google-cloud-python icon indicating copy to clipboard operation
google-cloud-python copied to clipboard
verified publisher icon googleapis

Removing the last Alias IP Range from a Network interface fails

Open sschols opened this issue 2 years ago • 5 comments

When trying to remove an Alias IP range from a network interface, it fails when removing the last alias IP range. The operation itself finishes successfully, but the alias ip range is still there.

It seems like when emptying the alias_ip_range property, protobuffer does not send it along the request at all, making the "backend" think it's not supposed to change the alias_ip_range property it all. But I could not find a way to avoid this behavior.

Environment details

  • OS type and version: AlmaLinux 8.8
  • Python version: python --version -> Python 3.9.16
  • pip version: pip --version -> pip 23.3.1
  • google-cloud-compute version: pip show google-cloud-compute -> 1.14.1

Steps to reproduce

  1. Add an Alias IP range to a instance/network interface
  2. Get the instance via Python SDK, remove all entries from the alias_ip_range list in the network interface
  3. Submit the changed nic via a UpdateNetworkInterfaceInstanceRequest

Code example

nic.alias_ip_ranges = [a for a in alias_ips if not a.ip_cidr_range == f"{args.address}/32"]
    
request = compute_v1.UpdateNetworkInterfaceInstanceRequest(
    instance=instance.name,
    network_interface=nic.name,
    project=project_id,
    network_interface_resource = nic,
    zone=vm["availability_zone"]
)

operation = client.update_network_interface(request=request)

wait_for_extended_operation(operation, "IP address removal")

Stack trace

Making sure to follow these steps will guarantee the quickest resolution possible.

Thanks!

sschols avatar Oct 26 '23 15:10 sschols

I believe this is related to a limitation in protobuf: Similar to proto2 APIs, proto3 does not track presence explicitly for repeated fields. : https://github.com/protocolbuffers/protobuf/blob/main/docs/field_presence.md

Assigning to @vchudnov-g who is investigating solutions for a similar issue. (Googlers see b/223609100)

parthea avatar Nov 02 '23 11:11 parthea

It's been a while, do you have any updates or potential workarounds on this?

sschols avatar Nov 27 '23 14:11 sschols

We don't have any updates yet; we're still investigating a good solution/workaround for this. We will update this issue as we progress.

vchudnov-g avatar Nov 27 '23 20:11 vchudnov-g

Is there any work around using this library itself?

B16CS006 avatar Jun 11 '24 05:06 B16CS006

Unable to Clear Alias IP Ranges using Go SDK Client

Hi, I’m encountering a similar issue while trying to remove alias IP ranges from a network interface using the Go SDK. Here’s the setup and details for reference:

Go Version: go1.22.3 linux/amd64 Compute API Client Version: cloud.google.com/go/compute v1.28.1

Code Fragment:

for index, ip := range iface.GetAliasIpRanges() {
        nicAliasIP := ip.GetIpCidrRange()
	if strings.Contains(nicAliasIP, "/") {
		if _, ipNet, err := net.ParseCIDR(nicAliasIP); err == nil {
			if ipNet.Contains(net.ParseIP(aliasIP)) {
				iface.AliasIpRanges = append(iface.AliasIpRanges[:index], iface.AliasIpRanges[index+1:]...)
					if len(iface.GetAliasIpRanges()) == 0 {
						iface.AliasIpRanges = []*computepb.AliasIpRange{}
						// iface.AliasIpRanges = nil
					}
				}
			}
		}
	}
}

updateReq := &computepb.UpdateNetworkInterfaceInstanceRequest{
    Project:                  "xxxxxxx",
    Zone:                     "xxxxxxx",
    Instance:                 "xxxxxxxx",
    NetworkInterface:         iface.GetName(),
    NetworkInterfaceResource: iface,
}

op, err := client.UpdateNetworkInterface(ctx, updateReq)
if err != nil {
    return fmt.Errorf("failed to update network interface: %v", err)
}

err = op.Wait(ctx)
if err != nil {
    return fmt.Errorf("failed to wait for the update operation: %v", err)
}

Description: The problem arises when trying to update the network interface to remove all alias IP ranges by setting iface.AliasIpRanges = []*computepb.AliasIpRange{}. The update request runs without errors, but the alias IPs do not seem to be cleared as expected.

I’ve tried both setting AliasIpRanges to an empty slice and nil, but neither approach works for clearing out the alias IPs on the interface.

Additional Information:

  • I’ve checked the permissions for the service account being used, and it has the necessary roles (roles/compute.networkAdmin, roles/compute.admin).
  • I can manually remove alias IPs via the gcloud command-line interface, but need to automate this via the Go SDK.
  • There’s no other update or error message indicating why the alias IPs aren’t being cleared as expected.
  • Is there a specific workaround or method that needs to be applied when removing alias IPs using the Go SDK? Would appreciate any guidance or suggestions on how to resolve this issue.

Thanks!

rohitzende avatar Oct 22 '24 13:10 rohitzende