From 8d1998299f9972e6244d92c4937a19b6fa01c0a1 Mon Sep 17 00:00:00 2001 From: Gregory Thiemonge Date: Wed, 13 Mar 2024 04:31:17 -0400 Subject: [PATCH] Fix fully-populated API with allowed_cidrs When creating a LB + a listener with an allowed_cidr with the fully-populated API, an issue happened when Octavia validated that the allowed_cidrs and the VIP ip address have the same IP version. The vip.ip_address value was not updated in the load balancer object, forcing the expiration of the DB object before entering _graph_create fixes this issue. Note: there's no change in the tests, the test function for this feature exists, looks correct, and passes successfully, the bug is only reproducible in octavia-api. Closes-Bug: 2057751 Change-Id: Ia106d81c1b2588e5d938d2238c8a2f6660bf5ef1 (cherry picked from commit 5d9b23c6021ad961fafc17866c6b8ea50f2dc824) --- octavia/api/v2/controllers/load_balancer.py | 7 +++++++ ...ully-populated-with-allowed-cidrs-ad04ccf02bf9cbbc.yaml | 7 +++++++ 2 files changed, 14 insertions(+) create mode 100644 releasenotes/notes/fix-fully-populated-with-allowed-cidrs-ad04ccf02bf9cbbc.yaml diff --git a/octavia/api/v2/controllers/load_balancer.py b/octavia/api/v2/controllers/load_balancer.py index f185ff4147..cdc876a6a9 100644 --- a/octavia/api/v2/controllers/load_balancer.py +++ b/octavia/api/v2/controllers/load_balancer.py @@ -558,6 +558,13 @@ class LoadBalancersController(base.BaseController): subnet_id=add_vip.subnet_id) if listeners or pools: + # expire_all is required here, it ensures that the loadbalancer + # will be re-fetched with its associated vip in _graph_create. + # without expire_all the vip attributes that have been updated + # just before this call may not be set correctly in the + # loadbalancer object. + lock_session.expire_all() + db_pools, db_lists = self._graph_create( lock_session, db_lb, listeners, pools) diff --git a/releasenotes/notes/fix-fully-populated-with-allowed-cidrs-ad04ccf02bf9cbbc.yaml b/releasenotes/notes/fix-fully-populated-with-allowed-cidrs-ad04ccf02bf9cbbc.yaml new file mode 100644 index 0000000000..47aa3d5759 --- /dev/null +++ b/releasenotes/notes/fix-fully-populated-with-allowed-cidrs-ad04ccf02bf9cbbc.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixed a bug when creating a load balancer and a listener with + ``allowed_cidrs`` with the fully-populated load balancer API, the call was + rejected because Octavia could not validate that the IP addresses of the + ``allowed_cidrs`` have the same family as the VIP address.