Merge branch 'master' into auditing-timescaledb

Dockerfile

@@ -1,4 +1,3 @@
-FROM alpine:3.20
-RUN apk -U add ca-certificates
+FROM gcr.io/distroless/static-debian12:nonroot
 COPY bin/metal-api /metal-api
 CMD ["/metal-api"]

cmd/metal-api/internal/metal/network.go

@@ -41,13 +41,14 @@ type MacAddress string
 
 // Nic information.
 type Nic struct {
-	MacAddress MacAddress `rethinkdb:"macAddress" json:"macAddress"`
-	Name       string     `rethinkdb:"name" json:"name"`
-	Identifier string     `rethinkdb:"identifier" json:"identifier"`
-	Vrf        string     `rethinkdb:"vrf" json:"vrf"`
-	Neighbors  Nics       `rethinkdb:"neighbors" json:"neighbors"`
-	Hostname   string     `rethinkdb:"hostname" json:"hostname"`
-	State      *NicState  `rethinkdb:"state" json:"state"`
+	MacAddress   MacAddress          `rethinkdb:"macAddress" json:"macAddress"`
+	Name         string              `rethinkdb:"name" json:"name"`
+	Identifier   string              `rethinkdb:"identifier" json:"identifier"`
+	Vrf          string              `rethinkdb:"vrf" json:"vrf"`
+	Neighbors    Nics                `rethinkdb:"neighbors" json:"neighbors"`
+	Hostname     string              `rethinkdb:"hostname" json:"hostname"`
+	State        *NicState           `rethinkdb:"state" json:"state"`
+	BGPPortState *SwitchBGPPortState `rethinkdb:"bgpPortState" json:"bgpPortState"`
 }
 
 // NicState represents the desired and actual state of a network interface
@@ -59,6 +60,16 @@ type NicState struct {
 	Actual  SwitchPortStatus  `rethinkdb:"actual" json:"actual"`
 }
 
+type SwitchBGPPortState struct {
+	Neighbor              string
+	PeerGroup             string
+	VrfName               string
+	BgpState              string
+	BgpTimerUpEstablished int64
+	SentPrefixCounter     int64
+	AcceptedPrefixCounter int64
+}
+
 // SetState updates the NicState with the given SwitchPortStatus. It returns
 // a new NicState and a bool indicating if the state was changed.
 //

cmd/metal-api/internal/service/switch-service.go

@@ -325,6 +325,43 @@ func (r *switchResource) notifySwitch(request *restful.Request, response *restfu
 		}
 	}
 
+	if requestPayload.BGPPortStates != nil {
+		r.log.Debug("bgp port states received", "id", id, "states", requestPayload.BGPPortStates)
+		for i, nic := range newSwitch.Nics {
+			bpsnew, has := requestPayload.BGPPortStates[nic.Name]
+			if !has && nic.BGPPortState == nil {
+				continue
+			}
+			if !has {
+				newSwitch.Nics[i].BGPPortState = nil
+				switchUpdated = true
+				continue
+			}
+			if nic.BGPPortState != nil &&
+				nic.BGPPortState.Neighbor == bpsnew.Neighbor &&
+				nic.BGPPortState.PeerGroup == bpsnew.PeerGroup &&
+				nic.BGPPortState.VrfName == bpsnew.VrfName &&
+				nic.BGPPortState.BgpState == bpsnew.BgpState &&
+				nic.BGPPortState.BgpTimerUpEstablished == bpsnew.BgpTimerUpEstablished &&
+				nic.BGPPortState.SentPrefixCounter == bpsnew.SentPrefixCounter &&
+				nic.BGPPortState.AcceptedPrefixCounter == bpsnew.AcceptedPrefixCounter {
+				continue
+			}
+
+			r.log.Debug("bgp port state updated", "id", id, "nic", nic.Name, "state", bpsnew)
+			newSwitch.Nics[i].BGPPortState = &metal.SwitchBGPPortState{
+				Neighbor:              bpsnew.Neighbor,
+				PeerGroup:             bpsnew.PeerGroup,
+				VrfName:               bpsnew.VrfName,
+				BgpState:              bpsnew.BgpState,
+				BgpTimerUpEstablished: bpsnew.BgpTimerUpEstablished,
+				SentPrefixCounter:     bpsnew.SentPrefixCounter,
+				AcceptedPrefixCounter: bpsnew.AcceptedPrefixCounter,
+			}
+			switchUpdated = true
+		}
+	}
+
 	if switchUpdated {
 		if err := r.ds.UpdateSwitch(oldSwitch, &newSwitch); err != nil {
 			r.sendError(request, response, defaultError(err))
@@ -1151,12 +1188,13 @@ func (r *switchResource) makeSwitchNics(s *metal.Switch, nws metal.NetworkMap, i
 			filter = &f
 		}
 		nic := v1.SwitchNic{
-			MacAddress: string(n.MacAddress),
-			Name:       n.Name,
-			Identifier: n.Identifier,
-			Vrf:        n.Vrf,
-			BGPFilter:  filter,
-			Actual:     v1.SwitchPortStatusUnknown,
+			MacAddress:   string(n.MacAddress),
+			Name:         n.Name,
+			Identifier:   n.Identifier,
+			Vrf:          n.Vrf,
+			BGPFilter:    filter,
+			Actual:       v1.SwitchPortStatusUnknown,
+			BGPPortState: n.BGPPortState,
 		}
 		if n.State != nil {
 			if n.State.Desired != nil {
@@ -1191,15 +1229,21 @@ func (r *switchResource) makeSwitchCons(s *metal.Switch) []v1.SwitchConnection {
 			// connection map.
 			n := nicMap[mc.Nic.Name]
 			state := metal.SwitchPortStatusUnknown
+			var bps *metal.SwitchBGPPortState
 			if n != nil && n.State != nil {
 				state = n.State.Actual
 			}
+			if n != nil && n.BGPPortState != nil {
+				bps = n.BGPPortState
+			}
+
 			nic := v1.SwitchNic{
-				MacAddress: string(mc.Nic.MacAddress),
-				Name:       mc.Nic.Name,
-				Identifier: mc.Nic.Identifier,
-				Vrf:        mc.Nic.Vrf,
-				Actual:     v1.SwitchPortStatus(state),
+				MacAddress:   string(mc.Nic.MacAddress),
+				Name:         mc.Nic.Name,
+				Identifier:   mc.Nic.Identifier,
+				Vrf:          mc.Nic.Vrf,
+				Actual:       v1.SwitchPortStatus(state),
+				BGPPortState: bps,
 			}
 			con := v1.SwitchConnection{
 				Nic:       nic,

cmd/metal-api/internal/service/v1/switch.go

@@ -40,12 +40,13 @@ type SwitchOS struct {
 type SwitchNics []SwitchNic
 
 type SwitchNic struct {
-	MacAddress string           `json:"mac" description:"the mac address of this network interface"`
-	Name       string           `json:"name" description:"the name of this network interface"`
-	Identifier string           `json:"identifier" description:"the identifier of this network interface"`
-	Vrf        string           `json:"vrf" description:"the vrf this network interface is part of" optional:"true"`
-	BGPFilter  *BGPFilter       `json:"filter" description:"configures the bgp filter applied at the switch port" optional:"true"`
-	Actual     SwitchPortStatus `json:"actual" description:"the current state of the nic" enum:"UP|DOWN|UNKNOWN"`
+	MacAddress   string                    `json:"mac" description:"the mac address of this network interface"`
+	Name         string                    `json:"name" description:"the name of this network interface"`
+	Identifier   string                    `json:"identifier" description:"the identifier of this network interface"`
+	Vrf          string                    `json:"vrf" description:"the vrf this network interface is part of" optional:"true"`
+	BGPFilter    *BGPFilter                `json:"filter" description:"configures the bgp filter applied at the switch port" optional:"true"`
+	Actual       SwitchPortStatus          `json:"actual" description:"the current state of the nic" enum:"UP|DOWN|UNKNOWN"`
+	BGPPortState *metal.SwitchBGPPortState `json:"bgp_port_state" description:"the current bgp port state" optional:"true"`
 }
 
 type BGPFilter struct {
@@ -100,9 +101,20 @@ type SwitchMigrateRequest struct {
 // to the metal-api after a sync operation. It contains the duration of
 // the sync, any error that occurred, and the updated switch port states.
 type SwitchNotifyRequest struct {
-	Duration   time.Duration               `json:"sync_duration" description:"the duration of the switch synchronization"`
-	Error      *string                     `json:"error"`
-	PortStates map[string]SwitchPortStatus `json:"port_states" description:"the current switch port states"`
+	Duration      time.Duration                 `json:"sync_duration" description:"the duration of the switch synchronization"`
+	Error         *string                       `json:"error"`
+	PortStates    map[string]SwitchPortStatus   `json:"port_states" description:"the current switch port states"`
+	BGPPortStates map[string]SwitchBGPPortState `json:"bgp_port_states" description:"the current bgp port states" optional:"true"`
+}
+
+type SwitchBGPPortState struct {
+	Neighbor              string
+	PeerGroup             string
+	VrfName               string
+	BgpState              string
+	BgpTimerUpEstablished int64
+	SentPrefixCounter     int64
+	AcceptedPrefixCounter int64
 }
 
 type SwitchNotifyResponse struct {