internet gateways allow the same ip pool to be attached multiple times

[sudomateo]

Internet gateways allow the same IP Pool to be attached multiple times. A single IP Pool should only be able to be attached to an internet gateway at most 1 time.

Steps to Reproduce

These steps were done on the colo rack with the pre-existing private IP Pool. If you don't have an IP Pool to use create one first.

Create a VPC.

oxide vpc create \
    --project $project \
    --description 'foo' \
    --dns-name foo \
    --name foo

Attach the same IP Pool multiple times to the default internet gateway in the newly created VPC.

for i in $(seq 0 3)
    oxide internet-gateway ip-pool attach \
        --project $project \
        --vpc foo \
        --gateway default \
        --ip-pool private \
        --name private \
        --description 'Private'
end

Observe the same IP Pool is listed multiple times.

CLI:

> oxide internet-gateway ip-pool list \
    --project $project \
    --vpc foo \
    --gateway default
[
  {
    "description": "Automatically attached default IP pool",
    "id": "faca1d51-d86b-4d74-8c4e-c685bc8a0f6f",
    "internet_gateway_id": "cad1df41-f8d1-484e-9c8b-65ba1766949a",
    "ip_pool_id": "a4720b36-006b-49fc-a029-583528f18a4d",
    "name": "default",
    "time_created": "2025-01-28T18:04:25.680445Z",
    "time_modified": "2025-01-28T18:04:25.680445Z"
  }, {
    "description": "Private",
    "id": "e1d007c1-3f16-49e2-b521-d16454f0e5da",
    "internet_gateway_id": "cad1df41-f8d1-484e-9c8b-65ba1766949a",
    "ip_pool_id": "fbec3335-9178-486f-90d2-315d9098ca6f",
    "name": "private",
    "time_created": "2025-01-28T18:04:38.407809Z",
    "time_modified": "2025-01-28T18:04:38.407809Z"
  }, {
    "description": "Private",
    "id": "695efc6b-6628-4b45-88b7-f90cbca9d9a8",
    "internet_gateway_id": "cad1df41-f8d1-484e-9c8b-65ba1766949a",
    "ip_pool_id": "fbec3335-9178-486f-90d2-315d9098ca6f",
    "name": "private",
    "time_created": "2025-01-28T18:04:40.528980Z",
    "time_modified": "2025-01-28T18:04:40.528980Z"
  }, {
    "description": "Private",
    "id": "5888c78d-f99b-4565-afca-8e871a8463c0",
    "internet_gateway_id": "cad1df41-f8d1-484e-9c8b-65ba1766949a",
    "ip_pool_id": "fbec3335-9178-486f-90d2-315d9098ca6f",
    "name": "private",
    "time_created": "2025-01-28T18:04:40.102891Z",
    "time_modified": "2025-01-28T18:04:40.102891Z"
  }
]

UI:

[david-crespo]

For comparison, for links between silos and IP pools, this is prevented by using the pair of IDs as a primary key. We don't have to take the ID off the gateway-pool joins — should be able to just add a unique index on (internet_gateway_id, ip_pool_id).

omicron/schema/crdb/dbinit.sql

Lines 1865 to 1874 in 8f7a673

	CREATE TABLE IF NOT EXISTS omicron.public.internet_gateway_ip_pool (
	id UUID PRIMARY KEY,
	name STRING(63) NOT NULL,
	description STRING(512) NOT NULL,
	time_created TIMESTAMPTZ NOT NULL,
	time_modified TIMESTAMPTZ NOT NULL,
	time_deleted TIMESTAMPTZ,
	internet_gateway_id UUID,
	ip_pool_id UUID
	);

omicron/schema/crdb/dbinit.sql

Lines 1930 to 1941 in 8f7a673

	-- join table associating IP pools with resources like fleet or silo
	CREATE TABLE IF NOT EXISTS omicron.public.ip_pool_resource (
	ip_pool_id UUID NOT NULL,
	resource_type omicron.public.ip_pool_resource_type NOT NULL,
	resource_id UUID NOT NULL,
	is_default BOOL NOT NULL,
	-- TODO: timestamps for soft deletes?
	-- resource_type is redundant because resource IDs are globally unique, but
	-- logically it belongs here
	PRIMARY KEY (ip_pool_id, resource_type, resource_id)
	);