Move NetworkInterface{,Kind} from common to sled-agent-types (#10296)

This is staged on top of #10291 and is more of the same; it moves
`NetworkInterface` and `NetworkInterfaceKind` out of `omicron-common`
and into `sled-agent-types`. Both of these are used in multiple APIs:

* nexus-lockstep (unversioned)
* nexus-internal (client-side versioned)
* sled-agent (server-side versioned)
* nexus-external (server-side versioned)

I think putting this at the "lowest level" API (sled-agent) is
reasonable, although I'm surprised this type fully is visible in the
external API (edit: I think this are only reachable under endpoints
tagged with experimental `system/probes`). If at some point we want to
split them, that would be fine.

Doing this work revealed a couple of time bombs, both addressed in these
changes:

1. `nexus-types-versions` was depending on `sled-agent-types`
(implicitly "the latest version" of every type) instead of
`sled-agent-types-versions`. I'm 99.9% sure this is wrong and would lead
to pain as soon as we try to add a new version of any of the types
referenced via that path: we'd add a new version to
`sled-agent-types-versions`, update `latest` which updates
`sled-agent-types`, at which point we're (implicitly) changing the
definition of some old, pinned type inside `nexus-types-versions`. This
PR changes that dependency to `sled-agent-types-versions` and uses
explicit version numbers instead of the `latest` path.
2. `omicron-common` had a `ResolvedVpcFirewallRule` type, but
`sled-agent-types` _also_ has a `ResolvedVpcFirewallRule`.
`sled-agent-client` was using a progenitor `replace` directive pointed
at `omicron-common`, but the API was using the type from
`sled-agent-types`. This was okay because they happened to be identical,
but I'm not sure what would have happened if we'd changed one and not
the other. This PR removes the `omicron-common` one and changes everyone
to use the one from `sled-agent-types` instead.

Author: jgallagher

Cargo.lock

@@ -22,5 +22,6 @@ reqwest = { workspace = true, features = ["rustls", "stream"] }
 schemars.workspace = true
 serde.workspace = true
 serde_json.workspace = true
+sled-agent-types.workspace = true
 slog.workspace = true
 uuid.workspace = true

clients/nexus-client/Cargo.toml

@@ -29,8 +29,8 @@ progenitor::generate_api!(
         Generation = omicron_common::api::external::Generation,
         MacAddr = omicron_common::api::external::MacAddr,
         Name = omicron_common::api::external::Name,
-        NetworkInterface = omicron_common::api::internal::shared::NetworkInterface,
-        NetworkInterfaceKind = omicron_common::api::internal::shared::NetworkInterfaceKind,
+        NetworkInterface = sled_agent_types::inventory::NetworkInterface,
+        NetworkInterfaceKind = sled_agent_types::inventory::NetworkInterfaceKind,
     },
     patch = {
         SledAgentInfo = { derives = [PartialEq, Eq] },

clients/nexus-client/src/lib.rs

@@ -56,8 +56,8 @@ progenitor::generate_api!(
         MacAddr = omicron_common::api::external::MacAddr,
         MgsUpdateDriverStatus = nexus_types::internal_api::views::MgsUpdateDriverStatus,
         Name = omicron_common::api::external::Name,
-        NetworkInterface = omicron_common::api::internal::shared::NetworkInterface,
-        NetworkInterfaceKind = omicron_common::api::internal::shared::NetworkInterfaceKind,
+        NetworkInterface = sled_agent_types::inventory::NetworkInterface,
+        NetworkInterfaceKind = sled_agent_types::inventory::NetworkInterfaceKind,
         NewPasswordHash = omicron_passwords::NewPasswordHash,
         OximeterReadMode = nexus_types::deployment::OximeterReadMode,
         OximeterReadPolicy = nexus_types::deployment::OximeterReadPolicy,

clients/nexus-lockstep-client/src/lib.rs

@@ -75,7 +75,8 @@ progenitor::generate_api!(
         MeasurementLog = sled_agent_types_versions::latest::rot::MeasurementLog,
         MupdateOverrideBootInventory = sled_agent_types_versions::latest::inventory::MupdateOverrideBootInventory,
         Name = omicron_common::api::external::Name,
-        NetworkInterface = omicron_common::api::internal::shared::NetworkInterface,
+        NetworkInterface = sled_agent_types_versions::latest::inventory::NetworkInterface,
+        NetworkInterfaceKind = sled_agent_types_versions::latest::inventory::NetworkInterfaceKind,
         Nonce = sled_agent_types_versions::latest::rot::Nonce,
         OmicronPhysicalDiskConfig = omicron_common::disk::OmicronPhysicalDiskConfig,
         OmicronPhysicalDisksConfig = omicron_common::disk::OmicronPhysicalDisksConfig,
@@ -91,7 +92,7 @@ progenitor::generate_api!(
         PrepareAndCommitRequest = trust_quorum_types::messages::PrepareAndCommitRequest,
         RackNetworkConfig = sled_agent_types_versions::latest::early_networking::RackNetworkConfig,
         ReconfigureMsg = trust_quorum_types::messages::ReconfigureMsg,
-        ResolvedVpcFirewallRule = omicron_common::api::internal::shared::ResolvedVpcFirewallRule,
+        ResolvedVpcFirewallRule = sled_agent_types_versions::latest::instance::ResolvedVpcFirewallRule,
         ResolvedVpcRoute = omicron_common::api::internal::shared::ResolvedVpcRoute,
         ResolvedVpcRouteSet = omicron_common::api::internal::shared::ResolvedVpcRouteSet,
         Rot = sled_agent_types_versions::latest::rot::Rot,
@@ -275,21 +276,6 @@ impl From<omicron_common::api::external::VpcFirewallRuleProtocol>
     }
 }
 
-impl From<omicron_common::api::internal::shared::NetworkInterfaceKind>
-    for types::NetworkInterfaceKind
-{
-    fn from(
-        s: omicron_common::api::internal::shared::NetworkInterfaceKind,
-    ) -> Self {
-        use omicron_common::api::internal::shared::NetworkInterfaceKind::*;
-        match s {
-            Instance { id } => Self::Instance(id),
-            Service { id } => Self::Service(id),
-            Probe { id } => Self::Probe(id),
-        }
-    }
-}
-
 // TODO-cleanup This is icky; can we move these methods to a separate client so
 // we don't need to add this header by hand?
 // https://github.com/oxidecomputer/omicron/issues/8900

clients/sled-agent-client/src/lib.rs

@@ -4,7 +4,6 @@
 
 //! Types shared between Nexus and Sled Agent.
 
-use super::nexus::HostIdentifier;
 use crate::{
     api::external::{self, MacAddr, Vni},
     disk::DatasetName,
@@ -30,11 +29,13 @@ use std::{
 use strum::EnumCount;
 use uuid::Uuid;
 
-pub mod network_interface;
+mod private_ip_config;
 
-// Re-export latest version of all NIC-related types.
-pub use network_interface::NetworkInterfaceKind;
-pub use network_interface::*;
+// Re-export private IP config types.
+pub use private_ip_config::PrivateIpConfig;
+pub use private_ip_config::PrivateIpConfigError;
+pub use private_ip_config::PrivateIpv4Config;
+pub use private_ip_config::PrivateIpv6Config;
 
 /// Description of source IPs allowed to reach rack services.
 #[derive(Clone, Debug, Deserialize, Eq, JsonSchema, PartialEq, Serialize)]
@@ -128,19 +129,6 @@ pub struct ResolvedVpcRoute {
     pub target: RouterTarget,
 }
 
-/// VPC firewall rule after object name resolution has been performed by Nexus
-#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, JsonSchema)]
-pub struct ResolvedVpcFirewallRule {
-    pub status: external::VpcFirewallRuleStatus,
-    pub direction: external::VpcFirewallRuleDirection,
-    pub targets: Vec<NetworkInterface>,
-    pub filter_hosts: Option<HashSet<HostIdentifier>>,
-    pub filter_ports: Option<Vec<external::L4PortRange>>,
-    pub filter_protocols: Option<Vec<external::VpcFirewallRuleProtocol>>,
-    pub action: external::VpcFirewallRuleAction,
-    pub priority: external::VpcFirewallRulePriority,
-}
-
 /// A mapping from a virtual NIC to a physical host
 #[derive(
     Clone, Debug, Serialize, Deserialize, JsonSchema, PartialEq, Eq, Hash,

common/src/api/internal/shared/mod.rs

@@ -2,14 +2,16 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
-//! Shared network-interface types.
+// NOTE: If you need to change these types in a new API version, please move
+// them to one of the `sled-agent-types-versions` crate first, then version it
+// from there.
+
+//! Shared private IP config types.
 
 use crate::address::MAX_VPC_IPV4_SUBNET_PREFIX;
 use crate::address::MIN_VPC_IPV4_SUBNET_PREFIX;
 use crate::address::VPC_SUBNET_IPV6_PREFIX_LENGTH;
 use crate::api::external;
-use crate::api::external::Name;
-use crate::api::external::Vni;
 use daft::Diffable;
 use oxnet::IpNet;
 use oxnet::Ipv4Net;
@@ -20,170 +22,6 @@ use serde::Serialize;
 use std::net::IpAddr;
 use std::net::Ipv4Addr;
 use std::net::Ipv6Addr;
-use uuid::Uuid;
-
-pub mod v1;
-
-/// The type of network interface
-#[derive(
-    Clone,
-    Copy,
-    Debug,
-    Eq,
-    PartialEq,
-    Ord,
-    PartialOrd,
-    Deserialize,
-    Serialize,
-    JsonSchema,
-    Hash,
-    Diffable,
-)]
-#[serde(tag = "type", rename_all = "snake_case")]
-pub enum NetworkInterfaceKind {
-    /// A vNIC attached to a guest instance
-    Instance { id: Uuid },
-    /// A vNIC associated with an internal service
-    Service { id: Uuid },
-    /// A vNIC associated with a probe
-    Probe { id: Uuid },
-}
-
-/// Information required to construct a virtual network interface
-#[derive(
-    Clone,
-    Debug,
-    Deserialize,
-    Serialize,
-    JsonSchema,
-    PartialEq,
-    Eq,
-    PartialOrd,
-    Ord,
-    Hash,
-    Diffable,
-)]
-pub struct NetworkInterface {
-    pub id: Uuid,
-    pub kind: NetworkInterfaceKind,
-    pub name: Name,
-    pub ip_config: PrivateIpConfig,
-    pub mac: external::MacAddr,
-    pub vni: Vni,
-    pub primary: bool,
-    pub slot: u8,
-}
-
-impl TryFrom<super::v1::NetworkInterface> for NetworkInterface {
-    type Error = external::Error;
-
-    fn try_from(
-        value: super::v1::NetworkInterface,
-    ) -> Result<Self, Self::Error> {
-        let super::v1::NetworkInterface {
-            id,
-            kind,
-            name,
-            ip,
-            mac,
-            subnet,
-            vni,
-            primary,
-            slot,
-            transit_ips,
-        } = value;
-        let ip_config = match (ip, subnet) {
-            (IpAddr::V4(ip), IpNet::V4(subnet)) => {
-                let transit_ips = transit_ips
-                    .into_iter()
-                    .map(|net| {
-                        let IpNet::V4(subnet) = net else {
-                            return Err(external::Error::invalid_request(
-                                "Expected an IPv4 transit IP subnet, but found IPv6",
-                            ));
-                        };
-                        Ok(subnet)
-                    })
-                    .collect::<Result<_, _>>()?;
-                PrivateIpConfig::V4(PrivateIpv4Config::new_with_transit_ips(
-                    ip,
-                    subnet,
-                    transit_ips,
-                )?)
-            }
-            (IpAddr::V6(ip), IpNet::V6(subnet)) => {
-                let transit_ips = transit_ips
-                    .into_iter()
-                    .map(|net| {
-                        let IpNet::V6(subnet) = net else {
-                            return Err(external::Error::invalid_request(
-                                "Expected an IPv6 transit IP subnet, but found IPv4",
-                            ));
-                        };
-                        Ok(subnet)
-                    })
-                    .collect::<Result<_, _>>()?;
-                PrivateIpConfig::V6(PrivateIpv6Config::new_with_transit_ips(
-                    ip,
-                    subnet,
-                    transit_ips,
-                )?)
-            }
-            (IpAddr::V4(_), IpNet::V6(_)) | (IpAddr::V6(_), IpNet::V4(_)) => {
-                return Err(external::Error::invalid_request(
-                    "IP address and subnet must have the same IP version",
-                ));
-            }
-        };
-        Ok(Self { id, kind, name, ip_config, mac, vni, primary, slot })
-    }
-}
-
-impl TryFrom<NetworkInterface> for super::v1::NetworkInterface {
-    type Error = external::Error;
-
-    fn try_from(value: NetworkInterface) -> Result<Self, Self::Error> {
-        let NetworkInterface {
-            id,
-            kind,
-            name,
-            ip_config: ip,
-            mac,
-            vni,
-            primary,
-            slot,
-        } = value;
-        let (ip, subnet, transit_ips) = match ip {
-            PrivateIpConfig::V4(v4) => (
-                IpAddr::V4(v4.ip),
-                IpNet::V4(v4.subnet),
-                v4.transit_ips.into_iter().map(IpNet::V4).collect(),
-            ),
-            PrivateIpConfig::V6(v6) => (
-                IpAddr::V6(v6.ip),
-                IpNet::V6(v6.subnet),
-                v6.transit_ips.into_iter().map(IpNet::V6).collect(),
-            ),
-            PrivateIpConfig::DualStack { .. } => {
-                return Err(external::Error::invalid_request(
-                    "Cannot convert dual-stack v2 NetworkInterface to v1",
-                ));
-            }
-        };
-        Ok(Self {
-            id,
-            kind,
-            name,
-            ip,
-            mac,
-            subnet,
-            vni,
-            primary,
-            slot,
-            transit_ips,
-        })
-    }
-}
 
 #[derive(Clone, Debug, thiserror::Error)]
 pub enum PrivateIpConfigError {