From 3f595e5d47a78cb38c891567aa5d66ac6d5dc62b Mon Sep 17 00:00:00 2001
From: aapostoliuk <108394744+aapostoliuk@users.noreply.github.com>
Date: Tue, 18 Mar 2025 17:26:06 +0200
Subject: bgp: T7157: Allow using route-maps for VRF route leaking in BGP
 (#4404)

* bgp: T7157: Allow using route-maps for VRF route leaking in BGP

Added the possibility of using route-map in route leaking.

* Improve the constraint error message

---------

Co-authored-by: Daniil Baturin <daniil@baturin.org>
---
 data/templates/frr/bgpd.frr.j2                     |  3 ++
 .../include/bgp/afi-route-map-export-import.xml.i  | 34 --------------------
 .../include/bgp/afi-route-map-export.xml.i         | 18 +++++++++++
 .../include/bgp/afi-route-map-import.xml.i         | 18 +++++++++++
 .../include/bgp/afi-route-map-vpn.xml.i            |  3 +-
 .../include/bgp/afi-route-map-vrf.xml.i            | 17 ++++++++++
 .../include/bgp/afi-route-map.xml.i                |  3 +-
 .../include/bgp/protocol-common-config.xml.i       |  1 +
 smoketest/scripts/cli/test_protocols_bgp.py        | 36 ++++++++++++++++++++++
 src/conf_mode/protocols_bgp.py                     | 11 ++++++-
 10 files changed, 107 insertions(+), 37 deletions(-)
 delete mode 100644 interface-definitions/include/bgp/afi-route-map-export-import.xml.i
 create mode 100644 interface-definitions/include/bgp/afi-route-map-export.xml.i
 create mode 100644 interface-definitions/include/bgp/afi-route-map-import.xml.i
 create mode 100644 interface-definitions/include/bgp/afi-route-map-vrf.xml.i

diff --git a/data/templates/frr/bgpd.frr.j2 b/data/templates/frr/bgpd.frr.j2
index 3b462b4a9..b89f15be1 100644
--- a/data/templates/frr/bgpd.frr.j2
+++ b/data/templates/frr/bgpd.frr.j2
@@ -357,6 +357,9 @@ router bgp {{ system_as }} {{ 'vrf ' ~ vrf if vrf is vyos_defined }}
   import vrf {{ vrf }}
 {%             endfor %}
 {%         endif %}
+{%         if afi_config.route_map.vrf.import is vyos_defined %}
+  import vrf route-map {{ afi_config.route_map.vrf.import }}
+{%         endif %}
 {%         if afi_config.label.vpn.export is vyos_defined %}
   label vpn export {{ afi_config.label.vpn.export }}
 {%         endif %}
diff --git a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i b/interface-definitions/include/bgp/afi-route-map-export-import.xml.i
deleted file mode 100644
index 388991241..000000000
--- a/interface-definitions/include/bgp/afi-route-map-export-import.xml.i
+++ /dev/null
@@ -1,34 +0,0 @@
-<!-- include start from bgp/afi-route-map.xml.i -->
-<leafNode name="export">
-  <properties>
-    <help>Route-map to filter outgoing route updates</help>
-    <completionHelp>
-      <path>policy route-map</path>
-    </completionHelp>
-    <valueHelp>
-      <format>txt</format>
-      <description>Route map name</description>
-    </valueHelp>
-    <constraint>
-      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
-    </constraint>
-    <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
-  </properties>
-</leafNode>
-<leafNode name="import">
-  <properties>
-    <help>Route-map to filter incoming route updates</help>
-    <completionHelp>
-      <path>policy route-map</path>
-    </completionHelp>
-    <valueHelp>
-      <format>txt</format>
-      <description>Route map name</description>
-    </valueHelp>
-    <constraint>
-      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
-    </constraint>
-    <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
-  </properties>
-</leafNode>
-<!-- include end -->
diff --git a/interface-definitions/include/bgp/afi-route-map-export.xml.i b/interface-definitions/include/bgp/afi-route-map-export.xml.i
new file mode 100644
index 000000000..94d77caf2
--- /dev/null
+++ b/interface-definitions/include/bgp/afi-route-map-export.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from bgp/afi-route-map-export.xml.i -->
+<leafNode name="export">
+  <properties>
+    <help>Route-map to filter outgoing route updates</help>
+    <completionHelp>
+      <path>policy route-map</path>
+    </completionHelp>
+    <valueHelp>
+      <format>txt</format>
+      <description>Route map name</description>
+    </valueHelp>
+    <constraint>
+      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+    </constraint>
+    <constraintErrorMessage>Route map names can only contain alphanumeric characters, hyphens, and underscores</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/bgp/afi-route-map-import.xml.i b/interface-definitions/include/bgp/afi-route-map-import.xml.i
new file mode 100644
index 000000000..a1b154fcd
--- /dev/null
+++ b/interface-definitions/include/bgp/afi-route-map-import.xml.i
@@ -0,0 +1,18 @@
+<!-- include start from bgp/afi-route-map-import.xml.i -->
+<leafNode name="import">
+  <properties>
+    <help>Route-map to filter incoming route updates</help>
+    <completionHelp>
+      <path>policy route-map</path>
+    </completionHelp>
+    <valueHelp>
+      <format>txt</format>
+      <description>Route map name</description>
+    </valueHelp>
+    <constraint>
+      #include <include/constraint/alpha-numeric-hyphen-underscore-dot.xml.i>
+    </constraint>
+    <constraintErrorMessage>Name of route-map can only contain alpha-numeric letters, hyphen and underscores</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/bgp/afi-route-map-vpn.xml.i b/interface-definitions/include/bgp/afi-route-map-vpn.xml.i
index e6be113c5..ac7b55af6 100644
--- a/interface-definitions/include/bgp/afi-route-map-vpn.xml.i
+++ b/interface-definitions/include/bgp/afi-route-map-vpn.xml.i
@@ -9,7 +9,8 @@
         <help>Between current address-family and VPN</help>
       </properties>
       <children>
-        #include <include/bgp/afi-route-map-export-import.xml.i>
+        #include <include/bgp/afi-route-map-export.xml.i>
+        #include <include/bgp/afi-route-map-import.xml.i>
       </children>
     </node>
   </children>
diff --git a/interface-definitions/include/bgp/afi-route-map-vrf.xml.i b/interface-definitions/include/bgp/afi-route-map-vrf.xml.i
new file mode 100644
index 000000000..5c1783bda
--- /dev/null
+++ b/interface-definitions/include/bgp/afi-route-map-vrf.xml.i
@@ -0,0 +1,17 @@
+<!-- include start from bgp/afi-route-map-vrf.xml.i -->
+<node name="route-map">
+  <properties>
+    <help>Route-map to filter route updates to/from this peer</help>
+  </properties>
+  <children>
+    <node name="vrf">
+      <properties>
+        <help>Between current address-family and VRF</help>
+      </properties>
+      <children>
+        #include <include/bgp/afi-route-map-import.xml.i>
+      </children>
+    </node>
+  </children>
+</node>
+<!-- include end -->
diff --git a/interface-definitions/include/bgp/afi-route-map.xml.i b/interface-definitions/include/bgp/afi-route-map.xml.i
index 0b6178176..f8e1d7033 100644
--- a/interface-definitions/include/bgp/afi-route-map.xml.i
+++ b/interface-definitions/include/bgp/afi-route-map.xml.i
@@ -4,7 +4,8 @@
     <help>Route-map to filter route updates to/from this peer</help>
   </properties>
   <children>
-    #include <include/bgp/afi-route-map-export-import.xml.i>
+    #include <include/bgp/afi-route-map-export.xml.i>
+    #include <include/bgp/afi-route-map-import.xml.i>
   </children>
 </node>
 <!-- include end -->
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index 21514e762..31c8cafea 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -119,6 +119,7 @@
         </tagNode>
         #include <include/bgp/afi-rd.xml.i>
         #include <include/bgp/afi-route-map-vpn.xml.i>
+        #include <include/bgp/afi-route-map-vrf.xml.i>
         #include <include/bgp/afi-route-target-vpn.xml.i>
         #include <include/bgp/afi-nexthop-vpn-export.xml.i>
         <node name="redistribute">
diff --git a/smoketest/scripts/cli/test_protocols_bgp.py b/smoketest/scripts/cli/test_protocols_bgp.py
index d8d5415b5..8403dcc37 100755
--- a/smoketest/scripts/cli/test_protocols_bgp.py
+++ b/smoketest/scripts/cli/test_protocols_bgp.py
@@ -1540,6 +1540,42 @@ class TestProtocolsBGP(VyOSUnitTestSHIM.TestCase):
         self.assertIn(f'neighbor OVERLAY remote-as {int(ASN) + 1}', conf)
         self.assertIn(f'neighbor OVERLAY local-as {int(ASN) + 1}', conf)
 
+    def test_bgp_30_import_vrf_routemap(self):
+        router_id = '127.0.0.3'
+        table = '1000'
+        vrf = 'red'
+        vrf_base = ['vrf', 'name', vrf]
+        self.cli_set(vrf_base + ['table', table])
+        self.cli_set(vrf_base + ['protocols', 'bgp', 'system-as', ASN])
+        self.cli_set(
+            vrf_base + ['protocols', 'bgp', 'parameters', 'router-id',
+                        router_id])
+
+        self.cli_set(
+            base_path + ['address-family', 'ipv4-unicast', 'import',
+                         'vrf', vrf])
+        self.cli_set(
+            base_path + ['address-family', 'ipv4-unicast', 'route-map',
+                         'vrf', 'import',  route_map_in])
+
+        self.cli_commit()
+
+        # Verify FRR bgpd configuration
+        frrconfig = self.getFRRconfig(f'router bgp {ASN}',
+                                      endsection='^exit')
+        self.assertIn(f'router bgp {ASN}', frrconfig)
+        self.assertIn(f' address-family ipv4 unicast', frrconfig)
+
+        self.assertIn(f'  import vrf {vrf}', frrconfig)
+        self.assertIn(f'  import vrf route-map {route_map_in}', frrconfig)
+
+        # Verify FRR bgpd configuration
+        frr_vrf_config = self.getFRRconfig(
+            f'router bgp {ASN} vrf {vrf}', endsection='^exit')
+        self.assertIn(f'router bgp {ASN} vrf {vrf}', frr_vrf_config)
+        self.assertIn(f' bgp router-id {router_id}', frr_vrf_config)
+
+
     def test_bgp_99_bmp(self):
         target_name = 'instance-bmp'
         target_address = '127.0.0.1'
diff --git a/src/conf_mode/protocols_bgp.py b/src/conf_mode/protocols_bgp.py
index c4af717af..53e83c3b4 100755
--- a/src/conf_mode/protocols_bgp.py
+++ b/src/conf_mode/protocols_bgp.py
@@ -523,12 +523,21 @@ def verify(config_dict):
                         raise ConfigError(
                             'Please unconfigure import vrf commands before using vpn commands in dependent VRFs!')
 
+                if (dict_search('route_map.vrf.import', afi_config) is not None
+                        or  dict_search('import.vrf', afi_config) is not None):
                     # FRR error: please unconfigure vpn to vrf commands before
                     # using import vrf commands
-                    if 'vpn' in afi_config['import'] or dict_search('export.vpn', afi_config) != None:
+                    if ('vpn' in afi_config['import']
+                            or dict_search('export.vpn', afi_config) is not None):
                         raise ConfigError('Please unconfigure VPN to VRF commands before '\
                                           'using "import vrf" commands!')
 
+                    if (dict_search('route_map.vpn.import', afi_config) is not None
+                            or dict_search('route_map.vpn.export', afi_config) is not None) :
+                        raise ConfigError('Please unconfigure route-map VPN to VRF commands before '\
+                                          'using "import vrf" commands!')
+
+
                 # Verify that the export/import route-maps do exist
                 for export_import in ['export', 'import']:
                     tmp = dict_search(f'route_map.vpn.{export_import}', afi_config)
-- 
cgit v1.2.3