[NX-OS] Implement support for PrefixSet on Cisco NX-OS

felix-kaestner · felix-kaestner · commit 5184b8c26443 · 2025-12-04T18:26:32.000+01:00
diff --git a/internal/provider/cisco/nxos/prefix.go b/internal/provider/cisco/nxos/prefix.go
@@ -0,0 +1,47 @@
+// SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package nxos
+
+import (
+	"github.com/ironcore-dev/network-operator/internal/provider/cisco/gnmiext/v2"
+)
+
+var _ gnmiext.Configurable = (*PrefixList)(nil)
+
+type PrefixList struct {
+	Name     string `json:"name"`
+	EntItems struct {
+		EntryList gnmiext.List[int32, *PrefixEntry] `json:"Entry-list"`
+	} `json:"ent-items"`
+	// Is6 indicates whether this is an IPv6 prefix list. This field is not serialized to JSON
+	// and is only used internally to determine the correct XPath for the prefix list.
+	Is6 bool `json:"-"`
+}
+
+func (*PrefixList) IsListItem() {}
+
+func (p *PrefixList) XPath() string {
+	if p.Is6 {
+		return "System/rpm-items/pfxlistv6-items/RuleV6-list[name=" + p.Name + "]"
+	}
+	return "System/rpm-items/pfxlistv4-items/RuleV4-list[name=" + p.Name + "]"
+}
+
+type PrefixEntry struct {
+	Action     Action   `json:"action"`
+	Criteria   Criteria `json:"criteria"`
+	FromPfxLen int8     `json:"fromPfxLen"`
+	Order      int32    `json:"order"`
+	Pfx        string   `json:"pfx"`
+	ToPfxLen   int8     `json:"toPfxLen"`
+}
+
+func (e *PrefixEntry) Key() int32 { return e.Order }
+
+type Criteria string
+
+const (
+	CriteriaExact   Criteria = "exact"
+	CriteriaInexact Criteria = "inexact"
+)
diff --git a/internal/provider/cisco/nxos/prefix_test.go b/internal/provider/cisco/nxos/prefix_test.go
@@ -0,0 +1,18 @@
+// SPDX-FileCopyrightText: 2025 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package nxos
+
+func init() {
+	p := &PrefixList{}
+	p.Name = "TEST"
+	p.EntItems.EntryList.Set(&PrefixEntry{
+		Order:      10,
+		Action:     ActionPermit,
+		Criteria:   CriteriaInexact,
+		Pfx:        "10.0.0.0/8",
+		FromPfxLen: 24,
+		ToPfxLen:   24,
+	})
+	Register("prefix", p)
+}
diff --git a/internal/provider/cisco/nxos/provider.go b/internal/provider/cisco/nxos/provider.go
@@ -51,6 +51,7 @@ var (
 	_ provider.OSPFProvider             = (*Provider)(nil)
 	_ provider.PIMProvider              = (*Provider)(nil)
 	_ provider.SNMPProvider             = (*Provider)(nil)
+	_ provider.PrefixSetProvider        = (*Provider)(nil)
 	_ provider.SyslogProvider           = (*Provider)(nil)
 	_ provider.UserProvider             = (*Provider)(nil)
 	_ provider.VLANProvider             = (*Provider)(nil)
@@ -1590,6 +1591,36 @@ func (p *Provider) DeletePIM(ctx context.Context, _ *provider.DeletePIMRequest)
 	return p.client.Delete(ctx, new(StaticRPItems), new(AnycastPeerItems), new(PIMIfItems))
 }
 
+func (p *Provider) EnsurePrefixSet(ctx context.Context, req *provider.PrefixSetRequest) error {
+	s := new(PrefixList)
+	s.Name = req.PrefixSet.Spec.Name
+	s.Is6 = req.PrefixSet.Is6()
+	for _, entry := range req.PrefixSet.Spec.Entries {
+		e := new(PrefixEntry)
+		e.Action = ActionPermit
+		e.Criteria = CriteriaExact
+		e.Order = entry.Sequence
+		e.Pfx = entry.Prefix.String()
+		bits := int8(entry.Prefix.Bits()) // #nosec G115
+		if entry.MaskLengthRange != nil && (entry.MaskLengthRange.Min != bits || entry.MaskLengthRange.Max != bits) {
+			e.Criteria = CriteriaInexact
+			e.ToPfxLen = entry.MaskLengthRange.Max
+			if entry.MaskLengthRange.Min != bits {
+				e.FromPfxLen = entry.MaskLengthRange.Min
+			}
+		}
+		s.EntItems.EntryList.Set(e)
+	}
+	return p.client.Update(ctx, s)
+}
+
+func (p *Provider) DeletePrefixSet(ctx context.Context, req *provider.PrefixSetRequest) error {
+	s := new(PrefixList)
+	s.Name = req.PrefixSet.Spec.Name
+	s.Is6 = req.PrefixSet.Is6()
+	return p.client.Delete(ctx, s)
+}
+
 func (p *Provider) EnsureUser(ctx context.Context, req *provider.EnsureUserRequest) error {
 	u := new(User)
 	u.AllowExpired = "no"
diff --git a/internal/provider/cisco/nxos/testdata/prefix.json b/internal/provider/cisco/nxos/testdata/prefix.json
@@ -0,0 +1,23 @@
+{
+  "rpm-items": {
+    "pfxlistv4-items": {
+      "RuleV4-list": [
+        {
+          "name": "TEST",
+          "ent-items": {
+            "Entry-list": [
+              {
+                "action": "permit",
+                "criteria": "inexact",
+                "fromPfxLen": 24,
+                "order": 10,
+                "pfx": "10.0.0.0/8",
+                "toPfxLen": 24
+              }
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
diff --git a/internal/provider/cisco/nxos/testdata/prefix.json.txt b/internal/provider/cisco/nxos/testdata/prefix.json.txt
@@ -0,0 +1 @@
+ip prefix-list TEST seq 10 permit 10.0.0.0/8 eq 24

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ip prefix-list TEST seq 10 permit 10.0.0.0/8 eq 24`