metal-stack · majst01 · Jul 4, 2024 · Jul 4, 2024 · Jul 7, 2024 · Jul 7, 2024
@@ -0,0 +1,90 @@
+package migrations
+
+import (
+	"net/netip"
+
+	r "gopkg.in/rethinkdb/rethinkdb-go.v6"
+
+	"github.com/metal-stack/metal-api/cmd/metal-api/internal/datastore"
+	"github.com/metal-stack/metal-api/cmd/metal-api/internal/metal"
+)
+
+func init() {
+	type tmpPartition struct {
+		PrivateNetworkPrefixLength uint8 `rethinkdb:"privatenetworkprefixlength"`
+	}
+	datastore.MustRegisterMigration(datastore.Migration{
+		Name:    "migrate partition.childprefixlength to tenant super network",
+		Version: 8,
+		Up: func(db *r.Term, session r.QueryExecutor, rs *datastore.RethinkStore) error {
+			nws, err := rs.ListNetworks()
+			if err != nil {
+				return err
+			}
+
+			for _, old := range nws {
+				cursor, err := db.Table("partition").Get(old.PartitionID).Run(session)
+				if err != nil {
+					return err
+				}
+				if cursor.IsNil() {
+					_ = cursor.Close()
+					continue
+				}
+				var partition tmpPartition
+				err = cursor.One(&partition)
+				if err != nil {
+					_ = cursor.Close()
+					return err
+				}
+				err = cursor.Close()
+				if err != nil {
+					return err
+				}
+				new := old
+
+				var (
+					af                       metal.AddressFamily
+					defaultChildPrefixLength = metal.ChildPrefixLength{}
+				)
+				// FIXME check all prefixes
+				parsed, err := netip.ParsePrefix(new.Prefixes[0].String())
+				if err != nil {
+					return err
+				}
+				if parsed.Addr().Is4() {
+					af = metal.IPv4AddressFamily
+					defaultChildPrefixLength[af] = 22
+				}
+				if parsed.Addr().Is6() {
+					af = metal.IPv6AddressFamily
+					defaultChildPrefixLength[af] = 64
+				}
+
+				if new.AddressFamilies == nil {
+					new.AddressFamilies = metal.AddressFamilies{}
+				}
+				new.AddressFamilies = metal.AddressFamilies{af}
+
+				if new.PrivateSuper {
+					if new.DefaultChildPrefixLength == nil {
+						new.DefaultChildPrefixLength = make(map[metal.AddressFamily]uint8)
+					}
+					if partition.PrivateNetworkPrefixLength > 0 {
+						new.DefaultChildPrefixLength[af] = partition.PrivateNetworkPrefixLength
+					} else {
+						new.DefaultChildPrefixLength = defaultChildPrefixLength
+					}
+
+				}
+				err = rs.UpdateNetwork(&old, &new)
+				if err != nil {
+					return err
+				}
+			}
+
+			_, err = db.Table("partition").Replace(r.Row.Without("privatenetworkprefixlength")).RunWrite(session)
+			return err
+		},
+	})
+}
@@ -31,7 +31,7 @@ func Test_Migration(t *testing.T) {
 		_ = container.Terminate(context.Background())
 	}()
 
-	log := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelError}))
+	log := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelInfo}))
 
 	rs := datastore.New(log, c.IP+":"+c.Port, c.DB, c.User, c.Password)
 	rs.VRFPoolRangeMin = 10000
@@ -191,3 +191,134 @@ func Test_Migration(t *testing.T) {
 	assert.Equal(t, ec.Events[0].Time.Unix(), lastEventTime.Unix())
 	assert.Equal(t, ec.Events[1].Time.Unix(), now.Unix())
 }
+
+func Test_MigrationChildPrefixLength(t *testing.T) {
+	type tmpPartition struct {
+		ID                         string `rethinkdb:"id"`
+		PrivateNetworkPrefixLength uint8  `rethinkdb:"privatenetworkprefixlength"`
+	}
+
+	container, c, err := test.StartRethink(t)
+	require.NoError(t, err)
+	defer func() {
+		_ = container.Terminate(context.Background())
+	}()
+
+	log := slog.New(slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{Level: slog.LevelDebug}))
+
+	rs := datastore.New(log, c.IP+":"+c.Port, c.DB, c.User, c.Password)
+	// limit poolsize to speed up initialization
+	rs.VRFPoolRangeMin = 10000
+	rs.VRFPoolRangeMax = 10010
+	rs.ASNPoolRangeMin = 10000
+	rs.ASNPoolRangeMax = 10010
+
+	err = rs.Connect()
+	require.NoError(t, err)
+	err = rs.Initialize()
+	require.NoError(t, err)
+
+	var (
+		p1 = &tmpPartition{
+			ID:                         "p1",
+			PrivateNetworkPrefixLength: 22,
+		}
+		p2 = &tmpPartition{
+			ID:                         "p2",
+			PrivateNetworkPrefixLength: 24,
+		}
+		p3 = &tmpPartition{
+			ID: "p3",
+		}
+		n1 = &metal.Network{
+			Base: metal.Base{
+				ID: "n1",
+			},
+			PartitionID: "p1",
+			Prefixes: metal.Prefixes{
+				{IP: "10.0.0.0", Length: "8"},
+			},
+			PrivateSuper: true,
+		}
+		n2 = &metal.Network{
+			Base: metal.Base{
+				ID: "n2",
+			},
+			Prefixes: metal.Prefixes{
+				{IP: "2001::", Length: "64"},
+			},
+			PartitionID:  "p2",
+			PrivateSuper: true,
+		}
+		n3 = &metal.Network{
+			Base: metal.Base{
+				ID: "n3",
+			},
+			Prefixes: metal.Prefixes{
+				{IP: "100.1.0.0", Length: "22"},
+			},
+			PartitionID:  "p2",
+			PrivateSuper: false,
+		}
+		n4 = &metal.Network{
+			Base: metal.Base{
+				ID: "n4",
+			},
+			Prefixes: metal.Prefixes{
+				{IP: "100.1.0.0", Length: "22"},
+			},
+			PartitionID:  "p3",
+			PrivateSuper: true,
+		}
+	)
+	_, err = r.DB("metal").Table("partition").Insert(p1).RunWrite(rs.Session())
+	require.NoError(t, err)
+	_, err = r.DB("metal").Table("partition").Insert(p2).RunWrite(rs.Session())
+	require.NoError(t, err)
+	_, err = r.DB("metal").Table("partition").Insert(p3).RunWrite(rs.Session())
+	require.NoError(t, err)
+
+	err = rs.CreateNetwork(n1)
+	require.NoError(t, err)
+	err = rs.CreateNetwork(n2)
+	require.NoError(t, err)
+	err = rs.CreateNetwork(n3)
+	require.NoError(t, err)
+	err = rs.CreateNetwork(n4)
+	require.NoError(t, err)
+
+	err = rs.Migrate(nil, false)
+	require.NoError(t, err)
+
+	p, err := rs.FindPartition(p1.ID)
+	require.NoError(t, err)
+	require.NotNil(t, p)
+	p, err = rs.FindPartition(p2.ID)
+	require.NoError(t, err)
+	require.NotNil(t, p)
+
+	n1fetched, err := rs.FindNetworkByID(n1.ID)
+	require.NoError(t, err)
+	require.NotNil(t, n1fetched)
+	require.Equal(t, p1.PrivateNetworkPrefixLength, n1fetched.DefaultChildPrefixLength[metal.IPv4AddressFamily], "childprefixlength:%v", n1fetched.DefaultChildPrefixLength)
+	require.Contains(t, n1fetched.AddressFamilies, metal.IPv4AddressFamily)
+
+	n2fetched, err := rs.FindNetworkByID(n2.ID)
+	require.NoError(t, err)
+	require.NotNil(t, n2fetched)
+	require.Equal(t, p2.PrivateNetworkPrefixLength, n2fetched.DefaultChildPrefixLength[metal.IPv6AddressFamily], "childprefixlength:%v", n2fetched.DefaultChildPrefixLength)
+	require.Contains(t, n2fetched.AddressFamilies, metal.IPv6AddressFamily)
+
+	n3fetched, err := rs.FindNetworkByID(n3.ID)
+	require.NoError(t, err)
+	require.NotNil(t, n3fetched)
+	require.Nil(t, n3fetched.DefaultChildPrefixLength)
+	require.Contains(t, n3fetched.AddressFamilies, metal.IPv4AddressFamily)
+
+	n4fetched, err := rs.FindNetworkByID(n4.ID)
+	require.NoError(t, err)
+	require.NotNil(t, n4fetched)
+	require.NotNil(t, n4fetched.DefaultChildPrefixLength)
+	require.Contains(t, n4fetched.AddressFamilies, metal.IPv4AddressFamily)
+	require.Equal(t, uint8(22), n4fetched.DefaultChildPrefixLength[metal.IPv4AddressFamily])
+}
@@ -68,6 +68,9 @@ func (_ *networkTestable) defaultBody(n *metal.Network) *metal.Network {
 	if n.AdditionalAnnouncableCIDRs == nil {
 		n.AdditionalAnnouncableCIDRs = []string{}
 	}
+	if n.AddressFamilies == nil {
+		n.AddressFamilies = metal.AddressFamilies{}
+	}
 	return n
 }
 

@@ -384,7 +384,7 @@ func (rs *RethinkStore) findEntity(query *r.Term, entity interface{}) error {
 	}
 	defer res.Close()
 	if res.IsNil() {
-		return metal.NotFound("no %v with found", getEntityName(entity))
+		return metal.NotFound("no %v found", getEntityName(entity))
 	}
 
 	hasResult := res.Next(entity)

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"net/netip"
 
 	"github.com/metal-stack/metal-api/cmd/metal-api/internal/metal"
 	"github.com/metal-stack/metal-lib/pkg/healthstatus"
@@ -51,10 +52,10 @@ func (i *ipam) AllocateChildPrefix(ctx context.Context, parentPrefix metal.Prefi
 		Length: uint32(childLength),
 	}))
 	if err != nil {
-		return nil, fmt.Errorf("error creating new prefix in ipam: %w", err)
+		return nil, fmt.Errorf("error creating new prefix from:%s in ipam: %w", parentPrefix.String(), err)
 	}
 
-	prefix, err := metal.NewPrefixFromCIDR(ipamPrefix.Msg.Prefix.Cidr)
+	prefix, _, err := metal.NewPrefixFromCIDR(ipamPrefix.Msg.Prefix.Cidr)
 	if err != nil {
 		return nil, fmt.Errorf("error creating prefix from ipam prefix: %w", err)
 	}
@@ -154,14 +155,33 @@ func (i *ipam) PrefixUsage(ctx context.Context, cidr string) (*metal.NetworkUsag
 	if err != nil {
 		return nil, fmt.Errorf("prefix usage for cidr:%s not found %w", cidr, err)
 	}
-
+	pfx, err := netip.ParsePrefix(cidr)
+	if err != nil {
+		return nil, err
+	}
+	af := metal.IPv4AddressFamily
+	if pfx.Addr().Is6() {
+		af = metal.IPv6AddressFamily
+	}
+	availableIPs := metal.AddressFamilyUsage{
+		af: usage.Msg.AvailableIps,
+	}
+	usedIPs := metal.AddressFamilyUsage{
+		af: usage.Msg.AcquiredIps,
+	}
+	availablePrefixes := metal.AddressFamilyUsage{
+		af: usage.Msg.AvailableSmallestPrefixes,
+	}
+	usedPrefixes := metal.AddressFamilyUsage{
+		af: usage.Msg.AcquiredPrefixes,
+	}
 	return &metal.NetworkUsage{
-		AvailableIPs: usage.Msg.AvailableIps,
-		UsedIPs:      usage.Msg.AcquiredIps,
+		AvailableIPs: availableIPs,
+		UsedIPs:      usedIPs,
 		// FIXME add usage.AvailablePrefixList as already done here
 		// https://github.com/metal-stack/metal-api/pull/152/files#diff-fe05f7f1480be933b5c482b74af28c8b9ca7ef2591f8341eb6e6663cbaeda7baR828
-		AvailablePrefixes: usage.Msg.AvailableSmallestPrefixes,
-		UsedPrefixes:      usage.Msg.AcquiredPrefixes,
+		AvailablePrefixes: availablePrefixes,
+		UsedPrefixes:      usedPrefixes,
 	}, nil
 }
 

@@ -215,18 +215,18 @@ func (r EgressRule) Validate() error {
 	case ProtocolTCP, ProtocolUDP:
 		// ok
 	default:
-		return fmt.Errorf("invalid protocol: %s", r.Protocol)
+		return fmt.Errorf("egress rule has invalid protocol: %s", r.Protocol)
 	}
 
 	if err := validateComment(r.Comment); err != nil {
-		return err
+		return fmt.Errorf("egress rule with error:%w", err)
 	}
 	if err := validatePorts(r.Ports); err != nil {
-		return err
+		return fmt.Errorf("egress rule with error:%w", err)
 	}
 
 	if err := validateCIDRs(r.To); err != nil {
-		return err
+		return fmt.Errorf("egress rule with error:%w", err)
 	}
 
 	return nil
@@ -237,23 +237,23 @@ func (r IngressRule) Validate() error {
 	case ProtocolTCP, ProtocolUDP:
 		// ok
 	default:
-		return fmt.Errorf("invalid protocol: %s", r.Protocol)
+		return fmt.Errorf("ingress rule has invalid protocol: %s", r.Protocol)
 	}
 	if err := validateComment(r.Comment); err != nil {
-		return err
+		return fmt.Errorf("ingress rule with error:%w", err)
 	}
 
 	if err := validatePorts(r.Ports); err != nil {
-		return err
+		return fmt.Errorf("ingress rule with error:%w", err)
 	}
 	if err := validateCIDRs(r.To); err != nil {
-		return err
+		return fmt.Errorf("ingress rule with error:%w", err)
 	}
 	if err := validateCIDRs(r.From); err != nil {
-		return err
+		return fmt.Errorf("ingress rule with error:%w", err)
 	}
 	if err := validateCIDRs(slices.Concat(r.From, r.To)); err != nil {
-		return err
+		return fmt.Errorf("ingress rule with error:%w", err)
 	}
 
 	return nil
@@ -287,17 +287,17 @@ func validatePorts(ports []int) error {
 }
 
 func validateCIDRs(cidrs []string) error {
-	af := ""
+	var af AddressFamily
 	for _, cidr := range cidrs {
 		p, err := netip.ParsePrefix(cidr)
 		if err != nil {
 			return fmt.Errorf("invalid cidr: %w", err)
 		}
-		var newaf string
+		var newaf AddressFamily
 		if p.Addr().Is4() {
-			newaf = "ipv4"
-		} else {
-			newaf = "ipv6"
+			newaf = IPv4AddressFamily
+		} else if p.Addr().Is6() {
+			newaf = IPv6AddressFamily
 		}
 		if af != "" && af != newaf {
 			return fmt.Errorf("mixed address family in one rule is not supported:%v", cidrs)