Add a limit, rename stray public_key reference

nexus/db-queries/src/db/queries/network_interface.rs

@@ -1740,7 +1740,7 @@ mod tests {
             memory: ByteCount::from_gibibytes_u32(4),
             hostname: "inst".to_string(),
             user_data: vec![],
-            public_keys: Some(Vec::new()),
+            ssh_keys: Some(Vec::new()),
             network_interfaces: InstanceNetworkInterfaceAttachment::None,
             external_ips: vec![],
             disks: vec![],

nexus/src/app/instance.rs

@@ -9,6 +9,7 @@ use super::MAX_EPHEMERAL_IPS_PER_INSTANCE;
 use super::MAX_EXTERNAL_IPS_PER_INSTANCE;
 use super::MAX_MEMORY_BYTES_PER_INSTANCE;
 use super::MAX_NICS_PER_INSTANCE;
+use super::MAX_SSH_KEYS_PER_INSTANCE;
 use super::MAX_VCPU_PER_INSTANCE;
 use super::MIN_MEMORY_BYTES_PER_INSTANCE;
 use crate::app::sagas;
@@ -339,6 +340,14 @@ impl super::Nexus {
             ),
             None => None,
         };
+        if let Some(ssh_keys) = &ssh_keys {
+            if ssh_keys.len() > MAX_SSH_KEYS_PER_INSTANCE {
+                return Err(Error::invalid_request(format!(
+                    "cannot attach more than {} ssh keys to the instance",
+                    MAX_SSH_KEYS_PER_INSTANCE
+                )));
+            }
+        }
 
         let saga_params = sagas::instance_create::Params {
             serialized_authn: authn::saga::Serialized::for_opctx(opctx),

nexus/src/app/mod.rs

@@ -97,6 +97,8 @@ pub const MAX_MEMORY_BYTES_PER_INSTANCE: u64 = 256 * (1 << 30); // 256 GiB
 pub const MIN_DISK_SIZE_BYTES: u32 = 1 << 30; // 1 GiB
 pub const MAX_DISK_SIZE_BYTES: u64 = 1023 * (1 << 30); // 1023 GiB
 
+pub const MAX_SSH_KEYS_PER_INSTANCE: usize = 10;
+
 /// Manages an Oxide fleet -- the heart of the control plane
 pub struct Nexus {
     /// uuid for this nexus instance.