Skip to content

<fix>[port-forwarding]: avoid stale binding on invalid nic attach#4416

Closed
ZStack-Robot wants to merge 1 commit into
5.5.28from
sync/boce.wang/fix-86549
Closed

<fix>[port-forwarding]: avoid stale binding on invalid nic attach#4416
ZStack-Robot wants to merge 1 commit into
5.5.28from
sync/boce.wang/fix-86549

Conversation

@ZStack-Robot

Copy link
Copy Markdown
Collaborator

Root cause: PortForwarding attach/create wrote PortForwardingRuleVO.vmNicUuid and guestIp before validating whether the target VM NIC L3 had PortForwarding service enabled. Binding a public NIC without that service failed with ORG_ZSTACK_NETWORK_SERVICE_10005 but left the rule half-bound in DB, so later detach/delete failed on the same provider lookup.

Fix solution: validate the target NIC L3 provider before persisting PF binding fields, clear binding fields on attach failure, and let detach/delete/release clean existing stale bindings when the stored NIC L3 has no PortForwarding provider.

Tested: git diff --check
Not-tested: mvn test -Djacoco.skip=true -Dtest=TestVirtualRouterPortForwarding36 (mvn not installed in local PATH)

Resolves: ZSTAC-86549

sync from gitlab !10378

@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Warning

Review limit reached

You’ve reached a temporary PR review limit under our Fair Usage Limits Policy.

Your recent review volume is higher than typical usage, so adaptive limits are currently applied.

Next review available in: 33 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: be1a19b5-ad02-40c9-8cf2-33d2b07383eb

📥 Commits

Reviewing files that changed from the base of the PR and between d22b42d and 7ae2aec.

📒 Files selected for processing (2)
  • plugin/portForwarding/src/main/java/org/zstack/network/service/portforwarding/PortForwardingManagerImpl.java
  • test/src/test/groovy/org/zstack/test/integration/networkservice/provider/virtualrouter/portforwarding/PortForwardingInvalidNicBindingCase.groovy

Warning

.coderabbit.yaml has a parsing error

The CodeRabbit configuration file in this repository has a parsing error and default settings were used instead. Please fix the error(s) in the configuration file. You can initialize chat with CodeRabbit to get help with the configuration file.

💥 Parsing errors (1)
Could not fetch remote config from http://open.zstack.ai:20001/code-reviews/zstack-cloud.yaml: TimeoutError: The operation was aborted due to timeout
⚙️ Configuration instructions
  • Please see the configuration documentation for more information.
  • You can also validate your configuration using the online YAML validator.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch sync/boce.wang/fix-86549

Comment @coderabbitai help to get the list of available commands.

@MatheMatrix MatheMatrix force-pushed the sync/boce.wang/fix-86549 branch from 750caf7 to 1f75188 Compare July 2, 2026 07:51
Port forwarding attach/create wrote vmNicUuid and guestIp before validating that the target VM NIC L3 had PortForwarding service. When a public NIC without the service was selected, the API failed with ORG_ZSTACK_NETWORK_SERVICE_10005 but left the PF rule half-bound in DB, blocking later detach and delete.

Validate the target NIC L3 provider before persisting binding fields, clear binding fields on attach failure, and allow detach/delete/release flows to clean existing stale bindings when the stored NIC L3 has no PortForwarding provider.

Resolves: ZSTAC-86549

Change-Id: I40838c799cb0fbf6a7f086d6e3ee830e41c4c408
@MatheMatrix MatheMatrix force-pushed the sync/boce.wang/fix-86549 branch from 1f75188 to 7ae2aec Compare July 2, 2026 09:11
@ZStack-Robot ZStack-Robot deleted the sync/boce.wang/fix-86549 branch July 3, 2026 02:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants