Skip to content

fix(sdnController): validate L2 network detach before SDN controller delete#3346

Open
ZStack-Robot wants to merge 2 commits into5.5.6from
sync/ye.zou/fix/ZSTAC-80186
Open

fix(sdnController): validate L2 network detach before SDN controller delete#3346
ZStack-Robot wants to merge 2 commits into5.5.6from
sync/ye.zou/fix/ZSTAC-80186

Conversation

@ZStack-Robot
Copy link
Collaborator

Problem

ZSTAC-80186: Deleting an SDN controller without first detaching its L2 vxlan network pools leaves orphaned L2 networks with broken SDN references.

Root Cause

APIRemoveSdnControllerMsg has no validation in the interceptor. The cascade extension handleDeletionCheck() also immediately returns success without checking for attached resources.

Fix

Add validation in SdnControllerApiInterceptor for APIRemoveSdnControllerMsg: check if any HardwareL2VxlanNetworkPoolVO still references this SDN controller UUID. If so, reject the delete with a clear error message asking to detach first.

Changes

  • SdnControllerApiInterceptor.java: Add validate method for APIRemoveSdnControllerMsg
  • CloudOperationsErrorCode.java: Add error code ORG_ZSTACK_SDNCONTROLLER_10031

Testing

  • Compile verified: BUILD SUCCESS

sync from gitlab !9175

…r delete

Resolves: ZSTAC-80186

Change-Id: I8dcb689b022ad907c12bc1b481fb9d0db1e98d06
@coderabbitai
Copy link

coderabbitai bot commented Feb 13, 2026

Walkthrough

在 SDN 控制器的 API 拦截器中新增对移除消息的验证:在移除控制器前查询并检测是否存在关联的 HardwareL2VxlanNetworkPoolVO 池,若存在则抛出异常阻止移除;同时新增对应的错误码常量,并在测试清理中先删除所有 L2 VXLAN 池以避免阻塞删除流程。

Changes

Cohort / File(s) Summary
SDN 控制器拦截器
plugin/sdnController/src/main/java/org/zstack/sdnController/SdnControllerApiInterceptor.java
新增 validate(APIRemoveSdnControllerMsg msg) 私有方法并在拦截逻辑中处理 APIRemoveSdnControllerMsg,查询关联的 HardwareL2VxlanNetworkPoolVO 池并在存在时抛出 ApiMessageInterceptionException 以阻止移除。
错误码常量扩展
utils/src/main/java/org/zstack/utils/clouderrorcode/CloudOperationsErrorCode.java
新增错误码常量 ORG_ZSTACK_SDNCONTROLLER_10031,用于表示 SDN 控制器移除时的特定错误情形。
测试清理调整
test/src/test/groovy/org/zstack/test/integration/network/sdnController/HardwareVxlanCase.groovy
clean() 中添加预清理:先查询并删除所有 L2 VXLAN 网络池(按 UUID 删除),然后再执行环境删除,避免移除被关联池阻塞。

Sequence Diagram(s)

(省略 — 变更为较小的验证逻辑,不生成序列图)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 分钟

Poem

🐰 我在草间轻嗅风,
移除前把池塘查清,
若有波纹不得走,
新码一枚护后程,
跳跃验证笑盈盈。


Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 2 warnings)

Check name Status Explanation Resolution
Title check ❌ Error The title follows the required format with type and scope, but exceeds the 72-character limit at 75 characters. Reduce the title to 72 characters or less while maintaining clarity, for example: 'fix(sdnController): validate L2 network detach before controller delete'.
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Merge Conflict Detection ⚠️ Warning ❌ Merge conflicts detected (6 files):

⚔️ build/pom.xml (content)
⚔️ compute/src/main/java/org/zstack/compute/vm/VmInstanceBase.java (content)
⚔️ core/pom.xml (content)
⚔️ plugin/sdnController/src/main/java/org/zstack/sdnController/SdnControllerApiInterceptor.java (content)
⚔️ test/src/test/groovy/org/zstack/test/integration/network/sdnController/HardwareVxlanCase.groovy (content)
⚔️ utils/src/main/java/org/zstack/utils/clouderrorcode/CloudOperationsErrorCode.java (content)

These conflicts must be resolved before merging into 5.5.6.
Resolve conflicts locally and push changes to this branch.
✅ Passed checks (1 passed)
Check name Status Explanation
Description check ✅ Passed The pull request description provides comprehensive context about the problem, root cause, solution, and changes made, with clear relation to the changeset.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch sync/ye.zou/fix/ZSTAC-80186
⚔️ Resolve merge conflicts (beta)
  • Auto-commit resolved conflicts to branch sync/ye.zou/fix/ZSTAC-80186
  • Create stacked PR with resolved conflicts
  • Post resolved changes as copyable diffs in a comment

Comment @coderabbitai help to get the list of available commands and usage tips.

Resolves: ZSTAC-80186

Change-Id: Ief74f07715f75fe86ae932a8a0cffc91e4bc36c1
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
test/src/test/groovy/org/zstack/test/integration/network/sdnController/HardwareVxlanCase.groovy (1)

44-48: 建议限定清理范围,避免无条件删除所有池

queryL2VxlanNetworkPool {} 无条件查询会删除当前数据库中所有 VXLAN 池,若测试并发或共享 DB,可能影响其他用例。建议限定到本用例的 zone(或缓存创建的 pool UUID 列表)再删除。

🛠️ 参考改法(按 zone 限定)
 void clean() {
     // ZSTAC-80186: delete pools created in createEnv() before env.delete()
     // removes the SDN controller (which now validates no attached pools)
-    queryL2VxlanNetworkPool {}.each { pool ->
+    def zone = env.inventoryByName("zone") as ZoneInventory
+    queryL2VxlanNetworkPool { conditions = ["zoneUuid=${zone.uuid}"] }.each { pool ->
         deleteL2Network { uuid = pool.uuid }
     }
     env.delete()
 }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants