fix: tap interface attach to bridge (#479)

When requesting that a tap device is added to a microvm then we should
attach (i.e. set the master) to a bridge.

The bridge will be supplied via a new bridge-name flag. And the attach
should not be done for the mmds network interface.

The grpc api has been updated to allow the consumer to specify a
bridge-name that is different as part of the create microvm call.

Signed-off-by: Richard Case <richard.case@outlook.com>

Author: richardcase

api/services/microvm/v1alpha1/microvms.swagger.json

@@ -404,6 +404,10 @@
         "address": {
           "$ref": "#/definitions/typesStaticAddress",
           "description": "Address is an optional static IP address to manually assign to this interface. \nIf not supplied then DHCP will be used."
+        },
+        "overrides": {
+          "$ref": "#/definitions/typesNetworkOverrides",
+          "description": "Overrides is optional overrides applicable for network configuration."
         }
       }
     },
@@ -425,6 +429,16 @@
         }
       }
     },
+    "typesNetworkOverrides": {
+      "type": "object",
+      "properties": {
+        "bridgeName": {
+          "type": "string",
+          "description": "BridgeName is the name of the Linux bridge to attach TAP devices to. This overrides\nany value set at the overall flintlock level."
+        }
+      },
+      "description": "NetworkOverrides represents override values for a network interface."
+    },
     "typesStaticAddress": {
       "type": "object",
       "properties": {

api/types/microvm.pb.go

@@ -110,6 +110,9 @@ message NetworkInterface {
   // Address is an optional static IP address to manually assign to this interface. 
   // If not supplied then DHCP will be used.
   optional StaticAddress address = 5;
+  // Overrides is optional overrides applicable for network configuration.
+  optional NetworkOverrides overrides = 6;
+
 }
 
 // StaticAddress represents a static IPv4 or IPv6 address.
@@ -201,3 +204,10 @@ message NetworkInterfaceStatus {
   // MACAddress is the MAC address of the host interface.
   string mac_address = 3;
 }
+
+// NetworkOverrides represents override values for a network interface.
+message NetworkOverrides {
+  // BridgeName is the name of the Linux bridge to attach TAP devices to. This overrides
+  // any value set at the overall flintlock level.
+  optional string bridge_name = 1;
+}

api/types/microvm.proto

@@ -4,7 +4,7 @@ deps:
   - remote: buf.build
     owner: googleapis
     repository: googleapis
-    commit: 86d30bdfc34044fb9339e1bd9673839b
+    commit: 2646de1347094058879360e68cb2ccc6
   - remote: buf.build
     owner: grpc-ecosystem
     repository: grpc-gateway

buf.lock

@@ -6,22 +6,23 @@ import (
 )
 
 var (
-	ErrSpecRequired            = errors.New("microvm spec is required")
-	ErrVMIDRequired            = errors.New("id for microvm is required")
-	ErrNameRequired            = errors.New("name is required")
-	ErrUIDRequired             = errors.New("uid is required")
-	ErrNamespaceRequired       = errors.New("namespace is required")
-	ErrKernelImageRequired     = errors.New("kernel image is required")
-	ErrVolumeRequired          = errors.New("no volumes specified, at least 1 volume is required")
-	ErrRootVolumeRequired      = errors.New("a root volume is required")
-	ErrNoMount                 = errors.New("no image mount point")
-	ErrNoVolumeMount           = errors.New("no volume mount point")
-	ErrParentIfaceRequired     = errors.New("a parent network device name is required")
-	ErrGuestDeviceNameRequired = errors.New("a guest device name is required")
-	ErrUnsupportedIfaceType    = errors.New("unsupported network interface type")
-	ErrIfaceNotFound           = errors.New("network interface not found")
-	ErrMissingStatusInfo       = errors.New("status is not defined")
-	ErrUnableToBoot            = errors.New("microvm is unable to boot")
+	ErrSpecRequired                       = errors.New("microvm spec is required")
+	ErrVMIDRequired                       = errors.New("id for microvm is required")
+	ErrNameRequired                       = errors.New("name is required")
+	ErrUIDRequired                        = errors.New("uid is required")
+	ErrNamespaceRequired                  = errors.New("namespace is required")
+	ErrKernelImageRequired                = errors.New("kernel image is required")
+	ErrVolumeRequired                     = errors.New("no volumes specified, at least 1 volume is required")
+	ErrRootVolumeRequired                 = errors.New("a root volume is required")
+	ErrNoMount                            = errors.New("no image mount point")
+	ErrNoVolumeMount                      = errors.New("no volume mount point")
+	ErrParentIfaceRequiredForMacvtap      = errors.New("a parent network device name is required for macvtap interfaces")
+	ErrParentIfaceRequiredForAttachingTap = errors.New("a parent network device name is required for attaching a TAP interface")
+	ErrGuestDeviceNameRequired            = errors.New("a guest device name is required")
+	ErrUnsupportedIfaceType               = errors.New("unsupported network interface type")
+	ErrIfaceNotFound                      = errors.New("network interface not found")
+	ErrMissingStatusInfo                  = errors.New("status is not defined")
+	ErrUnableToBoot                       = errors.New("microvm is unable to boot")
 )
 
 // TopicNotFoundError is an error created when a topic with a specific name isn't found.

core/errors/errors.go

@@ -23,7 +23,9 @@ type NetworkInterface struct {
 	Type IfaceType `json:"type" validate:"oneof=tap macvtap unsupported"`
 	// StaticAddress is an optional static IP address to assign to this interface.
 	// If not supplied then DHCP will be used.
-	StaticAddress *StaticAddress `json:"staticAddress,omitempty"`
+	StaticAddress *StaticAddress `json:"staticAddrss,omitempty"`
+	// BridgeName is the name of the Linux bridge to attach the TAP device to.
+	BridgeName string `json:"branch_name,omitempty"`
 }
 
 // StaticAddress specifies a static IP address configuration.

core/models/network.go

@@ -124,6 +124,10 @@ type IfaceCreateInput struct {
 	// MAC allows the specifying of a specific MAC address to use for the interface. If
 	// not supplied a autogenerated MAC address will be used.
 	MAC string
+	// Attach indicates if this device should be attached to the parent bridge. Only applicable to TAP devices.
+	Attach bool
+	// BridgeName is the name of the bridge to attach to. Only if this is a tap device and attach is true.
+	BridgeName string
 }
 
 type IfaceDetails struct {

core/ports/services.go

@@ -109,6 +109,12 @@ func (s *createInterface) Do(ctx context.Context) ([]planner.Procedure, error) {
 		DeviceName: deviceName,
 		Type:       s.iface.Type,
 		MAC:        s.iface.GuestMAC,
+		Attach:     true,
+		BridgeName: s.iface.BridgeName,
+	}
+
+	if s.iface.Type == models.IfaceTypeTap && s.iface.AllowMetadataRequests {
+		input.Attach = false
 	}
 
 	output, err := s.svc.IfaceCreate(ctx, *input)

core/steps/network/interface_create.go

@@ -211,6 +211,7 @@ func TestNewNetworkInterface_missingInterface(t *testing.T) {
 		IfaceCreate(gomock.Eq(ctx), gomock.Eq(ports.IfaceCreateInput{
 			DeviceName: expectedTapDeviceName,
 			MAC:        defaultMACAddress,
+			Attach:     true,
 		})).
 		Return(&ports.IfaceDetails{
 			DeviceName: expectedTapDeviceName,
@@ -239,7 +240,7 @@ func TestNewNetworkInterface_svcError(t *testing.T) {
 
 	svc.EXPECT().
 		IfaceExists(gomock.Eq(ctx), gomock.Eq(expectedTapDeviceName)).
-		Return(false, errors.ErrParentIfaceRequired).
+		Return(false, errors.ErrParentIfaceRequiredForAttachingTap).
 		Times(2)
 
 	step := network.NewNetworkInterface(vmid, iface, status, svc)
@@ -249,7 +250,7 @@ func TestNewNetworkInterface_svcError(t *testing.T) {
 	g.Expect(shouldDo).To(g.BeFalse())
 
 	_, err = step.Do(ctx)
-	g.Expect(err).To(g.MatchError(errors.ErrParentIfaceRequired))
+	g.Expect(err).To(g.MatchError(errors.ErrParentIfaceRequiredForAttachingTap))
 
 	verifyErr := step.Verify(ctx)
 	g.Expect(verifyErr).To(g.BeNil())
@@ -322,11 +323,11 @@ func TestNewNetworkInterface_createError(t *testing.T) {
 
 	svc.EXPECT().
 		IfaceCreate(gomock.Eq(ctx), &ifaceCreateInputMatcher{}).
-		Return(nil, errors.ErrParentIfaceRequired).
+		Return(nil, errors.ErrParentIfaceRequiredForAttachingTap).
 		Times(1)
 
 	_, err = step.Do(ctx)
-	g.Expect(err).To(g.MatchError(errors.ErrParentIfaceRequired))
+	g.Expect(err).To(g.MatchError(errors.ErrParentIfaceRequiredForAttachingTap))
 
 	verifyErr := step.Verify(ctx)
 	g.Expect(verifyErr).To(g.BeNil())

core/steps/network/interface_create_test.go

@@ -169,7 +169,7 @@ func TestDeleteNetworkInterface_IfaceExistsError(t *testing.T) {
 
 	svc.EXPECT().
 		IfaceExists(gomock.Eq(ctx), gomock.Eq(expectedTapDeviceName)).
-		Return(false, errors.ErrParentIfaceRequired).
+		Return(false, errors.ErrParentIfaceRequiredForAttachingTap).
 		Times(2)
 
 	step := network.DeleteNetworkInterface(vmid, iface, svc)
@@ -179,7 +179,7 @@ func TestDeleteNetworkInterface_IfaceExistsError(t *testing.T) {
 	g.Expect(shouldDo).To(g.BeFalse())
 
 	_, err = step.Do(ctx)
-	g.Expect(err).To(g.MatchError(errors.ErrParentIfaceRequired))
+	g.Expect(err).To(g.MatchError(errors.ErrParentIfaceRequiredForAttachingTap))
 
 	verifyErr := step.Verify(ctx)
 	g.Expect(verifyErr).To(g.BeNil())