RFD-322 Networking

common/src/api/external/mod.rs

@@ -1557,24 +1557,6 @@ pub struct RouterRoute {
     pub destination: RouteDestination,
 }
 
-/// Create-time parameters for a [`RouterRoute`]
-#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)]
-pub struct RouterRouteCreateParams {
-    #[serde(flatten)]
-    pub identity: IdentityMetadataCreateParams,
-    pub target: RouteTarget,
-    pub destination: RouteDestination,
-}
-
-/// Updateable properties of a [`RouterRoute`]
-#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)]
-pub struct RouterRouteUpdateParams {
-    #[serde(flatten)]
-    pub identity: IdentityMetadataUpdateParams,
-    pub target: RouteTarget,
-    pub destination: RouteDestination,
-}
-
 /// A single rule in a VPC firewall
 #[derive(ObjectIdentity, Clone, Debug, Deserialize, Serialize, JsonSchema)]
 pub struct VpcFirewallRule {

nexus/db-model/src/vpc_route.rs

@@ -11,6 +11,7 @@ use diesel::deserialize::{self, FromSql};
 use diesel::pg::Pg;
 use diesel::serialize::{self, ToSql};
 use diesel::sql_types;
+use nexus_types::external_api::params;
 use nexus_types::identity::Resource;
 use omicron_common::api::external;
 use std::io::Write;
@@ -115,7 +116,7 @@ impl RouterRoute {
         route_id: Uuid,
         vpc_router_id: Uuid,
         kind: external::RouterRouteKind,
-        params: external::RouterRouteCreateParams,
+        params: params::RouterRouteCreate,
     ) -> Self {
         let identity = RouterRouteIdentity::new(route_id, params.identity);
         Self {
@@ -150,8 +151,8 @@ pub struct RouterRouteUpdate {
     pub destination: RouteDestination,
 }
 
-impl From<external::RouterRouteUpdateParams> for RouterRouteUpdate {
-    fn from(params: external::RouterRouteUpdateParams) -> Self {
+impl From<params::RouterRouteUpdate> for RouterRouteUpdate {
+    fn from(params: params::RouterRouteUpdate) -> Self {
         Self {
             name: params.identity.name.map(Name),
             description: params.identity.description,

nexus/src/app/instance.rs

@@ -10,14 +10,12 @@ use super::MAX_NICS_PER_INSTANCE;
 use crate::app::sagas;
 use crate::authn;
 use crate::authz;
-use crate::authz::ApiResource;
 use crate::cidata::InstanceCiData;
 use crate::context::OpContext;
 use crate::db;
 use crate::db::identity::Resource;
 use crate::db::lookup;
 use crate::db::lookup::LookupPath;
-use crate::db::queries::network_interface;
 use crate::external_api::params;
 use futures::future::Fuse;
 use futures::{FutureExt, SinkExt, StreamExt};
@@ -799,220 +797,6 @@ impl super::Nexus {
         Ok(disk)
     }
 
-    /// Create a network interface attached to the provided instance.
-    // TODO-performance: Add a version of this that accepts the instance ID
-    // directly. This will avoid all the internal database lookups in the event
-    // that we create many NICs for the same instance, such as in a saga.
-    pub async fn instance_create_network_interface(
-        &self,
-        opctx: &OpContext,
-        organization_name: &Name,
-        project_name: &Name,
-        instance_name: &Name,
-        params: &params::NetworkInterfaceCreate,
-    ) -> CreateResult<db::model::NetworkInterface> {
-        let (.., authz_project, authz_instance) =
-            LookupPath::new(opctx, &self.db_datastore)
-                .organization_name(organization_name)
-                .project_name(project_name)
-                .instance_name(instance_name)
-                .lookup_for(authz::Action::Modify)
-                .await?;
-
-        // NOTE: We need to lookup the VPC and VPC Subnet, since we need both
-        // IDs for creating the network interface.
-        //
-        // TODO-correctness: There are additional races here. The VPC and VPC
-        // Subnet could both be deleted between the time we fetch them and
-        // actually insert the record for the interface. The solution is likely
-        // to make both objects implement `DatastoreCollection` for their
-        // children, and then use `VpcSubnet::insert_resource` inside the
-        // `instance_create_network_interface` method. See
-        // https://github.com/oxidecomputer/omicron/issues/738.
-        let vpc_name = db::model::Name(params.vpc_name.clone());
-        let subnet_name = db::model::Name(params.subnet_name.clone());
-        let (.., authz_vpc, authz_subnet, db_subnet) =
-            LookupPath::new(opctx, &self.db_datastore)
-                .project_id(authz_project.id())
-                .vpc_name(&vpc_name)
-                .vpc_subnet_name(&subnet_name)
-                .fetch()
-                .await?;
-        let interface_id = Uuid::new_v4();
-        let interface = db::model::IncompleteNetworkInterface::new(
-            interface_id,
-            authz_instance.id(),
-            authz_vpc.id(),
-            db_subnet,
-            params.identity.clone(),
-            params.ip,
-        )?;
-        self.db_datastore
-            .instance_create_network_interface(
-                opctx,
-                &authz_subnet,
-                &authz_instance,
-                interface,
-            )
-            .await
-            .map_err(|e| {
-                debug!(
-                    self.log,
-                    "failed to create network interface";
-                    "instance_id" => ?authz_instance.id(),
-                    "interface_id" => ?interface_id,
-                    "error" => ?e,
-                );
-                if matches!(
-                    e,
-                    network_interface::InsertError::InstanceNotFound(_)
-                ) {
-                    // Return the not-found message of the authz interface
-                    // object, so that the message reflects how the caller
-                    // originally looked it up
-                    authz_instance.not_found()
-                } else {
-                    // Convert other errors into an appropriate client error
-                    network_interface::InsertError::into_external(e)
-                }
-            })
-    }
-
-    /// Lists network interfaces attached to the instance.
-    pub async fn instance_list_network_interfaces(
-        &self,
-        opctx: &OpContext,
-        organization_name: &Name,
-        project_name: &Name,
-        instance_name: &Name,
-        pagparams: &DataPageParams<'_, Name>,
-    ) -> ListResultVec<db::model::NetworkInterface> {
-        let (.., authz_instance) = LookupPath::new(opctx, &self.db_datastore)
-            .organization_name(organization_name)
-            .project_name(project_name)
-            .instance_name(instance_name)
-            .lookup_for(authz::Action::ListChildren)
-            .await?;
-        self.db_datastore
-            .instance_list_network_interfaces(opctx, &authz_instance, pagparams)
-            .await
-    }
-
-    /// Fetch a network interface attached to the given instance.
-    pub async fn network_interface_fetch(
-        &self,
-        opctx: &OpContext,
-        organization_name: &Name,
-        project_name: &Name,
-        instance_name: &Name,
-        interface_name: &Name,
-    ) -> LookupResult<db::model::NetworkInterface> {
-        let (.., db_interface) = LookupPath::new(opctx, &self.db_datastore)
-            .organization_name(organization_name)
-            .project_name(project_name)
-            .instance_name(instance_name)
-            .network_interface_name(interface_name)
-            .fetch()
-            .await?;
-        Ok(db_interface)
-    }
-
-    pub async fn network_interface_fetch_by_id(
-        &self,
-        opctx: &OpContext,
-        interface_id: &Uuid,
-    ) -> LookupResult<db::model::NetworkInterface> {
-        let (.., db_interface) = LookupPath::new(opctx, &self.db_datastore)
-            .network_interface_id(*interface_id)
-            .fetch()
-            .await?;
-        Ok(db_interface)
-    }
-
-    /// Update a network interface for the given instance.
-    pub async fn network_interface_update(
-        &self,
-        opctx: &OpContext,
-        organization_name: &Name,
-        project_name: &Name,
-        instance_name: &Name,
-        interface_name: &Name,
-        updates: params::NetworkInterfaceUpdate,
-    ) -> UpdateResult<db::model::NetworkInterface> {
-        let (.., authz_instance) = LookupPath::new(opctx, &self.db_datastore)
-            .organization_name(organization_name)
-            .project_name(project_name)
-            .instance_name(instance_name)
-            .lookup_for(authz::Action::Modify)
-            .await?;
-        let (.., authz_interface) = LookupPath::new(opctx, &self.db_datastore)
-            .instance_id(authz_instance.id())
-            .network_interface_name(interface_name)
-            .lookup_for(authz::Action::Modify)
-            .await?;
-        self.db_datastore
-            .instance_update_network_interface(
-                opctx,
-                &authz_instance,
-                &authz_interface,
-                db::model::NetworkInterfaceUpdate::from(updates),
-            )
-            .await
-    }
-
-    /// Delete a network interface from the provided instance.
-    ///
-    /// Note that the primary interface for an instance cannot be deleted if
-    /// there are any secondary interfaces.
-    pub async fn instance_delete_network_interface(
-        &self,
-        opctx: &OpContext,
-        organization_name: &Name,
-        project_name: &Name,
-        instance_name: &Name,
-        interface_name: &Name,
-    ) -> DeleteResult {
-        let (.., authz_instance) = LookupPath::new(opctx, &self.db_datastore)
-            .organization_name(organization_name)
-            .project_name(project_name)
-            .instance_name(instance_name)
-            .lookup_for(authz::Action::Modify)
-            .await?;
-        let (.., authz_interface) = LookupPath::new(opctx, &self.db_datastore)
-            .instance_id(authz_instance.id())
-            .network_interface_name(interface_name)
-            .lookup_for(authz::Action::Delete)
-            .await?;
-        self.db_datastore
-            .instance_delete_network_interface(
-                opctx,
-                &authz_instance,
-                &authz_interface,
-            )
-            .await
-            .map_err(|e| {
-                debug!(
-                    self.log,
-                    "failed to delete network interface";
-                    "instance_id" => ?authz_instance.id(),
-                    "interface_id" => ?authz_interface.id(),
-                    "error" => ?e,
-                );
-                if matches!(
-                    e,
-                    network_interface::DeleteError::InstanceNotFound(_)
-                ) {
-                    // Return the not-found message of the authz interface
-                    // object, so that the message reflects how the caller
-                    // originally looked it up
-                    authz_instance.not_found()
-                } else {
-                    // Convert other errors into an appropriate client error
-                    network_interface::DeleteError::into_external(e)
-                }
-            })
-    }
-
     /// Invoked by a sled agent to publish an updated runtime state for an
     /// Instance.
     pub async fn notify_instance_updated(

nexus/src/app/mod.rs

@@ -34,6 +34,7 @@ mod image;
 mod instance;
 mod ip_pool;
 mod metrics;
+mod network_interface;
 mod organization;
 mod oximeter;
 mod project;