Orchestrator pass CAs to sandbox trust store

Author: sitole

packages/orchestrator/benchmark_test.go

@@ -185,7 +185,7 @@ func BenchmarkBaseImageLaunch(b *testing.B) {
 	b.Cleanup(templateCache.Stop)
 
 	sandboxes := sandbox.NewSandboxesMap()
-	sandboxFactory := sandbox.NewFactory(config.BuilderConfig, networkPool, devicePool, featureFlags, hoststats.NewNoopDelivery(), cgroup.NewNoopManager(), sandboxes)
+	sandboxFactory := sandbox.NewFactory(config.BuilderConfig, networkPool, devicePool, featureFlags, hoststats.NewNoopDelivery(), cgroup.NewNoopManager(), network.NewNoopEgressProxy(), sandboxes)
 
 	dockerhubRepository, err := dockerhub.GetRemoteRepository(b.Context())
 	require.NoError(b, err)

packages/orchestrator/cmd/create-build/main.go

@@ -299,7 +299,7 @@ func doBuild(
 	defer templateCache.Stop()
 
 	buildMetrics, _ := metrics.NewBuildMetrics(noop.MeterProvider{})
-	sandboxFactory := sandbox.NewFactory(c.BuilderConfig, networkPool, devicePool, featureFlags, hoststats.NewNoopDelivery(), cgroup.NewNoopManager(), sandboxes)
+	sandboxFactory := sandbox.NewFactory(c.BuilderConfig, networkPool, devicePool, featureFlags, hoststats.NewNoopDelivery(), cgroup.NewNoopManager(), network.NewNoopEgressProxy(), sandboxes)
 
 	builder := build.NewBuilder(
 		builderConfig, l, featureFlags, sandboxFactory,

packages/orchestrator/cmd/resume-build/main.go

@@ -1052,7 +1052,7 @@ func run(ctx context.Context, buildID string, iterations int, coldStart, noPrefe
 	if verbose {
 		fmt.Println("🔧 Creating sandbox factory...")
 	}
-	factory := sandbox.NewFactory(config.BuilderConfig, networkPool, devicePool, flags, hoststats.NewNoopDelivery(), cgroup.NewNoopManager(), sandboxes)
+	factory := sandbox.NewFactory(config.BuilderConfig, networkPool, devicePool, flags, hoststats.NewNoopDelivery(), cgroup.NewNoopManager(), network.NewNoopEgressProxy(), sandboxes)
 
 	fmt.Printf("📦 Loading %s...\n", buildID)
 	tmpl, err := cache.GetTemplate(ctx, buildID, false, false)

packages/orchestrator/cmd/smoketest/smoke_test.go

@@ -228,7 +228,7 @@ func newTestInfra(t *testing.T, ctx context.Context) *testInfra {
 	ti.closers = append(ti.closers, func(ctx context.Context) { sandboxProxy.Close(ctx) })
 
 	// Factory + Builder
-	factory := sandbox.NewFactory(orcConfig.BuilderConfig, networkPool, devicePool, flags, hoststats.NewNoopDelivery(), cgroup.NewNoopManager(), sandboxes)
+	factory := sandbox.NewFactory(orcConfig.BuilderConfig, networkPool, devicePool, flags, hoststats.NewNoopDelivery(), cgroup.NewNoopManager(), network.NewNoopEgressProxy(), sandboxes)
 	ti.factory = factory
 
 	buildMetrics, _ := metrics.NewBuildMetrics(noop.MeterProvider{})

packages/orchestrator/pkg/factories/run.go

@@ -532,7 +532,7 @@ func run(config cfg.Config, opts Options) (success bool) {
 	closers = append(closers, closer{"network pool", networkPool.Close})
 
 	// sandbox factory
-	sandboxFactory := sandbox.NewFactory(config.BuilderConfig, networkPool, devicePool, featureFlags, hostStatsDelivery, cgroupManager, sandboxes)
+	sandboxFactory := sandbox.NewFactory(config.BuilderConfig, networkPool, devicePool, featureFlags, hostStatsDelivery, cgroupManager, egressSetup.Proxy, sandboxes)
 
 	// isolated filesystems cache (for nfs proxy)
 	builder := chrooted.NewBuilder(config)

packages/orchestrator/pkg/sandbox/envd.go

@@ -16,6 +16,7 @@ import (
 	"go.uber.org/zap"
 
 	"github.com/e2b-dev/infra/packages/orchestrator/pkg/sandbox/envd"
+	"github.com/e2b-dev/infra/packages/orchestrator/pkg/sandbox/network"
 	"github.com/e2b-dev/infra/packages/shared/pkg/consts"
 	"github.com/e2b-dev/infra/packages/shared/pkg/logger"
 	"github.com/e2b-dev/infra/packages/shared/pkg/telemetry"
@@ -42,6 +43,7 @@ func (s *Sandbox) doRequestWithInfiniteRetries(
 		DefaultUser:    utils.DerefOrDefault(s.Config.Envd.DefaultUser, ""),
 		DefaultWorkdir: utils.DerefOrDefault(s.Config.Envd.DefaultWorkdir, ""),
 		VolumeMounts:   s.convertMounts(s.Config.VolumeMounts),
+		CaCertificates: s.convertCACertificates(s.CACertificates),
 	}
 
 	for {
@@ -95,6 +97,16 @@ func (s *Sandbox) convertMounts(mounts []VolumeMountConfig) []envd.VolumeMount {
 	return results
 }
 
+func (s *Sandbox) convertCACertificates(certs []network.CACertificate) []envd.CACertificate {
+	results := make([]envd.CACertificate, 0, len(certs))
+
+	for _, cert := range certs {
+		results = append(results, envd.CACertificate{Name: cert.Name, Cert: cert.Cert})
+	}
+
+	return results
+}
+
 func (s *Sandbox) initEnvd(ctx context.Context) (e error) {
 	ctx, span := tracer.Start(ctx, "envd-init", trace.WithAttributes(telemetry.WithEnvdVersion(s.Config.Envd.Version)))
 	defer func() {

packages/orchestrator/pkg/sandbox/envd/envd.gen.go

@@ -0,0 +1,115 @@
+package sandbox
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/coreos/go-iptables/iptables"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/e2b-dev/infra/packages/orchestrator/pkg/sandbox/envd"
+	"github.com/e2b-dev/infra/packages/orchestrator/pkg/sandbox/network"
+)
+
+// mockEgressProxy is a test EgressProxy that returns a fixed set of CA certificates.
+type mockEgressProxy struct {
+	certs []network.CACertificate
+}
+
+func (m *mockEgressProxy) OnSlotCreate(_ *network.Slot, _ *iptables.IPTables) error { return nil }
+func (m *mockEgressProxy) OnSlotDelete(_ *network.Slot, _ *iptables.IPTables) error { return nil }
+func (m *mockEgressProxy) CACertificates() []network.CACertificate                  { return m.certs }
+
+// newTestSandboxWithCerts builds a minimal Sandbox that has CACertificates set —
+// mirroring what Factory.CreateSandbox does with f.egressProxy.CACertificates().
+func newTestSandboxWithCerts(certs []network.CACertificate) *Sandbox {
+	return &Sandbox{
+		Metadata: &Metadata{
+			internalConfig: internalConfig{EnvdInitRequestTimeout: 5 * time.Second},
+			Config:         NewConfig(Config{}),
+			Runtime:        RuntimeMetadata{SandboxID: "test-sandbox"},
+		},
+		CACertificates: certs,
+	}
+}
+
+func TestConvertCACertificates(t *testing.T) {
+	t.Parallel()
+
+	t.Run("converts network certs to envd certs preserving name and PEM", func(t *testing.T) {
+		t.Parallel()
+
+		proxy := &mockEgressProxy{
+			certs: []network.CACertificate{
+				{Name: "proxy-ca", Cert: "-----BEGIN CERTIFICATE-----\nABC\n-----END CERTIFICATE-----\n"},
+				{Name: "custom-ca", Cert: "-----BEGIN CERTIFICATE-----\nDEF\n-----END CERTIFICATE-----\n"},
+			},
+		}
+
+		sbx := newTestSandboxWithCerts(proxy.CACertificates())
+		result := sbx.convertCACertificates(sbx.CACertificates)
+
+		require.Len(t, result, 2)
+		assert.Equal(t, "proxy-ca", result[0].Name)
+		assert.Equal(t, "-----BEGIN CERTIFICATE-----\nABC\n-----END CERTIFICATE-----\n", result[0].Cert)
+		assert.Equal(t, "custom-ca", result[1].Name)
+		assert.Equal(t, "-----BEGIN CERTIFICATE-----\nDEF\n-----END CERTIFICATE-----\n", result[1].Cert)
+	})
+
+	t.Run("returns empty slice for nil certs", func(t *testing.T) {
+		t.Parallel()
+		sbx := newTestSandboxWithCerts(nil)
+		result := sbx.convertCACertificates(nil)
+		assert.Empty(t, result)
+	})
+}
+
+// TestEnvdInitSendsCACertificates verifies the full injection chain:
+// EgressProxy.CACertificates() → Sandbox.CACertificates → POST /init body.
+func TestEnvdInitSendsCACertificates(t *testing.T) {
+	// Not parallel: overrides the package-level sandboxHttpClient.
+
+	proxy := &mockEgressProxy{
+		certs: []network.CACertificate{
+			{Name: "proxy-ca", Cert: "-----BEGIN CERTIFICATE-----\nPROXY\n-----END CERTIFICATE-----\n"},
+			{Name: "custom-ca", Cert: "-----BEGIN CERTIFICATE-----\nCUSTOM\n-----END CERTIFICATE-----\n"},
+		},
+	}
+
+	// Simulate what Factory.CreateSandbox does when assigning egress proxy certs.
+	sbx := newTestSandboxWithCerts(proxy.CACertificates())
+
+	var captured envd.PostInitJSONBody
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		require.Equal(t, http.MethodPost, r.Method)
+		require.Equal(t, "/init", r.URL.Path)
+
+		err := json.NewDecoder(r.Body).Decode(&captured)
+		require.NoError(t, err)
+
+		w.WriteHeader(http.StatusNoContent)
+	}))
+	defer server.Close()
+
+	// Temporarily swap the package-level client so the sandbox reaches our test server.
+	orig := sandboxHttpClient
+	sandboxHttpClient = http.Client{Timeout: 5 * time.Second}
+	defer func() { sandboxHttpClient = orig }()
+
+	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+	defer cancel()
+
+	_, _, err := sbx.doRequestWithInfiniteRetries(ctx, http.MethodPost, server.URL+"/init")
+	require.NoError(t, err)
+
+	require.Len(t, captured.CaCertificates, 2)
+	assert.Equal(t, proxy.certs[0].Name, captured.CaCertificates[0].Name)
+	assert.Equal(t, proxy.certs[0].Cert, captured.CaCertificates[0].Cert)
+	assert.Equal(t, proxy.certs[1].Name, captured.CaCertificates[1].Name)
+	assert.Equal(t, proxy.certs[1].Cert, captured.CaCertificates[1].Cert)
+}

packages/orchestrator/pkg/sandbox/envd_test.go

@@ -4,13 +4,36 @@ import (
 	"github.com/coreos/go-iptables/iptables"
 )
 
+type CACertificate struct {
+	// Name is the filename (without extension) used when installing the cert into the trust store.
+	Name string
+
+	// Cert is the PEM-encoded CA certificate.
+	Cert string
+}
+
 type EgressProxy interface {
 	OnSlotCreate(s *Slot, tables *iptables.IPTables) error
 	OnSlotDelete(s *Slot, tables *iptables.IPTables) error
+
+	CACertificates() []CACertificate
 }
 
 // NoopEgressProxy is a no-op implementation of EgressProxy.
 type NoopEgressProxy struct{}
 
-func (NoopEgressProxy) OnSlotCreate(_ *Slot, _ *iptables.IPTables) error { return nil }
-func (NoopEgressProxy) OnSlotDelete(_ *Slot, _ *iptables.IPTables) error { return nil }
+func NewNoopEgressProxy() NoopEgressProxy {
+	return NoopEgressProxy{}
+}
+
+func (NoopEgressProxy) OnSlotCreate(_ *Slot, _ *iptables.IPTables) error {
+	return nil
+}
+
+func (NoopEgressProxy) OnSlotDelete(_ *Slot, _ *iptables.IPTables) error {
+	return nil
+}
+
+func (NoopEgressProxy) CACertificates() []CACertificate {
+	return nil
+}

packages/orchestrator/pkg/sandbox/network/egressproxy.go

@@ -229,6 +229,8 @@ type Sandbox struct {
 	// It was used to store the config to allow API restarts
 	APIStoredConfig *orchestrator.SandboxConfig
 
+	CACertificates []network.CACertificate
+
 	exit *utils.ErrorOnce
 
 	stop utils.Lazy[error]
@@ -273,6 +275,7 @@ type Factory struct {
 	featureFlags      *featureflags.Client
 	hostStatsDelivery hoststats.Delivery
 	cgroupManager     cgroup.Manager
+	egressProxy       network.EgressProxy
 }
 
 func NewFactory(
@@ -282,6 +285,7 @@ func NewFactory(
 	featureFlags *featureflags.Client,
 	hostStatsDelivery hoststats.Delivery,
 	cgroupManager cgroup.Manager,
+	egressProxy network.EgressProxy,
 	sandboxes *Map,
 ) *Factory {
 	return &Factory{
@@ -292,6 +296,7 @@ func NewFactory(
 		featureFlags:      featureFlags,
 		hostStatsDelivery: hostStatsDelivery,
 		cgroupManager:     cgroupManager,
+		egressProxy:       egressProxy,
 	}
 }
 
@@ -467,6 +472,8 @@ func (f *Factory) CreateSandbox(
 
 		APIStoredConfig: apiConfigToStore,
 
+		CACertificates: f.egressProxy.CACertificates(),
+
 		exit: exit,
 	}
 
@@ -805,6 +812,7 @@ func (f *Factory) ResumeSandbox(
 		cleanup: cleanup,
 
 		APIStoredConfig: apiConfigToStore,
+		CACertificates:  f.egressProxy.CACertificates(),
 
 		exit: exit,
 	}