review updates

dswaffordcw · dswaffordcw · commit 89042d2aca0c · 2024-12-12T21:58:52.000-08:00
diff --git a/pkg/bgpv1/manager/reconcilerv2/service.go b/pkg/bgpv1/manager/reconcilerv2/service.go
@@ -280,10 +280,11 @@ func (r *ServiceReconciler) getDesiredSvcRoutePolicies(p ReconcileParams, desire
 				if lbPolicy != nil {
 					currentLbPolicy := desiredSvcRoutePolicies[lbPolicy.Name]
 					if currentLbPolicy != nil {
-						r.handleOverlappingDesiredSvcRoutePolicies(currentLbPolicy, lbPolicy, advert)
-					} else {
-						desiredSvcRoutePolicies[lbPolicy.Name] = lbPolicy
+						if lbPolicy, err = mergeRoutePolicies(currentLbPolicy, lbPolicy); err != nil {
+							return nil, err
+						}
 					}
+					desiredSvcRoutePolicies[lbPolicy.Name] = lbPolicy
 				}
 
 				// ExternalIP
@@ -294,10 +295,11 @@ func (r *ServiceReconciler) getDesiredSvcRoutePolicies(p ReconcileParams, desire
 				if extPolicy != nil {
 					currentExtPolicy := desiredSvcRoutePolicies[extPolicy.Name]
 					if currentExtPolicy != nil {
-						r.handleOverlappingDesiredSvcRoutePolicies(currentExtPolicy, extPolicy, advert)
-					} else {
-						desiredSvcRoutePolicies[extPolicy.Name] = extPolicy
+						if extPolicy, err = mergeRoutePolicies(currentExtPolicy, extPolicy); err != nil {
+							return nil, err
+						}
 					}
+					desiredSvcRoutePolicies[extPolicy.Name] = extPolicy
 				}
 
 				// ClusterIP
@@ -308,10 +310,11 @@ func (r *ServiceReconciler) getDesiredSvcRoutePolicies(p ReconcileParams, desire
 				if clusterPolicy != nil {
 					currentClusterPolicy := desiredSvcRoutePolicies[clusterPolicy.Name]
 					if currentClusterPolicy != nil {
-						r.handleOverlappingDesiredSvcRoutePolicies(currentClusterPolicy, clusterPolicy, advert)
-					} else {
-						desiredSvcRoutePolicies[clusterPolicy.Name] = clusterPolicy
+						if clusterPolicy, err = mergeRoutePolicies(currentClusterPolicy, clusterPolicy); err != nil {
+							return nil, err
+						}
 					}
+					desiredSvcRoutePolicies[clusterPolicy.Name] = clusterPolicy
 				}
 			}
 		}
@@ -320,70 +323,6 @@ func (r *ServiceReconciler) getDesiredSvcRoutePolicies(p ReconcileParams, desire
 	return desiredSvcRoutePolicies, nil
 }
 
-// handleOverlappingDesiredSvcRoutePolicies handles the case of a desired BGP advertisement that overlaps a previous
-// selector match. Overlaps are handled as additive operations for attributes that can be unioned (standard and large
-// communities). If local preference was set, it remains set to the first advertisement matched.
-//
-// This function modifies existingPolicy to contain the unions described above.
-func (r *ServiceReconciler) handleOverlappingDesiredSvcRoutePolicies(
-	existingPolicy *types.RoutePolicy,
-	candidatePolicy *types.RoutePolicy,
-	advert v2alpha1.BGPAdvertisement,
-) {
-
-	// For tests, we must maintain the original order.  Communities will hold
-	// the unique set of standard communities defined across both policies.
-	communities := []string{}
-	communitiesSeen := sets.New[string]()
-
-	largeCommunities := []string{}
-	largeCommunitiesSeen := sets.New[string]()
-
-	// Extract the existing policy's communities
-	for _, statement := range existingPolicy.Statements {
-		communities = append(communities, statement.Actions.AddCommunities...)
-		communitiesSeen.Insert(statement.Actions.AddCommunities...)
-
-		largeCommunities = append(largeCommunities, statement.Actions.AddLargeCommunities...)
-		largeCommunitiesSeen.Insert(statement.Actions.AddLargeCommunities...)
-	}
-	logMessagePreviousCommunities := fmt.Sprint(communities)
-	logMessagePreviousLargeCommunities := fmt.Sprint(largeCommunities)
-
-	// Extract this policy's communities
-	for _, statement := range candidatePolicy.Statements {
-		for _, community := range statement.Actions.AddCommunities {
-			if communitiesSeen.Has(community) {
-				continue
-			}
-			communities = append(communities, community)
-		}
-
-		for _, largeCommunity := range statement.Actions.AddLargeCommunities {
-			if largeCommunitiesSeen.Has(largeCommunity) {
-				continue
-			}
-			largeCommunities = append(largeCommunities, largeCommunity)
-		}
-	}
-
-	// Update the existing policy's communities to be the updated sequence created above
-	for _, statement := range existingPolicy.Statements {
-		statement.Actions.AddCommunities = communities
-		statement.Actions.AddLargeCommunities = largeCommunities
-	}
-
-	r.logger.Debugf(
-		"Desired bgp advertisement advertisementType=%s, service.addresses=%s, selector=%s "+
-			"overlaps with previous match. Overlaps are handled as additive operations for "+
-			"attributes that can be unioned. Previous match sets communities=%s, largeCommunities=%s. "+
-			"Updated policy sets communities=%s, largeCommunities=%s. If local preference was set, "+
-			"it remains set to the first advertisement matched.",
-		advert.AdvertisementType, advert.Service.Addresses, advert.Selector.String(),
-		logMessagePreviousCommunities, logMessagePreviousLargeCommunities, communities, largeCommunities,
-	)
-}
-
 func (r *ServiceReconciler) reconcilePaths(ctx context.Context, p ReconcileParams, desiredSvcPaths ResourceAFPathsMap) error {
 	var err error
 	metadata := r.getMetadata(p.BGPInstance)
@@ -932,6 +871,79 @@ func checkServiceAdvertisement(advert v2alpha1.BGPAdvertisement, advertServiceTy
 	return true, nil
 }
 
+func mergeRoutePolicies(policyA *types.RoutePolicy, policyB *types.RoutePolicy) (*types.RoutePolicy, error) {
+	if policyA == nil || policyB == nil {
+		return nil, fmt.Errorf("route policy is nil")
+	}
+	if policyA.Name != policyB.Name {
+		return nil, fmt.Errorf("route policy names do not match")
+	}
+	if policyA.Type != policyB.Type {
+		return nil, fmt.Errorf("route policy types do not match")
+	}
+
+	communities := sets.NewString()
+	largeCommunities := sets.NewString()
+	mergedPolicy := &types.RoutePolicy{
+		Name:       policyA.Name,
+		Type:       policyA.Type,
+		Statements: []*types.RoutePolicyStatement{},
+	}
+	routePolicyConditionsSeen := sets.NewString()
+
+	// Extract the first policy's statements and communities
+	for _, statement := range policyA.Statements {
+		mergedPolicy.Statements = append(mergedPolicy.Statements, &types.RoutePolicyStatement{
+			// statement.Actions and .Conditions are values, not pointers
+			Actions:    statement.Actions,
+			Conditions: statement.Conditions,
+		})
+		communities.Insert(statement.Actions.AddCommunities...)
+		largeCommunities.Insert(statement.Actions.AddLargeCommunities...)
+		routePolicyConditionsSeen.Insert(statement.Conditions.String())
+	}
+
+	// Extract the second policy's communities non-overlapping statements, and communities from all statements
+	for _, statement := range policyB.Statements {
+		if !routePolicyConditionsSeen.Has(statement.Conditions.String()) {
+			mergedPolicy.Statements = append(mergedPolicy.Statements, &types.RoutePolicyStatement{
+				// statement.Actions and .Conditions are values, not pointers
+				Actions:    statement.Actions,
+				Conditions: statement.Conditions,
+			})
+		}
+		for _, community := range statement.Actions.AddCommunities {
+			communities.Insert(community)
+		}
+		for _, largeCommunity := range statement.Actions.AddLargeCommunities {
+			largeCommunities.Insert(largeCommunity)
+		}
+	}
+
+	bestLocalPreference := int64(0)
+	localPreferenceDefaultValue := int64(0)
+	for _, statement := range mergedPolicy.Statements {
+		if statement.Actions.RouteAction != types.RoutePolicyActionAccept {
+			continue
+		}
+		if len(statement.Actions.AddCommunities) != 0 {
+			statement.Actions.AddCommunities = communities.List()
+		}
+		if len(statement.Actions.AddLargeCommunities) != 0 {
+			statement.Actions.AddLargeCommunities = largeCommunities.List()
+		}
+		// RFC 4271 states "The higher degree of preference MUST be preferred."
+		localPreference := *statement.Actions.SetLocalPreference
+		if localPreference != localPreferenceDefaultValue &&
+			localPreference > bestLocalPreference {
+			bestLocalPreference = localPreference
+		} else {
+			statement.Actions.SetLocalPreference = &bestLocalPreference
+		}
+	}
+	return mergedPolicy, nil
+}
+
 func serviceLabelSet(svc *slim_corev1.Service) labels.Labels {
 	svcLabels := maps.Clone(svc.Labels)
 	if svcLabels == nil {
diff --git a/pkg/bgpv1/manager/reconcilerv2/service_test.go b/pkg/bgpv1/manager/reconcilerv2/service_test.go
@@ -1018,7 +1018,7 @@ func Test_ServiceExternalIPReconciler(t *testing.T) {
 									Conditions: redPeer65001v4ExtRP.Statements[0].Conditions,
 									Actions: types.RoutePolicyActions{
 										RouteAction:         types.RoutePolicyActionAccept,
-										AddCommunities:      []string{"101:101", "no-export", "202:202", "303:303"},
+										AddCommunities:      []string{"101:101", "202:202", "303:303", "no-export"},
 										AddLargeCommunities: []string{"1111:1111:1111", "2222:2222:2222", "3333:3333:3333"},
 										SetLocalPreference:  &localPrefHigh,
 									},
@@ -1033,7 +1033,7 @@ func Test_ServiceExternalIPReconciler(t *testing.T) {
 									Conditions: redPeer65001v6ExtRP.Statements[0].Conditions,
 									Actions: types.RoutePolicyActions{
 										RouteAction:         types.RoutePolicyActionAccept,
-										AddCommunities:      []string{"101:101", "no-export", "202:202", "303:303"},
+										AddCommunities:      []string{"101:101", "202:202", "303:303", "no-export"},
 										AddLargeCommunities: []string{"1111:1111:1111", "2222:2222:2222", "3333:3333:3333"},
 										SetLocalPreference:  &localPrefHigh,
 									},
@@ -1318,7 +1318,7 @@ func Test_ServiceClusterIPReconciler(t *testing.T) {
 									Conditions: redPeer65001v4ClusterRP.Statements[0].Conditions,
 									Actions: types.RoutePolicyActions{
 										RouteAction:         types.RoutePolicyActionAccept,
-										AddCommunities:      []string{"101:101", "no-export", "202:202", "303:303"},
+										AddCommunities:      []string{"101:101", "202:202", "303:303", "no-export"},
 										AddLargeCommunities: []string{"1111:1111:1111", "2222:2222:2222", "3333:3333:3333"},
 										SetLocalPreference:  &localPrefHigh,
 									},
@@ -1333,7 +1333,7 @@ func Test_ServiceClusterIPReconciler(t *testing.T) {
 									Conditions: redPeer65001v6ClusterRP.Statements[0].Conditions,
 									Actions: types.RoutePolicyActions{
 										RouteAction:         types.RoutePolicyActionAccept,
-										AddCommunities:      []string{"101:101", "no-export", "202:202", "303:303"},
+										AddCommunities:      []string{"101:101", "202:202", "303:303", "no-export"},
 										AddLargeCommunities: []string{"1111:1111:1111", "2222:2222:2222", "3333:3333:3333"},
 										SetLocalPreference:  &localPrefHigh,
 									},
@@ -1774,8 +1774,6 @@ func Test_ServiceVIPSharing(t *testing.T) {
 		upsertEPs        []*k8s.Endpoints
 		expectedMetadata ServiceReconcilerMetadata
 	}{
-		// Note: one or more tests below leave artifacts behind that later tests in
-		// the same sequence depend on. Order is significant.
 		{
 			name: "Add service 1 (LoadBalancer) with advertisement",
 			upsertAdverts: []*v2alpha1.CiliumBGPAdvertisement{
@@ -2043,7 +2041,7 @@ func Test_ServiceVIPSharing(t *testing.T) {
 									Conditions: redPeer65001v4LBRP.Statements[0].Conditions,
 									Actions: types.RoutePolicyActions{
 										RouteAction:         types.RoutePolicyActionAccept,
-										AddCommunities:      []string{"101:101", "no-export", "202:202"},
+										AddCommunities:      []string{"101:101", "202:202", "no-export"},
 										AddLargeCommunities: []string{"1111:1111:1111", "2222:2222:2222"},
 										SetLocalPreference:  &localPrefHigh,
 									},
@@ -2058,7 +2056,7 @@ func Test_ServiceVIPSharing(t *testing.T) {
 									Conditions: redPeer65001v6LBRP.Statements[0].Conditions,
 									Actions: types.RoutePolicyActions{
 										RouteAction:         types.RoutePolicyActionAccept,
-										AddCommunities:      []string{"101:101", "no-export", "202:202"},
+										AddCommunities:      []string{"101:101", "202:202", "no-export"},
 										AddLargeCommunities: []string{"1111:1111:1111", "2222:2222:2222"},
 										SetLocalPreference:  &localPrefHigh,
 									},
@@ -2141,6 +2139,30 @@ func Test_ServiceVIPSharing(t *testing.T) {
 	}
 }
 
+func Test_mergeRoutePolicies(t *testing.T) {
+	tests := []struct {
+		name string
+	}{
+		{
+			name: "nil policies",
+		},
+		{
+			name: "deduplication of communities",
+		},
+		{
+			name: "local preference",
+		},
+		{
+			name: "edge case #1",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+		})
+	}
+}
+
 func serviceMetadataEqual(req *require.Assertions, expectedMetadata, runningMetadata ServiceReconcilerMetadata) {
 	req.Truef(PeerAdvertisementsEqual(expectedMetadata.ServiceAdvertisements, runningMetadata.ServiceAdvertisements),
 		"ServiceAdvertisements mismatch, expected: %v, got: %v", expectedMetadata.ServiceAdvertisements, runningMetadata.ServiceAdvertisements)
diff --git a/pkg/bgpv1/types/bgp.go b/pkg/bgpv1/types/bgp.go
@@ -6,6 +6,7 @@ package types
 import (
 	"context"
 	"net/netip"
+	"strings"
 
 	"github.com/osrg/gobgp/v3/pkg/packet/bgp"
 
@@ -114,6 +115,19 @@ type RoutePolicyConditions struct {
 	MatchFamilies []Family
 }
 
+// String() constructs a string identifier
+func (r RoutePolicyConditions) String() string {
+	values := []string{}
+	values = append(values, r.MatchNeighbors...)
+	for _, family := range r.MatchFamilies {
+		values = append(values, family.String())
+	}
+	for _, prefix := range r.MatchPrefixes {
+		values = append(values, prefix.CIDR.String())
+	}
+	return strings.Join(values, "-")
+}
+
 // RoutePolicyAction defines the action taken on a route matched by a routing policy.
 type RoutePolicyAction int
 
diff --git a/pkg/bgpv1/types/bgp_test.go b/pkg/bgpv1/types/bgp_test.go
