From ab04411f96abdc4cf5c285e07af6589ecb4773a6 Mon Sep 17 00:00:00 2001
From: Abdul Karim <Abdul.Karim@morganstanley.com>
Date: Fri, 15 Dec 2023 16:24:34 +0000
Subject: [PATCH] ncm-network: nmstate - remove config route entry not in
 config instead of merging.

nmstatectl apply does not replace running config instead merges current state config
with desired state. This is not useful when settings have been removed such as policy routing.

'state: absent' will remove config routes entry that matches the interface as next hop
and therefore will only apply the routes configured in host profile profile.
---
 ncm-network/src/main/perl/nmstate.pm       | 18 ++++++++++++++----
 ncm-network/src/test/perl/nmstate_simple.t |  4 ++++
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/ncm-network/src/main/perl/nmstate.pm b/ncm-network/src/main/perl/nmstate.pm
index d2be9ef2b2..b0255f3d0b 100644
--- a/ncm-network/src/main/perl/nmstate.pm
+++ b/ncm-network/src/main/perl/nmstate.pm
@@ -159,6 +159,16 @@ sub make_nm_ip_route
     return \@rt_entry;
 }
 
+# create an absent route entry.
+# if you prepend the routes with the 'absent', then nmstate will clear the existing matches and apply the routes
+# This will allow nmstate to clear all routes for the interface and only apply routes defined in config.
+# useful when routes are changed later on in profile once host is built.
+# return arrayref
+sub make_nm_route_absent {
+    my ($self, $device) = @_;
+    return { 'state' => 'absent', 'next-hop-interface' => $device };
+}
+
 # group all eth bound to a bond together in a hashref for to be used as
 # - port in nmstate config file
 sub get_bonded_eth
@@ -377,13 +387,13 @@ sub generate_nmstate_config
     #     next-hop-interface:
     #  and so on.
     my $routes = [];
+    push @$routes, ($self->make_nm_route_absent($name));
+    push @$routes, \%default_rt if scalar %default_rt;
     if (defined($iface->{route})) {
         $self->verbose("policy route found, nmstate will manage it");
         my $route = $iface->{route};
-        $routes = $self->make_nm_ip_route($name, $route, $routing_table);
-        push @$routes, \%default_rt if scalar %default_rt;
-    } elsif (scalar %default_rt){
-        push @$routes, \%default_rt if scalar %default_rt;
+        my $policyroutes = $self->make_nm_ip_route($name, $route, $routing_table);
+        push @$routes, @{$policyroutes};
     }
 
     my $policy_rule = [];
diff --git a/ncm-network/src/test/perl/nmstate_simple.t b/ncm-network/src/test/perl/nmstate_simple.t
index 6b62c9a0dc..0aed4f7693 100644
--- a/ncm-network/src/test/perl/nmstate_simple.t
+++ b/ncm-network/src/test/perl/nmstate_simple.t
@@ -51,6 +51,10 @@ interfaces:
   name: eth0
   profile-name: eth0
   type: bond
+routes:
+  config:
+  - next-hop-interface: eth0
+    state: absent
 EOF
 
 Readonly my $NOTTOREMOVE => <<EOF;