(cloudstack) branch 4.19 updated: Static Routes: fix check on wrong global configuration (#10066)

Fri, 31 Jan 2025 02:06:02 -0800 

This is an automated email from the ASF dual-hosted git repository.

dahn pushed a commit to branch 4.19
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/4.19 by this push:
     new fbb1ff78d63 Static Routes: fix check on wrong global configuration 
(#10066)
fbb1ff78d63 is described below

commit fbb1ff78d63d7ab7e65bec4d53c88dc60f4e4a8a
Author: Wei Zhou <[email protected]>
AuthorDate: Fri Jan 31 11:04:13 2025 +0100

    Static Routes: fix check on wrong global configuration (#10066)
---
 .../engine/orchestration/service/NetworkOrchestrationService.java     | 3 +++
 .../apache/cloudstack/engine/orchestration/NetworkOrchestrator.java   | 2 +-
 server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java        | 4 ++--
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git 
a/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java
 
b/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java
index 2005b70b439..953727f9b34 100644
--- 
a/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java
+++ 
b/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java
@@ -81,6 +81,9 @@ public interface NetworkOrchestrationService {
     ConfigKey<Integer> NetworkLockTimeout = new 
ConfigKey<Integer>(Integer.class, NetworkLockTimeoutCK, "Network", "600",
         "Lock wait timeout (seconds) while implementing network", true, 
Scope.Global, null);
 
+    ConfigKey<String> DeniedRoutes = new ConfigKey<String>(String.class, 
"denied.routes", "Network", "",
+            "Routes that are denied, can not be used for Static Routes 
creation for the VPC Private Gateway", true, ConfigKey.Scope.Zone, null);
+
     ConfigKey<String> GuestDomainSuffix = new ConfigKey<String>(String.class, 
GuestDomainSuffixCK, "Network", "cloud.internal",
         "Default domain name for vms inside virtualized networks fronted by 
router", true, ConfigKey.Scope.Zone, null);
 
diff --git 
a/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
 
b/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
index 0232e3aeb9c..26b63d2d728 100644
--- 
a/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
+++ 
b/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
@@ -4792,7 +4792,7 @@ public class NetworkOrchestrator extends ManagerBase 
implements NetworkOrchestra
 
     @Override
     public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[]{NetworkGcWait, NetworkGcInterval, 
NetworkLockTimeout,
+        return new ConfigKey<?>[]{NetworkGcWait, NetworkGcInterval, 
NetworkLockTimeout, DeniedRoutes,
                 GuestDomainSuffix, NetworkThrottlingRate, MinVRVersion,
                 PromiscuousMode, MacAddressChanges, ForgedTransmits, 
MacLearning, RollingRestartEnabled,
                 TUNGSTEN_ENABLED };
diff --git a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java 
b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
index ce3f083135e..300d6c0109b 100644
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@@ -2710,7 +2710,7 @@ public class VpcManagerImpl extends ManagerBase 
implements VpcManager, VpcProvis
         }
 
         // 2) CIDR should be outside of link-local cidr
-        if (NetUtils.isNetworksOverlap(vpc.getCidr(), 
NetUtils.getLinkLocalCIDR())) {
+        if (NetUtils.isNetworksOverlap(cidr, NetUtils.getLinkLocalCIDR())) {
             throw new InvalidParameterValueException("CIDR should be outside 
of link local cidr " + NetUtils.getLinkLocalCIDR());
         }
 
@@ -2739,7 +2739,7 @@ public class VpcManagerImpl extends ManagerBase 
implements VpcManager, VpcProvis
     }
 
     protected boolean isCidrDenylisted(final String cidr, final long zoneId) {
-        final String routesStr = 
NetworkOrchestrationService.GuestDomainSuffix.valueIn(zoneId);
+        final String routesStr = 
NetworkOrchestrationService.DeniedRoutes.valueIn(zoneId);
         if (routesStr != null && !routesStr.isEmpty()) {
             final String[] cidrDenyList = routesStr.split(",");

Reply via email to