Skip to content

Egress PNI support for CLI #3258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Daniel Ayaz (danielayaz) wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Egress PNI support for CLI #3258

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
629e19d
Egress PNI for CLI done
danielayaz Feb 11, 2026
867f5bb
Merge remote-tracking branch 'origin/main' into egress_pni_cli
danielayaz Feb 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -287,3 +287,5 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

replace github.com/confluentinc/ccloud-sdk-go-v2/networking-access-point => github.com/confluentinc/ccloud-sdk-go-v2-internal/networking-access-point v0.11.0
Copy link

Copilot AI Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This replace pins github.com/confluentinc/ccloud-sdk-go-v2/networking-access-point to the ccloud-sdk-go-v2-internal module. Since go.mod still requires networking-access-point v0.5.0, this creates a confusing version mismatch (the build will use the replacement even though the required version is older). Consider bumping the required version to match the replacement, and confirm whether introducing a dependency on the -internal module is intended for all consumers/build environments.

Copilot uses AI. Check for mistakes.
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,8 @@ github.com/compose-spec/compose-go/v2 v2.1.3 h1:bD67uqLuL/XgkAK6ir3xZvNLFPxPScEi
github.com/compose-spec/compose-go/v2 v2.1.3/go.mod h1:lFN0DrMxIncJGYAXTfWuajfwj5haBJqrBkarHcnjJKc=
github.com/confluentinc/ccloud-sdk-go-v1-public v0.0.0-20250521223017-0e8f6f971b52 h1:19qEGhkbZa5fopKCe0VPIV+Sasby4Pv10z9ZaktwWso=
github.com/confluentinc/ccloud-sdk-go-v1-public v0.0.0-20250521223017-0e8f6f971b52/go.mod h1:62EMf+5uFEt1BJ2q8WMrUoI9VUSxAbDnmZCGRt/MbA0=
github.com/confluentinc/ccloud-sdk-go-v2-internal/networking-access-point v0.11.0 h1:5WdAAba1Zc4ZE5lXS+bv1hLmKeYe0PSTRpjnNysCVvM=
github.com/confluentinc/ccloud-sdk-go-v2-internal/networking-access-point v0.11.0/go.mod h1:JTHxlBjbdBZZRFjnojBzFguud6fQUl+0XmlBXtQVnvI=
github.com/confluentinc/ccloud-sdk-go-v2/ai v0.1.0 h1:zSF4OQUJXWH2JeAo9rsq13ibk+JFdzITGR8S7cFMpzw=
github.com/confluentinc/ccloud-sdk-go-v2/ai v0.1.0/go.mod h1:DoxqzzF3JzvJr3fWkvCiOHFlE0GoYpozWxFZ1Ud9ntA=
github.com/confluentinc/ccloud-sdk-go-v2/apikeys v0.4.0 h1:8fWyLwMuy8ec0MVF5Avd54UvbIxhDFhZzanHBVwgxdw=
Expand Down Expand Up @@ -238,8 +240,6 @@ github.com/confluentinc/ccloud-sdk-go-v2/metrics v0.2.0 h1:TWwZHdfo2XNKrnGOuxXx4
github.com/confluentinc/ccloud-sdk-go-v2/metrics v0.2.0/go.mod h1:odGsHChrn2l+jaOvx4Gib5//U4a3Id79wstQVkNh8v0=
github.com/confluentinc/ccloud-sdk-go-v2/networking v0.14.0 h1:btDFGijvzpWaKLKztc7S9YenbtGTsHgjs4+fNuyYceI=
github.com/confluentinc/ccloud-sdk-go-v2/networking v0.14.0/go.mod h1:6BDrwG6OfSnT++Yr3mXStvmy4Jb8uMtdfKK7sZO/X+M=
github.com/confluentinc/ccloud-sdk-go-v2/networking-access-point v0.8.0 h1:ppM6RjDLxnDQ9v8gQisctK0GSJPKjfRsoML4cOwJUlg=
github.com/confluentinc/ccloud-sdk-go-v2/networking-access-point v0.8.0/go.mod h1:Rb1UpN6xAG0QO/G4X88Nokeh4SrEEc6CbZ+wMkPKQaQ=
github.com/confluentinc/ccloud-sdk-go-v2/networking-dnsforwarder v0.4.0 h1:LT8trYIkMZ7EFM7nZZOkmH12B7AgOEvZYZjw86nazD0=
github.com/confluentinc/ccloud-sdk-go-v2/networking-dnsforwarder v0.4.0/go.mod h1:HPu3Cd7HQ2NdTeL6f3nvrsFB69N9yugB/W4qV8wqE/c=
github.com/confluentinc/ccloud-sdk-go-v2/networking-gateway v0.5.0 h1:POF4Kj6AZYNLlZtIhJVmVj078brMjVuZM7KwQuuG5ig=
Expand Down
2 changes: 2 additions & 0 deletions internal/network/command_access_point_private_network_interface.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ type privateNetworkInterfaceAccessPointOut struct {
Phase string `human:"Phase" serialized:"phase"`
NetworkInterfaces []string `human:"Network Interfaces,omitempty" serialized:"network_interfaces,omitempty"`
Account string `human:"Aws Account,omitempty" serialized:"aws_account,omitempty"`
EgressRoutes []string `human:"Egress Routes,omitempty" serialized:"egress_routes,omitempty"`
}

func (c *accessPointCommand) newPrivateNetworkInterfaceCommand() *cobra.Command {
Expand Down Expand Up @@ -90,6 +91,7 @@ func printPrivateNetworkInterfaceTable(cmd *cobra.Command, privateNetworkInterfa
if privateNetworkInterface.Spec.Config != nil && privateNetworkInterface.Spec.Config.NetworkingV1AwsPrivateNetworkInterface != nil {
out.NetworkInterfaces = privateNetworkInterface.Spec.Config.NetworkingV1AwsPrivateNetworkInterface.GetNetworkInterfaces()
out.Account = privateNetworkInterface.Spec.Config.NetworkingV1AwsPrivateNetworkInterface.GetAccount()
out.EgressRoutes = privateNetworkInterface.Spec.Config.NetworkingV1AwsPrivateNetworkInterface.GetEgressRoutes()
}

table := output.NewTable(cmd)
Expand Down
20 changes: 15 additions & 5 deletions internal/network/command_access_point_private_network_interface_create.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ func (c *accessPointCommand) newPrivateNetworkInterfaceCreateCommand() *cobra.Co
addGatewayFlag(cmd, c.AuthenticatedCLICommand)
cmd.Flags().StringSlice("network-interfaces", nil, "A comma-separated list of the IDs of the Elastic Network Interfaces.")
cmd.Flags().String("account", "", "The AWS account ID associated with the Elastic Network Interfaces.")
cmd.Flags().StringSlice("routes", nil, `A comma-separated list of egress CIDR routes (max 10), e.g., "172.31.0.0/16,10.108.16.0/21".`)
pcmd.AddContextFlag(cmd, c.CLICommand)
pcmd.AddEnvironmentFlag(cmd, c.AuthenticatedCLICommand)
pcmd.AddOutputFlag(cmd)
Expand Down Expand Up @@ -71,6 +72,11 @@ func (c *accessPointCommand) privateNetworkInterfaceCreate(cmd *cobra.Command, a
return err
}

routes, err := cmd.Flags().GetStringSlice("routes")
if err != nil {
return err
}

environmentId, err := c.Context.EnvironmentId()
if err != nil {
return err
Expand All @@ -89,12 +95,16 @@ func (c *accessPointCommand) privateNetworkInterfaceCreate(cmd *cobra.Command, a

switch cloud {
case pcloud.Aws:
awsConfig := &networkingaccesspointv1.NetworkingV1AwsPrivateNetworkInterface{
Kind: "AwsPrivateNetworkInterface",
NetworkInterfaces: &networkInterfaces,
Account: &account,
}
if len(routes) > 0 {
awsConfig.EgressRoutes = &routes
}
createPrivateNetworkInterface.Spec.Config = &networkingaccesspointv1.NetworkingV1AccessPointSpecConfigOneOf{
NetworkingV1AwsPrivateNetworkInterface: &networkingaccesspointv1.NetworkingV1AwsPrivateNetworkInterface{
Kind: "AwsPrivateNetworkInterface",
NetworkInterfaces: &networkInterfaces,
Account: &account,
},
NetworkingV1AwsPrivateNetworkInterface: awsConfig,
}
}

Expand Down
1 change: 1 addition & 0 deletions internal/network/command_access_point_private_network_interface_list.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ func (c *accessPointCommand) privateNetworkInterfaceList(cmd *cobra.Command, _ [
Environment: accesspoint.Spec.Environment.GetId(),
NetworkInterfaces: accesspoint.Spec.GetConfig().NetworkingV1AwsPrivateNetworkInterface.GetNetworkInterfaces(),
Account: accesspoint.Spec.GetConfig().NetworkingV1AwsPrivateNetworkInterface.GetAccount(),
EgressRoutes: accesspoint.Spec.GetConfig().NetworkingV1AwsPrivateNetworkInterface.GetEgressRoutes(),
Phase: accesspoint.Status.GetPhase(),
}

Expand Down
25 changes: 19 additions & 6 deletions internal/network/command_access_point_private_network_interface_update.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,11 +26,12 @@ func (c *accessPointCommand) newPrivateNetworkInterfaceUpdateCommand() *cobra.Co

cmd.Flags().String("name", "", "Name of the private network interface.")
cmd.Flags().StringSlice("network-interfaces", nil, "A comma-separated list of the IDs of the Elastic Network Interfaces.")
cmd.Flags().StringSlice("routes", nil, `A comma-separated list of egress CIDR routes (max 10), e.g., "172.31.0.0/16,10.108.16.0/21".`)
pcmd.AddEnvironmentFlag(cmd, c.AuthenticatedCLICommand)
pcmd.AddContextFlag(cmd, c.CLICommand)
pcmd.AddOutputFlag(cmd)

cmd.MarkFlagsOneRequired("name", "network-interfaces")
cmd.MarkFlagsOneRequired("name", "network-interfaces", "routes")

return cmd
}
Expand All @@ -57,12 +58,24 @@ func (c *accessPointCommand) privateNetworkInterfaceUpdate(cmd *cobra.Command, a
if err != nil {
return err
}
if len(networkInterfaces) > 0 {

routes, err := cmd.Flags().GetStringSlice("routes")
Comment on lines 58 to +62
Copy link

Copilot AI Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This update request always includes Spec.DisplayName (set earlier from the --name flag defaulting to ""), so running update with only --network-interfaces or --routes may unintentionally clear the access point display name. Consider only setting DisplayName in the payload when cmd.Flags().Changed("name") is true (and otherwise leaving it unset).

Copilot uses AI. Check for mistakes.
if err != nil {
return err
}

if len(networkInterfaces) > 0 || len(routes) > 0 {
awsConfig := &networkingaccesspointv1.NetworkingV1AwsPrivateNetworkInterface{
Kind: "AwsPrivateNetworkInterface",
}
if len(networkInterfaces) > 0 {
awsConfig.NetworkInterfaces = &networkInterfaces
}
if len(routes) > 0 {
awsConfig.EgressRoutes = &routes
}
updatePrivateNetworkInterface.Spec.Config = &networkingaccesspointv1.NetworkingV1AccessPointSpecUpdateConfigOneOf{
NetworkingV1AwsPrivateNetworkInterface: &networkingaccesspointv1.NetworkingV1AwsPrivateNetworkInterface{
Kind: "AwsPrivateNetworkInterface",
NetworkInterfaces: &networkInterfaces,
},
NetworkingV1AwsPrivateNetworkInterface: awsConfig,
}
}

Expand Down
1 change: 1 addition & 0 deletions test/fixtures/output/network/access-point/private-network-interface/create-help.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ Flags:
--gateway string REQUIRED: Gateway ID.
--network-interfaces strings REQUIRED: A comma-separated list of the IDs of the Elastic Network Interfaces.
--account string REQUIRED: The AWS account ID associated with the Elastic Network Interfaces.
--routes strings A comma-separated list of egress CIDR routes (max 10), e.g., "172.31.0.0/16,10.108.16.0/21".
--context string CLI context name.
--environment string Environment ID.
-o, --output string Specify the output format as "human", "json", or "yaml". (default "human")
Expand Down
9 changes: 9 additions & 0 deletions .../fixtures/output/network/access-point/private-network-interface/create-with-routes.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
+--------------------+----------------------------------------------+
| ID | ap-54321 |
| Environment | env-596 |
| Gateway | gw-123456 |
| Phase | READY |
| Network Interfaces | eni-00000000000000000, eni-00000000000000001 |
| Aws Account | 000000000000 |
| Egress Routes | 172.31.0.0/16, 192.168.1.0/24 |
+--------------------+----------------------------------------------+
3 changes: 2 additions & 1 deletion test/fixtures/output/network/access-point/private-network-interface/describe-json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@
"gateway": "gw-12345",
"phase": "READY",
"network_interfaces": ["eni-00000000000000000", "eni-00000000000000001"],
"aws_account": "000000000000"
"aws_account": "000000000000",
"egress_routes": ["172.31.0.0/16", "192.168.1.0/24"]
}
1 change: 1 addition & 0 deletions test/fixtures/output/network/access-point/private-network-interface/describe.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,5 @@
| Phase | READY |
| Network Interfaces | eni-00000000000000000, eni-00000000000000001 |
| Aws Account | 000000000000 |
| Egress Routes | 172.31.0.0/16, 192.168.1.0/24 |
+--------------------+-----------------------------------------------+
3 changes: 2 additions & 1 deletion test/fixtures/output/network/access-point/private-network-interface/list-json.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
"gateway": "gw-12345",
"phase": "READY",
"network_interfaces": ["eni-00000000000000000", "eni-00000000000000001"],
"aws_account": "000000000000"
"aws_account": "000000000000",
"egress_routes": ["172.31.0.0/16", "192.168.1.0/24"]
}
]
8 changes: 4 additions & 4 deletions test/fixtures/output/network/access-point/private-network-interface/list.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
ID | Name | Environment | Gateway | Phase | Network Interfaces | Aws Account
-----------+-----------------------------------------------+-------------+----------+-------+--------------------------------+---------------
ap-54321 | my-aws-private-network-interface-access-point | env-596 | gw-12345 | READY | eni-00000000000000000, | 000000000000
| | | | | eni-00000000000000001 |
ID | Name | Environment | Gateway | Phase | Network Interfaces | Aws Account | Egress Routes
-----------+-----------------------------------------------+-------------+----------+-------+--------------------------------+--------------+--------------------------------
ap-54321 | my-aws-private-network-interface-access-point | env-596 | gw-12345 | READY | eni-00000000000000000, | 000000000000 | 172.31.0.0/16, 192.168.1.0/24
| | | | | eni-00000000000000001 | |
1 change: 1 addition & 0 deletions ...fixtures/output/network/access-point/private-network-interface/update-autocomplete.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
--name Name of the private network interface.
--network-interfaces A comma-separated list of the IDs of the Elastic Network Interfaces.
--routes A comma-separated list of egress CIDR routes (max 10), e.g., "172.31.0.0/16,10.108.16.0/21".
ap-54321 my-aws-private-network-interface-access-point
:4
Completion ended with directive: ShellCompDirectiveNoFileComp
1 change: 1 addition & 0 deletions test/fixtures/output/network/access-point/private-network-interface/update-help.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ Update the name of private network interface "ap-123456".
Flags:
--name string Name of the private network interface.
--network-interfaces strings A comma-separated list of the IDs of the Elastic Network Interfaces.
--routes strings A comma-separated list of egress CIDR routes (max 10), e.g., "172.31.0.0/16,10.108.16.0/21".
--environment string Environment ID.
--context string CLI context name.
-o, --output string Specify the output format as "human", "json", or "yaml". (default "human")
Expand Down
1 change: 1 addition & 0 deletions ...es/output/network/access-point/private-network-interface/update-network-interfaces.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,5 @@
| Phase | READY |
| Network Interfaces | eni-00000000000000002, eni-00000000000000003 |
| Aws Account | 000000000000 |
| Egress Routes | 172.31.0.0/16, 192.168.1.0/24 |
+--------------------+----------------------------------------------+
9 changes: 9 additions & 0 deletions test/fixtures/output/network/access-point/private-network-interface/update-routes.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
+--------------------+----------------------------------------------+
| ID | ap-54321 |
| Environment | env-596 |
| Gateway | gw-12345 |
| Phase | READY |
| Network Interfaces | eni-00000000000000000, eni-00000000000000001 |
| Aws Account | 000000000000 |
| Egress Routes | 10.0.0.0/8, 192.168.0.0/16 |
+--------------------+----------------------------------------------+
1 change: 1 addition & 0 deletions test/fixtures/output/network/access-point/private-network-interface/update.golden
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,5 @@
| Phase | READY |
| Network Interfaces | eni-00000000000000000, eni-00000000000000001 |
| Aws Account | 000000000000 |
| Egress Routes | 172.31.0.0/16, 192.168.1.0/24 |
+--------------------+----------------------------------------------+
2 changes: 2 additions & 0 deletions test/network_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1233,6 +1233,7 @@ func (s *CLITestSuite) TestNetworkAccessPointPrivateNetworkInterfaceDelete() {
func (s *CLITestSuite) TestNetworkAccessPointPrivateNetworkInterfaceCreate() {
tests := []CLITest{
{args: "network access-point private-network-interface create --cloud aws --gateway gw-123456 --network-interfaces eni-00000000000000000,eni-00000000000000001 --account 000000000000", fixture: "network/access-point/private-network-interface/create.golden"},
{args: "network access-point private-network-interface create --cloud aws --gateway gw-123456 --network-interfaces eni-00000000000000000,eni-00000000000000001 --account 000000000000 --routes 172.31.0.0/16,192.168.1.0/24", fixture: "network/access-point/private-network-interface/create-with-routes.golden"},
}
Comment on lines 1233 to 1237
Copy link

Copilot AI Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description still contains placeholder Release Notes entries and an unchecked checklist. Please complete the Release Notes (and remove placeholders) and update the checklist/testing sections before merging so reviewers/users can understand the customer-facing impact and verification status.

Copilot uses AI. Check for mistakes.

for _, test := range tests {
Expand Down Expand Up @@ -1269,6 +1270,7 @@ func (s *CLITestSuite) TestNetworkAccessPointPrivateNetworkInterfaceUpdate() {
tests := []CLITest{
{args: "network access-point private-network-interface update ap-54321 --name my-new-aws-private-network-interface", input: "y\n", fixture: "network/access-point/private-network-interface/update.golden"},
{args: "network access-point private-network-interface update ap-54321 --network-interfaces eni-00000000000000002,eni-00000000000000003", input: "y\n", fixture: "network/access-point/private-network-interface/update-network-interfaces.golden"},
{args: "network access-point private-network-interface update ap-54321 --routes 10.0.0.0/8,192.168.0.0/16", input: "y\n", fixture: "network/access-point/private-network-interface/update-routes.golden"},
}

for _, test := range tests {
Expand Down
4 changes: 4 additions & 0 deletions test/test-server/networking_handlers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3001,6 +3001,7 @@ func getAwsPrivateNetworkInterfaceAccessPoint(id, environment, name string) netw
Kind: "AwsPrivateNetworkInterface",
NetworkInterfaces: &[]string{"eni-00000000000000000", "eni-00000000000000001"},
Account: networkingaccesspointv1.PtrString("000000000000"),
EgressRoutes: &[]string{"172.31.0.0/16", "192.168.1.0/24"},
},
},
Environment: &networkingaccesspointv1.ObjectReference{Id: environment},
Expand Down Expand Up @@ -3141,6 +3142,9 @@ func handleNetworkingAccessPointUpdate(t *testing.T, id string) http.HandlerFunc
if networkInterfaces := body.Spec.GetConfig().NetworkingV1AwsPrivateNetworkInterface.GetNetworkInterfaces(); len(networkInterfaces) > 0 {
accessPoint.Spec.Config.NetworkingV1AwsPrivateNetworkInterface.SetNetworkInterfaces(body.Spec.GetConfig().NetworkingV1AwsPrivateNetworkInterface.GetNetworkInterfaces())
}
if routes := body.Spec.GetConfig().NetworkingV1AwsPrivateNetworkInterface.GetEgressRoutes(); len(routes) > 0 {
accessPoint.Spec.Config.NetworkingV1AwsPrivateNetworkInterface.SetEgressRoutes(body.Spec.GetConfig().NetworkingV1AwsPrivateNetworkInterface.GetEgressRoutes())
Comment on lines 3142 to +3146
Copy link

Copilot AI Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this handler, the response access point’s display name is updated unconditionally later via accessPoint.Spec.SetDisplayName(body.Spec.GetDisplayName()). For patch-style updates where display_name is omitted, GetDisplayName() typically returns "", so this can unintentionally wipe the existing name. Consider guarding the name update with a nil check on the incoming DisplayName pointer (consistent with other update handlers in this file).

Copilot uses AI. Check for mistakes.
}
case "ap-67890":
accessPoint = getAzureEgressAccessPoint(id, body.Spec.Environment.GetId(), "my-azure-egress-access-point")
case "ap-88888":
Expand Down