import com.cloud.network.as.ConditionVO;
 import com.cloud.network.as.Counter;
+import com.cloud.network.dao.FirewallRulesDao;
 import com.cloud.network.dao.IPAddressDao;
 import com.cloud.network.dao.IPAddressVO;
 import com.cloud.network.dao.LoadBalancerVO;
diff --git a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
index 17ad765a808e..8235395174e8 100644
--- a/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
+++ b/server/src/test/java/com/cloud/network/NetworkServiceImplTest.java
@@ -876,7 +876,6 @@ public void invalidateSharedNetworkIPv4RouterAddress() {
     @Test
     public void checkAndDontSetSourceNatIp() {
         CreateNetworkCmd cmd = new CreateNetworkCmd();
-        String srcNatIp = "10.100.1000.1";
         try {
             service.checkAndSetRouterSourceNatIp(account, cmd, null);
         } catch (InsufficientAddressCapacityException | ResourceAllocationException e) {
@@ -901,7 +900,7 @@ public void checkAndSetSourceNatIp() {
         when(networkVO.getId()).thenReturn(networkId);
         when(networkVO.getGuestType()).thenReturn(Network.GuestType.Isolated);
         when(networkDao.findById(networkId)).thenReturn(networkVO);
-        when(entityMgr.findById(eq(NetworkOffering.class), eq(networkOfferingId))).thenReturn(ntwkOff);
+        when(entityMgr.findById(NetworkOffering.class, networkOfferingId)).thenReturn(ntwkOff);
         when(entityMgr.findById(eq(DataCenter.class), anyLong())).thenReturn(dc);
         when(ipAddress.getId()).thenReturn(5l);
         when(networkVO.getId()).thenReturn(networkId);
diff --git a/ui/src/views/network/CreateVpc.vue b/ui/src/views/network/CreateVpc.vue
index 5c6c445a3b31..363dd440562b 100644
--- a/ui/src/views/network/CreateVpc.vue
+++ b/ui/src/views/network/CreateVpc.vue
@@ -163,14 +163,6 @@
             v-model:value="form.sourcenatipaddress"
             :placeholder="apiParams.sourcenatipaddress.description"/>
         </a-form-item>
-        <a-form-item v-if="selectedNetworkOfferingSupportsSourceNat" name="sourcenatipaddressid" ref="sourcenatipaddressid">
-          <template #label>
-            <tooltip-label :title="$t('label.routerip')" :tooltip="apiParams.sourcenatipaddressid.description"/>
-          </template>
-          <a-input
-            v-model:value="form.sourcenatipaddress"
-            :placeholder="apiParams.sourcenatipaddress.description"/>
-        </a-form-item>
         <a-form-item name="start" ref="start">
           <template #label>
             <tooltip-label :title="$t('label.start')" :tooltip="apiParams.start.description"/>

From 59d581fec215adb1b605994bf4c3e40ab9555c41 Mon Sep 17 00:00:00 2001
From: dahn <daan.hoogland@gmail.com>
Date: Tue, 25 Apr 2023 11:14:23 +0200
Subject: [PATCH 39/51] Apply suggestions from code review

Co-authored-by: Daniel Augusto Veronezi Salvador <38945620+GutoVeronezi@users.noreply.github.com>
---
 .../org/apache/cloudstack/api/response/IPAddressResponse.java   | 2 +-
 .../java/com/cloud/configuration/ConfigurationManagerImpl.java  | 2 +-
 .../java/com/cloud/configuration/ConfigurationManagerTest.java  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/api/src/main/java/org/apache/cloudstack/api/response/IPAddressResponse.java b/api/src/main/java/org/apache/cloudstack/api/response/IPAddressResponse.java
index 26c5c80db1d9..96d0793b6ffc 100644
--- a/api/src/main/java/org/apache/cloudstack/api/response/IPAddressResponse.java
+++ b/api/src/main/java/org/apache/cloudstack/api/response/IPAddressResponse.java
@@ -160,7 +160,7 @@ public class IPAddressResponse extends BaseResponseWithAnnotations implements Co
     private String networkName;
 
     @SerializedName(ApiConstants.HAS_RULES)
-    @Param(description="whether the ip address has Frewall-/PortForwarding-/LoadBalancing-rules defined")
+    @Param(description="whether the ip address has Firewall/PortForwarding/LoadBalancing rules defined")
     private boolean hasRules;
 
     public void setIpAddress(String ipAddress) {
diff --git a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
index 2f0686181bc2..c98518168503 100644
--- a/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
+++ b/server/src/main/java/com/cloud/configuration/ConfigurationManagerImpl.java
@@ -6212,7 +6212,7 @@ void validateSourceNatServiceCapablities(final Map<Capability, String> sourceNat
         if (MapUtils.isNotEmpty(sourceNatServiceCapabilityMap) && (sourceNatServiceCapabilityMap.size() > 2 || ! sourceNatCapabilitiesContainValidValues(sourceNatServiceCapabilityMap))) {
             throw new InvalidParameterValueException("Only " + Capability.SupportedSourceNatTypes.getName()
                     + ", " + Capability.RedundantRouter
-                    + " capabilities can be sepcified for source nat service");
+                    + " capabilities can be specified for source nat service");
         }
     }
 
diff --git a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
index feff0ba91d35..5d1986e68a90 100644
--- a/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
+++ b/server/src/test/java/com/cloud/configuration/ConfigurationManagerTest.java
@@ -594,7 +594,7 @@ public void validateInvalidCapabilityForSourceNatServiceCapablitiesTest() {
         try {
             configurationMgr.validateSourceNatServiceCapablities(sourceNatServiceCapabilityMap);
         } catch (InvalidParameterValueException e) {
-            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Only SupportedSourceNatTypes, Network.Capability[name=RedundantRouter] capabilities can be sepcified for source nat service"));
+            Assert.assertTrue(e.getMessage(), e.getMessage().contains("Only SupportedSourceNatTypes, Network.Capability[name=RedundantRouter] capabilities can be specified for source nat service"));
             caught = true;
         }
         Assert.assertTrue("should not be accepted", caught);

From edc7380f4af54915f3f5e5ae596ac034ea122e45 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Thu, 27 Apr 2023 09:38:51 +0200
Subject: [PATCH 40/51] review/test outcomes

---
 .../com/cloud/network/vpc/VpcService.java     |  4 +++-
 .../user/network/CreateNetworkCmd.java        |  6 ++---
 .../api/command/user/vpc/CreateVPCCmd.java    |  5 +++-
 .../network/NetworkMigrationManagerImpl.java  |  1 +
 .../com/cloud/network/vpc/VpcManagerImpl.java | 24 ++++++++++++++-----
 5 files changed, 29 insertions(+), 11 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index d2dd4a7676ef..5f30c8f96c38 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -49,12 +49,14 @@ public interface VpcService {
      * @param displayText
      * @param cidr
      * @param networkDomain TODO
+     * @param ip4Dns1
+     * @param ip4Dns2
      * @param displayVpc TODO
      * @return
      * @throws ResourceAllocationException TODO
      */
     Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName, String displayText, String cidr, String networkDomain,
-                         String dns1, String dns2, String ip6Dns1, String ip6Dns2, Boolean displayVpc, Integer publicMtu)
+                  String ip4Dns1, String ip4Dns2, String ip6Dns1, String ip6Dns2, Boolean displayVpc, Integer publicMtu)
             throws ResourceAllocationException;
 
     /**
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
index 33fc4a751d66..e74debb5454e 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/network/CreateNetworkCmd.java
@@ -185,9 +185,9 @@ public class CreateNetworkCmd extends BaseCmd implements UserCmd {
 
     @Parameter(name = ApiConstants.SOURCE_NAT_IP,
             type = CommandType.STRING,
-            description = "IPV4 address to be assigned to the public interface of the network router. This is a hint." +
-                    " If an address is given and it cannot be acquired, an error will be returned and the network won´t be implemented," +
-                    " even if so requested.",
+            description = "IPV4 address to be assigned to the public interface of the network router. " +
+                    "This address will be used as source NAT address for the network. " +
+                    "\nIf an address is given and it cannot be acquired, an error will be returned and the network won´t be implemented,",
             since = "4.19")
     private String sourceNatIP;
 
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
index d81dad3b7000..7ca66b2a471e 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/CreateVPCCmd.java
@@ -113,7 +113,10 @@ public class CreateVPCCmd extends BaseAsyncCreateCmd implements UserCmd {
     @Parameter(name = ApiConstants.IP6_DNS2, type = CommandType.STRING, description = "the second IPv6 DNS for the VPC", since = "4.18.0")
     private String ip6Dns2;
 
-    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the network router.", since = "4.19")
+    @Parameter(name = ApiConstants.SOURCE_NAT_IP, type = CommandType.STRING, description = "IPV4 address to be assigned to the public interface of the network router." +
+            "This address will be used as source NAT address for the networks in ths VPC. " +
+            "\nIf an address is given and it cannot be acquired, an error will be returned and the network won´t be implemented,",
+            since = "4.19")
     private String sourceNatIP;
 
     // ///////////////////////////////////////////////////
diff --git a/server/src/main/java/com/cloud/network/NetworkMigrationManagerImpl.java b/server/src/main/java/com/cloud/network/NetworkMigrationManagerImpl.java
index e1f4fe7fb17b..0cfd6e6021b2 100644
--- a/server/src/main/java/com/cloud/network/NetworkMigrationManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/NetworkMigrationManagerImpl.java
@@ -297,6 +297,7 @@ public Long makeCopyOfVpc(long vpcId, long vpcOfferingId) {
         Vpc copyOfVpc;
         long copyOfVpcId;
         try {
+
             copyOfVpc = _vpcService.createVpc(vpc.getZoneId(), vpcOfferingId, vpc.getAccountId(), vpc.getName(),
                     vpc.getDisplayText(), vpc.getCidr(), vpc.getNetworkDomain(), vpc.getIp4Dns1(), vpc.getIp4Dns2(),
                     vpc.getIp6Dns1(), vpc.getIp6Dns2(), vpc.isDisplay(), vpc.getPublicMtu());
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index 3ca51b05fe16..ca5cf0ca37e6 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1020,7 +1020,7 @@ public List<Long> getVpcOfferingZones(Long vpcOfferingId) {
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_VPC_CREATE, eventDescription = "creating vpc", create = true)
     public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwnerId, final String vpcName, final String displayText, final String cidr, String networkDomain,
-            final String ip4Dns1, final String ip4Dns2, final String ip6Dns1, final String ip6Dns2, final Boolean displayVpc, Integer publicMtu) throws ResourceAllocationException {
+                         final String ip4Dns1, final String ip4Dns2, final String ip6Dns1, final String ip6Dns2, final Boolean displayVpc, Integer publicMtu) throws ResourceAllocationException {
         final Account caller = CallContext.current().getCallingAccount();
         final Account owner = _accountMgr.getAccount(vpcOwnerId);
 
@@ -1094,6 +1094,7 @@ public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwner
         final VpcVO vpc = new VpcVO(zoneId, vpcName, displayText, owner.getId(), owner.getDomainId(), vpcOffId, cidr, networkDomain, useDistributedRouter, isRegionLevelVpcOff,
                 vpcOff.isRedundantRouter(), ip4Dns1, ip4Dns2, ip6Dns1, ip6Dns2);
             vpc.setPublicMtu(publicMtu);
+            vpc.setDisplay(Boolean.TRUE.equals(displayVpc));
 
         return createVpc(displayVpc, vpc);
     }
@@ -1101,9 +1102,24 @@ public Vpc createVpc(final long zoneId, final long vpcOffId, final long vpcOwner
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_VPC_CREATE, eventDescription = "creating vpc", create = true)
     public Vpc createVpc(CreateVPCCmd cmd) throws ResourceAllocationException {
-        return createVpc(cmd.getZoneId(), cmd.getVpcOffering(), cmd.getEntityOwnerId(), cmd.getVpcName(), cmd.getDisplayText(),
+        Vpc vpc = createVpc(cmd.getZoneId(), cmd.getVpcOffering(), cmd.getEntityOwnerId(), cmd.getVpcName(), cmd.getDisplayText(),
             cmd.getCidr(), cmd.getNetworkDomain(), cmd.getIp4Dns1(), cmd.getIp4Dns2(), cmd.getIp6Dns1(),
             cmd.getIp6Dns2(), cmd.isDisplay(), cmd.getPublicMtu());
+        // associate cmd.getSourceNatIP() with this vpc
+        allocateSourceNatIp(vpc, cmd.getSourceNatIP());
+        return vpc;
+    }
+
+    private void allocateSourceNatIp(Vpc vpc, String sourceNatIP) {
+        Account account = _accountMgr.getAccount(vpc.getAccountId());
+        DataCenter zone = _dcDao.findById(vpc.getZoneId());
+        // reserve this ip and then
+        try {
+            IpAddress ip = _ipAddrMgr.allocateIp(account, false, CallContext.current().getCallingAccount(), CallContext.current().getCallingUserId(), zone, null, sourceNatIP);
+            this.associateIPToVpc(ip.getId(), vpc.getId());
+        } catch (ResourceAllocationException | ResourceUnavailableException | InsufficientAddressCapacityException e){
+            throw new CloudRuntimeException("new source NAT address cannot be acquired", e);
+        }
     }
 
     @DB
@@ -1129,10 +1145,6 @@ protected Vpc createVpc(final Boolean displayVpc, final VpcVO vpc) {
         return Transaction.execute(new TransactionCallback<VpcVO>() {
             @Override
             public VpcVO doInTransaction(final TransactionStatus status) {
-                if (displayVpc != null) {
-                    vpc.setDisplay(displayVpc);
-                }
-
                 final VpcVO persistedVpc = vpcDao.persist(vpc, finalizeServicesAndProvidersForVpc(vpc.getZoneId(), vpc.getVpcOfferingId()));
                 _resourceLimitMgr.incrementResourceCount(vpc.getAccountId(), ResourceType.vpc);
                 s_logger.debug("Created VPC " + persistedVpc);

From e49a23d7d4b69e73183916630b4600ed88a0d2eb Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 1 May 2023 11:54:07 +0200
Subject: [PATCH 41/51] integration tests

---
 .github/workflows/ci.yml               |  3 ++-
 test/integration/smoke/test_network.py | 28 +++++++++-----------------
 tools/marvin/marvin/lib/base.py        |  5 ++++-
 3 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fadf33f2043a..4a2fe8f8ccf3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -79,7 +79,8 @@ jobs:
                   smoke/test_metrics_api
                   smoke/test_migration
                   smoke/test_multipleips_per_nic
-                  smoke/test_nested_virtualization",
+                  smoke/test_nested_virtualization
+                  smoke/test_set_source_nat",
                 "smoke/test_network
                   smoke/test_network_acl
                   smoke/test_network_ipv6
diff --git a/test/integration/smoke/test_network.py b/test/integration/smoke/test_network.py
index 0c37c0836b8c..56b434f32416 100644
--- a/test/integration/smoke/test_network.py
+++ b/test/integration/smoke/test_network.py
@@ -72,9 +72,6 @@
 
 class TestPublicIP(cloudstackTestCase):
 
-    def setUp(self):
-        self.apiclient = self.testClient.getApiClient()
-
     @classmethod
     def setUpClass(cls):
         testClient = super(TestPublicIP, cls).getClsTestClient()
@@ -85,6 +82,7 @@ def setUpClass(cls):
         cls.domain = get_domain(cls.apiclient)
         cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
         cls.services['mode'] = cls.zone.networktype
+        cls._cleanup = []
         # Create Accounts & networks
         cls.account = Account.create(
             cls.apiclient,
@@ -92,18 +90,21 @@ def setUpClass(cls):
             admin=True,
             domainid=cls.domain.id
         )
+        cls._cleanup.append(cls.account)
 
         cls.user = Account.create(
             cls.apiclient,
             cls.services["account"],
             domainid=cls.domain.id
         )
+        cls._cleanup.append(cls.user)
         cls.services["network"]["zoneid"] = cls.zone.id
 
         cls.network_offering = NetworkOffering.create(
             cls.apiclient,
             cls.services["network_offering"],
         )
+        cls._cleanup.append(cls.network_offering)
         # Enable Network offering
         cls.network_offering.update(cls.apiclient, state='Enabled')
 
@@ -114,17 +115,20 @@ def setUpClass(cls):
             cls.account.name,
             cls.account.domainid
         )
+        cls._cleanup.append(cls.account_network)
         cls.user_network = Network.create(
             cls.apiclient,
             cls.services["network"],
             cls.user.name,
             cls.user.domainid
         )
+        cls._cleanup.append(cls.user_network)
 
         cls.service_offering = ServiceOffering.create(
             cls.apiclient,
             cls.services["service_offerings"]["tiny"],
         )
+        cls._cleanup.append(cls.service_offering)
 
         cls.hypervisor = testClient.getHypervisorInfo()
         cls.template = get_test_template(
@@ -146,6 +150,7 @@ def setUpClass(cls):
             networkids=cls.account_network.id,
             serviceofferingid=cls.service_offering.id
         )
+        cls._cleanup.append(cls.account_vm)
 
         cls.user_vm = VirtualMachine.create(
             cls.apiclient,
@@ -156,6 +161,7 @@ def setUpClass(cls):
             networkids=cls.user_network.id,
             serviceofferingid=cls.service_offering.id
         )
+        cls._cleanup.append(cls.user_vm)
 
         # Create Source NAT IP addresses
         PublicIPAddress.create(
@@ -170,25 +176,11 @@ def setUpClass(cls):
             cls.zone.id,
             cls.user.domainid
         )
-        cls._cleanup = [
-            cls.account_vm,
-            cls.user_vm,
-            cls.account_network,
-            cls.user_network,
-            cls.account,
-            cls.user,
-            cls.network_offering
-        ]
         return
 
     @classmethod
     def tearDownClass(cls):
-        try:
-            # Cleanup resources used
-            cleanup_resources(cls.apiclient, cls._cleanup)
-        except Exception as e:
-            raise Exception("Warning: Exception during cleanup : %s" % e)
-        return
+        super(TestPublicIP, cls).tearDownClass()
 
     @attr(tags=["advanced", "advancedns", "smoke", "dvs"], required_hardware="false")
     def test_public_ip_admin_account(self):
diff --git a/tools/marvin/marvin/lib/base.py b/tools/marvin/marvin/lib/base.py
index 9d28d5a3f2a0..bb9541686d2e 100755
--- a/tools/marvin/marvin/lib/base.py
+++ b/tools/marvin/marvin/lib/base.py
@@ -3481,7 +3481,8 @@ def create(cls, apiclient, services, accountid=None, domainid=None,
                networkofferingid=None, projectid=None,
                subdomainaccess=None, zoneid=None,
                gateway=None, netmask=None, vpcid=None, aclid=None, vlan=None,
-               externalid=None, bypassvlanoverlapcheck=None, associatednetworkid=None, publicmtu=None, privatemtu=None):
+               externalid=None, bypassvlanoverlapcheck=None, associatednetworkid=None, publicmtu=None, privatemtu=None,
+               sourcenatipaddress=None):
         """Create Network for account"""
         cmd = createNetwork.createNetworkCmd()
         cmd.name = services["name"]
@@ -3563,6 +3564,8 @@ def create(cls, apiclient, services, accountid=None, domainid=None,
             cmd.publicmtu = publicmtu
         if privatemtu:
             cmd.privatemtu = privatemtu
+        if sourcenatipaddress:
+            cmd.sourcenatipaddress = sourcenatipaddress
         return Network(apiclient.createNetwork(cmd).__dict__)
 
     def delete(self, apiclient):

From 1789a71e39e1b4a6bf356fb4ee84b57e806955e6 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 1 May 2023 11:54:25 +0200
Subject: [PATCH 42/51] todo no longer valid

---
 api/src/main/java/com/cloud/network/vpc/VpcService.java | 2 --
 1 file changed, 2 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index 5f30c8f96c38..9a9a93f3675c 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -111,8 +111,6 @@ Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName, Strin
 
     /**
      * Lists VPC(s) based on the parameters passed to the method call
-     *
-     * TODO phase out to replace with the one with the cmd as parameter object
      */
     Pair<List<? extends Vpc>, Integer> listVpcs(Long id, String vpcName, String displayText, List<String> supportedServicesStr, String cidr, Long vpcOffId, String state,
                                                 String accountName, Long domainId, String keyword, Long startIndex, Long pageSizeVal, Long zoneId, Boolean isRecursive, Boolean listAll, Boolean restartRequired,

From 3451f4da1cda33e5bab7759745823b3ee2b662f3 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 1 May 2023 15:18:14 +0200
Subject: [PATCH 43/51] warn network restart

---
 ui/public/locales/en.json              | 1 +
 ui/src/views/network/UpdateNetwork.vue | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index 624d23377b2d..c867e3fbbbe2 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -2865,6 +2865,7 @@
 "message.setup.physical.network.during.zone.creation.basic": "When adding a basic zone, you can set up one physical network, which corresponds to a NIC on the hypervisor. The network carries several types of traffic.<br/><br/>You may also <strong>add</strong> other traffic types onto the physical network.",
 "message.shared.network.offering.warning": "Domain admins and regular users can only create shared networks from network offering with the setting specifyvlan=false. Please contact an administrator to create a network offering if this list is empty.",
 "message.shutdown.triggered": "A shutdown has been triggered. CloudStack will not accept new jobs",
+"message.sourcenatip.change.warning": "WARNING: Changing the sourcenat ip of the network will cause connectivity downtime for the VMs with NICs in the network.",
 "message.specify.tag.key": "Please specify a tag key.",
 "message.specify.tag.value": "Please specify a tag value.",
 "message.step.2.continue": "Please select a service offering to continue.",
diff --git a/ui/src/views/network/UpdateNetwork.vue b/ui/src/views/network/UpdateNetwork.vue
index f6d835446e25..735bb4a3c292 100644
--- a/ui/src/views/network/UpdateNetwork.vue
+++ b/ui/src/views/network/UpdateNetwork.vue
@@ -84,6 +84,14 @@
           <template #label>
             <tooltip-label :title="$t('label.sourcenatipaddress')" :tooltip="apiParams.sourcenatipaddress.description"/>
           </template>
+          <span v-if="sourcenatipaddress">
+            <a-alert type="warning">
+              <template #message>
+                <span v-html="$t('message.sourcenatip.change.warning')" />
+              </template>
+            </a-alert>
+            <br/>
+          </span>
           <a-input
             v-model:value="form.sourcenatipaddress"
             :placeholder="apiParams.sourcenatipaddress.description"

From 8745076f1d44a863a1c19c9519a0bbba3d6e9750 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Tue, 2 May 2023 11:08:29 +0200
Subject: [PATCH 44/51] auto restart vpc and warn pop-up to user

---
 .../com/cloud/network/vpc/VpcService.java     | 10 +-
 .../api/command/user/vpc/UpdateVPCCmd.java    | 25 +++--
 .../command/user/vpc/UpdateVPCCmdTest.java    |  4 +-
 .../com/cloud/network/vpc/VpcManagerImpl.java | 11 ++-
 .../cloud/network/vpc/VpcManagerImplTest.java |  2 +-
 ui/src/views/network/IpAddressesTab.vue       | 96 +++++++++++++------
 6 files changed, 102 insertions(+), 46 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index 9a9a93f3675c..6ffabb4c039f 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -79,13 +79,17 @@ Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName, Strin
      */
     boolean deleteVpc(long vpcId) throws ConcurrentOperationException, ResourceUnavailableException;
 
+    /**
+     */
     /**
      * Persists VPC record in the database
      *
      * @param cmd the command with specification data for updating the vpc
      * @return a data object describing the new vpc state
+     * @throws ResourceUnavailableException if during restart some resources may not be available
+     * @throws InsufficientCapacityException if for instance no address space, compute or storage is sufficiently available
      */
-    Vpc updateVpc(UpdateVPCCmd cmd);
+    Vpc updateVpc(UpdateVPCCmd cmd) throws ResourceUnavailableException, InsufficientCapacityException;
 
     /**
      * Updates VPC with new name/displayText
@@ -98,8 +102,10 @@ Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName, Strin
      * @param mtu what maximal transfer unit to us in this VPCs networks
      * @param sourceNatIp the source NAT address to use for this VPC (must already be associated with the VPC)
      * @return an object describing the current state of the VPC
+     * @throws ResourceUnavailableException if during restart some resources may not be available
+     * @throws InsufficientCapacityException if for instance no address space, compute or storage is sufficiently available
      */
-    Vpc updateVpc(long vpcId, String vpcName, String displayText, String customId, Boolean displayVpc, Integer mtu, String sourceNatIp);
+    Vpc updateVpc(long vpcId, String vpcName, String displayText, String customId, Boolean displayVpc, Integer mtu, String sourceNatIp) throws ResourceUnavailableException, InsufficientCapacityException;
 
     /**
      * Lists VPC(s) based on the parameters passed to the API call
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
index 08e202a53ba9..d4c7d0d5c599 100644
--- a/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
+++ b/api/src/main/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmd.java
@@ -34,6 +34,8 @@
 import org.apache.cloudstack.api.response.VpcResponse;
 
 import com.cloud.event.EventTypes;
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.vpc.Vpc;
 import com.cloud.user.Account;
 
@@ -117,13 +119,22 @@ public long getEntityOwnerId() {
 
     @Override
     public void execute() {
-        Vpc result = _vpcService.updateVpc(this);
-        if (result != null) {
-            VpcResponse response = _responseGenerator.createVpcResponse(getResponseView(), result);
-            response.setResponseName(getCommandName());
-            setResponseObject(response);
-        } else {
-            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update VPC");
+        try {
+            Vpc result = _vpcService.updateVpc(this);
+            if (result != null) {
+                VpcResponse response = _responseGenerator.createVpcResponse(getResponseView(), result);
+                response.setResponseName(getCommandName());
+                setResponseObject(response);
+            } else {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, "Failed to update VPC");
+            }
+        } catch (final ResourceUnavailableException ex) {
+            s_logger.warn("Exception: ", ex);
+            throw new ServerApiException(ApiErrorCode.RESOURCE_UNAVAILABLE_ERROR, ex.getMessage());
+        } catch (final InsufficientCapacityException ex) {
+            s_logger.info(ex);
+            s_logger.trace(ex);
+            throw new ServerApiException(ApiErrorCode.INSUFFICIENT_CAPACITY_ERROR, ex.getMessage());
         }
     }
 
diff --git a/api/src/test/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmdTest.java b/api/src/test/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmdTest.java
index 57f75b6d6713..d174d3694cd5 100644
--- a/api/src/test/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmdTest.java
+++ b/api/src/test/java/org/apache/cloudstack/api/command/user/vpc/UpdateVPCCmdTest.java
@@ -17,6 +17,8 @@
 
 package org.apache.cloudstack.api.command.user.vpc;
 
+import com.cloud.exception.InsufficientCapacityException;
+import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.network.vpc.Vpc;
 import com.cloud.network.vpc.VpcService;
 import junit.framework.TestCase;
@@ -72,7 +74,7 @@ public void testGetPublicMtu() {
         Assert.assertEquals(cmd.getPublicMtu(), publicMtu);
     }
 
-    public void testExecute() {
+    public void testExecute() throws ResourceUnavailableException, InsufficientCapacityException {
         ReflectionTestUtils.setField(cmd, "id", 1L);
         ReflectionTestUtils.setField(cmd, "vpcName", "updatedVpcName");
         ReflectionTestUtils.setField(cmd, "displayText", "Updated VPC Name");
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index ca5cf0ca37e6..ccd5af9a38f9 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1258,13 +1258,13 @@ public void doInTransactionWithoutResult(final TransactionStatus status) {
     }
 
     @Override
-    public Vpc updateVpc(UpdateVPCCmd cmd) {
+    public Vpc updateVpc(UpdateVPCCmd cmd) throws ResourceUnavailableException, InsufficientCapacityException {
         return updateVpc(cmd.getId(), cmd.getVpcName(), cmd.getDisplayText(), cmd.getCustomId(), cmd.isDisplayVpc(), cmd.getPublicMtu(), cmd.getSourceNatIP());
     }
 
     @Override
     @ActionEvent(eventType = EventTypes.EVENT_VPC_UPDATE, eventDescription = "updating vpc")
-    public Vpc updateVpc(final long vpcId, final String vpcName, final String displayText, final String customId, final Boolean displayVpc, Integer mtu, String sourceNatIp) {
+    public Vpc updateVpc(final long vpcId, final String vpcName, final String displayText, final String customId, final Boolean displayVpc, Integer mtu, String sourceNatIp) throws ResourceUnavailableException, InsufficientCapacityException {
         CallContext.current().setEventDetails(" Id: " + vpcId);
         final Account caller = CallContext.current().getCallingAccount();
 
@@ -1300,12 +1300,13 @@ public Vpc updateVpc(final long vpcId, final String vpcName, final String displa
         }
 
         boolean restartRequired = checkAndUpdateRouterSourceNatIp(vpcToUpdate, sourceNatIp);
-        if (restartRequired) {
-            vpc.setRestartRequired(true);
-        }
 
         if (vpcDao.update(vpcId, vpc)) {
             s_logger.debug("Updated VPC id=" + vpcId);
+            if (restartRequired) {
+                final User callingUser = _accountMgr.getActiveUser(CallContext.current().getCallingUserId());
+                restartVpc(vpcId, true, false, false, callingUser);
+            }
             return vpcDao.findById(vpcId);
         } else {
             return null;
diff --git a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
index 05d61bba4834..13cee3ab3df4 100644
--- a/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
+++ b/server/src/test/java/com/cloud/network/vpc/VpcManagerImplTest.java
@@ -359,7 +359,7 @@ public void testCreateVpcNetwork() throws InsufficientCapacityException, Resourc
     }
 
     @Test
-    public void testUpdateVpcNetwork() throws ResourceUnavailableException {
+    public void testUpdateVpcNetwork() throws ResourceUnavailableException, InsufficientCapacityException {
         long vpcId = 1L;
         Integer publicMtu = 1450;
         String sourceNatIp = "1.2.3.4";
diff --git a/ui/src/views/network/IpAddressesTab.vue b/ui/src/views/network/IpAddressesTab.vue
index 20cd661f35b0..5f927d96558a 100644
--- a/ui/src/views/network/IpAddressesTab.vue
+++ b/ui/src/views/network/IpAddressesTab.vue
@@ -84,7 +84,7 @@
                 :danger="false"
                 icon="aim-outlined"
                 :disabled="!('updateNetwork' in $store.getters.apis)"
-                @onClick="setSourceNatIp(record)" />
+                @onClick="showChangeSourceNat(record)" />
             </template>
           </template>
 
@@ -166,6 +166,24 @@
         </a-form>
       </a-spin>
     </a-modal>
+    <a-modal
+      v-if="changeSourceNat"
+      :title="$t('label.action.set.as.source.nat.ip')"
+      :visible="changeSourceNat"
+      :closable="true"
+      :footer="null"
+      @cancel="cancelChangeSourceNat"
+      centered
+      :disabled="!('updateNetwork' in $store.getters.apis)"
+      width="450px">
+      <template>
+        <a-alert :message="$t('message.sourcenatip.change.warning')" type="warning" />
+      </template>
+      <div :span="24" class="action-button">
+        <a-button @click="cancelChangeSourceNat">{{ $t('label.cancel') }}</a-button>
+        <a-button ref="submit" type="primary" @click="setSourceNatIp(record)">{{ $t('label.ok') }}</a-button>
+      </div>
+    </a-modal>
     <bulk-action-view
       v-if="showConfirmationAction || showGroupActionModal"
       :showConfirmationAction="showConfirmationAction"
@@ -259,7 +277,8 @@ export default {
       showAcquireIp: false,
       acquireLoading: false,
       acquireIp: null,
-      listPublicIpAddress: []
+      listPublicIpAddress: [],
+      changeSourceNat: false
     }
   },
   created () {
@@ -334,38 +353,48 @@ export default {
     },
     setSourceNatIp (ipaddress) {
       if (this.settingsourcenat) return
-      const params = {}
-      params.sourcenatipaddress = ipaddress.ipaddress
       if (this.$route.path.startsWith('/vpc')) {
-        params.id = this.resource.id
-        this.settingsourcenat = true
-        api('updateVPC', params).then(response => {
-          this.fetchData()
-        }).catch(error => {
-          this.$notification.error({
-            message: `${this.$t('label.error')} ${error.response.status}`,
-            description: error.response.data.updatevpcresponse.errortext || error.response.data.errorresponse.errortext,
-            duration: 0
-          })
-        }).finally(() => {
-          this.settingsourcenat = false
-        })
+        this.updateVpc(ipaddress)
       } else {
-        params.id = this.resource.id
-        this.settingsourcenat = true
-        api('updateNetwork', params).then(response => {
-          this.fetchData()
-        }).catch(error => {
-          this.$notification.error({
-            message: `${this.$t('label.error')} ${error.response.status}`,
-            description: error.response.data.updatenetworkresponse.errortext || error.response.data.errorresponse.errortext,
-            duration: 0
-          })
-        }).finally(() => {
-          this.settingsourcenat = false
-        })
+        this.updateNetwork(ipaddress)
       }
     },
+    updateNetwork (ipaddress) {
+      const params = {}
+      params.sourcenatipaddress = this.sourceNatIp.ipaddress
+      params.id = this.resource.id
+      this.settingsourcenat = true
+      api('updateNetwork', params).then(response => {
+        this.fetchData()
+      }).catch(error => {
+        this.$notification.error({
+          message: `${this.$t('label.error')} ${error.response.status}`,
+          description: error.response.data.updatenetworkresponse.errortext || error.response.data.errorresponse.errortext,
+          duration: 0
+        })
+      }).finally(() => {
+        this.settingsourcenat = false
+        this.cancelChangeSourceNat()
+      })
+    },
+    updateVpc (ipaddress) {
+      const params = {}
+      params.sourcenatipaddress = this.sourceNatIp.ipaddress
+      params.id = this.resource.id
+      this.settingsourcenat = true
+      api('updateVPC', params).then(response => {
+        this.fetchData()
+      }).catch(error => {
+        this.$notification.error({
+          message: `${this.$t('label.error')} ${error.response.status}`,
+          description: error.response.data.updatevpcresponse.errortext || error.response.data.errorresponse.errortext,
+          duration: 0
+        })
+      }).finally(() => {
+        this.settingsourcenat = false
+        this.cancelChangeSourceNat()
+      })
+    },
     resetSelection () {
       this.setSelection([])
     },
@@ -525,6 +554,13 @@ export default {
     },
     closeModal () {
       this.showConfirmationAction = false
+    },
+    showChangeSourceNat (ipaddress) {
+      this.changeSourceNat = true
+      this.sourceNatIp = ipaddress
+    },
+    cancelChangeSourceNat () {
+      this.changeSourceNat = false
     }
   }
 }

From 54e8e10afb4e05c550ca6f848810c12e6dd5b172 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Tue, 2 May 2023 16:57:18 +0200
Subject: [PATCH 45/51] fix warning message and some minor issues

---
 api/src/main/java/com/cloud/network/vpc/VpcService.java   | 2 --
 .../main/java/com/cloud/network/vpc/VpcManagerImpl.java   | 3 +++
 ui/src/views/network/IpAddressesTab.vue                   | 2 +-
 ui/src/views/network/UpdateNetwork.vue                    | 8 +++++---
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/api/src/main/java/com/cloud/network/vpc/VpcService.java b/api/src/main/java/com/cloud/network/vpc/VpcService.java
index 6ffabb4c039f..2cdc034a16e1 100644
--- a/api/src/main/java/com/cloud/network/vpc/VpcService.java
+++ b/api/src/main/java/com/cloud/network/vpc/VpcService.java
@@ -79,8 +79,6 @@ Vpc createVpc(long zoneId, long vpcOffId, long vpcOwnerId, String vpcName, Strin
      */
     boolean deleteVpc(long vpcId) throws ConcurrentOperationException, ResourceUnavailableException;
 
-    /**
-     */
     /**
      * Persists VPC record in the database
      *
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index ccd5af9a38f9..f58191027471 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1304,6 +1304,9 @@ public Vpc updateVpc(final long vpcId, final String vpcName, final String displa
         if (vpcDao.update(vpcId, vpc)) {
             s_logger.debug("Updated VPC id=" + vpcId);
             if (restartRequired) {
+                if (s_logger.isDebugEnabled()) {
+                    s_logger.debug(String.format("restating vpc %s/%s, due to changing sourcenat in Update VPC call", vpc.getName(), vpc.getUuid()));
+                }
                 final User callingUser = _accountMgr.getActiveUser(CallContext.current().getCallingUserId());
                 restartVpc(vpcId, true, false, false, callingUser);
             }
diff --git a/ui/src/views/network/IpAddressesTab.vue b/ui/src/views/network/IpAddressesTab.vue
index 5f927d96558a..51f11dd15c79 100644
--- a/ui/src/views/network/IpAddressesTab.vue
+++ b/ui/src/views/network/IpAddressesTab.vue
@@ -168,7 +168,7 @@
     </a-modal>
     <a-modal
       v-if="changeSourceNat"
-      :title="$t('label.action.set.as.source.nat.ip')"
+      :title="$t('message.sourcenatip.change.warning')"
       :visible="changeSourceNat"
       :closable="true"
       :footer="null"
diff --git a/ui/src/views/network/UpdateNetwork.vue b/ui/src/views/network/UpdateNetwork.vue
index 735bb4a3c292..42c91073ef22 100644
--- a/ui/src/views/network/UpdateNetwork.vue
+++ b/ui/src/views/network/UpdateNetwork.vue
@@ -84,7 +84,7 @@
           <template #label>
             <tooltip-label :title="$t('label.sourcenatipaddress')" :tooltip="apiParams.sourcenatipaddress.description"/>
           </template>
-          <span v-if="sourcenatipaddress">
+          <span v-if="sourcenatchange">
             <a-alert type="warning">
               <template #message>
                 <span v-html="$t('message.sourcenatip.change.warning')" />
@@ -95,7 +95,8 @@
           <a-input
             v-model:value="form.sourcenatipaddress"
             :placeholder="apiParams.sourcenatipaddress.description"
-            v-focus="true" />
+            v-focus="true"
+            @change="sourcenatchange = form.sourcenatipaddress.length > 0"/>
         </a-form-item>
         <a-form-item name="networkofferingid" ref="networkofferingid" v-if="isUpdatingIsolatedNetwork">
           <template #label>
@@ -255,7 +256,8 @@ export default {
       minMTU: 68,
       errorPrivateMtu: '',
       errorPublicMtu: '',
-      setMTU: false
+      setMTU: false,
+      sourcenatchange: false
     }
   },
   beforeCreate () {

From c3bc8f9756beefbb26136d134def6ea1b79fc0c3 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 3 May 2023 08:59:55 +0200
Subject: [PATCH 46/51] integration test

---
 test/integration/smoke/test_set_sourcenat.py | 274 +++++++++++++++++++
 1 file changed, 274 insertions(+)
 create mode 100644 test/integration/smoke/test_set_sourcenat.py

diff --git a/test/integration/smoke/test_set_sourcenat.py b/test/integration/smoke/test_set_sourcenat.py
new file mode 100644
index 000000000000..6a3e1ee99cbf
--- /dev/null
+++ b/test/integration/smoke/test_set_sourcenat.py
@@ -0,0 +1,274 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+""" BVT tests for Network Life Cycle
+"""
+# Import Local Modules
+from marvin.codes import (FAILED, STATIC_NAT_RULE, LB_RULE,
+                          NAT_RULE, PASS)
+from marvin.cloudstackTestCase import cloudstackTestCase
+from marvin.lib.base import (Account,
+                             VPC,
+                             VpcOffering,
+                             ServiceOffering,
+                             PublicIPAddress,
+                             Network,
+                             NetworkOffering)
+from marvin.lib.common import (get_domain,
+                               get_free_vlan,
+                               get_zone,
+                               get_template,
+                               get_test_template,
+                               list_publicIP)
+
+from nose.plugins.attrib import attr
+# Import System modules
+import time
+import logging
+
+_multiprocess_shared_ = True
+
+logger = logging.getLogger('TestSetSourceNatIp')
+stream_handler = logging.StreamHandler()
+logger.setLevel(logging.DEBUG)
+logger.addHandler(stream_handler)
+
+
+class TestSetSourceNatIp(cloudstackTestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        testClient = super(TestSetSourceNatIp, cls).getClsTestClient()
+        cls.apiclient = testClient.getApiClient()
+        cls.services = testClient.getParsedTestDataConfig()
+
+        # Get Zone, Domain and templates
+        cls.domain = get_domain(cls.apiclient)
+        cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
+        cls.services['mode'] = cls.zone.networktype
+        cls._cleanup = []
+        # Create Accounts & networks
+        cls.account = Account.create(
+            cls.apiclient,
+            cls.services["account"],
+            admin=True,
+            domainid=cls.domain.id
+        )
+        cls._cleanup.append(cls.account)
+
+        cls.services["network"]["zoneid"] = cls.zone.id
+
+        cls.vpc_offering = VpcOffering.create(
+            cls.apiclient,
+            cls.services["vpc_offering"],
+        )
+        cls._cleanup.append(cls.vpc_offering)
+        cls.vpc_offering.update(cls.apiclient, state='Enabled')
+        cls.services["vpc"]["vpcoffering"] = cls.vpc_offering.id
+
+        cls.network_offering = NetworkOffering.create(
+            cls.apiclient,
+            cls.services["network_offering"],
+        )
+        cls._cleanup.append(cls.network_offering)
+        # Enable Network offering
+        cls.network_offering.update(cls.apiclient, state='Enabled')
+
+        cls.services["network"]["networkoffering"] = cls.network_offering.id
+
+        cls.service_offering = ServiceOffering.create(
+            cls.apiclient,
+            cls.services["service_offerings"]["tiny"],
+        )
+        cls._cleanup.append(cls.service_offering)
+
+        cls.hypervisor = testClient.getHypervisorInfo()
+        cls.template = get_test_template(
+            cls.apiclient,
+            cls.zone.id,
+            cls.hypervisor
+        )
+        if cls.template == FAILED:
+            assert False, "get_test_template() failed to return template"
+
+        cls.services["virtual_machine"]["zoneid"] = cls.zone.id
+        network = Network.create(
+            cls.apiclient,
+            cls.services["network"],
+            cls.account.name,
+            cls.account.domainid
+        )
+        cls._cleanup.append(network)
+        ip_address = PublicIPAddress.create(
+            cls.apiclient,
+            cls.account.name,
+            cls.zone.id,
+            cls.account.domainid
+        )
+        cls._cleanup.append(ip_address)
+        cls.ip_to_want = ip_address.ipaddress.ipaddress
+        cls.debug(f'==== my local ip: {cls.ip_to_want}')
+        ip_address.delete(cls.apiclient)
+        cls._cleanup.remove(ip_address)
+        network.delete(cls.apiclient)
+        cls._cleanup.remove(network)
+        return
+
+    @classmethod
+    def tearDownClass(cls):
+        super(TestSetSourceNatIp, cls).tearDownClass()
+
+    def setUp(self):
+        self.cleanup = []
+
+    def tearDown(self):
+        super(TestSetSourceNatIp, self).tearDown()
+
+    @attr(tags=["advanced", "advancedns", "smoke"], required_hardware="false")
+    def test_01_create_network_with_specified_source_nat_ip_address(self):
+        """
+        For creation of network witjh a specified address
+        """
+
+
+        self.services["network"]["networkoffering"] = self.network_offering.id
+        network = Network.create(
+            self.apiclient,
+            self.services["network"],
+            self.account.name,
+            self.account.domainid,
+            sourcenatipaddress = self.ip_to_want
+        )
+        self.cleanup.append(network)
+
+        self.validate_source_nat(network=network, ip=self.ip_to_want)
+
+
+    @attr(tags=["advanced", "advancedns", "smoke"], required_hardware="false")
+    def test_02_change_source_nat_ip_address_for_network(self):
+        """
+        Test changing a networks source NAT IP address
+        """
+        network = Network.create(
+            self.apiclient,
+            self.services["network"],
+            self.account.name,
+            self.account.domainid,
+            sourcenatipaddress = self.ip_to_want
+        )
+        self.cleanup.append(network)
+        second_ip = PublicIPAddress.create(
+            self.apiclient,
+            self.account.name,
+            self.zone.id,
+            self.account.domainid,
+            networkid=network.id
+        )
+        self.cleanup.append(second_ip)
+        self.debug(f'==== second ip: {second_ip.ipaddress.ipaddress}')
+
+        self.validate_source_nat(network=network, ip=self.ip_to_want)
+
+        network.update(self.apiclient, sourcenatipaddress=second_ip.ipaddress.ipaddress)
+
+        self.validate_source_nat(network=network, ip=second_ip.ipaddress.ipaddress)
+
+        return
+
+
+    @attr(tags=["advanced", "advancedns", "smoke"], required_hardware="false")
+    def test_03_create_vpc_with_specified_source_nat_ip_address(self):
+        """
+        Test for creation of a VPC with a specified address
+        """
+
+        vpc = VPC.create(
+            self.apiclient,
+            self.services["vpc"],
+            self.vpc_offering.id,
+            self.zone.id,
+            sourcenatipaddress = self.ip_to_want
+        )
+        self.cleanup.append(vpc)
+
+        self.validate_source_nat(vpc=vpc, ip=self.ip_to_want)
+
+    @attr(tags=["advanced", "advancedns", "smoke"], required_hardware="false")
+    def test_04_change_source_nat_ip_address_for_vpc(self):
+        """
+        Test changing a networks source NAT IP address
+        """
+        vpc = VPC.create(
+            self.apiclient,
+            self.services["vpc"],
+            self.vpc_offering.id,
+            self.zone.id,
+            account=self.account.name,
+            domainid = self.account.domainid,
+            sourcenatipaddress = self.ip_to_want
+        )
+        self.cleanup.append(vpc)
+        second_ip = PublicIPAddress.create(
+            self.apiclient,
+            self.account.name,
+            self.zone.id,
+            self.account.domainid,
+            vpcid=vpc.id
+        )
+        self.debug(f'==== second ip: {second_ip.ipaddress.ipaddress}')
+
+        self.validate_source_nat(vpc=vpc, ip=self.ip_to_want)
+
+        vpc.update(self.apiclient, sourcenatipaddress=second_ip.ipaddress.ipaddress)
+
+        self.validate_source_nat(vpc=vpc, ip=second_ip.ipaddress.ipaddress)
+
+        return
+
+
+    def validate_source_nat(self, network=None, vpc=None, ip=None):
+        list_pub_ip_addr_resp = None
+        if network:
+            list_pub_ip_addr_resp = list_publicIP(
+                self.apiclient,
+                associatednetworkid=network.id,
+                listall=True,
+                issourcenat=True
+            )
+        elif vpc:
+            list_pub_ip_addr_resp = list_publicIP(
+                self.apiclient,
+                vpc=vpc.id,
+                listall=True,
+                issourcenat=True
+            )
+        self.assertEqual(
+            isinstance(list_pub_ip_addr_resp, list),
+            True,
+            "Check list response returns a valid list"
+        )
+        self.assertNotEqual(
+            len(list_pub_ip_addr_resp),
+            0,
+            "Check if new IP Address is associated"
+        )
+        self.debug(f'==== my result {list_pub_ip_addr_resp[0]}')
+        self.assertEqual(
+            list_pub_ip_addr_resp[0].ipaddress,
+            ip,
+            f"Check Correct IP Address is returned in the List, expected {ip} but got {list_pub_ip_addr_resp[0].ipaddress}"
+        )

From 406a94afe81cf32dc9e68774397742b7cd3891e8 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 3 May 2023 11:36:32 +0200
Subject: [PATCH 47/51] javadoc

---
 .../main/java/com/cloud/network/dao/FirewallRulesDao.java   | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDao.java b/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDao.java
index f2e9bcba1e5a..21200dbf9b58 100644
--- a/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDao.java
+++ b/engine/schema/src/main/java/com/cloud/network/dao/FirewallRulesDao.java
@@ -53,6 +53,12 @@ public interface FirewallRulesDao extends GenericDao<FirewallRuleVO, Long> {
 
     List<FirewallRuleVO> listByIpAndNotRevoked(long ipAddressId);
 
+    /**
+     * counts the number of portforwarding rules for an IP address
+     *
+     * @param sourceIpId the id of the IP record
+     * @return the number of portforwarding rules for this IP
+     */
     long countRulesByIpId(long sourceIpId);
 
     long countRulesByIpIdAndState(long sourceIpId, FirewallRule.State state);

From 0b8e08037ca000823733cb250a089c441b6aebc2 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 3 May 2023 11:36:53 +0200
Subject: [PATCH 48/51] bit of ui pollish

---
 ui/public/locales/en.json               |  4 +++-
 ui/src/views/network/IpAddressesTab.vue | 12 ++++++++----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index c867e3fbbbe2..e19903a98637 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -906,6 +906,7 @@
 "label.haenable": "HA enabled",
 "label.haprovider": "HA provider",
 "label.hardware": "Hardware",
+"label.hasrules":"FW rules defined",
 "label.hastate": "HA state",
 "label.header.backup.schedule": "You can set up recurring backup schedules by selecting from the available options below and applying your policy preference.",
 "label.header.volume.snapshot": "You can set up recurring snapshot schedules by selecting from the available options below and applying your policy preference.",
@@ -2865,7 +2866,8 @@
 "message.setup.physical.network.during.zone.creation.basic": "When adding a basic zone, you can set up one physical network, which corresponds to a NIC on the hypervisor. The network carries several types of traffic.<br/><br/>You may also <strong>add</strong> other traffic types onto the physical network.",
 "message.shared.network.offering.warning": "Domain admins and regular users can only create shared networks from network offering with the setting specifyvlan=false. Please contact an administrator to create a network offering if this list is empty.",
 "message.shutdown.triggered": "A shutdown has been triggered. CloudStack will not accept new jobs",
-"message.sourcenatip.change.warning": "WARNING: Changing the sourcenat ip of the network will cause connectivity downtime for the VMs with NICs in the network.",
+"message.sourcenatip.change.warning": "WARNING: Changing the sourcenat IP address of the network will cause connectivity downtime for the VMs with NICs in the network.",
+"message.sourcenatip.change.inhibited": "Changing the sourcenat to this IP of the network to this address is inhibbited as firewall rules are defined for it. This can include port forwarding or load balancing rules.\n - If this is an isolated network, please use updateNetwork/click the edit button.\n - If this is a VPC, first clear all other rules for this address.",
 "message.specify.tag.key": "Please specify a tag key.",
 "message.specify.tag.value": "Please specify a tag value.",
 "message.step.2.continue": "Please select a service offering to continue.",
diff --git a/ui/src/views/network/IpAddressesTab.vue b/ui/src/views/network/IpAddressesTab.vue
index 51f11dd15c79..5370671caeeb 100644
--- a/ui/src/views/network/IpAddressesTab.vue
+++ b/ui/src/views/network/IpAddressesTab.vue
@@ -67,16 +67,15 @@
         :pagination="false" >
         <template #bodyCell="{ column, text, record }">
           <template v-if="column.key === 'ipaddress'">
-            <router-link v-if="record.forvirtualnetwork === true" :to="{ path: '/publicip/' + record.id }" >{{ text }} </router-link>
+            <router-link v-if="record.forvirtualnetwork === true" :to="{ path: '/publicip/' + record.id }" >{{ text }}&nbsp;</router-link>
             <div v-else>{{ text }}</div>
-            &nbsp;
             <template v-if="record.issourcenat === true">
               <a-tag>{{ $t('label.sourcenat') }}</a-tag>
             </template>
             <template v-else-if="record.isstaticnat === true">
               <a-tag>{{ $t('label.staticnat') }}</a-tag>
             </template>
-            <template v-else-if="record.isstaticnat === false">
+            <template v-else-if="record.hasrules === false">
               <tooltip-button
                 v-if="record.forvirtualnetwork === true"
                 :tooltip="$t('label.action.set.as.source.nat.ip')"
@@ -84,7 +83,12 @@
                 :danger="false"
                 icon="aim-outlined"
                 :disabled="!('updateNetwork' in $store.getters.apis)"
-                @onClick="showChangeSourceNat(record)" />
+                @onClick="showChangeSourceNat(record)"></tooltip-button>
+            </template>
+            <template v-else><!-- -if="record.hasrules === true" -->
+              <Tooltip placement="topLeft" :title="$t('message.sourcenatip.change.inhibited')" >
+                <a-tag>{{ $t('label.hasrules') }}</a-tag>
+              </Tooltip>
             </template>
           </template>
 

From 9c6b92d66af155b6794d754022a4b333642279d5 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 3 May 2023 11:44:24 +0200
Subject: [PATCH 49/51] spello

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4a2fe8f8ccf3..0a36d0f71adc 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -80,7 +80,7 @@ jobs:
                   smoke/test_migration
                   smoke/test_multipleips_per_nic
                   smoke/test_nested_virtualization
-                  smoke/test_set_source_nat",
+                  smoke/test_set_sourcenat",
                 "smoke/test_network
                   smoke/test_network_acl
                   smoke/test_network_ipv6

From e8ebd71b6f67a22a4d0a206cc57cb9e9b2b14246 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Wed, 3 May 2023 11:51:59 +0200
Subject: [PATCH 50/51] spello

---
 ui/public/locales/en.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ui/public/locales/en.json b/ui/public/locales/en.json
index e19903a98637..a51a6ae737bb 100644
--- a/ui/public/locales/en.json
+++ b/ui/public/locales/en.json
@@ -2867,7 +2867,7 @@
 "message.shared.network.offering.warning": "Domain admins and regular users can only create shared networks from network offering with the setting specifyvlan=false. Please contact an administrator to create a network offering if this list is empty.",
 "message.shutdown.triggered": "A shutdown has been triggered. CloudStack will not accept new jobs",
 "message.sourcenatip.change.warning": "WARNING: Changing the sourcenat IP address of the network will cause connectivity downtime for the VMs with NICs in the network.",
-"message.sourcenatip.change.inhibited": "Changing the sourcenat to this IP of the network to this address is inhibbited as firewall rules are defined for it. This can include port forwarding or load balancing rules.\n - If this is an isolated network, please use updateNetwork/click the edit button.\n - If this is a VPC, first clear all other rules for this address.",
+"message.sourcenatip.change.inhibited": "Changing the sourcenat to this IP of the network to this address is inhibited as firewall rules are defined for it. This can include port forwarding or load balancing rules.\n - If this is an isolated network, please use updateNetwork/click the edit button.\n - If this is a VPC, first clear all other rules for this address.",
 "message.specify.tag.key": "Please specify a tag key.",
 "message.specify.tag.value": "Please specify a tag value.",
 "message.step.2.continue": "Please select a service offering to continue.",

From 6dbcee2dd4df13ba44ca0ce9efb40aceb0121753 Mon Sep 17 00:00:00 2001
From: Daan Hoogland <daan@onecht.net>
Date: Mon, 8 May 2023 09:58:52 +0200
Subject: [PATCH 51/51] extra restart check

---
 .../java/com/cloud/network/vpc/VpcManagerImpl.java    | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index f58191027471..d75020c210cf 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -1301,17 +1301,22 @@ public Vpc updateVpc(final long vpcId, final String vpcName, final String displa
 
         boolean restartRequired = checkAndUpdateRouterSourceNatIp(vpcToUpdate, sourceNatIp);
 
-        if (vpcDao.update(vpcId, vpc)) {
+        if (vpcDao.update(vpcId, vpc) || restartRequired) { // Note that the update may fail because nothing has changed, other than the sourcenat ip
             s_logger.debug("Updated VPC id=" + vpcId);
             if (restartRequired) {
                 if (s_logger.isDebugEnabled()) {
-                    s_logger.debug(String.format("restating vpc %s/%s, due to changing sourcenat in Update VPC call", vpc.getName(), vpc.getUuid()));
+                    s_logger.debug(String.format("restarting vpc %s/%s, due to changing sourcenat in Update VPC call", vpc.getName(), vpc.getUuid()));
                 }
                 final User callingUser = _accountMgr.getActiveUser(CallContext.current().getCallingUserId());
                 restartVpc(vpcId, true, false, false, callingUser);
+            } else {
+                if (s_logger.isDebugEnabled()) {
+                    s_logger.debug("no restart needed.");
+                }
             }
             return vpcDao.findById(vpcId);
         } else {
+            s_logger.error(String.format("failed to update vpc %s/%s",vpc.getName(), vpc.getUuid()));
             return null;
         }
     }
@@ -1324,7 +1329,7 @@ private boolean checkAndUpdateRouterSourceNatIp(Vpc vpc, String sourceNatIp) {
         if (! userIps.isEmpty()) {
             try {
                 _ipAddrMgr.updateSourceNatIpAddress(requestedIp, userIps);
-            } catch (Exception e) { // pokemon execption from transaction
+            } catch (Exception e) { // pokemon exception from transaction
                 String msg = String.format("Update of source NAT ip to %s for network \"%s\"/%s failed due to %s",
                         requestedIp.getAddress().addr(), vpc.getName(), vpc.getUuid(), e.getLocalizedMessage());
                 s_logger.error(msg);