#!/bin/bash

function plugin_help () {
    echo "
###########################################
### azvm-deploy.sh plugin 'slb' v2501.1 ###

This plugin helps creating VM behind SLB.

Extra Optional Args:
  outbound_ports_per_vm (default value = 1000)

Note:
  SLB will redirect public_ip:8888 to ANY RANDOM VM:22, so it's recommended to only create 1 VM.
  inbound-nat-rule is not reliable even if manually created on azure portal.
"
}

function plugin_before_vm_creat () {
    vm_create_xtra_arg+=(--public-ip-address "")
}

function plugin_after_vm_creat () {
    LB_NAME=lbt_$prefix
    FE_IP=feip_$prefix
    BE_PL=bepl_$prefix
    var_default_val outbound_ports_per_vm 1000
    var_default_val enable_outbound_rule_fix 1
    debugexec az network lb create --resource-group $resgrp --name $LB_NAME --sku Standard --frontend-ip-name $FE_IP --backend-pool-name $BE_PL --vnet-name $vnetname || exit

    #if [[ $enable_outbound_rule_fix = 1 ]]; then
    #    # This is an unreliable trick to use NIC directly. It's from good-case ARM template dump. 
    #    debugexec az network lb address-pool update -g $resgrp --lb-name $LB_NAME -n $BE_PL --vnet $vnetname --backend-addresses [0].name="${resgrp}_${vmname}VMNicipconfig${vmname}" || exit
    #else
        echo -e "$COLOR_RED_BLD Warning: enable_outbound_rule_fix not enabled. outbound_ports_per_vm limit won't make effect $COLOR_CLR" 1>&2
        echo -e "$COLOR_RED_BLD If needed this feature, clear backend_pool and add VMs manually on az portal. $COLOR_CLR" 1>&2
        # When a backend pool is configured by IP address, the backend instances are not secure by default and still use default outbound access.
        # This means: outbound_ports_per_vm won't make effect
        # Ref: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/default-outbound-access#how-can-i-transition-to-an-explicit-method-of-public-connectivity-and-disable-default-outbound-access
        debugexec az network lb address-pool update -g $resgrp --lb-name $LB_NAME -n $BE_PL --vnet $vnetname --backend-addresses "[{name:addr1,ip-address:10.0.0.4}]" || exit
    #fi

    # TODO: The correct way to redirect PUBLIC:4022 to VM1:22. But azure-cli cannot associate nat-rule to machine. Even if u manually created one on az portal, it will de-associate after some time.
    # debugexec az network lb inbound-nat-rule create --resource-group $resgrp --lb-name $LB_NAME  --name nat_rule_nt --protocol Tcp --frontend-port 4022 --backend-port 22 --frontend-ip-name $FE_IP || exit
    # Warning: outbound-rule + lb-rule = outbound internet access
    debugexec az network lb outbound-rule    create --resource-group $resgrp --lb-name $LB_NAME --name MyOutboundRule --protocol All --idle-timeout 4 --frontend-ip-configs $FE_IP --address-pool $BE_PL --outbound-ports $outbound_ports_per_vm || exit

    # Redirects 8888 to ANY_MACHINE:22. Backend machine selected randomly. (replacement to inbound-nat-rule as workaround)
    debugexec az network lb rule             create --resource-group $resgrp --lb-name $LB_NAME --name lb_rule_a --protocol All --frontend-port 8888 --backend-port 22 --backend-pool-name $BE_PL --frontend-ip $FE_IP --protocol Tcp --disable-outbound-snat 1 || exit
    if [[ $vmcount != 1 ]]; then
        echo -e "$COLOR_RED_BLD Warning: PublicIp:8888 is mapped to RANDOM_MACHINE:22. Add inbound-nat-rule on az portal manually if required.$COLOR_CLR" 1>&2
    fi
}
