bump maghemite, plumb new bgp features, deal w/ API changes

Cargo.toml

@@ -269,8 +269,8 @@ macaddr = { version = "1.0.1", features = ["serde_std"] }
 maplit = "1.0.2"
 mockall = "0.12"
 newtype_derive = "0.1.6"
-mg-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "8207cb9c90cd7144c3f351823bfb2ae3e221ad10" }
-ddm-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "8207cb9c90cd7144c3f351823bfb2ae3e221ad10" }
+mg-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "42bac86e2fae283563788e7cb9f319a10c13c0d9" }
+ddm-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "42bac86e2fae283563788e7cb9f319a10c13c0d9" }
 multimap = "0.10.0"
 nexus-client = { path = "clients/nexus-client" }
 nexus-config = { path = "nexus-config" }

common/src/api/internal/shared.rs

@@ -180,6 +180,14 @@ pub struct BgpConfig {
     pub asn: u32,
     /// The set of prefixes for the BGP router to originate.
     pub originate: Vec<Ipv4Network>,
+
+    /// Shaper to apply to outgoing messages.
+    #[serde(default)]
+    pub shaper: Option<String>,
+
+    /// Checker to apply to incomming messages.
+    #[serde(default)]
+    pub checker: Option<String>,
 }
 
 #[derive(Clone, Debug, Deserialize, Serialize, PartialEq, JsonSchema)]
@@ -201,6 +209,27 @@ pub struct BgpPeerConfig {
     pub connect_retry: Option<u64>,
     /// The interval to send keepalive messages at.
     pub keepalive: Option<u64>,
+    /// Requre that a peer has a specified ASN.
+    #[serde(default)]
+    pub remote_asn: Option<u32>,
+    /// Require messages from a peer have a minimum IP time to live field.
+    #[serde(default)]
+    pub min_ttl: Option<u8>,
+    /// Use the given key for TCP-MD5 authentication with the peer.
+    #[serde(default)]
+    pub md5_auth_key: Option<String>,
+    /// Apply the provided multi-exit discriminator (MED) updates sent to the peer.
+    #[serde(default)]
+    pub multi_exit_discriminator: Option<u32>,
+    /// Include the provided communities in updates sent to the peer.
+    #[serde(default)]
+    pub communities: Vec<u32>,
+    /// Apply a local preference to routes received from this peer.
+    #[serde(default)]
+    pub local_pref: Option<u32>,
+    /// Enforce that the first AS in paths recieved from this peer is the peer's AS.
+    #[serde(default)]
+    pub enforce_first_as: bool,
 }
 
 #[derive(Clone, Debug, Deserialize, Serialize, PartialEq, JsonSchema)]

nexus/db-model/src/bgp.rs

@@ -31,6 +31,8 @@ pub struct BgpConfig {
     pub asn: SqlU32,
     pub bgp_announce_set_id: Uuid,
     pub vrf: Option<String>,
+    pub shaper: Option<String>,
+    pub checker: Option<String>,
 }
 
 impl Into<external::BgpConfig> for BgpConfig {
@@ -59,6 +61,8 @@ impl BgpConfig {
             asn: c.asn.into(),
             bgp_announce_set_id,
             vrf: c.vrf.as_ref().map(|x| x.to_string()),
+            shaper: c.shaper.as_ref().map(|x| x.to_string()),
+            checker: c.checker.as_ref().map(|x| x.to_string()),
         }
     }
 }
@@ -131,4 +135,10 @@ pub struct BgpPeerView {
     pub hold_time: SqlU32,
     pub idle_hold_time: SqlU32,
     pub keepalive: SqlU32,
+    pub remote_asn: Option<SqlU32>,
+    pub min_ttl: Option<SqlU32>,
+    pub md5_auth_key: Option<String>,
+    pub multi_exit_discriminator: Option<SqlU32>,
+    pub local_pref: Option<SqlU32>,
+    pub enforce_first_as: bool,
 }

nexus/db-model/src/schema.rs

@@ -209,6 +209,21 @@ table! {
         delay_open -> Int8,
         connect_retry -> Int8,
         keepalive -> Int8,
+        remote_asn -> Nullable<Int8>,
+        min_ttl -> Nullable<Int8>,
+        md5_auth_key -> Nullable<Text>,
+        multi_exit_discriminator -> Nullable<Int8>,
+        local_pref -> Nullable<Int8>,
+        enforce_first_as -> Bool,
+    }
+}
+
+table! {
+    switch_port_settings_bgp_peer_config_communities (port_settings_id, interface_name, addr, community) {
+        port_settings_id -> Uuid,
+        interface_name -> Text,
+        addr -> Inet,
+        community -> Int8,
     }
 }
 
@@ -223,6 +238,8 @@ table! {
         asn -> Int8,
         bgp_announce_set_id -> Uuid,
         vrf -> Nullable<Text>,
+        shaper -> Nullable<Text>,
+        checker -> Nullable<Text>,
     }
 }
 
@@ -237,6 +254,12 @@ table! {
         hold_time -> Int8,
         idle_hold_time -> Int8,
         keepalive -> Int8,
+        remote_asn -> Nullable<Int8>,
+        min_ttl -> Nullable<Int8>,
+        md5_auth_key -> Nullable<Text>,
+        multi_exit_discriminator -> Nullable<Int8>,
+        local_pref -> Nullable<Int8>,
+        enforce_first_as -> Bool,
     }
 }
 

nexus/db-model/src/schema_versions.rs

@@ -17,7 +17,7 @@ use std::collections::BTreeMap;
 ///
 /// This must be updated when you change the database schema.  Refer to
 /// schema/crdb/README.adoc in the root of this repository for details.
-pub const SCHEMA_VERSION: SemverVersion = SemverVersion::new(55, 0, 0);
+pub const SCHEMA_VERSION: SemverVersion = SemverVersion::new(56, 0, 0);
 
 /// List of all past database schema versions, in *reverse* order
 ///
@@ -29,6 +29,7 @@ static KNOWN_VERSIONS: Lazy<Vec<KnownVersion>> = Lazy::new(|| {
         // |  leaving the first copy as an example for the next person.
         // v
         // KnownVersion::new(next_int, "unique-dirname-with-the-sql-files"),
+        KnownVersion::new(56, "bgp-oxpop-features"),
         KnownVersion::new(55, "add-lookup-sled-by-policy-and-state-index"),
         KnownVersion::new(54, "blueprint-add-external-ip-id"),
         KnownVersion::new(53, "drop-service-table"),

nexus/db-model/src/switch_port.rs

@@ -5,6 +5,7 @@
 use crate::schema::{
     lldp_config, lldp_service_config, switch_port, switch_port_settings,
     switch_port_settings_address_config, switch_port_settings_bgp_peer_config,
+    switch_port_settings_bgp_peer_config_communities,
     switch_port_settings_group, switch_port_settings_groups,
     switch_port_settings_interface_config, switch_port_settings_link_config,
     switch_port_settings_port_config, switch_port_settings_route_config,
@@ -568,6 +569,30 @@ pub struct SwitchPortBgpPeerConfig {
     pub delay_open: SqlU32,
     pub connect_retry: SqlU32,
     pub keepalive: SqlU32,
+    pub remote_asn: Option<SqlU32>,
+    pub min_ttl: Option<SqlU32>,
+    pub md5_auth_key: Option<String>,
+    pub multi_exit_discriminator: Option<SqlU32>,
+    pub local_pref: Option<SqlU32>,
+    pub enforce_first_as: bool,
+}
+
+#[derive(
+    Queryable,
+    Insertable,
+    Selectable,
+    Clone,
+    Debug,
+    Serialize,
+    Deserialize,
+    AsChangeset,
+)]
+#[diesel(table_name = switch_port_settings_bgp_peer_config_communities)]
+pub struct SwitchPortBgpPeerConfigCommunity {
+    pub port_settings_id: Uuid,
+    pub interface_name: String,
+    pub addr: IpNetwork,
+    pub community: SqlU32,
 }
 
 impl SwitchPortBgpPeerConfig {
@@ -582,6 +607,12 @@ impl SwitchPortBgpPeerConfig {
         delay_open: SqlU32,
         connect_retry: SqlU32,
         keepalive: SqlU32,
+        remote_asn: Option<SqlU32>,
+        min_ttl: Option<SqlU32>,
+        md5_auth_key: Option<String>,
+        multi_exit_discriminator: Option<SqlU32>,
+        local_pref: Option<SqlU32>,
+        enforce_first_as: bool,
     ) -> Self {
         Self {
             port_settings_id,
@@ -593,6 +624,12 @@ impl SwitchPortBgpPeerConfig {
             delay_open,
             connect_retry,
             keepalive,
+            remote_asn,
+            min_ttl,
+            md5_auth_key,
+            multi_exit_discriminator,
+            local_pref,
+            enforce_first_as,
         }
     }
 }

nexus/db-queries/src/db/datastore/bgp.rs

@@ -13,7 +13,7 @@ use async_bb8_diesel::AsyncRunQueryDsl;
 use chrono::Utc;
 use diesel::{ExpressionMethods, QueryDsl, SelectableHelper};
 use ipnetwork::IpNetwork;
-use nexus_db_model::BgpPeerView;
+use nexus_db_model::{BgpPeerView, SwitchPortBgpPeerConfigCommunity};
 use nexus_types::external_api::params;
 use nexus_types::identity::Resource;
 use omicron_common::api::external::http_pagination::PaginatedBy;
@@ -492,4 +492,24 @@ impl DataStore {
 
         Ok(results)
     }
+
+    pub async fn communities_for_peer(
+        &self,
+        opctx: &OpContext,
+        port_settings_id: Uuid,
+        interface_name: &String,
+        addr: IpNetwork,
+    ) -> ListResultVec<SwitchPortBgpPeerConfigCommunity> {
+        use db::schema::switch_port_settings_bgp_peer_config_communities::dsl;
+
+        let results = dsl::switch_port_settings_bgp_peer_config_communities
+            .filter(dsl::port_settings_id.eq(port_settings_id))
+            .filter(dsl::interface_name.eq(interface_name.clone()))
+            .filter(dsl::addr.eq(addr))
+            .load_async(&*self.pool_connection_authorized(opctx).await?)
+            .await
+            .map_err(|e| public_error_from_diesel(e, ErrorHandler::Server))?;
+
+        Ok(results)
+    }
 }

nexus/db-queries/src/db/datastore/switch_port.rs

@@ -339,6 +339,12 @@ impl DataStore {
                                 p.delay_open.into(),
                                 p.connect_retry.into(),
                                 p.keepalive.into(),
+                                p.remote_asn.map(|x| x.into()),
+                                p.min_ttl.map(|x| u32::from(x).into()),
+                                p.md5_auth_key.clone(),
+                                p.multi_exit_discriminator.map(|x| x.into()),
+                                p.local_pref.map(|x| x.into()),
+                                p.enforce_first_as,
                             ));
 
                         }
@@ -1242,6 +1248,8 @@ mod test {
                 "test-announce-set".parse().unwrap(),
             ),
             vrf: None,
+            checker: None,
+            shaper: None,
         };
 
         datastore.bgp_config_set(&opctx, &bgp_config).await.unwrap();
@@ -1275,6 +1283,13 @@ mod test {
                         delay_open: 0,
                         connect_retry: 0,
                         keepalive: 0,
+                        remote_asn: None,
+                        min_ttl: None,
+                        md5_auth_key: None,
+                        multi_exit_discriminator: None,
+                        communities: Vec::new(),
+                        local_pref: None,
+                        enforce_first_as: false,
                     }],
                 },
             )]),