UI display work + improve how allowed_import and export are defined i…

…n the config toml + tests
oxidecomputer · May 4, 2024 · 0c673f6 · 0c673f6
1 parent 606f128
commit 0c673f6
Show file tree

Hide file tree

Showing 11 changed files with 499 additions and 213 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/clients/wicketd-client/src/lib.rs b/clients/wicketd-client/src/lib.rs
@@ -81,6 +81,7 @@ progenitor::generate_api!(
         StepEventForWicketdEngineSpec = wicket_common::update_events::StepEvent,
         SwitchLocation = omicron_common::api::internal::shared::SwitchLocation,
         UserSpecifiedBgpPeerConfig = wicket_common::rack_setup::UserSpecifiedBgpPeerConfig,
+        UserSpecifiedImportExportPolicy = wicket_common::rack_setup::UserSpecifiedImportExportPolicy,
         UserSpecifiedPortConfig = wicket_common::rack_setup::UserSpecifiedPortConfig,
         UserSpecifiedRackNetworkConfig = wicket_common::rack_setup::UserSpecifiedRackNetworkConfig,
         ImportExportPolicy = omicron_common::api::internal::shared::ImportExportPolicy,

diff --git a/openapi/wicketd.json b/openapi/wicketd.json
@@ -1599,47 +1599,6 @@
           }
         }
       },
-      "ImportExportPolicy": {
-        "description": "Define policy relating to the import and export of prefixes from a BGP peer.",
-        "oneOf": [
-          {
-            "description": "Do not perform any filtering.",
-            "type": "object",
-            "properties": {
-              "type": {
-                "type": "string",
-                "enum": [
-                  "no_filtering"
-                ]
-              }
-            },
-            "required": [
-              "type"
-            ]
-          },
-          {
-            "type": "object",
-            "properties": {
-              "type": {
-                "type": "string",
-                "enum": [
-                  "allow"
-                ]
-              },
-              "value": {
-                "type": "array",
-                "items": {
-                  "$ref": "#/components/schemas/IpNet"
-                }
-              }
-            },
-            "required": [
-              "type",
-              "value"
-            ]
-          }
-        ]
-      },
       "InstallableArtifacts": {
         "type": "object",
         "properties": {
@@ -4891,24 +4850,20 @@
             "format": "ipv4"
           },
           "allowed_export": {
-            "description": "Apply import policy to this peer with an allow list.",
-            "default": {
-              "type": "no_filtering"
-            },
+            "description": "Apply export policy to this peer with an allow list.",
+            "default": null,
             "allOf": [
               {
-                "$ref": "#/components/schemas/ImportExportPolicy"
+                "$ref": "#/components/schemas/UserSpecifiedImportExportPolicy"
               }
             ]
           },
           "allowed_import": {
-            "description": "Apply export policy to this peer with an allow list.",
-            "default": {
-              "type": "no_filtering"
-            },
+            "description": "Apply import policy to this peer with an allow list.",
+            "default": null,
             "allOf": [
               {
-                "$ref": "#/components/schemas/ImportExportPolicy"
+                "$ref": "#/components/schemas/UserSpecifiedImportExportPolicy"
               }
             ]
           },
@@ -5030,6 +4985,13 @@
         ],
         "additionalProperties": false
       },
+      "UserSpecifiedImportExportPolicy": {
+        "nullable": true,
+        "type": "array",
+        "items": {
+          "$ref": "#/components/schemas/IpNet"
+        }
+      },
       "UserSpecifiedPortConfig": {
         "description": "User-specified version of [`PortConfigV1`].\n\nAll of [`PortConfigV1`] is user-specified. But we expect the port name to be a key, rather than a field as in [`PortConfigV1`]. So this has all of the fields other than the port name.\n\n[`PortConfigV1`]: omicron_common::api::internal::shared::PortConfigV1",
         "type": "object",
@@ -5109,7 +5071,8 @@
           "infra_ip_last",
           "switch0",
           "switch1"
-        ]
+        ],
+        "additionalProperties": false
       },
       "IgnitionCommand": {
         "description": "Ignition command.\n\n<details><summary>JSON schema</summary>\n\n```json { \"description\": \"Ignition command.\", \"type\": \"string\", \"enum\": [ \"power_on\", \"power_off\", \"power_reset\" ] } ``` </details>",

diff --git a/wicket-common/Cargo.toml b/wicket-common/Cargo.toml
@@ -19,3 +19,6 @@ sled-hardware-types.workspace = true
 thiserror.workspace = true
 update-engine.workspace = true
 omicron-workspace-hack.workspace = true
+
+[dev-dependencies]
+toml.workspace = true
diff --git a/wicket-common/src/example.rs b/wicket-common/src/example.rs
@@ -10,19 +10,17 @@ use gateway_client::types::{SpIdentifier, SpType};
 use maplit::{btreemap, btreeset};
 use omicron_common::{
     address::{IpRange, Ipv4Range},
-    api::{
-        external::ImportExportPolicy,
-        internal::shared::{
-            BgpConfig, BgpPeerConfig, PortFec, PortSpeed, RouteConfig,
-        },
+    api::internal::shared::{
+        BgpConfig, BgpPeerConfig, PortFec, PortSpeed, RouteConfig,
     },
 };
 use sled_hardware_types::Baseboard;
 
 use crate::rack_setup::{
     BgpAuthKeyId, BootstrapSledDescription, CurrentRssUserConfigInsensitive,
     PutRssUserConfigInsensitive, UserSpecifiedBgpPeerConfig,
-    UserSpecifiedPortConfig, UserSpecifiedRackNetworkConfig,
+    UserSpecifiedImportExportPolicy, UserSpecifiedPortConfig,
+    UserSpecifiedRackNetworkConfig,
 };
 
 /// A collection of example data structures.
@@ -91,6 +89,78 @@ impl ExampleRackSetupData {
         })];
         let external_dns_ips = vec!["10.0.0.1".parse().unwrap()];
         let ntp_servers = vec!["ntp1.com".into(), "ntp2.com".into()];
+
+        let switch0_port0_bgp_peers = vec![
+            UserSpecifiedBgpPeerConfig {
+                asn: 47,
+                addr: "10.2.3.4".parse().unwrap(),
+                port: "port0".into(),
+                hold_time: Some(BgpPeerConfig::DEFAULT_HOLD_TIME),
+                idle_hold_time: Some(BgpPeerConfig::DEFAULT_IDLE_HOLD_TIME),
+                connect_retry: Some(BgpPeerConfig::DEFAULT_CONNECT_RETRY),
+                delay_open: Some(BgpPeerConfig::DEFAULT_DELAY_OPEN),
+                keepalive: Some(BgpPeerConfig::DEFAULT_KEEPALIVE),
+                communities: Vec::new(),
+                enforce_first_as: false,
+                local_pref: None,
+                min_ttl: None,
+                auth_key_id: Some(bgp_key_1_id.clone()),
+                multi_exit_discriminator: None,
+                remote_asn: None,
+                allowed_import: UserSpecifiedImportExportPolicy::NoFiltering,
+                allowed_export: UserSpecifiedImportExportPolicy::Allow(vec![
+                    "127.0.0.1/8".parse().unwrap(),
+                ]),
+                vlan_id: None,
+            },
+            UserSpecifiedBgpPeerConfig {
+                asn: 28,
+                addr: "10.2.3.5".parse().unwrap(),
+                port: "port0".into(),
+                remote_asn: Some(200),
+                hold_time: Some(10),
+                idle_hold_time: Some(20),
+                connect_retry: Some(30),
+                delay_open: Some(40),
+                keepalive: Some(50),
+                communities: vec![60, 70],
+                enforce_first_as: true,
+                local_pref: Some(80),
+                min_ttl: Some(90),
+                auth_key_id: Some(bgp_key_2_id.clone()),
+                multi_exit_discriminator: Some(100),
+                allowed_import: UserSpecifiedImportExportPolicy::Allow(vec![
+                    "64:ff9b::/96".parse().unwrap(),
+                    "255.255.0.0/16".parse().unwrap(),
+                ]),
+                allowed_export: UserSpecifiedImportExportPolicy::Allow(vec![]),
+                vlan_id: None,
+            },
+        ];
+
+        let switch1_port0_bgp_peers = vec![UserSpecifiedBgpPeerConfig {
+            asn: 47,
+            addr: "10.2.3.4".parse().unwrap(),
+            port: "port0".into(),
+            hold_time: Some(BgpPeerConfig::DEFAULT_HOLD_TIME),
+            idle_hold_time: Some(BgpPeerConfig::DEFAULT_IDLE_HOLD_TIME),
+            connect_retry: Some(BgpPeerConfig::DEFAULT_CONNECT_RETRY),
+            delay_open: Some(BgpPeerConfig::DEFAULT_DELAY_OPEN),
+            keepalive: Some(BgpPeerConfig::DEFAULT_KEEPALIVE),
+            communities: Vec::new(),
+            enforce_first_as: false,
+            local_pref: None,
+            min_ttl: None,
+            auth_key_id: Some(bgp_key_1_id.clone()),
+            multi_exit_discriminator: None,
+            remote_asn: None,
+            allowed_import: UserSpecifiedImportExportPolicy::Allow(vec![
+                "224.0.0.0/4".parse().unwrap(),
+            ]),
+            allowed_export: UserSpecifiedImportExportPolicy::NoFiltering,
+            vlan_id: None,
+        }];
+
         let rack_network_config = UserSpecifiedRackNetworkConfig {
             infra_ip_first: "172.30.0.1".parse().unwrap(),
             infra_ip_last: "172.30.0.10".parse().unwrap(),
@@ -102,48 +172,7 @@ impl ExampleRackSetupData {
                         nexthop: "172.30.0.10".parse().unwrap(),
                         vlan_id: Some(1),
                     }],
-                    bgp_peers: vec![
-                        UserSpecifiedBgpPeerConfig {
-                            asn: 47,
-                            addr: "10.2.3.4".parse().unwrap(),
-                            port: "port0".into(),
-                            hold_time: Some(BgpPeerConfig::DEFAULT_HOLD_TIME),
-                            idle_hold_time: Some(BgpPeerConfig::DEFAULT_IDLE_HOLD_TIME),
-                            connect_retry: Some(BgpPeerConfig::DEFAULT_CONNECT_RETRY),
-                            delay_open: Some(BgpPeerConfig::DEFAULT_DELAY_OPEN),
-                            keepalive: Some(BgpPeerConfig::DEFAULT_KEEPALIVE),
-                            communities: Vec::new(),
-                            enforce_first_as: false,
-                            local_pref: None,
-                            min_ttl: None,
-                            auth_key_id: Some(bgp_key_1_id.clone()),
-                            multi_exit_discriminator: None,
-                            remote_asn: None,
-                            allowed_import: ImportExportPolicy::NoFiltering,
-                            allowed_export: ImportExportPolicy::NoFiltering,
-                            vlan_id: None,
-                        },
-                        UserSpecifiedBgpPeerConfig {
-                            asn: 28,
-                            addr: "10.2.3.5".parse().unwrap(),
-                            port: "port0".into(),
-                            remote_asn: Some(200),
-                            hold_time: Some(10),
-                            idle_hold_time: Some(20),
-                            connect_retry: Some(30),
-                            delay_open: Some(40),
-                            keepalive: Some(50),
-                            communities: vec![60, 70],
-                            enforce_first_as: true,
-                            local_pref: Some(80),
-                            min_ttl: Some(90),
-                            auth_key_id: Some(bgp_key_2_id.clone()),
-                            multi_exit_discriminator: Some(100),
-                            allowed_import: ImportExportPolicy::NoFiltering,
-                            allowed_export: ImportExportPolicy::NoFiltering,
-                            vlan_id: None,
-                        },
-                    ],
+                    bgp_peers: switch0_port0_bgp_peers,
                     uplink_port_speed: PortSpeed::Speed400G,
                     uplink_port_fec: PortFec::Firecode,
                     autoneg: true,
@@ -159,28 +188,7 @@ impl ExampleRackSetupData {
                         nexthop: "172.33.0.10".parse().unwrap(),
                         vlan_id: Some(1),
                     }],
-                    bgp_peers: vec![
-                        UserSpecifiedBgpPeerConfig {
-                            asn: 47,
-                            addr: "10.2.3.4".parse().unwrap(),
-                            port: "port0".into(),
-                            hold_time: Some(BgpPeerConfig::DEFAULT_HOLD_TIME),
-                            idle_hold_time: Some(BgpPeerConfig::DEFAULT_IDLE_HOLD_TIME),
-                            connect_retry: Some(BgpPeerConfig::DEFAULT_CONNECT_RETRY),
-                            delay_open: Some(BgpPeerConfig::DEFAULT_DELAY_OPEN),
-                            keepalive: Some(BgpPeerConfig::DEFAULT_KEEPALIVE),
-                            communities: Vec::new(),
-                            enforce_first_as: false,
-                            local_pref: None,
-                            min_ttl: None,
-                            auth_key_id: Some(bgp_key_1_id.clone()),
-                            multi_exit_discriminator: None,
-                            remote_asn: None,
-                            allowed_import: ImportExportPolicy::NoFiltering,
-                            allowed_export: ImportExportPolicy::NoFiltering,
-                            vlan_id: None,
-                        },
-                    ],
+                    bgp_peers: switch1_port0_bgp_peers,
                     uplink_port_speed: PortSpeed::Speed400G,
                     uplink_port_fec: PortFec::Firecode,
                     autoneg: true,
@@ -261,7 +269,7 @@ fn apply_tweak(
     match tweak {
         ExampleRackSetupDataTweak::OneBgpPeerPerPort => {
             let rnc = current_insensitive.rack_network_config.as_mut().unwrap();
-            for (_, _, port) in rnc.iter_ports_mut() {
+            for (_, _, port) in rnc.iter_uplinks_mut() {
                 // Remove all but the first BGP peer.
                 port.bgp_peers.drain(1..);
             }