Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[nexus] Remove project_id, rack_id from IP pools #2056

Merged
merged 13 commits into from
Dec 19, 2022
Merged

[nexus] Remove project_id, rack_id from IP pools #2056

merged 13 commits into from
Dec 19, 2022

Conversation

smklein
Copy link
Collaborator

@smklein smklein commented Dec 14, 2022
edited
Loading

Before this PR

This PR

  • Adds a default IP pool named default, which is used for address allocation unless a more specific IP pool is provided
  • Removes "project ID" from IP pools (and external IP addresses)
  • Removes "rack ID" from IP pool API and DB representation

In the future

  • This PR doesn't provide the many-to-many connection between projects and IP pools that we eventually want, where projects can be configured to use different IP pools for different purposes. However, by removing the not-quite-accurate relationship that an IP pool must belong to a single project, the API moves closer towards this direction.
  • We probably should access the service_ip_pool API with the AZ UUID used for the query, but since AZs don't exist in the API yet, this has been omitted.

Part of #2055

zephraph
zephraph reviewed Dec 14, 2022
View reviewed changes
nexus/types/src/external_api/params.rs
Comment on lines -511 to -518
// Type used to identify a Project in request bodies, where one may not have
// the path in the request URL.
#[derive(Debug, Clone, Deserialize, Serialize, JsonSchema)]
pub struct ProjectPath {
pub organization: Name,
pub project: Name,
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I'll be able to remove this hacky thing I did today: https://github.com/oxidecomputer/omicron/pull/2050/files#r1048986084

@smklein smklein added api Related to the API. nexus Related to nexus labels Dec 15, 2022
@smklein smklein marked this pull request as ready for review December 15, 2022 16:05
@smklein smklein mentioned this pull request Dec 15, 2022
Closed
5 tasks
@smklein smklein requested review from bnaecker and rmustacc December 15, 2022 16:12
@smklein
Copy link
Collaborator Author

smklein commented Dec 15, 2022

I suspect we'll want a follow-up to this PR to add APIs for the following:

  • Given a project, use ACLs to describe which IP pools are visible to a user
  • Given a project, configure a set of IP pools that it should use for address allocation

As mentioned on #2055

zephraph
zephraph reviewed Dec 15, 2022
View reviewed changes
common/src/sql/dbinit.sql Outdated
* should probably point to an AZ or fleet, not a rack.
*/
rack_id UUID,
internal_only BOOL NOT NULL,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor bikeshedding here, no action required unless you feel like it.

This could just be called internal as only seems to me to be implied.

It'd probably be good to copy the comment from the datastore struct or just note to check that file. Do @see comments work in rust? Maybe that's just a jsdoc thing. Again, not required. Just a nice to have.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in b4dd0b1

I dunno about the linked comments, but I included a summary here.

zephraph
zephraph reviewed Dec 15, 2022
View reviewed changes
nexus/src/app/ip_pool.rs
self.db_datastore.ip_pool_create(opctx, new_pool, None).await
self.db_datastore
.ip_pool_create(opctx, new_pool, /* internal_only= */ false)
.await
}

pub async fn ip_pool_services_create(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's outside the scope of this PR, but I wonder if IP Pool Services is the right way to frame this now. Should it just be internal ip pools?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I hear you on this; maybe s/service/internal would be more consistent. When I originally wrote this, I think I was writing "service" as shorthand for "internal service".

zephraph
zephraph reviewed Dec 15, 2022
View reviewed changes
nexus/src/app/sagas/instance_create.rs Outdated
Comment on lines 630 to 631
let (.., pool) = datastore
.ip_pools_lookup_by_name_no_auth(&opctx, "default")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this really just for looking up the default IP pool? If so, I wonder if we shouldn't just have a ip_pools_lookup_default that's documented to not require authz but otherwise doesn't take arbitrary names.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did this, and added authz checks, within 91415a4

zephraph
zephraph approved these changes Dec 16, 2022
View reviewed changes
Copy link
Contributor

@zephraph zephraph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great! Thanks for tackling it @smklein.

@smklein smklein enabled auto-merge (squash) December 19, 2022 22:42
@smklein smklein merged commit f47aefc into main Dec 19, 2022
@smklein smklein deleted the ip-pool-party branch December 19, 2022 23:24
@smklein smklein mentioned this pull request Jan 6, 2023
Merged
smklein added a commit that referenced this pull request Jan 6, 2023
@smklein
Fix ip pool policy for instance allocation (#2113)
d9b464a 
Fixes a regression introduced by
#2056

Updates polar policy to allow instance creation from regular Silo users,
and adds a regression test
@bnaecker bnaecker mentioned this pull request Jan 11, 2023
Closed
@jmpesp jmpesp mentioned this pull request Jan 24, 2023
Closed
@smklein smklein mentioned this pull request Feb 20, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@david-crespo david-crespo david-crespo left review comments

@zephraph zephraph zephraph approved these changes

@bnaecker bnaecker Awaiting requested review from bnaecker

@rmustacc rmustacc Awaiting requested review from rmustacc

Assignees
No one assigned
Labels
api Related to the API. nexus Related to nexus
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@smklein @zephraph @david-crespo