nit: ipfamily.ForCIDRString(p) ==ipfamily.Unknown just because family word is occuring too many times

thought: that could be a type X with func newX(routers) X and methods X.validate()

what's "that"? the whole map or []string{} ?

and yes, I agree it's borderline to be readeable

yes I mean the whole map[string][]string but as is also ok

I left the type unchanged but hid the logic behind a couple of functions. Hoping it's readable. I don't feel hiding the map behind a type would be beneficial here.

why pick sets and not using standard library map?

As much as I like sticking to the stdlib, sets are more convenient to get the output ordered (which we want, so the generated configuration is stable).

is the sort the only reason?
but we already have maps for bfd, and sort function in the code base, therefore this introduce different approach

we also use sets already

no I think you are right, here we don't even leverage the order. Let me switch to maps

or not !!! we rely on the order, reverting to set

is it possible to have go coverage to see how much of this code is being unit-testes?

we can file an issue to add that, or do you think it relates to this PR?

I put random panics and unit-tests are still green, the error branch looks not really unit-tested. But a test coverage would give us precise what we miss.

git diff
diff --git a/internal/controller/api_to_config.go b/internal/controller/api_to_config.go
index 1b0f7a3..d166f9b 100644
--- a/internal/controller/api_to_config.go
+++ b/internal/controller/api_to_config.go
@@ -403,9 +403,15 @@ func validateSelectorLengths(mask int, le, ge uint32) error {
 func validateImportVRFs(r v1beta1.Router, allVRFs map[string][]string) error {
        for _, i := range r.Imports {
                if i.VRF == "default" {
+                       if true {
+                               panic("")
+                       }
                        continue
                }
                if _, ok := allVRFs[i.VRF]; !ok {
+                       if true {
+                               panic("")
+                       }
                        return fmt.Errorf("router %d-%s imports vrf %s which is not defined", r.ASN, r.VRF, i.VRF)
                }
        }
@@ -619,6 +625,9 @@ func validatePrefixes(prefixes []string) error {
        for _, p := range prefixes {
                family := ipfamily.ForCIDRString(p)
                if family == ipfamily.Unknown {
+                       if true {
+                               panic("")
+                       }
                        return fmt.Errorf("unknown ipfamily for %s", p)
                }
        }
[I] kka@f-t14s ~/w/g/m/frr-k8s (leakvrf ✖1)> go test ./internal/controller/...  -run=TestConversion/ -count=1
ok      github.com/metallb/frr-k8s/internal/controller  0.023s

yep, I understand we are not covering, I am fine with extending but I don't want to add the coverage logic in CI here.

I am not asking to add coverage ci logic, I am only asking if you can see the coverage once locally in your dev machine. The real ask is if you think we should more unit-test and cover allo the error branches that are not covered.

(I think you covered a bit more in the latest push)

I suppose this done (curious though if you can run locally in your dev a coverage, I cannot due to the fact that controller unit test needs envtest way of running)

log line could split the args into newline.
Also why do we need to error here? I mean that config might makes sense and allow user to filter out per neighbor in the allow prefix? Or is the FRR drops an error?

here we allow to advertise a given prefix to a neighbor. We want to tell the user, he thinks he's allowing a prefix that can't come from anywhere as it's not in the router's prefix or in any imported route from other vrfs.

okay I got it the otherway around :) that might be a feedback. Can I have in allow a prefix a /16 and overtime to add remove /24?

not sure what do you mean by overtime. In general, with allow you must match something you have in hte prefix list (or you can have all).

So I mean on day one user sets on the default vrf the allow prefix list to 10.10.0.0/16, and in day X user adds the prefix in vrf red 10.10.10.0/24 (which is imported) and in day X+1 user in green the prefix 10.10.20.0/24 (which is imported). Is that a use case?

not exactly, as each configuration is meant to be self - contained. So, when you say default imports red, it really means import all the learned routes from red + advertise the prefixes defined locally in the stanza belonging to the red vrf.

go test ./internal/controller/...  -run=TestConversion/Multiple_Routers_import -v
=== RUN   TestConversion
=== RUN   TestConversion/Multiple_Routers_import_VRFs
=== RUN   TestConversion/Multiple_Routers_import_VRF,_advertise_ips_from_the_imported_vrf
=== RUN   TestConversion/Multiple_Routers_import_VRFs,_advertise
--- PASS: TestConversion (0.01s)
    --- PASS: TestConversion/Multiple_Routers_import_VRFs (0.00s)
    --- PASS: TestConversion/Multiple_Routers_import_VRF,_advertise_ips_from_the_imported_vrf (0.00s)
    --- PASS: TestConversion/Multiple_Routers_import_VRFs,_advertise (0.00s)
PASS

I cannot tell the diff on the test by looking the description

Unless I am lost in the big file the first and third is the same, and probably the second is superset of the fist

Now it is:

--- PASS: TestConversion/Multiple_Routers_import_VRFs (0.00s)
--- PASS: TestConversion/Multiple_Routers_import_VRF,_advertise_ips_from_the_imported_vrf (0.00s)
--- PASS: TestConversion/Multiple_Routers_import_non_existing_VRFs (0.00s)
--- PASS: TestConversion/Multiple_Routers_import_VRF,_red_imports_default_and_advertises (0.00s)

first is only import with no advertisement. The ones with advertisements are supersets, but I think it still make sense to have them.

ok

That is confusing e.g. assigning when the key is not there.
Maybe it be something like

key=i.VRF
if i.VRF="default" {key=""}
importePrefixes = prefixesForVRF[key]

1. what happens if key does exist, should we check if v,ok:= prefixesForVRF[key];!ok{}
2. can we eliminate the transform from default? (maybe when create the original the "" to be "default")

the problem here is, frr wants "default" when importing, while in the api is cleaner not to bother about "default" VRF if you don't have to deal with VRFs at all. Because of that, I couldn't find a better way to do this translation. I think having a slimmer api has more value over this.

Re - key not existing I need to recheck.

I'll find a way to make it clearer. The missing key can't happen because we validate that imported vrfs exist and we fill a record for each vrf, but I agree it's weak and we should at least log (or even better panic) if the key is not there as we think it cna't happen.

what is the behavior if two vrfs have same prefix?

we'll have the same prefix twice which won't be a problem as they are used to understand what we can / can't advertise

is it one or two lines in the final config? (this can be test entry)

actually not, it's a set. So they'll be squashed

Could we have a golden file without extra empty lines?

the problem is not related to the golden file but how the templates are generated. We need to tweak the "-" in the go template to reduce them, but it's not a fight that makes sense to fight in this PR.
I'll file an issue to track it.

sounds good for me

filed #170

nit: if ForCIDRString(p)!=familyFilter

So I mean on day one user sets on the default vrf the allow prefix list to 10.10.0.0/16, and in day X user adds the prefix in vrf red 10.10.10.0/24 (which is imported) and in day X+1 user in green the prefix 10.10.20.0/24 (which is imported). Is that a use case?

I am not asking to add coverage ci logic, I am only asking if you can see the coverage once locally in your dev machine. The real ask is if you think we should more unit-test and cover allo the error branches that are not covered.

having routerPrefixes and routersPrefixes and many Prefixes makes the code less readable imo.
Maybe instead localPrefixes, allPrefixes

I would also merge the importedPrefixes and validateImportVRFs and rename the function prefixesToImport

local, err: =getLocalPrefixesIfValid()
imported,err:=getPrefixToImportIfValid()
local=append(local, imported...)

Names are first random thought while reading the code

I would also merge the importedPrefixes and validateImportVRFs and rename the function prefixesToImport

local, err: =getLocalPrefixesIfValid()
imported,err:=getPrefixToImportIfValid()
local=append(local, imported...)

Names are first random thought while reading the code

This is quite messy already, and I'd rather keep the validation separate so it's clear we are not hiding much behind the courtains.

having routerPrefixes and routersPrefixes and many Prefixes makes the code less readable imo. Maybe instead localPrefixes, allPrefixes

let me try to find a better name

(I think you covered a bit more in the latest push)

ok

is EquateEmpty() needs to be in this commit or
in Conversion unit tests: remove the empty fields from expected commit? (I do not mind staying here if the answer no)

I added as part of this test addition, then I filed a commit for cleaning up the others. I could've gone the other way around (or add this with the extra fields and then clean those in a later commit). Didn't seem too bad :P

About the commit message:
is there a them for the commit? like : word before : can be E2E or API, or Controller ?
maybe E2E: description

note: I did not understood that flag means the return bool value, is it valid term?

this done

in general the pattern seems to E2E:

what pattern?

sorry, I have been missing the comments that I need to reword before submit the code review.
I am talking about the commit message it has E2E Tests: test, the pattern in previous commits is only E2E:

this

this is invalid Expect https://onsi.github.io/ginkgo/#no-assertions-in-container-nodes

in general assign stuff in the tree construction phase is not right
https://onsi.github.io/ginkgo/#mental-model-how-ginkgo-traverses-the-spec-hierarchy

do you know why this is needed?

I probably copy / pasted. Let me remove it and see how it goes.

sorry, I have been missing the comments that I need to reword before submit the code review.
I am talking about the commit message it has E2E Tests: test, the pattern in previous commits is only E2E:

this description does add real value

jokes aside, I like seeing a test split in the setup / validation and the By makes both easier to understand while the test is running and when we read it.

It makes the test go from big silence to "I am doing this right now" to knowing where it is, especially when running locally.

In well formed test the BeforeEach/JustBeforeEach is what should be before validating (but table driven kind of make it hard properly form the test because the Before each must have a specific to entry).

Imo running locally the test, you can have prints/delve/It to show the progress.

We can pick it in the issue so no action here

Can be omitted

I would prefer is all ginkgo asser takes place not nested == function to return error and assert here

passing *config as argument does not look good, is it required?

why not? If the function accepts a value and doesn't expect to modify it, it should accept a pointer. On the other hand, I need to use deepcopy to be able to leverage baseConfig, and that returns a pointer. At some point in the stack I need to reference it. I will do when I get the deepcopy, so it's nicer.

here you use range to get the index, imo the thing should work

for _,n:=range xxx{
do something with n
}

If it is only to use the array itself a for loop is cleaner.

But the effort to make the first to work (pointers/nested structs etc) might not worth, and therefore keeping as is works for me

if "do something with n" is actually changing n, range won't work

true because https://github.com/metallb/frr-k8s/blob/main/api/v1beta1/frrconfiguration_types.go#L78 is not an array of pointers, was that a design decision?

(no action needed)

why it would be a better design decision for the api?

this done

true because https://github.com/metallb/frr-k8s/blob/main/api/v1beta1/frrconfiguration_types.go#L78 is not an array of pointers, was that a design decision?

(no action needed)

In well formed test the BeforeEach/JustBeforeEach is what should be before validating (but table driven kind of make it hard properly form the test because the Before each must have a specific to entry).

Imo running locally the test, you can have prints/delve/It to show the progress.

We can pick it in the issue so no action here

I suppose this done (curious though if you can run locally in your dev a coverage, I cannot due to the fact that controller unit test needs envtest way of running)