begin nebius impl

drewmalin · drewmalin · commit 869e502472cd · 2025-09-13T15:33:45.000-07:00
diff --git a/go.mod b/go.mod
@@ -8,6 +8,7 @@ require (
 	github.com/alecthomas/units v0.0.0-20240927000941-0f3dac36c52b
 	github.com/aws/aws-sdk-go-v2 v1.39.0
 	github.com/aws/aws-sdk-go-v2/config v1.31.8
+	github.com/aws/aws-sdk-go-v2/credentials v1.18.12
 	github.com/aws/aws-sdk-go-v2/service/ec2 v1.251.2
 	github.com/bojanz/currency v1.3.1
 	github.com/cenkalti/backoff v2.2.1+incompatible
@@ -24,7 +25,6 @@ require (
 require (
 	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.8-20250717185734-6c6e0d3c608e.1 // indirect
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.18.12 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.7 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.7 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.7 // indirect
diff --git a/v1/client.go b/v1/client.go
@@ -42,4 +42,5 @@ type CloudClient interface {
 	CloudModifyFirewall
 	CloudInstanceTags
 	UpdateHandler
+	CloudMaintainVPC
 }
diff --git a/v1/notimplemented.go b/v1/notimplemented.go
@@ -131,6 +131,10 @@ func (c notImplCloudClient) CreateVPC(_ context.Context, _ CreateVPCArgs) (*VPC,
 	return nil, ErrNotImplemented
 }
 
+func (c notImplCloudClient) GetVPC(_ context.Context, _ GetVPCArgs) (*VPC, error) {
+	return nil, ErrNotImplemented
+}
+
 func (c notImplCloudClient) DeleteVPC(_ context.Context, _ DeleteVPCArgs) error {
 	return ErrNotImplemented
 }
diff --git a/v1/providers/aws/network.go b/v1/providers/aws/network.go
@@ -16,6 +16,7 @@ const (
 	tagBrevRefID      = "brev-ref-id"
 	tagBrevVPCID      = "brev-vpc-id"
 	tagBrevSubnetType = "brev-subnet-type"
+	tagBrevCloudSDK   = "brev-cloud-sdk"
 
 	natGatewayDeleteWaitInterval = 10 * time.Second
 	natGatewayCreateWaitInterval = 10 * time.Second
@@ -71,6 +72,7 @@ func createVPC(ctx context.Context, awsClient *ec2.Client, name string, cidrBloc
 	tags := makeTags(map[string]string{
 		"Name":       name,
 		tagBrevRefID: brevRefID,
+		"CreatedBy":  tagBrevCloudSDK,
 	})
 
 	input := &ec2.CreateVpcInput{
@@ -125,6 +127,7 @@ func createInternetGateway(ctx context.Context, awsClient *ec2.Client, vpc *type
 	tags := makeTags(map[string]string{
 		"Name":       fmt.Sprintf("%s-public", *vpc.VpcId),
 		tagBrevVPCID: *vpc.VpcId,
+		"CreatedBy":  tagBrevCloudSDK,
 	})
 
 	createInput := &ec2.CreateInternetGatewayInput{
@@ -208,8 +211,10 @@ func createCompleteVPC(ctx context.Context, awsClient *ec2.Client, args v1.Creat
 
 func createPublicSubnet(ctx context.Context, awsClient *ec2.Client, vpc *types.Vpc, args v1.CreateSubnetArgs) (*types.Subnet, error) {
 	tags := makeTags(map[string]string{
+		"Name":            fmt.Sprintf("%s-public", *vpc.VpcId),
 		tagBrevVPCID:      *vpc.VpcId,
 		tagBrevSubnetType: string(args.Type),
+		"CreatedBy":       tagBrevCloudSDK,
 	})
 	input := &ec2.CreateSubnetInput{
 		VpcId:     vpc.VpcId,
@@ -280,6 +285,7 @@ func getOrCreatePublicRouteTable(ctx context.Context, awsClient *ec2.Client, vpc
 	tags := makeTags(map[string]string{
 		"Name":       rtNameTag,
 		tagBrevVPCID: *vpc.VpcId,
+		"CreatedBy":  tagBrevCloudSDK,
 	})
 	input := &ec2.CreateRouteTableInput{
 		VpcId: aws.String(*vpc.VpcId),
@@ -348,7 +354,8 @@ func getOrCreateInternetGateway(ctx context.Context, awsClient *ec2.Client, vpc
 
 	// If there is no internet gateway, create one
 	tags := makeTags(map[string]string{
-		"Name": igwNameTag,
+		"Name":      igwNameTag,
+		"CreatedBy": tagBrevCloudSDK,
 	})
 	input := &ec2.CreateInternetGatewayInput{
 		TagSpecifications: []types.TagSpecification{
@@ -368,8 +375,10 @@ func getOrCreateInternetGateway(ctx context.Context, awsClient *ec2.Client, vpc
 
 func createPrivateSubnet(ctx context.Context, awsClient *ec2.Client, vpc *types.Vpc, natGatewaySubnet *types.Subnet, args v1.CreateSubnetArgs) (*types.Subnet, error) {
 	subnetTags := makeTags(map[string]string{
+		"Name":            fmt.Sprintf("%s-private", *vpc.VpcId),
 		tagBrevVPCID:      *vpc.VpcId,
 		tagBrevSubnetType: string(args.Type),
+		"CreatedBy":       tagBrevCloudSDK,
 	})
 	createSubnetInput := &ec2.CreateSubnetInput{
 		VpcId:            vpc.VpcId,
@@ -397,6 +406,7 @@ func createPrivateSubnet(ctx context.Context, awsClient *ec2.Client, vpc *types.
 	routeTableTags := makeTags(map[string]string{
 		"Name":       fmt.Sprintf("%s-private", *vpc.VpcId),
 		tagBrevVPCID: *vpc.VpcId,
+		"CreatedBy":  tagBrevCloudSDK,
 	})
 	createRouteTableInput := &ec2.CreateRouteTableInput{
 		VpcId: aws.String(*vpc.VpcId),
@@ -449,6 +459,7 @@ func createNatGateway(ctx context.Context, awsClient *ec2.Client, vpc *types.Vpc
 	natGatewayTags := makeTags(map[string]string{
 		"Name":       fmt.Sprintf("%s-nat", *vpc.VpcId),
 		tagBrevVPCID: *vpc.VpcId,
+		"CreatedBy":  tagBrevCloudSDK,
 	})
 	createNatGatewayInput := &ec2.CreateNatGatewayInput{
 		SubnetId:     subnet.SubnetId,
@@ -497,14 +508,14 @@ func (c *AWSClient) GetVPC(ctx context.Context, args v1.GetVPCArgs) (*v1.VPC, er
 		return nil, err
 	}
 
-	nameTag := ""
-	refIDTag := ""
+	brevVPCName := ""
+	brevRefID := ""
 	for _, tag := range awsVPC.Tags {
 		if *tag.Key == "Name" {
-			nameTag = *tag.Value
+			brevVPCName = *tag.Value
 		}
 		if *tag.Key == tagBrevRefID {
-			refIDTag = *tag.Value
+			brevRefID = *tag.Value
 		}
 	}
 
@@ -513,16 +524,22 @@ func (c *AWSClient) GetVPC(ctx context.Context, args v1.GetVPCArgs) (*v1.VPC, er
 		return nil, err
 	}
 
+	subnets, err := getVPCSubnets(ctx, awsClient, awsVPC)
+	if err != nil {
+		return nil, err
+	}
+
 	return &v1.VPC{
-		RefID:          refIDTag,
-		Name:           nameTag,
+		RefID:          brevRefID,
+		Name:           brevVPCName,
 		Location:       args.Location,
 		CloudID:        *awsVPC.VpcId,
 		CloudCredRefID: c.GetReferenceID(),
 		Provider:       CloudProviderID,
 		Cloud:          CloudProviderID,
 		CidrBlock:      *awsVPC.CidrBlock,
 		Status:         status,
+		Subnets:        subnets,
 	}, nil
 }
 
@@ -586,6 +603,42 @@ func getVPCStatus(ctx context.Context, awsClient *ec2.Client, awsVPC *types.Vpc)
 	return v1.VPCStatusAvailable, nil
 }
 
+func getVPCSubnets(ctx context.Context, awsClient *ec2.Client, awsVPC *types.Vpc) ([]v1.Subnet, error) {
+	describeSubnetsOutput, err := awsClient.DescribeSubnets(ctx, &ec2.DescribeSubnetsInput{
+		Filters: []types.Filter{
+			{
+				Name:   aws.String("vpc-id"),
+				Values: []string{*awsVPC.VpcId},
+			},
+		},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	subnets := make([]v1.Subnet, 0)
+	for _, subnet := range describeSubnetsOutput.Subnets {
+		var subnetType v1.SubnetType
+
+		// Get subnet type tag
+		for _, tag := range subnet.Tags {
+			if *tag.Key == tagBrevSubnetType {
+				subnetType = v1.SubnetType(*tag.Value)
+				break
+			}
+		}
+
+		subnets = append(subnets, v1.Subnet{
+			CloudID:   *subnet.SubnetId,
+			VPCID:     *awsVPC.VpcId,
+			Location:  *subnet.AvailabilityZone,
+			CidrBlock: *subnet.CidrBlock,
+			Type:      subnetType,
+		})
+	}
+	return subnets, nil
+}
+
 func (c *AWSClient) DeleteVPC(ctx context.Context, args v1.DeleteVPCArgs) error {
 	// Create the AWS client in the specified region
 	awsClient := ec2.NewFromConfig(c.awsConfig, func(o *ec2.Options) {
diff --git a/v1/providers/aws/network_test.go b/v1/providers/aws/network_test.go
@@ -50,10 +50,10 @@ func TestCreateVPC(t *testing.T) {
 		Location:  location,
 		CidrBlock: "10.0.0.0/16",
 		Subnets: []v1.CreateSubnetArgs{
-			{Name: "cloud-sdk-test-public-1", CidrBlock: "10.0.0.0/24", Type: v1.SubnetTypePublic},
-			{Name: "cloud-sdk-test-private-1", CidrBlock: "10.0.1.0/24", Type: v1.SubnetTypePrivate},
-			{Name: "cloud-sdk-test-public-2", CidrBlock: "10.0.2.0/24", Type: v1.SubnetTypePublic},
-			{Name: "cloud-sdk-test-private-2", CidrBlock: "10.0.3.0/24", Type: v1.SubnetTypePrivate},
+			{CidrBlock: "10.0.0.0/24", Type: v1.SubnetTypePublic},
+			{CidrBlock: "10.0.1.0/24", Type: v1.SubnetTypePrivate},
+			{CidrBlock: "10.0.2.0/24", Type: v1.SubnetTypePublic},
+			{CidrBlock: "10.0.3.0/24", Type: v1.SubnetTypePrivate},
 		},
 	})
 	if err != nil {
@@ -67,7 +67,6 @@ func TestCreateVPC(t *testing.T) {
 	if err != nil {
 		t.Fatalf("failed to get VPC: %v", err)
 	}
-	fmt.Println("VPC retrieved")
 
 	err = awsClient.DeleteVPC(context.Background(), v1.DeleteVPCArgs{
 		VPC: &v1.VPC{
@@ -78,6 +77,4 @@ func TestCreateVPC(t *testing.T) {
 	if err != nil {
 		t.Fatalf("failed to delete VPC: %v", err)
 	}
-
-	fmt.Println("VPC deleted")
 }
diff --git a/v1/providers/nebius/client.go b/v1/providers/nebius/client.go
@@ -2,25 +2,34 @@ package v1
 
 import (
 	"context"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/pem"
 	"fmt"
 
 	v1 "github.com/brevdev/cloud/v1"
 	"github.com/nebius/gosdk"
+	"github.com/nebius/gosdk/auth"
 )
 
 type NebiusCredential struct {
-	RefID             string
-	ServiceAccountKey string // JSON service account key
-	ProjectID         string
+	RefID               string
+	PublicKeyID         string
+	PrivateKeyPEMBase64 string
+	ServiceAccountID    string
+	ProjectID           string
 }
 
 var _ v1.CloudCredential = &NebiusCredential{}
 
-func NewNebiusCredential(refID, serviceAccountKey, projectID string) *NebiusCredential {
+func NewNebiusCredential(refID string, publicKeyID string, privateKeyPEMBase64 string, serviceAccountID string, projectID string) *NebiusCredential {
 	return &NebiusCredential{
-		RefID:             refID,
-		ServiceAccountKey: serviceAccountKey,
-		ProjectID:         projectID,
+		RefID:               refID,
+		PublicKeyID:         publicKeyID,
+		PrivateKeyPEMBase64: privateKeyPEMBase64,
+		ServiceAccountID:    serviceAccountID,
+		ProjectID:           projectID,
 	}
 }
 
@@ -41,42 +50,64 @@ func (c *NebiusCredential) GetCloudProviderID() v1.CloudProviderID {
 
 // GetTenantID returns the tenant ID for Nebius (project ID)
 func (c *NebiusCredential) GetTenantID() (string, error) {
-	if c.ProjectID == "" {
-		return "", fmt.Errorf("project ID is required for Nebius")
+	if c.ServiceAccountID == "" {
+		return "", fmt.Errorf("service account ID is required for Nebius")
 	}
-	return c.ProjectID, nil
+	return c.ServiceAccountID, nil
 }
 
-func (c *NebiusCredential) MakeClient(ctx context.Context, location string) (v1.CloudClient, error) {
-	return NewNebiusClient(ctx, c.RefID, c.ServiceAccountKey, c.ProjectID, location)
+func (c *NebiusCredential) MakeClient(ctx context.Context, _ string) (v1.CloudClient, error) {
+	return NewNebiusClient(ctx, c.RefID, c.PublicKeyID, c.PrivateKeyPEMBase64, c.ServiceAccountID, c.ProjectID)
 }
 
 // It embeds NotImplCloudClient to handle unsupported features
 type NebiusClient struct {
 	v1.NotImplCloudClient
-	refID             string
-	serviceAccountKey string
-	projectID         string
-	location          string
-	sdk               *gosdk.SDK
+	refID     string
+	projectID string
+	sdk       *gosdk.SDK
 }
 
 var _ v1.CloudClient = &NebiusClient{}
 
-func NewNebiusClient(ctx context.Context, refID, serviceAccountKey, projectID, location string) (*NebiusClient, error) {
+func NewNebiusClient(ctx context.Context, refID string, publicKeyID string, privateKeyPEMBase64 string, serviceAccountID string, projectID string) (*NebiusClient, error) {
+	// Decode base64 into raw PEM bytes
+	pemBytes, err := base64.StdEncoding.DecodeString(privateKeyPEMBase64)
+	if err != nil {
+		return nil, fmt.Errorf("failed to base64 decode: %w", err)
+	}
+
+	// Decode the PEM block
+	block, _ := pem.Decode(pemBytes)
+	if block == nil {
+		return nil, fmt.Errorf("failed to parse PEM block")
+	}
+
+	parsedKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse PKCS8 private key: %w", err)
+	}
+	var ok bool
+	privateKey, ok := parsedKey.(*rsa.PrivateKey)
+	if !ok {
+		return nil, fmt.Errorf("not an RSA private key")
+	}
+
 	sdk, err := gosdk.New(ctx, gosdk.WithCredentials(
-		gosdk.IAMToken(serviceAccountKey), // For now, treat as IAM token - will need proper service account handling later
+		gosdk.ServiceAccount(auth.ServiceAccount{
+			PrivateKey:       privateKey,
+			PublicKeyID:      publicKeyID,
+			ServiceAccountID: serviceAccountID,
+		}),
 	))
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize Nebius SDK: %w", err)
 	}
 
 	return &NebiusClient{
-		refID:             refID,
-		serviceAccountKey: serviceAccountKey,
-		projectID:         projectID,
-		location:          location,
-		sdk:               sdk,
+		refID:     refID,
+		projectID: projectID,
+		sdk:       sdk,
 	}, nil
 }
 
@@ -90,11 +121,6 @@ func (c *NebiusClient) GetCloudProviderID() v1.CloudProviderID {
 	return "nebius"
 }
 
-// MakeClient creates a new client instance for a different location
-func (c *NebiusClient) MakeClient(ctx context.Context, location string) (v1.CloudClient, error) {
-	return NewNebiusClient(ctx, c.refID, c.serviceAccountKey, c.projectID, location)
-}
-
 // GetTenantID returns the tenant ID for Nebius
 func (c *NebiusClient) GetTenantID() (string, error) {
 	return c.projectID, nil
diff --git a/v1/providers/nebius/network.go b/v1/providers/nebius/network.go
diff --git a/v1/providers/nebius/network_test.go b/v1/providers/nebius/network_test.go
diff --git a/v1/vpc.go b/v1/vpc.go

Original file line number	Diff line number	Diff line change
`@@ -42,4 +42,5 @@ type CloudClient interface {`
`42`	`42`	`CloudModifyFirewall`
`43`	`43`	`CloudInstanceTags`
`44`	`44`	`UpdateHandler`
	`45`	`+ CloudMaintainVPC`
`45`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -131,6 +131,10 @@ func (c notImplCloudClient) CreateVPC(_ context.Context, _ CreateVPCArgs) (*VPC,`
`131`	`131`	`return nil, ErrNotImplemented`
`132`	`132`	`}`
`133`	`133`
	`134`	`+func (c notImplCloudClient) GetVPC(_ context.Context, _ GetVPCArgs) (*VPC, error) {`
	`135`	`+ return nil, ErrNotImplemented`
	`136`	`+}`
	`137`	`+`
`134`	`138`	`func (c notImplCloudClient) DeleteVPC(_ context.Context, _ DeleteVPCArgs) error {`
`135`	`139`	`return ErrNotImplemented`
`136`	`140`	`}`