fix up saga to remove vpc_subnet_fetch_by_name()

nexus/src/authz/api_resources.rs

@@ -431,7 +431,6 @@ pub struct ProjectChild {
     lookup_type: LookupType,
 }
 
-// XXX Okay, maybe it is worth cleaning this up.
 #[derive(Clone, Debug)]
 enum ProjectChildKind {
     Direct(Project),

nexus/src/db/datastore.rs

@@ -2471,34 +2471,6 @@ impl DataStore {
         Ok((authz_vpc_subnet, db_vpc_subnet))
     }
 
-    // XXX remove?  this is used by the instance create saga.  that needs to
-    // have serialized creds (like other sagas have), then use those to call the
-    // normal functions
-    pub async fn vpc_subnet_fetch_by_name(
-        &self,
-        vpc_id: &Uuid,
-        subnet_name: &Name,
-    ) -> LookupResult<VpcSubnet> {
-        use db::schema::vpc_subnet::dsl;
-
-        dsl::vpc_subnet
-            .filter(dsl::time_deleted.is_null())
-            .filter(dsl::vpc_id.eq(*vpc_id))
-            .filter(dsl::name.eq(subnet_name.clone()))
-            .select(VpcSubnet::as_select())
-            .get_result_async(self.pool())
-            .await
-            .map_err(|e| {
-                public_error_from_diesel_pool(
-                    e,
-                    ErrorHandler::NotFoundByLookup(
-                        ResourceType::VpcSubnet,
-                        LookupType::ByName(subnet_name.as_str().to_owned()),
-                    ),
-                )
-            })
-    }
-
     /// Insert a VPC Subnet, checking for unique IP address ranges.
     pub async fn vpc_create_subnet(
         &self,

nexus/src/nexus.rs

@@ -852,6 +852,7 @@ impl Nexus {
         opctx.authorize(authz::Action::CreateChild, &authz_project).await?;
 
         let saga_params = Arc::new(sagas::ParamsInstanceCreate {
+            serialized_authn: authn::saga::Serialized::for_opctx(opctx),
             project_id: authz_project.id(),
             create_params: params.clone(),
         });

nexus/src/sagas.rs

@@ -114,6 +114,7 @@ async fn saga_generate_uuid<UserType: SagaType>(
 
 #[derive(Debug, Deserialize, Serialize)]
 pub struct ParamsInstanceCreate {
+    pub serialized_authn: authn::saga::Serialized,
     pub project_id: Uuid,
     pub create_params: params::InstanceCreate,
 }
@@ -188,19 +189,23 @@ async fn sic_create_network_interface(
     sagactx: ActionContext<SagaInstanceCreate>,
 ) -> Result<NetworkInterface, ActionError> {
     let osagactx = sagactx.user_data();
+    let datastore = osagactx.datastore();
     let params = sagactx.saga_params();
     let instance_id = sagactx.lookup::<Uuid>("instance_id")?;
+    let opctx = OpContext::for_saga_action(&sagactx, &params.serialized_authn);
 
     let default_name =
         db::model::Name(Name::try_from("default".to_string()).unwrap());
-    let vpc = osagactx
-        .datastore()
-        .vpc_fetch_by_name(&params.project_id, &default_name)
+    let authz_project = datastore
+        .project_lookup_by_id(params.project_id)
         .await
         .map_err(ActionError::action_failed)?;
-    let subnet = osagactx
-        .datastore()
-        .vpc_subnet_fetch_by_name(&vpc.id(), &default_name)
+    let (authz_vpc, _) = datastore
+        .vpc_fetch(&opctx, &authz_project, &default_name)
+        .await
+        .map_err(ActionError::action_failed)?;
+    let (_, db_subnet) = datastore
+        .vpc_subnet_fetch(&opctx, &authz_vpc, &default_name)
         .await
         .map_err(ActionError::action_failed)?;
 
@@ -214,8 +219,8 @@ async fn sic_create_network_interface(
         // TODO-correctness: vpc_id here is used for name uniqueness. Should
         // interface names be unique to the subnet's VPC or to the
         // VPC associated with the instance's default interface?
-        vpc.id(),
-        subnet,
+        authz_vpc.id(),
+        db_subnet,
         mac,
         ip,
         params::NetworkInterfaceCreate {
@@ -231,8 +236,7 @@ async fn sic_create_network_interface(
         },
     );
 
-    let interface = osagactx
-        .datastore()
+    let interface = datastore
         .instance_create_network_interface(interface)
         .await
         .map_err(ActionError::action_failed)?;