ZSTAC-85709 reject mixed management IP ranges

[zstack-robot-2]

修复说明

管理网 System L3 不允许混用 IPv4/IPv6 IP range，避免 MN 发起 host/agent HTTP 调用时无法判断目标 IP family。

变更内容

• 仅限制 category=System 的管理网 L3。
• IPv4 管理网追加 IPv6 range、IPv6 管理网追加 IPv4 range 均后端拦截。
• 普通业务 L3 双栈能力保持不变。
• 新增 global error code：ORG_ZSTACK_NETWORK_L3_10082。
• 不修改 i18n 文件。

验证

• mvn -pl utils,network -am -DskipTests compile
• mvn -pl utils,network -am -DskipTests install
• mvn -q test -Dtest=org.zstack.test.integration.network.l3network.ipv6.Ipv6RangeCase

Jira: http://jira.zstack.io/browse/ZSTAC-85709

sync from gitlab !10072

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: http://open.zstack.ai:20001/code-reviews/zstack-cloud.yaml (via .coderabbit.yaml)

Review profile: CHILL

Plan: Pro

Run ID: d868d8cf-2c80-4581-9356-4ab87fd7c5da

📥 Commits

Reviewing files that changed from the base of the PR and between 14311dc and 9026cad.

📒 Files selected for processing (3)

• network/src/main/java/org/zstack/network/l3/L3NetworkApiInterceptor.java
• test/src/test/groovy/org/zstack/test/integration/network/l3network/ipv6/Ipv6RangeCase.groovy
• utils/src/main/java/org/zstack/utils/clouderrorcode/CloudOperationsErrorCode.java

---

总体概览

该变更为 ZStack 网络层的管理网络添加了 IPv4/IPv6 地址段混用拦截机制：新增错误码常量、IP 范围版本校验逻辑、校验集成点和对应的集成测试，防止系统类别的管理网络混用不同 IP 协议版本的地址段。

变更详情

管理网络 IPv4/IPv6 混用拦截

层级 / 文件	摘要
错误码常量定义 utils/src/main/java/org/zstack/utils/clouderrorcode/CloudOperationsErrorCode.java	新增公共错误码常量 ORG_ZSTACK_NETWORK_L3_10082，用于管理网络 IPv4/IPv6 混用异常提示。
管理网络地址段版本校验实现 network/src/main/java/org/zstack/network/l3/L3NetworkApiInterceptor.java	新增校验方法 validateManagementNetworkIpRangeVersion() 和辅助方法 getIpVersionName()；在 IPv6 和 IPv4 地址段校验路径中分别注入校验调用，拦截系统类别网络的混用地址段。
管理网络混用拦截测试 test/src/test/groovy/org/zstack/test/integration/network/l3network/ipv6/Ipv6RangeCase.groovy	新增测试用例 testManagementNetworkRejectMixedIpRanges()，验证 IPv4 管理网络拒绝 IPv6 地址段、IPv6 管理网络拒绝 IPv4 地址段的行为，断言返回错误码 ORG_ZSTACK_NETWORK_L3_10082。

🎯 3 (Moderate) | ⏱️ ~20 分钟

一只小兔子在网络中跳跃，
IPv4 和 IPv6 分别排列，
管理网络不再混乱，
校验拦截守护秩序，
测试验证新规则成立！🐰✨

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name	Status	Explanation	Resolution
Title check	❌ Error	The pull request title does not follow the required format of '[scope]: ' (e.g., 'fix[core]: Fix config bug'). It uses a JIRA key instead of a conventional type prefix.	Revise the title to follow the format '[scope]: ' such as 'feat[network]: reject mixed management IP ranges' (keeping it under 72 characters).
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description is directly related to the changeset, providing clear context about preventing IPv4/IPv6 mixing in System-category management L3 networks and detailing the implementation scope.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sync/shixin.ruan/shixin-ZSTAC-85709

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ast-grep (0.42.3)

utils/src/main/java/org/zstack/utils/clouderrorcode/CloudOperationsErrorCode.java

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}