wip: change firewall to network, save config in db

Author: dobrac

packages/api/go.mod

@@ -48,6 +48,7 @@ require (
 	github.com/hashicorp/nomad/api v0.0.0-20231208134655-099ee06a607c
 	github.com/jackc/pgx/v5 v5.7.4
 	github.com/jellydator/ttlcache/v3 v3.4.0
+	github.com/jinzhu/copier v0.4.0
 	github.com/launchdarkly/go-sdk-common/v3 v3.3.0
 	github.com/oapi-codegen/gin-middleware v1.0.2
 	github.com/oapi-codegen/runtime v1.1.1

packages/api/go.sum

@@ -13,9 +13,9 @@ import (
 	"go.uber.org/zap"
 
 	"github.com/e2b-dev/infra/packages/api/internal/api"
-	"github.com/e2b-dev/infra/packages/api/internal/db/types"
-	"github.com/e2b-dev/infra/packages/api/internal/utils"
+	typesteam "github.com/e2b-dev/infra/packages/api/internal/db/types"
 	"github.com/e2b-dev/infra/packages/db/queries"
+	"github.com/e2b-dev/infra/packages/db/types"
 	sbxlogger "github.com/e2b-dev/infra/packages/shared/pkg/logger/sandbox"
 	"github.com/e2b-dev/infra/packages/shared/pkg/telemetry"
 )
@@ -29,7 +29,7 @@ func (a *APIStore) startSandbox(
 	envVars map[string]string,
 	metadata map[string]string,
 	alias string,
-	team *types.Team,
+	team *typesteam.Team,
 	build queries.EnvBuild,
 	requestHeader *http.Header,
 	isResume bool,
@@ -38,15 +38,12 @@ func (a *APIStore) startSandbox(
 	autoPause bool,
 	envdAccessToken *string,
 	allowInternetAccess *bool,
-	firewall *api.SandboxFirewallConfig,
+	network *types.SandboxNetworkConfig,
 	mcp api.Mcp,
 ) (*api.Sandbox, *api.APIError) {
 	startTime := time.Now()
 	endTime := startTime.Add(timeout)
 
-	// Convert API firewall config to orchestrator firewall config
-	orchFirewall := utils.APIToOrchestratorFirewall(firewall)
-
 	// Unique ID for the execution (from start/resume to stop/pause)
 	executionID := uuid.New().String()
 	sandbox, instanceErr := a.orchestrator.CreateSandbox(
@@ -67,7 +64,7 @@ func (a *APIStore) startSandbox(
 		autoPause,
 		envdAccessToken,
 		allowInternetAccess,
-		orchFirewall,
+		network,
 	)
 	if instanceErr != nil {
 		telemetry.ReportError(ctx, "error when creating instance", instanceErr.Err)

packages/api/internal/api/spec.gen.go

@@ -154,8 +154,8 @@ func (a *APIStore) PostSandboxesSandboxIDConnect(c *gin.Context, sandboxID api.S
 		autoPause,
 		envdAccessToken,
 		snap.AllowInternetAccess,
-		utils.DBToAPIFirewall(&snap.Firewall), // firewall config from snapshot
-		nil,                                   // mcp
+		snap.Config.Network,
+		nil, // mcp
 	)
 	if createErr != nil {
 		zap.L().Error("Failed to resume sandbox", zap.Error(createErr.Err))

packages/api/internal/api/types.gen.go

@@ -7,16 +7,18 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"github.com/jinzhu/copier"
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/trace"
 	"go.uber.org/zap"
 
 	"github.com/e2b-dev/infra/packages/api/internal/api"
 	"github.com/e2b-dev/infra/packages/api/internal/auth"
-	"github.com/e2b-dev/infra/packages/api/internal/db/types"
+	typesteam "github.com/e2b-dev/infra/packages/api/internal/db/types"
 	"github.com/e2b-dev/infra/packages/api/internal/middleware/otel/metrics"
 	"github.com/e2b-dev/infra/packages/api/internal/sandbox"
 	"github.com/e2b-dev/infra/packages/api/internal/utils"
+	"github.com/e2b-dev/infra/packages/db/types"
 	"github.com/e2b-dev/infra/packages/shared/pkg/id"
 	"github.com/e2b-dev/infra/packages/shared/pkg/logger"
 	sbxlogger "github.com/e2b-dev/infra/packages/shared/pkg/logger/sandbox"
@@ -43,7 +45,7 @@ func (a *APIStore) PostSandboxes(c *gin.Context) {
 	ctx := c.Request.Context()
 
 	// Get team from context, use TeamContextKey
-	teamInfo := c.Value(auth.TeamContextKey).(*types.Team)
+	teamInfo := c.Value(auth.TeamContextKey).(*typesteam.Team)
 
 	c.Set("teamID", teamInfo.Team.ID.String())
 
@@ -156,7 +158,15 @@ func (a *APIStore) PostSandboxes(c *gin.Context) {
 	}
 
 	allowInternetAccess := body.AllowInternetAccess
-	firewall := body.Firewall
+
+	var network *types.SandboxNetworkConfig
+	err = copier.CopyWithOption(&network, body.Network, copier.Option{DeepCopy: true})
+	if err != nil {
+		telemetry.ReportError(ctx, "failed to create sandbox", err)
+		a.sendAPIStoreError(c, http.StatusInternalServerError, "Failed to create sandbox network configuration")
+
+		return
+	}
 
 	sbx, createErr := a.startSandbox(
 		ctx,
@@ -174,7 +184,7 @@ func (a *APIStore) PostSandboxes(c *gin.Context) {
 		autoPause,
 		envdAccessToken,
 		allowInternetAccess,
-		firewall,
+		network,
 		mcp,
 	)
 	if createErr != nil {

packages/api/internal/handlers/sandbox.go

@@ -153,8 +153,8 @@ func (a *APIStore) PostSandboxesSandboxIDResume(c *gin.Context, sandboxID api.Sa
 		autoPause,
 		envdAccessToken,
 		snap.AllowInternetAccess,
-		utils.DBToAPIFirewall(&snap.Firewall), // firewall config from snapshot
-		nil,                                   // mcp
+		snap.Config.Network,
+		nil, // mcp
 	)
 	if createErr != nil {
 		zap.L().Error("Failed to resume sandbox", zap.Error(createErr.Err))

packages/api/internal/handlers/sandbox_connect.go

@@ -7,18 +7,20 @@ import (
 	"net/http"
 	"time"
 
+	"github.com/jinzhu/copier"
 	"go.opentelemetry.io/otel/attribute"
 	"go.opentelemetry.io/otel/metric"
 	"go.uber.org/zap"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
 	"github.com/e2b-dev/infra/packages/api/internal/api"
-	"github.com/e2b-dev/infra/packages/api/internal/db/types"
+	teamtypes "github.com/e2b-dev/infra/packages/api/internal/db/types"
 	"github.com/e2b-dev/infra/packages/api/internal/orchestrator/nodemanager"
 	"github.com/e2b-dev/infra/packages/api/internal/orchestrator/placement"
 	"github.com/e2b-dev/infra/packages/api/internal/sandbox"
 	"github.com/e2b-dev/infra/packages/api/internal/utils"
 	"github.com/e2b-dev/infra/packages/db/queries"
+	"github.com/e2b-dev/infra/packages/db/types"
 	"github.com/e2b-dev/infra/packages/shared/pkg/consts"
 	"github.com/e2b-dev/infra/packages/shared/pkg/grpc/orchestrator"
 	"github.com/e2b-dev/infra/packages/shared/pkg/logger"
@@ -31,7 +33,7 @@ func (o *Orchestrator) CreateSandbox(
 	sandboxID,
 	executionID,
 	alias string,
-	team *types.Team,
+	team *teamtypes.Team,
 	build queries.EnvBuild,
 	metadata map[string]string,
 	envVars map[string]string,
@@ -44,7 +46,7 @@ func (o *Orchestrator) CreateSandbox(
 	autoPause bool,
 	envdAuthToken *string,
 	allowInternetAccess *bool,
-	firewall *orchestrator.SandboxFirewallConfig,
+	network *types.SandboxNetworkConfig,
 ) (sbx sandbox.Sandbox, apiErr *api.APIError) {
 	ctx, childSpan := tracer.Start(ctx, "create-sandbox")
 	defer childSpan.End()
@@ -139,9 +141,21 @@ func (o *Orchestrator) CreateSandbox(
 		sbxDomain = cluster.SandboxDomain
 	}
 
+	var orchNetwork *orchestrator.SandboxNetworkConfig
+	err = copier.CopyWithOption(&orchNetwork, network, copier.Option{DeepCopy: true})
+	if err != nil {
+		telemetry.ReportError(ctx, "failed to create sandbox", err)
+
+		return sandbox.Sandbox{}, &api.APIError{
+			Code:      http.StatusInternalServerError,
+			ClientMsg: "Failed to create sandbox network configuration",
+			Err:       fmt.Errorf("failed to copy sandbox network configuration: %w", err),
+		}
+	}
+
 	if allowInternetAccess != nil && !*allowInternetAccess {
-		firewall.Egress = firewall.GetEgress()
-		firewall.Egress.BlockedCidrs = []string{"0.0.0.0/0"}
+		orchNetwork.Egress = orchNetwork.GetEgress()
+		orchNetwork.Egress.BlockedCidrs = []string{"0.0.0.0/0"}
 	}
 
 	sbxRequest := &orchestrator.SandboxCreateRequest{
@@ -166,7 +180,7 @@ func (o *Orchestrator) CreateSandbox(
 			Snapshot:            isResume,
 			AutoPause:           autoPause,
 			AllowInternetAccess: allowInternetAccess,
-			Firewall:            firewall,
+			Network:             orchNetwork,
 			TotalDiskSizeMb:     ut.FromPtr(build.TotalDiskSizeMb),
 		},
 		StartTime: timestamppb.New(startTime),
@@ -219,6 +233,18 @@ func (o *Orchestrator) CreateSandbox(
 	startTime = time.Now()
 	endTime = startTime.Add(timeout)
 
+	var dbNetwork *types.SandboxNetworkConfig
+	err = copier.CopyWithOption(&dbNetwork, network, copier.Option{DeepCopy: true})
+	if err != nil {
+		telemetry.ReportError(ctx, "failed to create sandbox", err)
+
+		return sandbox.Sandbox{}, &api.APIError{
+			Code:      http.StatusInternalServerError,
+			ClientMsg: "Failed to create sandbox network configuration",
+			Err:       fmt.Errorf("failed to copy sandbox network configuration: %w", err),
+		}
+	}
+
 	sbx = sandbox.NewSandbox(
 		sandboxID,
 		build.EnvID,
@@ -244,7 +270,7 @@ func (o *Orchestrator) CreateSandbox(
 		allowInternetAccess,
 		baseTemplateID,
 		sbxDomain,
-		utils.OrchestratorToDBFirewall(firewall),
+		dbNetwork,
 	)
 
 	o.sandboxStore.Add(ctx, sbx, true)

packages/api/internal/handlers/sandbox_create.go

@@ -7,9 +7,11 @@ import (
 
 	"github.com/golang/protobuf/ptypes/empty"
 	"github.com/google/uuid"
+	"github.com/jinzhu/copier"
 
 	"github.com/e2b-dev/infra/packages/api/internal/sandbox"
 	"github.com/e2b-dev/infra/packages/api/internal/utils"
+	"github.com/e2b-dev/infra/packages/db/types"
 	"github.com/e2b-dev/infra/packages/shared/pkg/consts"
 )
 
@@ -46,6 +48,12 @@ func (n *Node) GetSandboxes(ctx context.Context) ([]sandbox.Sandbox, error) {
 			return nil, fmt.Errorf("failed to parse build ID '%s' for job: %w", config.GetBuildId(), parseErr)
 		}
 
+		var network *types.SandboxNetworkConfig
+		err = copier.CopyWithOption(&network, config.GetNetwork(), copier.Option{DeepCopy: true})
+		if err != nil {
+			return nil, fmt.Errorf("failed to translate network config: %w", err)
+		}
+
 		sandboxesInfo = append(
 			sandboxesInfo,
 			sandbox.NewSandbox(
@@ -73,7 +81,7 @@ func (n *Node) GetSandboxes(ctx context.Context) ([]sandbox.Sandbox, error) {
 				config.AllowInternetAccess, //nolint:protogetter // we need the nil check too
 				config.GetBaseTemplateId(),
 				n.SandboxDomain,
-				utils.OrchestratorToDBFirewall(config.GetFirewall()),
+				network,
 			),
 		)
 	}