From 1659ca2a052a0fc67fe652087cbdacca493ced75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mattias=20Walstr=C3=B6m?= <lazzer@gmail.com>
Date: Wed, 25 Mar 2026 10:54:19 +0100
Subject: [PATCH] Add migration script for confd: prevent IP addresses on
 bridge ports

Unfortunatly the fix was entered in 25.10, but confd was not stepped
up until 25.11, so this should be for 25.10 but now it is for confd
version 1.6 (infix 25.11), as close as we can get.

this is a follwup for commit 7e37fc49a3004982d16baa5cd414eded06515077

confd: prevent IP addresses on bridge ports

Bridge ports should not have IP addresses configured. The IP address
should be configured on the bridge interface itself, not its member ports.

Add YANG must expression to enforce this rule at configuration time.

Fixes #1122
---
 .../migrate/1.6/40-bridge-port-remove-ip.sh   | 20 +++++++++++++++++++
 src/confd/share/migrate/1.6/Makefile.am       |  3 ++-
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100755 src/confd/share/migrate/1.6/40-bridge-port-remove-ip.sh

diff --git a/src/confd/share/migrate/1.6/40-bridge-port-remove-ip.sh b/src/confd/share/migrate/1.6/40-bridge-port-remove-ip.sh
new file mode 100755
index 000000000..a7004eccd
--- /dev/null
+++ b/src/confd/share/migrate/1.6/40-bridge-port-remove-ip.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Remove ietf-ip:ipv4 and ietf-ip:ipv6 from bridge port interfaces.
+# Bridge ports should not have IP addresses; the IP address should
+# be configured on the bridge interface itself.
+file=$1
+temp=${file}.tmp
+
+jq '
+if .["ietf-interfaces:interfaces"]?.interface then
+  .["ietf-interfaces:interfaces"].interface |= map(
+    if .["infix-interfaces:bridge-port"] and .type != "infix-if-type:bridge" then
+      del(.["ietf-ip:ipv4"], .["ietf-ip:ipv6"])
+    else
+      .
+    end
+  )
+else
+  .
+end
+' "$file" > "$temp" && mv "$temp" "$file"
diff --git a/src/confd/share/migrate/1.6/Makefile.am b/src/confd/share/migrate/1.6/Makefile.am
index fdb2b6a01..ec568526c 100644
--- a/src/confd/share/migrate/1.6/Makefile.am
+++ b/src/confd/share/migrate/1.6/Makefile.am
@@ -1,4 +1,5 @@
 migratedir          = $(pkgdatadir)/migrate/1.6
 dist_migrate_DATA   = 10-dhcp-client-to-ipv4.sh \
                       20-autoconf-to-presence.sh \
-                      30-ospf-backbone-area-type.sh
+                      30-ospf-backbone-area-type.sh \
+                      40-bridge-port-remove-ip.sh