Allow updating of Load Balancer source CIDR list (#11568)

CodeBleu · web-flow · commit 273ae032743c · 2025-09-17T13:49:46.000+02:00
diff --git a/api/src/main/java/org/apache/cloudstack/api/command/user/loadbalancer/UpdateLoadBalancerRuleCmd.java b/api/src/main/java/org/apache/cloudstack/api/command/user/loadbalancer/UpdateLoadBalancerRuleCmd.java
@@ -33,6 +33,7 @@
 import com.cloud.network.rules.FirewallRule;
 import com.cloud.network.rules.LoadBalancer;
 import com.cloud.user.Account;
+import java.util.List;
 
 @APICommand(name = "updateLoadBalancerRule", description = "Updates load balancer", responseObject = LoadBalancerResponse.class,
         requestHasSensitiveInfo = false, responseHasSensitiveInfo = false)
@@ -64,6 +65,9 @@ public class UpdateLoadBalancerRuleCmd extends BaseAsyncCustomIdCmd {
     @Parameter(name = ApiConstants.PROTOCOL, type = CommandType.STRING, description = "The protocol for the LB")
     private String lbProtocol;
 
+    @Parameter(name = ApiConstants.CIDR_LIST, type = CommandType.LIST, collectionType = CommandType.STRING, description = "the cidr list to forward traffic from", since = "4.22")
+    private List<String> cidrList;
+
     /////////////////////////////////////////////////////
     /////////////////// Accessors ///////////////////////
     /////////////////////////////////////////////////////
@@ -92,6 +96,9 @@ public String getLbProtocol() {
        return lbProtocol;
     }
 
+    public List<String> getCidrList() {
+        return cidrList;
+    }
     /////////////////////////////////////////////////////
     /////////////// API Implementation///////////////////
     /////////////////////////////////////////////////////
diff --git a/engine/schema/src/main/java/com/cloud/network/dao/LoadBalancerVO.java b/engine/schema/src/main/java/com/cloud/network/dao/LoadBalancerVO.java
@@ -144,4 +144,13 @@ public String toString() {
                 ReflectionToStringBuilderUtils.reflectOnlySelectedFields(
                         this, "id", "uuid", "name", "purpose", "state"));
     }
+
+    /**
+     *  Sets the CIDR list associated with this load balancer rule.
+     *
+     *  @param cidrList a comma-separated list of CIDR strings, e.g. "1.2.3.4/24,1.2.3.5/24" or an empty string e.g. "" to clear the restrictions
+     */
+    public void setCidrList(String cidrList) {
+        this.cidrList = cidrList;
+    }
 }
diff --git a/engine/schema/src/test/java/com/cloud/network/dao/LoadBalancerVOTest.java b/engine/schema/src/test/java/com/cloud/network/dao/LoadBalancerVOTest.java
@@ -0,0 +1,45 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package com.cloud.network.dao;
+
+import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
+public class LoadBalancerVOTest {
+    @Test
+    public void testSetCidrList() {
+        LoadBalancerVO loadBalancer = new LoadBalancerVO();
+        String cidrList = "192.168.1.0/24,10.0.0.0/16";
+        loadBalancer.setCidrList(cidrList);
+        assertEquals(cidrList, loadBalancer.getCidrList());
+    }
+
+    @Test
+    public void testSetCidrListEmpty() {
+        LoadBalancerVO loadBalancer = new LoadBalancerVO();
+        loadBalancer.setCidrList("");
+        assertEquals("", loadBalancer.getCidrList());
+    }
+
+    @Test
+    public void testSetCidrListNull() {
+        LoadBalancerVO loadBalancer = new LoadBalancerVO();
+        loadBalancer.setCidrList(null);
+        assertNull(loadBalancer.getCidrList());
+    }
+}
diff --git a/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/main/java/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java
@@ -2257,6 +2257,17 @@ public LoadBalancer updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) {
         }
 
         validateInputsForExternalNetworkProvider(lb, algorithm, lbProtocol);
+
+        List<String> cidrList = cmd.getCidrList();
+
+        if (cidrList != null) {
+            String cidrListStr = StringUtils.join(cidrList, ",");
+            if (!cidrListStr.isEmpty() && !NetUtils.isValidCidrList(cidrListStr)) {
+                throw new InvalidParameterValueException("Invalid CIDR list: " + cidrListStr);
+            }
+            lb.setCidrList(cidrListStr);
+        }
+
         // Validate rule in LB provider
         LoadBalancingRule rule = getLoadBalancerRuleToApply(lb);
         if (!validateLbRule(rule)) {
@@ -2266,10 +2277,12 @@ public LoadBalancer updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) {
         LoadBalancerVO tmplbVo = _lbDao.findById(lbRuleId);
         boolean success = _lbDao.update(lbRuleId, lb);
 
-        // If algorithm or lb protocol is changed, have to reapply the lb config
-        boolean needToReApplyRule = (algorithm != null && !algorithm.equals(tmplbVo.getAlgorithm()))
-                || (lbProtocol != null && !lbProtocol.equals(tmplbVo.getLbProtocol()));
-        if (needToReApplyRule) {
+        // Check if algorithm, lb protocol, or cidrlist has changed, and reapply the lb config if needed
+        boolean algorithmChanged = !Objects.equals(algorithm, tmplbVo.getAlgorithm());
+        boolean protocolChanged = !Objects.equals(lbProtocol, tmplbVo.getLbProtocol());
+        boolean cidrListChanged = !Objects.equals(tmplbVo.getCidrList(), lb.getCidrList());
+
+        if (algorithmChanged || protocolChanged || cidrListChanged) {
             try {
                 lb.setState(FirewallRule.State.Add);
                 _lbDao.persist(lb);
@@ -2293,9 +2306,8 @@ public LoadBalancer updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) {
                     if (lbBackup.getAlgorithm() != null) {
                         lb.setAlgorithm(lbBackup.getAlgorithm());
                     }
-                    if (lbBackup.getLbProtocol() != null) {
-                        lb.setLbProtocol(lbBackup.getLbProtocol());
-                    }
+
+                    lb.setCidrList(lbBackup.getCidrList());
                     lb.setState(lbBackup.getState());
                     _lbDao.update(lb.getId(), lb);
                     _lbDao.persist(lb);

Original file line number	Diff line number	Diff line change
`@@ -144,4 +144,13 @@ public String toString() {`
`144`	`144`	`ReflectionToStringBuilderUtils.reflectOnlySelectedFields(`
`145`	`145`	`this, "id", "uuid", "name", "purpose", "state"));`
`146`	`146`	`}`
	`147`	`+`
	`148`	`+ /**`
	`149`	`+ * Sets the CIDR list associated with this load balancer rule.`
	`150`	`+ *`
	`151`	`+ * @param cidrList a comma-separated list of CIDR strings, e.g. "1.2.3.4/24,1.2.3.5/24" or an empty string e.g. "" to clear the restrictions`
	`152`	`+ */`
	`153`	`+ public void setCidrList(String cidrList) {`
	`154`	`+ this.cidrList = cidrList;`
	`155`	`+ }`
`147`	`156`	`}`