Add Nexus and database support for IPv6 NAT (#8758)

- Renames NAT tables in the database to be IP-family agnostic
- Renames NAT-enry-related types to be IP-family agnostic
- Adds a generic `IpNet` database model type
- Adds handling of IPv6 addresses for NAT entries, for both services and
instances
- Fixes #5090. Fixes #8749.

Author: bnaecker

common/src/api/external/mod.rs

@@ -901,6 +901,7 @@ impl JsonSchema for Hostname {
 // General types used to implement API resources
 
 /// Identifies a type of API resource
+// NOTE: Please keep this enum in alphabetical order.
 #[derive(
     Clone,
     Copy,
@@ -920,77 +921,77 @@ pub enum ResourceType {
     AddressLotBlock,
     AffinityGroup,
     AffinityGroupMember,
-    AntiAffinityGroup,
-    AntiAffinityGroupMember,
     Alert,
     AlertReceiver,
     AllowList,
+    AntiAffinityGroup,
+    AntiAffinityGroupMember,
     AuditLogEntry,
     BackgroundTask,
-    BgpConfig,
     BgpAnnounceSet,
+    BgpConfig,
     Blueprint,
-    Fleet,
-    Silo,
-    SiloUser,
-    SiloGroup,
-    SiloQuotas,
-    IdentityProvider,
-    SamlIdentityProvider,
-    SshKey,
     Certificate,
     ConsoleSession,
-    DeviceAuthRequest,
-    DeviceAccessToken,
-    Project,
     Dataset,
+    DeviceAccessToken,
+    DeviceAuthRequest,
     Disk,
+    Fleet,
+    FloatingIp,
+    IdentityProvider,
     Image,
-    SiloImage,
-    ProjectImage,
     Instance,
-    LoopbackAddress,
-    SiloAuthSettings,
-    SwitchPortSettings,
-    SupportBundle,
-    IpPool,
-    IpPoolResource,
     InstanceNetworkInterface,
     InternetGateway,
-    InternetGatewayIpPool,
     InternetGatewayIpAddress,
+    InternetGatewayIpPool,
+    IpPool,
+    IpPoolResource,
+    LldpLinkConfig,
+    LoopbackAddress,
+    MetricProducer,
+    NatEntry,
+    Oximeter,
     PhysicalDisk,
+    Probe,
+    ProbeNetworkInterface,
+    Project,
+    ProjectImage,
     Rack,
+    RoleBuiltin,
+    RouterRoute,
+    SagaDbg,
+    SamlIdentityProvider,
     Service,
     ServiceNetworkInterface,
+    Silo,
+    SiloAuthSettings,
+    SiloGroup,
+    SiloImage,
+    SiloQuotas,
+    SiloUser,
     Sled,
     SledInstance,
     SledLedger,
-    Switch,
-    SagaDbg,
     Snapshot,
-    Volume,
-    Vpc,
-    VpcFirewallRule,
-    VpcSubnet,
-    VpcRouter,
-    RouterRoute,
-    Oximeter,
-    MetricProducer,
-    RoleBuiltin,
-    TufRepo,
+    SshKey,
+    SupportBundle,
+    Switch,
+    SwitchPort,
+    SwitchPortSettings,
     TufArtifact,
+    TufRepo,
     TufTrustRoot,
-    SwitchPort,
     UserBuiltin,
-    Zpool,
     Vmm,
-    Ipv4NatEntry,
-    FloatingIp,
-    Probe,
-    ProbeNetworkInterface,
-    LldpLinkConfig,
+    Volume,
+    Vpc,
+    VpcFirewallRule,
+    VpcRouter,
+    VpcSubnet,
     WebhookSecret,
+    Zpool,
 }
 
 // IDENTITY METADATA

dev-tools/omdb/src/bin/omdb/nexus.rs

@@ -928,7 +928,7 @@ async fn cmd_nexus_background_tasks_show(
         "dns_config_external",
         "dns_servers_external",
         "dns_propagation_external",
-        "nat_v4_garbage_collector",
+        "nat_garbage_collector",
         "blueprint_loader",
         "blueprint_executor",
     ] {

dev-tools/omdb/tests/env.out

@@ -128,8 +128,8 @@ task: "metrics_producer_gc"
     unregisters Oximeter metrics producers that have not renewed their lease
 
 
-task: "nat_v4_garbage_collector"
-    prunes soft-deleted IPV4 NAT entries from ipv4_nat_entry table based on a
+task: "nat_garbage_collector"
+    prunes soft-deleted NAT entries from nat_entry table based on a
     predetermined retention policy
 
 
@@ -336,8 +336,8 @@ task: "metrics_producer_gc"
     unregisters Oximeter metrics producers that have not renewed their lease
 
 
-task: "nat_v4_garbage_collector"
-    prunes soft-deleted IPV4 NAT entries from ipv4_nat_entry table based on a
+task: "nat_garbage_collector"
+    prunes soft-deleted NAT entries from nat_entry table based on a
     predetermined retention policy
 
 
@@ -531,8 +531,8 @@ task: "metrics_producer_gc"
     unregisters Oximeter metrics producers that have not renewed their lease
 
 
-task: "nat_v4_garbage_collector"
-    prunes soft-deleted IPV4 NAT entries from ipv4_nat_entry table based on a
+task: "nat_garbage_collector"
+    prunes soft-deleted NAT entries from nat_entry table based on a
     predetermined retention policy
 
 

dev-tools/omdb/tests/successes.out

@@ -340,8 +340,8 @@ task: "metrics_producer_gc"
     unregisters Oximeter metrics producers that have not renewed their lease
 
 
-task: "nat_v4_garbage_collector"
-    prunes soft-deleted IPV4 NAT entries from ipv4_nat_entry table based on a
+task: "nat_garbage_collector"
+    prunes soft-deleted NAT entries from nat_entry table based on a
     predetermined retention policy
 
 
@@ -481,7 +481,7 @@ task: "dns_propagation_external"
       [::1]:REDACTED_PORT     success     
 
 
-task: "nat_v4_garbage_collector"
+task: "nat_garbage_collector"
   configured period: every <REDACTED_DURATION>s
   last completed activation: <REDACTED ITERATIONS>, triggered by a periodic timer firing
     started at <REDACTED_TIMESTAMP> (<REDACTED DURATION>s ago) and ran for <REDACTED DURATION>ms
@@ -991,7 +991,7 @@ task: "dns_propagation_external"
       [::1]:REDACTED_PORT     success     
 
 
-task: "nat_v4_garbage_collector"
+task: "nat_garbage_collector"
   configured period: every <REDACTED_DURATION>s
   currently executing: no
   last completed activation: <REDACTED ITERATIONS>, triggered by a periodic timer firing

nexus/db-model/src/ipnet.rs

@@ -0,0 +1,113 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+use diesel::backend::Backend;
+use diesel::deserialize;
+use diesel::deserialize::FromSql;
+use diesel::pg::Pg;
+use diesel::serialize;
+use diesel::serialize::ToSql;
+use diesel::sql_types;
+use ipnetwork::IpNetwork;
+use serde::Deserialize;
+use serde::Serialize;
+
+#[derive(
+    Clone,
+    Copy,
+    Debug,
+    Eq,
+    PartialEq,
+    AsExpression,
+    FromSqlRow,
+    Serialize,
+    Deserialize,
+)]
+#[diesel(sql_type = sql_types::Inet)]
+pub enum IpNet {
+    V4(crate::Ipv4Net),
+    V6(crate::Ipv6Net),
+}
+
+impl ::std::fmt::Display for IpNet {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            IpNet::V4(inner) => inner.fmt(f),
+            IpNet::V6(inner) => inner.fmt(f),
+        }
+    }
+}
+
+impl From<IpNet> for ::std::net::IpAddr {
+    fn from(value: IpNet) -> Self {
+        match value {
+            IpNet::V4(inner) => ::std::net::IpAddr::V4(inner.addr()),
+            IpNet::V6(inner) => ::std::net::IpAddr::V6(inner.addr()),
+        }
+    }
+}
+
+impl From<ipnetwork::IpNetwork> for IpNet {
+    fn from(value: ipnetwork::IpNetwork) -> Self {
+        match value {
+            IpNetwork::V4(ipv4) => Self::from(oxnet::Ipv4Net::from(ipv4)),
+            IpNetwork::V6(ipv6) => Self::from(oxnet::Ipv6Net::from(ipv6)),
+        }
+    }
+}
+
+impl From<oxnet::Ipv4Net> for IpNet {
+    fn from(value: oxnet::Ipv4Net) -> Self {
+        Self::V4(crate::Ipv4Net::from(value))
+    }
+}
+
+impl From<oxnet::Ipv6Net> for IpNet {
+    fn from(value: oxnet::Ipv6Net) -> Self {
+        Self::V6(crate::Ipv6Net::from(value))
+    }
+}
+
+impl From<oxnet::IpNet> for IpNet {
+    fn from(value: oxnet::IpNet) -> Self {
+        match value {
+            oxnet::IpNet::V4(ipv4_net) => {
+                Self::V4(crate::Ipv4Net::from(ipv4_net))
+            }
+            oxnet::IpNet::V6(ipv6_net) => {
+                Self::V6(crate::Ipv6Net::from(ipv6_net))
+            }
+        }
+    }
+}
+
+impl ToSql<sql_types::Inet, Pg> for IpNet {
+    fn to_sql<'a>(
+        &'a self,
+        out: &mut serialize::Output<'a, '_, Pg>,
+    ) -> serialize::Result {
+        let inner = match self {
+            IpNet::V4(inner) => IpNetwork::V4(inner.0.into()),
+            IpNet::V6(inner) => IpNetwork::V6(inner.0.into()),
+        };
+        <IpNetwork as ToSql<sql_types::Inet, Pg>>::to_sql(
+            &inner,
+            &mut out.reborrow(),
+        )
+    }
+}
+
+impl<DB> FromSql<sql_types::Inet, DB> for IpNet
+where
+    DB: Backend,
+    IpNetwork: FromSql<sql_types::Inet, DB>,
+{
+    fn from_sql(bytes: DB::RawValue<'_>) -> deserialize::Result<Self> {
+        let inet = IpNetwork::from_sql(bytes)?;
+        match inet {
+            IpNetwork::V4(net) => Ok(Self::V4(crate::Ipv4Net(net.into()))),
+            IpNetwork::V6(net) => Ok(Self::V6(crate::Ipv6Net(net.into()))),
+        }
+    }
+}