feat: gw ext peering with setup-peerings

edipascale · edipascale · commit af79c5eff32e · 2025-11-03T10:55:02.000+01:00
Signed-off-by: Emanuele Di Pascale &lt;emanuele@githedgehog.com&gt;
diff --git a/pkg/hhfab/testing.go b/pkg/hhfab/testing.go
@@ -859,6 +859,10 @@ func (c *Config) SetupPeerings(ctx context.Context, vlab *VLAB, opts SetupPeerin
 	if err := kube.List(ctx, externalList); err != nil {
 		return fmt.Errorf("listing externals: %w", err)
 	}
+	externals := map[string]*vpcapi.External{}
+	for _, ext := range externalList.Items {
+		externals[ext.Name] = &ext
+	}
 
 	switchGroupList := &wiringapi.SwitchGroupList{}
 	if err := kube.List(ctx, switchGroupList); err != nil {
@@ -1021,6 +1025,9 @@ func (c *Config) SetupPeerings(ctx context.Context, vlab *VLAB, opts SetupPeerin
 			if ext == "" {
 				return fmt.Errorf("invalid external peering request %s, external should be non-empty", reqName)
 			}
+			if _, ok := externals[ext]; !ok {
+				return fmt.Errorf("external %s not found for external peering", ext)
+			}
 
 			if !strings.HasPrefix(vpc, "vpc-") {
 				if vpcID, err := strconv.ParseUint(vpc, 10, 64); err == nil {
@@ -1030,19 +1037,9 @@ func (c *Config) SetupPeerings(ctx context.Context, vlab *VLAB, opts SetupPeerin
 				vpc = "vpc-" + vpc
 			}
 
-			extPeering := &vpcapi.ExternalPeeringSpec{
-				Permit: vpcapi.ExternalPeeringSpecPermit{
-					VPC: vpcapi.ExternalPeeringSpecVPC{
-						Name:    vpc,
-						Subnets: []string{},
-					},
-					External: vpcapi.ExternalPeeringSpecExternal{
-						Name:     ext,
-						Prefixes: []vpcapi.ExternalPeeringSpecPrefix{},
-					},
-				},
-			}
-
+			gw := false
+			vpcSubnets := []string{}
+			extPrefixes := []string{}
 			for idx, option := range parts[1:] {
 				parts := strings.Split(option, "=")
 				if len(parts) > 2 {
@@ -1055,54 +1052,105 @@ func (c *Config) SetupPeerings(ctx context.Context, vlab *VLAB, opts SetupPeerin
 					optValue = parts[1]
 				}
 
-				if optName == "vpc_subnets" || optName == "subnets" || optName == "s" {
+				switch optName {
+				case "gw", "gateway":
+					gw = true
+				case "vpc-subnets", "subnets", "s":
 					if optValue == "" {
 						return fmt.Errorf("invalid external peering option #%d %s, VPC subnet names should be non-empty", idx, option)
 					}
-
-					extPeering.Permit.VPC.Subnets = append(extPeering.Permit.VPC.Subnets, strings.Split(optValue, ",")...)
-				} else if optName == "ext_prefixes" || optName == "prefixes" || optName == "p" {
+					vpcSubnets = strings.Split(optValue, ",")
+				case "ext-prefixes", "prefixes", "p":
 					if optValue == "" {
 						return fmt.Errorf("invalid external peering option #%d %s, external prefixes should be non-empty", idx, option)
 					}
+					extPrefixes = strings.Split(optValue, ",")
+				default:
+					return fmt.Errorf("invalid peering option #%d %s", idx, option)
+				}
+			}
 
-					for _, rawPrefix := range strings.Split(optValue, ",") {
-						prefix := vpcapi.ExternalPeeringSpecPrefix{
-							Prefix: rawPrefix,
+			if !gw {
+				extPeering := &vpcapi.ExternalPeeringSpec{
+					Permit: vpcapi.ExternalPeeringSpecPermit{
+						VPC: vpcapi.ExternalPeeringSpecVPC{
+							Name:    vpc,
+							Subnets: vpcSubnets,
+						},
+						External: vpcapi.ExternalPeeringSpecExternal{
+							Name:     ext,
+							Prefixes: []vpcapi.ExternalPeeringSpecPrefix{},
+						},
+					},
+				}
+				for idx, rawPrefix := range extPrefixes {
+					prefix := vpcapi.ExternalPeeringSpecPrefix{
+						Prefix: rawPrefix,
+					}
+					if strings.Contains(rawPrefix, "_") {
+						prefixParts := strings.Split(rawPrefix, "_")
+						if len(prefixParts) > 1 {
+							return fmt.Errorf("invalid external peering option #%d, external prefix should be in format 1.2.3.4/24 (found %s)", idx, rawPrefix)
 						}
-						if strings.Contains(rawPrefix, "_") {
-							prefixParts := strings.Split(rawPrefix, "_")
-							if len(prefixParts) > 1 {
-								return fmt.Errorf("invalid external peering option #%d %s, external prefix should be in format 1.2.3.4/24", idx, option)
-							}
 
-							prefix.Prefix = prefixParts[0]
-						}
+						prefix.Prefix = prefixParts[0]
+					}
 
-						extPeering.Permit.External.Prefixes = append(extPeering.Permit.External.Prefixes, prefix)
+					extPeering.Permit.External.Prefixes = append(extPeering.Permit.External.Prefixes, prefix)
+				}
+				if len(extPeering.Permit.VPC.Subnets) == 0 {
+					extPeering.Permit.VPC.Subnets = []string{"default"}
+				}
+				slices.Sort(extPeering.Permit.VPC.Subnets)
+
+				if len(extPeering.Permit.External.Prefixes) == 0 {
+					extPeering.Permit.External.Prefixes = []vpcapi.ExternalPeeringSpecPrefix{
+						{
+							Prefix: "0.0.0.0/0",
+						},
 					}
-				} else {
-					return fmt.Errorf("invalid external peering option #%d %s", idx, option)
 				}
-			}
+				slices.SortFunc(extPeering.Permit.External.Prefixes, func(a, b vpcapi.ExternalPeeringSpecPrefix) int {
+					return strings.Compare(a.Prefix, b.Prefix)
+				})
 
-			if len(extPeering.Permit.VPC.Subnets) == 0 {
-				extPeering.Permit.VPC.Subnets = []string{"default"}
-			}
-			slices.Sort(extPeering.Permit.VPC.Subnets)
+				externalPeerings[fmt.Sprintf("%s--%s", vpc, ext)] = extPeering
+			} else {
+				vpcExpose := gwapi.PeeringEntryExpose{}
+				if vpc1, ok := vpcs[vpc]; ok {
+					for subnetName, subnet := range vpc1.Spec.Subnets {
+						if len(vpcSubnets) > 0 && !slices.Contains(vpcSubnets, subnetName) {
+							continue
+						}
+						vpcExpose.IPs = append(vpcExpose.IPs, gwapi.PeeringEntryIP{CIDR: subnet.Subnet})
+					}
+				}
+
+				ips := []gwapi.PeeringEntryIP{}
+				for idx, p := range extPrefixes {
+					if _, err := netip.ParsePrefix(p); err != nil {
+						return fmt.Errorf("invalid external peering option #%d, external prefix %q is not valid: %w", idx, p, err)
+					}
+					ips = append(ips, gwapi.PeeringEntryIP{CIDR: p})
+				}
+				if len(ips) == 0 {
+					ips = append(ips, gwapi.PeeringEntryIP{CIDR: "0.0.0.0/0"})
+				}
+				extExpose := gwapi.PeeringEntryExpose{
+					IPs: ips,
+				}
 
-			if len(extPeering.Permit.External.Prefixes) == 0 {
-				extPeering.Permit.External.Prefixes = []vpcapi.ExternalPeeringSpecPrefix{
-					{
-						Prefix: "0.0.0.0/0",
+				gwPeerings[fmt.Sprintf("%s--%s", vpc, ext)] = &gwapi.PeeringSpec{
+					Peering: map[string]*gwapi.PeeringEntry{
+						vpc: {
+							Expose: []gwapi.PeeringEntryExpose{vpcExpose},
+						},
+						ext: {
+							Expose: []gwapi.PeeringEntryExpose{extExpose},
+						},
 					},
 				}
 			}
-			slices.SortFunc(extPeering.Permit.External.Prefixes, func(a, b vpcapi.ExternalPeeringSpecPrefix) int {
-				return strings.Compare(a.Prefix, b.Prefix)
-			})
-
-			externalPeerings[fmt.Sprintf("%s--%s", vpc, ext)] = extPeering
 		} else {
 			return fmt.Errorf("invalid request name %s", reqName)
 		}
