oxidecomputer
diff --git a/‎nexus/db-model/src/network_interface.rs
Lines changed: 7 additions & 0 deletions b/‎nexus/db-model/src/network_interface.rs
Lines changed: 7 additions & 0 deletions
diff --git a/‎nexus/db-queries/src/db/datastore/vpc.rs
Lines changed: 1 addition & 0 deletions b/‎nexus/db-queries/src/db/datastore/vpc.rs
Lines changed: 1 addition & 0 deletions
diff --git a/‎nexus/db-queries/src/db/queries/network_interface.rs
Lines changed: 80 additions & 1 deletion b/‎nexus/db-queries/src/db/queries/network_interface.rs
Lines changed: 80 additions & 1 deletion
diff --git a/‎nexus/src/app/network_interface.rs
Lines changed: 1 addition & 0 deletions b/‎nexus/src/app/network_interface.rs
Lines changed: 1 addition & 0 deletions
diff --git a/‎nexus/src/app/sagas/instance_create.rs
Lines changed: 4 additions & 1 deletion b/‎nexus/src/app/sagas/instance_create.rs
Lines changed: 4 additions & 1 deletion
diff --git a/‎nexus/tests/integration_tests/endpoints.rs
Lines changed: 1 addition & 0 deletions b/‎nexus/tests/integration_tests/endpoints.rs
Lines changed: 1 addition & 0 deletions
@@ -321,6 +321,7 @@ pub struct IncompleteNetworkInterface {
     pub ip: Option<std::net::IpAddr>,
     pub mac: Option<external::MacAddr>,
     pub slot: Option<u8>,
+    pub transit_ips: Vec<IpNetwork>,
 }
 
 impl IncompleteNetworkInterface {
@@ -334,6 +335,7 @@ impl IncompleteNetworkInterface {
         ip: Option<std::net::IpAddr>,
         mac: Option<external::MacAddr>,
         slot: Option<u8>,
+        transit_ips: Vec<IpNetwork>,
     ) -> Result<Self, external::Error> {
         if let Some(ip) = ip {
             subnet.check_requestable_addr(ip)?;
@@ -380,6 +382,7 @@ impl IncompleteNetworkInterface {
             ip,
             mac,
             slot,
+            transit_ips,
         })
     }
 
@@ -389,6 +392,7 @@ impl IncompleteNetworkInterface {
         subnet: VpcSubnet,
         identity: external::IdentityMetadataCreateParams,
         ip: Option<std::net::IpAddr>,
+        transit_ips: Vec<IpNetwork>,
     ) -> Result<Self, external::Error> {
         Self::new(
             interface_id,
@@ -399,6 +403,7 @@ impl IncompleteNetworkInterface {
             ip,
             None,
             None,
+            transit_ips,
         )
     }
 
@@ -420,6 +425,7 @@ impl IncompleteNetworkInterface {
             Some(ip),
             Some(mac),
             Some(slot),
+            vec![], // Service interfaces don't use transit_ips
         )
     }
 
@@ -440,6 +446,7 @@ impl IncompleteNetworkInterface {
             ip,
             mac,
             None,
+            vec![], // Probe interfaces don't use transit_ips
         )
     }
 }
 
@@ -4018,6 +4018,7 @@ mod tests {
                         description: "A NIC...".into(),
                     },
                     None,
+                    vec![],
                 )
                 .unwrap(),
             )
 
@@ -926,7 +926,7 @@ fn push_interface_validation_cte<'a>(
 ///        <time_created> AS time_created, <time_modified> AS time_modified,
 ///        NULL AS time_deleted, <instance_id> AS instance_id, <vpc_id> AS vpc_id,
 ///        <subnet_id> AS subnet_id, <mac> AS mac, <maybe IP allocation subquery>,
-///        <slot> AS slot, <is_primary> AS is_primary
+///        <slot> AS slot, <is_primary> AS is_primary, <transit_ips> AS transit_ips
 /// ```
 ///
 /// Instance validation
@@ -1204,8 +1204,20 @@ impl QueryFragment<Pg> for InsertQuery {
         } else {
             select_from_cte(out.reborrow(), dsl::slot::NAME)?;
         }
+        out.push_sql(" AS ");
+        out.push_identifier(dsl::slot::NAME)?;
         out.push_sql(", ");
+
         select_from_cte(out.reborrow(), dsl::is_primary::NAME)?;
+        out.push_sql(" AS ");
+        out.push_identifier(dsl::is_primary::NAME)?;
+        out.push_sql(", ");
+
+        out.push_bind_param::<sql_types::Array<sql_types::Inet>, Vec<IpNetwork>>(
+            &self.interface.transit_ips,
+        )?;
+        out.push_sql(" AS ");
+        out.push_identifier(dsl::transit_ips::NAME)?;
 
         Ok(())
     }
@@ -1260,6 +1272,8 @@ impl QueryFragment<Pg> for InsertQueryValues {
         out.push_identifier(dsl::slot::NAME)?;
         out.push_sql(", ");
         out.push_identifier(dsl::is_primary::NAME)?;
+        out.push_sql(", ");
+        out.push_identifier(dsl::transit_ips::NAME)?;
         out.push_sql(") ");
         self.0.walk_ast(out)
     }
@@ -2191,6 +2205,7 @@ mod tests {
                 description: String::from("description"),
             },
             Some(requested_ip),
+            vec![],
         )
         .unwrap();
         let err = context.datastore()
@@ -2220,6 +2235,7 @@ mod tests {
                 description: String::from("description"),
             },
             Some(requested_ip),
+            vec![],
         )
         .unwrap();
         let inserted_interface = context
@@ -2252,6 +2268,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let err = context.datastore()
@@ -2290,6 +2307,7 @@ mod tests {
                     description: String::from("description"),
                 },
                 None,
+                vec![],
             )
             .unwrap();
             let inserted_interface = context
@@ -2334,6 +2352,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let inserted_interface = context
@@ -2353,6 +2372,7 @@ mod tests {
                 description: String::from("description"),
             },
             Some(inserted_interface.ip.ip()),
+            vec![],
         )
         .unwrap();
         let result = context
@@ -2601,6 +2621,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let _ = context
@@ -2620,6 +2641,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let result = context
@@ -2651,6 +2673,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let _ = context
@@ -2667,6 +2690,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let result = context
@@ -2695,6 +2719,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let _ = context
@@ -2737,6 +2762,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let _ = context
@@ -2755,6 +2781,7 @@ mod tests {
                     description: String::from("description"),
                 },
                 addr,
+                vec![],
             )
             .unwrap();
             let result = context
@@ -2794,6 +2821,7 @@ mod tests {
                     description: String::from("description"),
                 },
                 None,
+                vec![],
             )
             .unwrap();
             let _ = context
@@ -2823,6 +2851,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let result = context
@@ -2856,6 +2885,7 @@ mod tests {
                     description: String::from("description"),
                 },
                 None,
+                vec![],
             )
             .unwrap();
             let result = context
@@ -2900,6 +2930,7 @@ mod tests {
             "The random MAC address {:?} is not a valid {} address",
             inserted.mac, kind,
         );
+        assert_eq!(inserted.transit_ips, incomplete.transit_ips);
     }
 
     // Test that we fail to insert an interface if there are no available slots
@@ -2924,6 +2955,7 @@ mod tests {
                     description: String::from("description"),
                 },
                 None,
+                vec![],
             )
             .unwrap();
             let inserted_interface = context
@@ -2959,6 +2991,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let result = context
@@ -2998,6 +3031,7 @@ mod tests {
                     description: String::from("description"),
                 },
                 None,
+                vec![],
             )
             .unwrap();
             let intf = context
@@ -3025,6 +3059,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let intf = context
@@ -3056,6 +3091,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
         let intf = context
@@ -3099,6 +3135,7 @@ mod tests {
                 description: String::from("description"),
             },
             Some(IpAddr::V4(addr)),
+            vec![],
         )
         .unwrap();
         let _ = context
@@ -3119,6 +3156,7 @@ mod tests {
                 description: String::from("description"),
             },
             None,
+            vec![],
         )
         .unwrap();
 
@@ -3173,4 +3211,45 @@ mod tests {
             "fd00::ffff:ffff:ffff:fffe".parse::<IpAddr>().unwrap(),
         );
     }
+
+    #[tokio::test]
+    async fn test_insert_with_transit_ips() {
+        let context = TestContext::new("test_insert_with_transit_ips", 2).await;
+        let instance = context.create_stopped_instance().await;
+        let instance_id = InstanceUuid::from_untyped_uuid(instance.id());
+
+        // Create transit IPs to test with
+        let transit_ips = vec![
+            "10.0.0.0/24".parse().unwrap(),
+            "192.168.1.0/24".parse().unwrap(),
+            "172.16.0.0/16".parse().unwrap(),
+        ];
+
+        let interface = IncompleteNetworkInterface::new_instance(
+            Uuid::new_v4(),
+            instance_id,
+            context.net1.subnets[0].clone(),
+            IdentityMetadataCreateParams {
+                name: "interface-with-transit".parse().unwrap(),
+                description: String::from("Test interface with transit IPs"),
+            },
+            None, // Auto-assign IP
+            transit_ips.clone(),
+        )
+        .unwrap();
+
+        let inserted_interface = context
+            .datastore()
+            .instance_create_network_interface_raw(
+                context.opctx(),
+                interface.clone(),
+            )
+            .await
+            .expect("Failed to insert interface with transit IPs");
+
+        // Verify the basic interface properties
+        assert_interfaces_eq(&interface, &inserted_interface.clone().into());
+
+        context.success().await;
+    }
 }
@@ -93,6 +93,7 @@ impl super::Nexus {
             db_subnet,
             params.identity.clone(),
             params.ip,
+            params.transit_ips.iter().map(|ip| (*ip).into()).collect(),
         )?;
         self.db_datastore
             .instance_create_network_interface(
 
@@ -610,6 +610,7 @@ async fn create_custom_network_interface(
         db_subnet.clone(),
         interface_params.identity.clone(),
         interface_params.ip,
+        interface_params.transit_ips.iter().map(|ip| (*ip).into()).collect(),
     )
     .map_err(ActionError::action_failed)?;
     datastore
@@ -681,7 +682,8 @@ async fn create_default_primary_network_interface(
         },
         vpc_name: default_name.clone(),
         subnet_name: default_name.clone(),
-        ip: None, // Request an IP address allocation
+        ip: None,            // Request an IP address allocation
+        transit_ips: vec![], // Default interfaces don't use transit IPs
     };
 
     // Lookup authz objects, used in the call to actually create the NIC.
@@ -704,6 +706,7 @@ async fn create_default_primary_network_interface(
         db_subnet.clone(),
         interface_params.identity.clone(),
         interface_params.ip,
+        interface_params.transit_ips.iter().map(|ip| (*ip).into()).collect(),
     )
     .map_err(ActionError::action_failed)?;
     datastore
 
@@ -709,6 +709,7 @@ pub static DEMO_INSTANCE_NIC_CREATE: LazyLock<
     vpc_name: DEMO_VPC_NAME.clone(),
     subnet_name: DEMO_VPC_SUBNET_NAME.clone(),
     ip: None,
+    transit_ips: vec![],
 });
 pub static DEMO_INSTANCE_NIC_PUT: LazyLock<
     params::InstanceNetworkInterfaceUpdate,
Original file line number	Diff line number	Diff line change
`@@ -321,6 +321,7 @@ pub struct IncompleteNetworkInterface {`
`321`	`321`	`pub ip: Option<std::net::IpAddr>,`
`322`	`322`	`pub mac: Option<external::MacAddr>,`
`323`	`323`	`pub slot: Option<u8>,`
	`324`	`+ pub transit_ips: Vec<IpNetwork>,`
`324`	`325`	`}`
`325`	`326`
`326`	`327`	`impl IncompleteNetworkInterface {`
`@@ -334,6 +335,7 @@ impl IncompleteNetworkInterface {`
`334`	`335`	`ip: Option<std::net::IpAddr>,`
`335`	`336`	`mac: Option<external::MacAddr>,`
`336`	`337`	`slot: Option<u8>,`
	`338`	`+ transit_ips: Vec<IpNetwork>,`
`337`	`339`	`) -> Result<Self, external::Error> {`
`338`	`340`	`if let Some(ip) = ip {`
`339`	`341`	`subnet.check_requestable_addr(ip)?;`
`@@ -380,6 +382,7 @@ impl IncompleteNetworkInterface {`
`380`	`382`	`ip,`
`381`	`383`	`mac,`
`382`	`384`	`slot,`
	`385`	`+ transit_ips,`
`383`	`386`	`})`
`384`	`387`	`}`
`385`	`388`
`@@ -389,6 +392,7 @@ impl IncompleteNetworkInterface {`
`389`	`392`	`subnet: VpcSubnet,`
`390`	`393`	`identity: external::IdentityMetadataCreateParams,`
`391`	`394`	`ip: Option<std::net::IpAddr>,`
	`395`	`+ transit_ips: Vec<IpNetwork>,`
`392`	`396`	`) -> Result<Self, external::Error> {`
`393`	`397`	`Self::new(`
`394`	`398`	`interface_id,`
`@@ -399,6 +403,7 @@ impl IncompleteNetworkInterface {`
`399`	`403`	`ip,`
`400`	`404`	`None,`
`401`	`405`	`None,`
	`406`	`+ transit_ips,`
`402`	`407`	`)`
`403`	`408`	`}`
`404`	`409`
`@@ -420,6 +425,7 @@ impl IncompleteNetworkInterface {`
`420`	`425`	`Some(ip),`
`421`	`426`	`Some(mac),`
`422`	`427`	`Some(slot),`
	`428`	`+ vec![], // Service interfaces don't use transit_ips`
`423`	`429`	`)`
`424`	`430`	`}`
`425`	`431`
`@@ -440,6 +446,7 @@ impl IncompleteNetworkInterface {`
`440`	`446`	`ip,`
`441`	`447`	`mac,`
`442`	`448`	`None,`
	`449`	`+ vec![], // Probe interfaces don't use transit_ips`
`443`	`450`	`)`
`444`	`451`	`}`
`445`	`452`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4018,6 +4018,7 @@ mod tests {`
`4018`	`4018`	`description: "A NIC...".into(),`
`4019`	`4019`	`},`
`4020`	`4020`	`None,`
	`4021`	`+ vec![],`
`4021`	`4022`	`)`
`4022`	`4023`	`.unwrap(),`
`4023`	`4024`	`)`