As Roshan has indicated in his reply, the approach that would most likely work would be with the use of a few VTL directives.
Take for example the following configlet text:
routing-instances {
vpn {
protocols {
bgp {
#foreach ($STORE in $LOCATIONS.split(", "))
#set($i=0)
group Store-$STORE {
peer-as 63$STORE;
#foreach ($IP in $IPSEC)
#if ($IP.contains($STORE))
neighbor $NEXTHOPTUNNEL.get($i);
#end
#set($i = $i + 1)
#end
}
#end
}
}
}
}
Not the most elegant of approaches, but something that I think could be a basis for a solution.
So the changes that I have made from your original configlet is to add some additional parameters and a little bit of VTL logic.
I've created a counter $i which is an invisible parameter, and is just used to count the position within a foreach statement as it loops.
$IPSEC is also an invisible parameter and this has an XPath /device/configuration/interfaces/interface[name='st0']/unit[name='2']/family/inet/ipsec-vpn/text()
which will return all values.
This parameter is then parsed using #foreach and then there is an if statement to check to see if the current $STORE value is contained within $IP, which is similar to the approach that you had attempted to use in your initial configlet contains(ipsec-vpn, '$STORE').
If a match is found, then the correct next-hop-tunnel address is returned using the following:
neighbor $NEXTHOPTUNNEL.get($i);
In this case, $NEXTHOPTUNNEL is another invisible parameter that is derived using the XPath /device/configuration/interfaces/interface[name='st0']/unit[name='2']/family/inet/next-hop-tunnel/name/text()
Because the $NEXTHOPTUNNEL parameter could contain multiple entries, to return the correct entry the $i counter is used as that should return the required entry. $NEXTHOPTUNNEL.get($i)
Then the if statement is terminated, and the counter $i can be incremented, and the process continues.
Unfortunately, I've not had time to test this properly as I didn't have a valid configuration to test against, but I think that this should work.
Regards,
Andy