Fix fully-populated API with allowed_cidrs

When creating a LB + a listener with an allowed_cidr with the
fully-populated API, an issue happened when Octavia validated that the
allowed_cidrs and the VIP ip address have the same IP version. The
vip.ip_address value was not updated in the load balancer object,
forcing the expiration of the DB object before entering _graph_create
fixes this issue.

Note: there's no change in the tests, the test function for this feature
exists, looks correct, and passes successfully, the bug is only
reproducible in octavia-api.

Closes-Bug: 2057751
Change-Id: Ia106d81c1b2588e5d938d2238c8a2f6660bf5ef1
(cherry picked from commit 5d9b23c)

Author: gthiemonge

octavia/api/v2/controllers/load_balancer.py

@@ -558,6 +558,13 @@ def post(self, load_balancer):
                     subnet_id=add_vip.subnet_id)
 
             if listeners or pools:
+                # expire_all is required here, it ensures that the loadbalancer
+                # will be re-fetched with its associated vip in _graph_create.
+                # without expire_all the vip attributes that have been updated
+                # just before this call may not be set correctly in the
+                # loadbalancer object.
+                lock_session.expire_all()
+
                 db_pools, db_lists = self._graph_create(
                     lock_session, db_lb, listeners, pools)
 

releasenotes/notes/fix-fully-populated-with-allowed-cidrs-ad04ccf02bf9cbbc.yaml

@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixed a bug when creating a load balancer and a listener with
+    ``allowed_cidrs`` with the fully-populated load balancer API, the call was
+    rejected because Octavia could not validate that the IP addresses of the
+    ``allowed_cidrs`` have the same family as the VIP address.