Merge pull request #4353 from natali-rs1985/T5810

dmbaturin · web-flow · commit 4d9d45a45aca · 2025-02-20T15:37:01.000Z
T5810: Add support for RPKI source ip
diff --git a/data/templates/frr/rpki.frr.j2 b/data/templates/frr/rpki.frr.j2
@@ -5,9 +5,9 @@ rpki
 {%     for peer, peer_config in cache.items() %}
 {#         port is mandatory and preference uses a default value #}
 {%         if peer_config.ssh.username is vyos_defined %}
- rpki cache ssh {{ peer | replace('_', '-') }} {{ peer_config.port }} {{ peer_config.ssh.username }} {{ peer_config.ssh.private_key_file }} {{ peer_config.ssh.public_key_file }} preference {{ peer_config.preference }}
+ rpki cache ssh {{ peer | replace('_', '-') }} {{ peer_config.port }} {{ peer_config.ssh.username }} {{ peer_config.ssh.private_key_file }} {{ peer_config.ssh.public_key_file }}{{ ' source ' ~ peer_config.source_address if peer_config.source_address is vyos_defined }} preference {{ peer_config.preference }}
 {%         else %}
- rpki cache tcp {{ peer | replace('_', '-') }} {{ peer_config.port }} preference {{ peer_config.preference }}
+ rpki cache tcp {{ peer | replace('_', '-') }} {{ peer_config.port }}{{ ' source ' ~ peer_config.source_address if peer_config.source_address is vyos_defined }} preference {{ peer_config.preference }}
 {%         endif %}
 {%     endfor %}
 {% endif %}
diff --git a/interface-definitions/protocols_rpki.xml.in b/interface-definitions/protocols_rpki.xml.in
@@ -42,6 +42,7 @@
                   </constraint>
                 </properties>
               </leafNode>
+              #include <include/source-address-ipv4.xml.i>
               <node name="ssh">
                 <properties>
                   <help>RPKI SSH connection settings</help>
diff --git a/smoketest/scripts/cli/test_protocols_rpki.py b/smoketest/scripts/cli/test_protocols_rpki.py
@@ -248,5 +248,41 @@ def test_rpki_verify_preference(self):
         with self.assertRaises(ConfigSessionError):
             self.cli_commit()
 
+    def test_rpki_source_address(self):
+        peer = '192.0.2.1'
+        port = '8080'
+        preference = '1'
+        username = 'foo'
+        source_address = '100.10.10.1'
+
+        self.cli_set(['interfaces', 'ethernet', 'eth0', 'address', f'{source_address}/24'])
+
+        # Configure a TCP cache server
+        self.cli_set(base_path + ['cache', peer, 'port', port])
+        self.cli_set(base_path + ['cache', peer, 'preference', preference])
+        self.cli_set(base_path + ['cache', peer, 'source-address', source_address])
+        self.cli_commit()
+
+        # Verify FRR configuration
+        frrconfig = self.getFRRconfig('rpki')
+        self.assertIn(f'rpki cache tcp {peer} {port} source {source_address} preference {preference}', frrconfig)
+
+        self.cli_set(['pki', 'openssh', rpki_key_name, 'private', 'key', rpki_ssh_key.replace('\n', '')])
+        self.cli_set(['pki', 'openssh', rpki_key_name, 'public', 'key', rpki_ssh_pub.replace('\n', '')])
+        self.cli_set(['pki', 'openssh', rpki_key_name, 'public', 'type', rpki_key_type])
+
+        # Configure a SSH cache server
+        self.cli_set(base_path + ['cache', peer, 'ssh', 'username', username])
+        self.cli_set(base_path + ['cache', peer, 'ssh', 'key', rpki_key_name])
+        self.cli_commit()
+
+        # Verify FRR configuration
+        frrconfig = self.getFRRconfig('rpki')
+        self.assertIn(
+            f'rpki cache ssh {peer} {port} {username} /run/frr/id_rpki_{peer} /run/frr/id_rpki_{peer}.pub source {source_address} preference {preference}',
+            frrconfig,
+        )
+
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)
