fix: NsxResource.executeRequest DeleteNsxNatRuleCommand comparison bug#12833
Open
ZhyliaievD wants to merge 1 commit intoapache:mainfrom
Open
fix: NsxResource.executeRequest DeleteNsxNatRuleCommand comparison bug#12833ZhyliaievD wants to merge 1 commit intoapache:mainfrom
ZhyliaievD wants to merge 1 commit intoapache:mainfrom
Conversation
|
Congratulations on your first Pull Request and welcome to the Apache CloudStack community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/cloudstack/blob/main/CONTRIBUTING.md)
|
Contributor
|
@blueorangutan package |
|
@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress. |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #12833 +/- ##
=========================================
Coverage 18.02% 18.02%
- Complexity 16450 16452 +2
=========================================
Files 5968 5968
Lines 537086 537091 +5
Branches 65961 65961
=========================================
+ Hits 96820 96825 +5
+ Misses 429346 429344 -2
- Partials 10920 10922 +2
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Contributor
There was a problem hiding this comment.
Pull request overview
Fixes NSX NAT rule deletion behavior when DeleteNsxNatRuleCommand is executed in a different process (where Network.Service may be deserialized into a non-singleton instance), by switching comparisons to use the service name rather than object identity.
Changes:
- Update
NsxResource.executeRequest(DeleteNsxNatRuleCommand)to compareNetwork.ServiceviagetName()(through a newgetNetworkServiceName()accessor). - Add/update a unit test to exercise deletion using a non-static
Network.Serviceinstance and verify thedeleteNatRule(...)call parameters. - Fix an incorrect log message in load balancer rule deletion error handling (“add” → “delete”).
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java |
Uses service-name equality for NAT ruleName selection; fixes LB delete log message. |
plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/agent/api/DeleteNsxNatRuleCommand.java |
Adds getNetworkServiceName() helper to safely fetch the service name. |
plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/resource/NsxResourceTest.java |
Extends NAT delete test to set a non-static service and verify NSX client invocation. |
Comments suppressed due to low confidence (2)
plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java:429
executeRequest(DeleteNsxNatRuleCommand)now correctly uses the service name for ruleName selection, but it still passescmd.getService()intonsxApiClient.deleteNatRule(...). Downstream,NsxApiClient.deleteNatRuleuses identity comparison (service == Network.Service.PortForwarding) to decide whether to delete the port-forwarding service object, so a deserializedNetwork.Serviceinstance will still skip that cleanup. Consider canonicalizing the service before calling the API (e.g., resolve viaNetwork.Service.getService(cmd.getNetworkServiceName())and pass that), or update the API to useservice.getName()/serviceName instead of identity checks.
if (Network.Service.StaticNat.getName().equals(cmd.getNetworkServiceName())) {
ruleName = NsxControllerUtils.getStaticNatRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
cmd.getNetworkResourceId(), cmd.isResourceVpc());
} else if (Network.Service.PortForwarding.getName().equals(cmd.getNetworkServiceName())) {
ruleName = NsxControllerUtils.getPortForwardRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
cmd.getNetworkResourceId(), cmd.getRuleId(), cmd.isResourceVpc());
}
String tier1GatewayName = NsxControllerUtils.getTier1GatewayName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
cmd.getNetworkResourceId(), cmd.isResourceVpc());
try {
nsxApiClient.deleteNatRule(cmd.getService(), cmd.getPrivatePort(), cmd.getProtocol(),
cmd.getNetworkResourceName(), tier1GatewayName, ruleName);
plugins/network-elements/nsx/src/main/java/org/apache/cloudstack/resource/NsxResource.java:430
- If
cmd.getNetworkServiceName()is null or not one of the handled values,ruleNamestays null but the code still callsnsxApiClient.deleteNatRule(...)with a nullruleName, which can lead to confusing errors or NPEs inside the NSX client. Please add explicit validation/handling (e.g., return a failedNsxAnswerwith a clear message) when the service is unsupported or ruleName cannot be derived.
private NsxAnswer executeRequest(DeleteNsxNatRuleCommand cmd) {
String ruleName = null;
if (Network.Service.StaticNat.getName().equals(cmd.getNetworkServiceName())) {
ruleName = NsxControllerUtils.getStaticNatRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
cmd.getNetworkResourceId(), cmd.isResourceVpc());
} else if (Network.Service.PortForwarding.getName().equals(cmd.getNetworkServiceName())) {
ruleName = NsxControllerUtils.getPortForwardRuleName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
cmd.getNetworkResourceId(), cmd.getRuleId(), cmd.isResourceVpc());
}
String tier1GatewayName = NsxControllerUtils.getTier1GatewayName(cmd.getDomainId(), cmd.getAccountId(), cmd.getZoneId(),
cmd.getNetworkResourceId(), cmd.isResourceVpc());
try {
nsxApiClient.deleteNatRule(cmd.getService(), cmd.getPrivatePort(), cmd.getProtocol(),
cmd.getNetworkResourceName(), tier1GatewayName, ruleName);
} catch (Exception e) {
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
plugins/network-elements/nsx/src/test/java/org/apache/cloudstack/resource/NsxResourceTest.java
Outdated
Show resolved
Hide resolved
Fixes an issue in NsxResource.executeRequest where Network.Service comparison failed when DeleteNsxNatRuleCommand was executed in a different process. Due to serialization/deserialization, the deserialized Network.Service instance was not equal to the static instances Network.Service.StaticNat and Network.Service.PortForwarding, causing the comparison to always return false.
6bff177 to
f300f5a
Compare
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 17171 |
|
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 17172 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
PR Fixes an issue in NsxResource.executeRequest where Network.Service comparison failed when DeleteNsxNatRuleCommand was executed in a different process. Due to serialization/deserialization, the deserialized Network.Service instance was not equal to the static instances Network.Service.StaticNat and Network.Service.PortForwarding, causing the comparison to always return false.
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity