Blueprint execution: Send OPTE firewall rules for services (#5233)

This is the reworked and caught-up-with-main #5157 (which I'll close momentarily). I believe I addressed all the comments on the PR except those related to its extension trait style and the `nexus-capabilities` crate. This introduces a more focused `nexus-networking` crate that exposes free functions instead of extension traits. I'll run this through madrid before merging, but I believe it should work (absent any mistakes I made merging changes across branches) now that #5202 has landed. Closes #4886
oxidecomputer · Mar 12, 2024 · fdbbbe5 · fdbbbe5
1 parent 2d8bdf9
commit fdbbbe5
Show file tree

Hide file tree

Showing 13 changed files with 611 additions and 438 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -45,6 +45,7 @@ members = [
     "nexus/defaults",
     "nexus/inventory",
     "nexus/macros-common",
+    "nexus/networking",
     "nexus/reconfigurator/execution",
     "nexus/reconfigurator/planning",
     "nexus/reconfigurator/preparation",
@@ -120,6 +121,7 @@ default-members = [
     "nexus-config",
     "nexus/authz-macros",
     "nexus/macros-common",
+    "nexus/networking",
     "nexus/db-macros",
     "nexus/db-model",
     "nexus/db-queries",
@@ -272,6 +274,7 @@ nexus-db-queries = { path = "nexus/db-queries" }
 nexus-defaults = { path = "nexus/defaults" }
 nexus-inventory = { path = "nexus/inventory" }
 nexus-macros-common = { path = "nexus/macros-common" }
+nexus-networking = { path = "nexus/networking" }
 nexus-reconfigurator-execution = { path = "nexus/reconfigurator/execution" }
 nexus-reconfigurator-planning = { path = "nexus/reconfigurator/planning" }
 nexus-reconfigurator-preparation = { path = "nexus/reconfigurator/preparation" }

diff --git a/nexus/Cargo.toml b/nexus/Cargo.toml
@@ -41,6 +41,7 @@ mime_guess.workspace = true
 # Not under "dev-dependencies"; these also need to be implemented for
 # integration tests.
 nexus-config.workspace = true
+nexus-networking.workspace = true
 nexus-test-interface.workspace = true
 num-integer.workspace = true
 once_cell.workspace = true

diff --git a/nexus/networking/Cargo.toml b/nexus/networking/Cargo.toml
@@ -0,0 +1,16 @@
+[package]
+name = "nexus-networking"
+version = "0.1.0"
+edition = "2021"
+license = "MPL-2.0"
+
+[dependencies]
+futures.workspace = true
+ipnetwork.workspace = true
+nexus-db-queries.workspace = true
+omicron-common.workspace = true
+reqwest.workspace = true
+sled-agent-client.workspace = true
+slog.workspace = true
+uuid.workspace = true
+omicron-workspace-hack.workspace = true