Static Routes: fix check on wrong global configuration (#10066)

2025-10-26 08:42:29 +01:00 · 2025-01-31 11:04:13 +01:00 · 2025-01-31 11:04:13 +01:00 · fbb1ff78d6
commit fbb1ff78d6
parent 97be6f2e5d
3 changed files with 6 additions and 3 deletions
--- a/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java
+++ b/engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java
@ -81,6 +81,9 @@ public interface NetworkOrchestrationService {
    ConfigKey<Integer> NetworkLockTimeout = new ConfigKey<Integer>(Integer.class, NetworkLockTimeoutCK, "Network", "600",
        "Lock wait timeout (seconds) while implementing network", true, Scope.Global, null);

+    ConfigKey<String> DeniedRoutes = new ConfigKey<String>(String.class, "denied.routes", "Network", "",
+            "Routes that are denied, can not be used for Static Routes creation for the VPC Private Gateway", true, ConfigKey.Scope.Zone, null);
+
    ConfigKey<String> GuestDomainSuffix = new ConfigKey<String>(String.class, GuestDomainSuffixCK, "Network", "cloud.internal",
        "Default domain name for vms inside virtualized networks fronted by router", true, ConfigKey.Scope.Zone, null);

--- a/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
+++ b/engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java
@ -4792,7 +4792,7 @@ public class NetworkOrchestrator extends ManagerBase implements NetworkOrchestra

    @Override
    public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[]{NetworkGcWait, NetworkGcInterval, NetworkLockTimeout,
+        return new ConfigKey<?>[]{NetworkGcWait, NetworkGcInterval, NetworkLockTimeout, DeniedRoutes,
                GuestDomainSuffix, NetworkThrottlingRate, MinVRVersion,
                PromiscuousMode, MacAddressChanges, ForgedTransmits, MacLearning, RollingRestartEnabled,
                TUNGSTEN_ENABLED };
--- a/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
+++ b/server/src/main/java/com/cloud/network/vpc/VpcManagerImpl.java
@ -2710,7 +2710,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
        }

        // 2) CIDR should be outside of link-local cidr
-        if (NetUtils.isNetworksOverlap(vpc.getCidr(), NetUtils.getLinkLocalCIDR())) {
+        if (NetUtils.isNetworksOverlap(cidr, NetUtils.getLinkLocalCIDR())) {
            throw new InvalidParameterValueException("CIDR should be outside of link local cidr " + NetUtils.getLinkLocalCIDR());
        }

@ -2739,7 +2739,7 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
    }

    protected boolean isCidrDenylisted(final String cidr, final long zoneId) {
-        final String routesStr = NetworkOrchestrationService.GuestDomainSuffix.valueIn(zoneId);
+        final String routesStr = NetworkOrchestrationService.DeniedRoutes.valueIn(zoneId);
        if (routesStr != null && !routesStr.isEmpty()) {
            final String[] cidrDenyList = routesStr.split(",");