feat: implement bridge multi-document config

Fixes #10962

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>

Author: smira

internal/app/machined/pkg/controllers/network/link_config.go

@@ -356,7 +356,7 @@ func (ctrl *LinkConfigController) processDevicesConfiguration(
 		}
 
 		if device.Bridge() != nil {
-			if err := SetBridgeMaster(linkMap[deviceInterface], device.Bridge()); err != nil {
+			if err := SetBridgeMasterLegacy(linkMap[deviceInterface], device.Bridge()); err != nil {
 				logger.Error("error parsing bridge config", zap.Error(err))
 			}
 		}
@@ -463,6 +463,22 @@ func (ctrl *LinkConfigController) processLinkConfigs(logger *zap.Logger, linkMap
 
 				SetBondSlave(linkMap[slaveLinkName], ordered.MakePair(linkName, idx))
 			}
+		case talosconfig.NetworkBridgeConfig:
+			SetBridgeMaster(linkMap[linkName], specificLinkConfig)
+
+			bridgedLinks := xslices.Map(specificLinkConfig.Links(), linkNameResolver.Resolve)
+
+			for _, slaveLinkName := range bridgedLinks {
+				if _, exists := linkMap[slaveLinkName]; !exists {
+					linkMap[slaveLinkName] = &network.LinkSpecSpec{
+						Name:        slaveLinkName,
+						Up:          true,
+						ConfigLayer: network.ConfigMachineConfiguration,
+					}
+				}
+
+				SetBridgeSlave(linkMap[slaveLinkName], linkName)
+			}
 		default:
 			logger.Error("unknown link config type", zap.String("linkName", linkName), zap.String("type", fmt.Sprintf("%T", specificLinkConfig)))
 		}

internal/app/machined/pkg/controllers/network/link_config_test.go

@@ -484,7 +484,12 @@ func (suite *LinkConfigSuite) TestMachineConfigurationNewStyle() {
 	bc1.BondLinks = []string{"dummy2", "dummy3"}
 	bc1.BondUpDelay = pointer.To(uint32(200))
 
-	ctr, err := container.New(dc1, lc1, vl1, dc2, dc3, bc1)
+	br1 := networkcfg.NewBridgeConfigV1Alpha1("br0")
+	br1.BridgeLinks = []string{"enp0s2", "eth1"}
+	br1.BridgeSTP.BridgeSTPEnabled = pointer.To(true)
+	br1.BridgeVLAN.BridgeVLANFiltering = pointer.To(true)
+
+	ctr, err := container.New(dc1, lc1, vl1, dc2, dc3, bc1, br1)
 	suite.Require().NoError(err)
 
 	cfg := config.NewMachineConfig(ctr)
@@ -513,6 +518,7 @@ func (suite *LinkConfigSuite) TestMachineConfigurationNewStyle() {
 			"configuration/dummy3",
 			"configuration/dummy1.100",
 			"configuration/bond357",
+			"configuration/br0",
 		}, func(r *network.LinkSpec, asrt *assert.Assertions) {
 			asrt.Equal(network.ConfigMachineConfiguration, r.TypedSpec().ConfigLayer)
 
@@ -521,6 +527,10 @@ func (suite *LinkConfigSuite) TestMachineConfigurationNewStyle() {
 				asrt.True(r.TypedSpec().Up)
 				asrt.False(r.TypedSpec().Logical)
 				asrt.EqualValues(9001, r.TypedSpec().MTU)
+				asrt.Equal("br0", r.TypedSpec().BridgeSlave.MasterName)
+			case "eth1":
+				asrt.True(r.TypedSpec().Up)
+				asrt.Equal("br0", r.TypedSpec().BridgeSlave.MasterName)
 			case "dummy1", "dummy2", "dummy3":
 				asrt.True(r.TypedSpec().Up)
 				asrt.True(r.TypedSpec().Logical)
@@ -546,6 +556,13 @@ func (suite *LinkConfigSuite) TestMachineConfigurationNewStyle() {
 				asrt.Equal(network.LinkKindBond, r.TypedSpec().Kind)
 				asrt.Equal(nethelpers.BondModeActiveBackup, r.TypedSpec().BondMaster.Mode)
 				asrt.EqualValues(200, r.TypedSpec().BondMaster.UpDelay)
+			case "br0":
+				asrt.True(r.TypedSpec().Up)
+				asrt.True(r.TypedSpec().Logical)
+				asrt.Equal(nethelpers.LinkEther, r.TypedSpec().Type)
+				asrt.Equal(network.LinkKindBridge, r.TypedSpec().Kind)
+				asrt.True(r.TypedSpec().BridgeMaster.STP.Enabled)
+				asrt.True(r.TypedSpec().BridgeMaster.VLAN.FilteringEnabled)
 			}
 		},
 	)

internal/app/machined/pkg/controllers/network/network.go

@@ -160,8 +160,8 @@ func SetBridgeSlave(link *network.LinkSpecSpec, bridge string) {
 	}
 }
 
-// SetBridgeMaster sets the bridge master spec.
-func SetBridgeMaster(link *network.LinkSpecSpec, bridge talosconfig.Bridge) error {
+// SetBridgeMasterLegacy sets the bridge master spec.
+func SetBridgeMasterLegacy(link *network.LinkSpecSpec, bridge talosconfig.Bridge) error {
 	link.Logical = true
 	link.Kind = network.LinkKindBridge
 	link.Type = nethelpers.LinkEther
@@ -179,3 +179,19 @@ func SetBridgeMaster(link *network.LinkSpecSpec, bridge talosconfig.Bridge) erro
 
 	return nil
 }
+
+// SetBridgeMaster sets the bridge master spec.
+func SetBridgeMaster(link *network.LinkSpecSpec, bridge talosconfig.NetworkBridgeConfig) {
+	link.Logical = true
+	link.Kind = network.LinkKindBridge
+	link.Type = nethelpers.LinkEther
+
+	link.BridgeMaster = network.BridgeMasterSpec{
+		STP: network.STPSpec{
+			Enabled: bridge.STP().Enabled().ValueOrZero(),
+		},
+		VLAN: network.BridgeVLANSpec{
+			FilteringEnabled: bridge.VLAN().FilteringEnabled().ValueOrZero(),
+		},
+	}
+}

internal/integration/api/network-config.go

@@ -494,6 +494,7 @@ func (suite *NetworkConfigSuite) TestBondConfig() {
 	rtestutils.AssertResource(nodeCtx, suite.T(), suite.Client.COSI, bondName,
 		func(link *networkres.LinkStatus, asrt *assert.Assertions) {
 			asrt.Equal("bond", link.TypedSpec().Kind)
+			asrt.Equal(nethelpers.OperStateUp, link.TypedSpec().OperationalState)
 			asrt.Equal(bond.LinkMTU, link.TypedSpec().MTU)
 			asrt.Equal(nethelpers.BondMode8023AD, link.TypedSpec().BondMaster.Mode)
 			asrt.Equal(bond.HardwareAddressConfig, link.TypedSpec().HardwareAddr)
@@ -526,6 +527,60 @@ func (suite *NetworkConfigSuite) TestBondConfig() {
 	rtestutils.AssertNoResource[*networkres.RouteStatus](nodeCtx, suite.T(), suite.Client.COSI, routeID)
 }
 
+// TestBridgeConfig tests creation of bridge interfaces.
+func (suite *NetworkConfigSuite) TestBridgeConfig() {
+	if suite.Cluster == nil {
+		suite.T().Skip("skipping if cluster is not qemu/docker")
+	}
+
+	node := suite.RandomDiscoveredNodeInternalIP(machine.TypeWorker)
+	nodeCtx := client.WithNode(suite.ctx, node)
+
+	suite.T().Logf("testing on node %q", node)
+
+	dummyNames := xslices.Map([]int{0, 1}, func(int) string {
+		return fmt.Sprintf("dummy%d", rand.IntN(10000))
+	})
+
+	dummyConfigs := xslices.Map(dummyNames, func(name string) any {
+		return network.NewDummyLinkConfigV1Alpha1(name)
+	})
+
+	bridgeName := "bridge." + strconv.Itoa(rand.IntN(10000))
+
+	bridge := network.NewBridgeConfigV1Alpha1(bridgeName)
+	bridge.BridgeLinks = dummyNames
+	bridge.BridgeSTP.BridgeSTPEnabled = pointer.To(true)
+	bridge.HardwareAddressConfig = nethelpers.HardwareAddr{0x02, 0x00, 0x00, 0x00, byte(rand.IntN(256)), byte(rand.IntN(256))}
+	bridge.LinkUp = pointer.To(true)
+
+	suite.PatchMachineConfig(nodeCtx, append(dummyConfigs, bridge)...)
+
+	rtestutils.AssertResources(nodeCtx, suite.T(), suite.Client.COSI, dummyNames,
+		func(link *networkres.LinkStatus, asrt *assert.Assertions) {
+			asrt.Equal("dummy", link.TypedSpec().Kind)
+			asrt.NotZero(link.TypedSpec().MasterIndex)
+		},
+	)
+
+	rtestutils.AssertResource(nodeCtx, suite.T(), suite.Client.COSI, bridgeName,
+		func(link *networkres.LinkStatus, asrt *assert.Assertions) {
+			asrt.Equal("bridge", link.TypedSpec().Kind)
+			asrt.Equal(pointer.SafeDeref(bridge.BridgeSTP.BridgeSTPEnabled), link.TypedSpec().BridgeMaster.STP.Enabled)
+			asrt.Equal(bridge.HardwareAddressConfig, link.TypedSpec().HardwareAddr)
+		},
+	)
+
+	suite.RemoveMachineConfigDocumentsByName(nodeCtx, network.BridgeKind, bridgeName)
+	suite.RemoveMachineConfigDocumentsByName(nodeCtx, network.DummyLinkKind, dummyNames...)
+
+	for _, dummyName := range dummyNames {
+		rtestutils.AssertNoResource[*networkres.LinkStatus](nodeCtx, suite.T(), suite.Client.COSI, dummyName)
+	}
+
+	rtestutils.AssertNoResource[*networkres.LinkStatus](nodeCtx, suite.T(), suite.Client.COSI, bridgeName)
+}
+
 func init() {
 	allSuites = append(allSuites, new(NetworkConfigSuite))
 }

pkg/machinery/config/config/network.go

@@ -257,3 +257,24 @@ type NetworkBondConfig interface {
 	PeerNotifyDelay() optional.Optional[uint32]
 	MissedMax() optional.Optional[uint8]
 }
+
+// NetworkBridgeConfig defines a bridge link configuration.
+type NetworkBridgeConfig interface {
+	NamedDocument
+	NetworkCommonLinkConfig
+	NetworkHardwareAddressConfig
+	BridgeConfig()
+	Links() []string
+	STP() BridgeSTPConfig
+	VLAN() BridgeVLANConfig
+}
+
+// BridgeSTPConfig is a bridge STP (Spanning Tree Protocol) configuration.
+type BridgeSTPConfig interface {
+	Enabled() optional.Optional[bool]
+}
+
+// BridgeVLANConfig is a bridge VLAN configuration.
+type BridgeVLANConfig interface {
+	FilteringEnabled() optional.Optional[bool]
+}

pkg/machinery/config/schemas/config.schema.json

@@ -1089,6 +1089,138 @@
       ],
       "description": "BondConfig is a config document to create a bond (link aggregation) over a set of links."
     },
+    "network.BridgeConfigV1Alpha1": {
+      "properties": {
+        "apiVersion": {
+          "enum": [
+            "v1alpha1"
+          ],
+          "title": "apiVersion",
+          "description": "apiVersion is the API version of the resource.\n",
+          "markdownDescription": "apiVersion is the API version of the resource.",
+          "x-intellij-html-description": "\u003cp\u003eapiVersion is the API version of the resource.\u003c/p\u003e\n"
+        },
+        "kind": {
+          "enum": [
+            "BridgeConfig"
+          ],
+          "title": "kind",
+          "description": "kind is the kind of the resource.\n",
+          "markdownDescription": "kind is the kind of the resource.",
+          "x-intellij-html-description": "\u003cp\u003ekind is the kind of the resource.\u003c/p\u003e\n"
+        },
+        "name": {
+          "type": "string",
+          "title": "name",
+          "description": "Name of the bridge link (interface) to be created.\n",
+          "markdownDescription": "Name of the bridge link (interface) to be created.",
+          "x-intellij-html-description": "\u003cp\u003eName of the bridge link (interface) to be created.\u003c/p\u003e\n"
+        },
+        "hardwareAddr": {
+          "type": "string",
+          "pattern": "^[0-9a-f:]+$",
+          "title": "hardwareAddr",
+          "description": "Override the hardware (MAC) address of the link.\n",
+          "markdownDescription": "Override the hardware (MAC) address of the link.",
+          "x-intellij-html-description": "\u003cp\u003eOverride the hardware (MAC) address of the link.\u003c/p\u003e\n"
+        },
+        "links": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array",
+          "title": "links",
+          "description": "Names of the links (interfaces) to be aggregated.\nLink aliases can be used here as well.\n",
+          "markdownDescription": "Names of the links (interfaces) to be aggregated.\nLink aliases can be used here as well.",
+          "x-intellij-html-description": "\u003cp\u003eNames of the links (interfaces) to be aggregated.\nLink aliases can be used here as well.\u003c/p\u003e\n"
+        },
+        "stp": {
+          "$ref": "#/$defs/network.BridgeSTPConfig",
+          "title": "stp",
+          "description": "Bridge STP (Spanning Tree Protocol) configuration.\n",
+          "markdownDescription": "Bridge STP (Spanning Tree Protocol) configuration.",
+          "x-intellij-html-description": "\u003cp\u003eBridge STP (Spanning Tree Protocol) configuration.\u003c/p\u003e\n"
+        },
+        "vlan": {
+          "$ref": "#/$defs/network.BridgeVLANConfig",
+          "title": "vlan",
+          "description": "Bridge VLAN configuration.\n",
+          "markdownDescription": "Bridge VLAN configuration.",
+          "x-intellij-html-description": "\u003cp\u003eBridge VLAN configuration.\u003c/p\u003e\n"
+        },
+        "up": {
+          "type": "boolean",
+          "title": "up",
+          "description": "Bring the link up or down.\n\nIf not specified, the link will be brought up.\n",
+          "markdownDescription": "Bring the link up or down.\n\nIf not specified, the link will be brought up.",
+          "x-intellij-html-description": "\u003cp\u003eBring the link up or down.\u003c/p\u003e\n\n\u003cp\u003eIf not specified, the link will be brought up.\u003c/p\u003e\n"
+        },
+        "mtu": {
+          "type": "integer",
+          "title": "mtu",
+          "description": "Configure LinkMTU (Maximum Transmission Unit) for the link.\n\nIf not specified, the system default LinkMTU will be used (usually 1500).\n",
+          "markdownDescription": "Configure LinkMTU (Maximum Transmission Unit) for the link.\n\nIf not specified, the system default LinkMTU will be used (usually 1500).",
+          "x-intellij-html-description": "\u003cp\u003eConfigure LinkMTU (Maximum Transmission Unit) for the link.\u003c/p\u003e\n\n\u003cp\u003eIf not specified, the system default LinkMTU will be used (usually 1500).\u003c/p\u003e\n"
+        },
+        "addresses": {
+          "items": {
+            "$ref": "#/$defs/network.AddressConfig"
+          },
+          "type": "array",
+          "title": "addresses",
+          "description": "Configure addresses to be statically assigned to the link.\n",
+          "markdownDescription": "Configure addresses to be statically assigned to the link.",
+          "x-intellij-html-description": "\u003cp\u003eConfigure addresses to be statically assigned to the link.\u003c/p\u003e\n"
+        },
+        "routes": {
+          "items": {
+            "$ref": "#/$defs/network.RouteConfig"
+          },
+          "type": "array",
+          "title": "routes",
+          "description": "Configure routes to be statically created via the link.\n",
+          "markdownDescription": "Configure routes to be statically created via the link.",
+          "x-intellij-html-description": "\u003cp\u003eConfigure routes to be statically created via the link.\u003c/p\u003e\n"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "required": [
+        "apiVersion",
+        "kind",
+        "links",
+        "name"
+      ],
+      "description": "BridgeConfig is a config document to create a Bridge (link aggregation) over a set of links."
+    },
+    "network.BridgeSTPConfig": {
+      "properties": {
+        "enabled": {
+          "type": "boolean",
+          "title": "enabled",
+          "description": "Enable or disable STP on the bridge.\n",
+          "markdownDescription": "Enable or disable STP on the bridge.",
+          "x-intellij-html-description": "\u003cp\u003eEnable or disable STP on the bridge.\u003c/p\u003e\n"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "description": "BridgeSTPConfig is a bridge STP (Spanning Tree Protocol) configuration."
+    },
+    "network.BridgeVLANConfig": {
+      "properties": {
+        "filtering": {
+          "type": "boolean",
+          "title": "filtering",
+          "description": "Enable or disable VLAN filtering on the bridge.\n",
+          "markdownDescription": "Enable or disable VLAN filtering on the bridge.",
+          "x-intellij-html-description": "\u003cp\u003eEnable or disable VLAN filtering on the bridge.\u003c/p\u003e\n"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object",
+      "description": "BridgeVLANConfig is a bridge VLAN configuration."
+    },
     "network.CommonLinkConfig": {
       "properties": {
         "up": {
@@ -5393,6 +5525,9 @@
     {
       "$ref": "#/$defs/network.BondConfigV1Alpha1"
     },
+    {
+      "$ref": "#/$defs/network.BridgeConfigV1Alpha1"
+    },
     {
       "$ref": "#/$defs/network.DefaultActionConfigV1Alpha1"
     },