@celilo/cli 0.1.0

package/src/ipam/allocator.ts

@@ -0,0 +1,369 @@
+/**
+ * IPAM (IP Address Management) Allocator
+ * Automatically allocates VMID and container IP addresses from zone subnets
+ * Prevents conflicts and tracks allocations
+ */
+
+import { and, eq } from 'drizzle-orm';
+import type { BunSQLiteDatabase } from 'drizzle-orm/bun-sqlite';
+import type { DbClient } from '../db/client';
+import { ipAllocations, ipReservations, systemConfig, vmidReservations } from '../db/schema';
+import type { NewIpAllocation, NewIpReservation, NewVmidReservation } from '../db/schema';
+import type * as schema from '../db/schema';
+import { generateIPsInSubnet, isIPInRange, isInSubnet, stripCIDR } from './subnet-parser';
+
+// Type that accepts both database client and transaction
+type DbOrTransaction = BunSQLiteDatabase<typeof schema> | DbClient;
+
+/** Zones that support IPAM auto-allocation of VMID and container IP */
+export type IpamZone = 'dmz' | 'app' | 'secure' | 'internal';
+
+const IPAM_ZONES: IpamZone[] = ['internal', 'dmz', 'app', 'secure'];
+
+/**
+ * Infer which zone an IP address belongs to by checking configured zone subnets.
+ * Returns null if the IP doesn't match any known zone.
+ */
+export async function inferZoneFromIP(ip: string, db: DbOrTransaction): Promise<IpamZone | null> {
+  const bareIp = stripCIDR(ip);
+  for (const zone of IPAM_ZONES) {
+    const subnetKey = `network.${zone}.subnet`;
+    const records = await db
+      .select()
+      .from(systemConfig)
+      .where(eq(systemConfig.key, subnetKey))
+      .all();
+    if (records.length > 0 && isInSubnet(bareIp, records[0].value)) {
+      return zone;
+    }
+  }
+  return null;
+}
+
+export interface IPAMAllocation {
+  vmid: number;
+  containerIp: string; // CIDR format (e.g., "10.0.10.10/24")
+}
+
+/**
+ * Allocate VMID and container IP for a module
+ * Automatically selects next available from zone subnet
+ */
+export async function allocateResources(
+  moduleId: string,
+  zone: IpamZone,
+  db: DbOrTransaction,
+): Promise<IPAMAllocation> {
+  // Allocate VMID (sequential from 2100)
+  const vmid = await allocateVMID(db);
+
+  // Get zone subnet from system config
+  const subnetKey = `network.${zone}.subnet`;
+  const subnetRecords = await db
+    .select()
+    .from(systemConfig)
+    .where(eq(systemConfig.key, subnetKey))
+    .all();
+
+  if (subnetRecords.length === 0) {
+    throw new Error(
+      `Network zone '${zone}' not configured. Run: celilo system config set ${subnetKey} "10.0.X.0/24"`,
+    );
+  }
+
+  const subnet = subnetRecords[0].value;
+
+  // Allocate IP from zone subnet
+  const containerIp = await allocateIPFromSubnet(subnet, zone, db);
+
+  // Record allocation
+  const newAllocation: NewIpAllocation = {
+    moduleId,
+    vmid,
+    containerIp,
+    zone,
+  };
+
+  await db.insert(ipAllocations).values(newAllocation).run();
+
+  return { vmid, containerIp };
+}
+
+/**
+ * Allocate next available VMID
+ * Starts from 2100 and increments sequentially
+ * Skips reserved VMIDs
+ */
+export async function allocateVMID(db: DbOrTransaction): Promise<number> {
+  // Get all allocated VMIDs
+  const allocations = await db.select().from(ipAllocations).all();
+  const allocatedVMIDs = new Set(allocations.map((a: typeof ipAllocations.$inferSelect) => a.vmid));
+
+  // Get all reserved VMIDs
+  const reservations = await db.select().from(vmidReservations).all();
+  const reservedVMIDs = new Set(
+    reservations.map((r: typeof vmidReservations.$inferSelect) => r.vmid),
+  );
+
+  // Find next available VMID starting from 2100
+  let candidateVMID =
+    allocations.length === 0
+      ? 2100
+      : Math.max(...allocations.map((a: typeof ipAllocations.$inferSelect) => a.vmid)) + 1;
+
+  // Keep incrementing until we find an unreserved VMID
+  while (allocatedVMIDs.has(candidateVMID) || reservedVMIDs.has(candidateVMID)) {
+    candidateVMID++;
+  }
+
+  return candidateVMID;
+}
+
+/**
+ * Allocate next available IP from subnet
+ * Skips allocated IPs and reserved IPs
+ * Reserves .1-.9 for infrastructure
+ */
+export async function allocateIPFromSubnet(
+  subnet: string,
+  zone: IpamZone,
+  db: DbOrTransaction,
+): Promise<string> {
+  // Get all allocated IPs in this subnet
+  const allocations = await db
+    .select()
+    .from(ipAllocations)
+    .where(eq(ipAllocations.zone, zone))
+    .all();
+  const allocatedIPs = new Set(
+    allocations.map((a: typeof ipAllocations.$inferSelect) => a.containerIp),
+  );
+
+  // Get all reservations in this zone
+  const reservations = await db
+    .select()
+    .from(ipReservations)
+    .where(eq(ipReservations.zone, zone))
+    .all();
+
+  // Find first available IP
+  for (const candidateIP of generateIPsInSubnet(subnet)) {
+    // Skip if already allocated
+    if (allocatedIPs.has(candidateIP)) {
+      continue;
+    }
+
+    // Skip if reserved
+    const isReserved = reservations.some((r: typeof ipReservations.$inferSelect) =>
+      isIPInRange(stripCIDR(candidateIP), r.ipStart, r.ipEnd),
+    );
+
+    if (isReserved) {
+      continue;
+    }
+
+    // Found available IP
+    return candidateIP;
+  }
+
+  throw new Error(`No available IPs in subnet ${subnet} (zone: ${zone})`);
+}
+
+/**
+ * Deallocate resources for a module
+ * Removes VMID and IP allocation
+ */
+export async function deallocateResources(moduleId: string, db: DbOrTransaction): Promise<void> {
+  await db.delete(ipAllocations).where(eq(ipAllocations.moduleId, moduleId)).run();
+}
+
+/**
+ * Get allocation for a module
+ */
+export async function getAllocation(
+  moduleId: string,
+  db: DbOrTransaction,
+): Promise<IPAMAllocation | null> {
+  const allocations = await db
+    .select()
+    .from(ipAllocations)
+    .where(eq(ipAllocations.moduleId, moduleId))
+    .all();
+
+  if (allocations.length === 0) {
+    return null;
+  }
+
+  const allocation = allocations[0];
+  return {
+    vmid: allocation.vmid,
+    containerIp: allocation.containerIp,
+  };
+}
+
+/**
+ * Reserve an IP or IP range
+ * Prevents IPAM from allocating reserved IPs
+ */
+export async function reserveIP(
+  ipStart: string,
+  zone: IpamZone,
+  reason: string,
+  ipEnd: string | null,
+  db: DbOrTransaction,
+): Promise<void> {
+  const newReservation: NewIpReservation = {
+    ipStart: stripCIDR(ipStart),
+    ipEnd: ipEnd ? stripCIDR(ipEnd) : null,
+    zone,
+    reason,
+  };
+
+  await db.insert(ipReservations).values(newReservation).run();
+}
+
+/**
+ * Remove IP reservation
+ */
+export async function unreserveIP(
+  ipStart: string,
+  zone: IpamZone,
+  db: DbOrTransaction,
+): Promise<void> {
+  const ip = stripCIDR(ipStart);
+  await db
+    .delete(ipReservations)
+    .where(and(eq(ipReservations.ipStart, ip), eq(ipReservations.zone, zone)));
+}
+
+/**
+ * List all IP reservations
+ */
+export async function listReservations(db: DbOrTransaction) {
+  return await db.select().from(ipReservations).all();
+}
+
+/**
+ * Get all allocated IPs in a subnet (for debugging/status)
+ */
+export async function getAllocatedIPsInSubnet(
+  subnet: string,
+  db: DbOrTransaction,
+): Promise<string[]> {
+  const allocations = await db.select().from(ipAllocations).all();
+
+  return allocations
+    .filter((a: typeof ipAllocations.$inferSelect) => isInSubnet(a.containerIp, subnet))
+    .map((a: typeof ipAllocations.$inferSelect) => a.containerIp);
+}
+
+/**
+ * Check if a specific IP is available
+ */
+export async function isIPAvailable(
+  ip: string,
+  zone: IpamZone,
+  db: DbOrTransaction,
+): Promise<boolean> {
+  // Check if allocated
+  const allocations = await db
+    .select()
+    .from(ipAllocations)
+    .where(eq(ipAllocations.containerIp, ip))
+    .all();
+
+  if (allocations.length > 0) {
+    return false;
+  }
+
+  // Check if reserved
+  const reservations = await db
+    .select()
+    .from(ipReservations)
+    .where(eq(ipReservations.zone, zone))
+    .all();
+
+  const isReserved = reservations.some((r: typeof ipReservations.$inferSelect) =>
+    isIPInRange(stripCIDR(ip), r.ipStart, r.ipEnd),
+  );
+
+  return !isReserved;
+}
+
+/**
+ * Reserve a VMID
+ * Prevents IPAM from allocating reserved VMIDs
+ */
+export async function reserveVMID(
+  vmid: number,
+  reason: string,
+  db: DbOrTransaction,
+): Promise<void> {
+  // Check if VMID is already allocated
+  const allocations = await db
+    .select()
+    .from(ipAllocations)
+    .where(eq(ipAllocations.vmid, vmid))
+    .all();
+
+  if (allocations.length > 0) {
+    throw new Error(`VMID ${vmid} is already allocated to module ${allocations[0].moduleId}`);
+  }
+
+  // Check if VMID is already reserved
+  const reservations = await db
+    .select()
+    .from(vmidReservations)
+    .where(eq(vmidReservations.vmid, vmid))
+    .all();
+
+  if (reservations.length > 0) {
+    throw new Error(`VMID ${vmid} is already reserved: ${reservations[0].reason}`);
+  }
+
+  const newReservation: NewVmidReservation = {
+    vmid,
+    reason,
+  };
+
+  await db.insert(vmidReservations).values(newReservation).run();
+}
+
+/**
+ * Remove VMID reservation
+ */
+export async function unreserveVMID(vmid: number, db: DbOrTransaction): Promise<void> {
+  await db.delete(vmidReservations).where(eq(vmidReservations.vmid, vmid)).run();
+}
+
+/**
+ * List all VMID reservations
+ */
+export async function listVMIDReservations(db: DbOrTransaction) {
+  return await db.select().from(vmidReservations).all();
+}
+
+/**
+ * Check if a specific VMID is available
+ */
+export async function isVMIDAvailable(vmid: number, db: DbOrTransaction): Promise<boolean> {
+  // Check if allocated
+  const allocations = await db
+    .select()
+    .from(ipAllocations)
+    .where(eq(ipAllocations.vmid, vmid))
+    .all();
+
+  if (allocations.length > 0) {
+    return false;
+  }
+
+  // Check if reserved
+  const reservations = await db
+    .select()
+    .from(vmidReservations)
+    .where(eq(vmidReservations.vmid, vmid))
+    .all();
+
+  return reservations.length === 0;
+}

package/src/ipam/auto-allocator.test.ts

@@ -0,0 +1,247 @@
+/**
+ * IPAM Auto-Allocator Tests
+ */
+
+import { Database } from 'bun:sqlite';
+import { beforeEach, describe, expect, test } from 'bun:test';
+import { drizzle } from 'drizzle-orm/bun-sqlite';
+import type { DbClient } from '../db/client';
+import * as schema from '../db/schema';
+import { allocateForModule, deallocateForModule, getAllocation } from './auto-allocator';
+
+describe('IPAM Auto-Allocator', () => {
+  let db: Database;
+  let drizzleDb: DbClient;
+
+  beforeEach(() => {
+    // Create in-memory database for testing
+    db = new Database(':memory:');
+    drizzleDb = drizzle(db, { schema });
+
+    // Create required tables
+    db.exec(`
+			CREATE TABLE ip_allocations (
+				id INTEGER PRIMARY KEY AUTOINCREMENT,
+				module_id TEXT NOT NULL REFERENCES modules(id) ON DELETE CASCADE,
+				vmid INTEGER NOT NULL UNIQUE,
+				container_ip TEXT NOT NULL UNIQUE,
+				zone TEXT NOT NULL,
+				allocated_at INTEGER NOT NULL
+			);
+
+			CREATE TABLE vmid_reservations (
+				vmid INTEGER PRIMARY KEY NOT NULL,
+				reason TEXT,
+				created_at TEXT NOT NULL
+			);
+
+			CREATE TABLE ip_reservations (
+				id INTEGER PRIMARY KEY AUTOINCREMENT,
+				zone TEXT NOT NULL,
+				ip_start TEXT NOT NULL,
+				ip_end TEXT,
+				reason TEXT,
+				created_at TEXT NOT NULL
+			);
+
+			CREATE TABLE system_config (
+				key TEXT PRIMARY KEY NOT NULL,
+				value TEXT NOT NULL,
+				created_at TEXT NOT NULL,
+				updated_at TEXT NOT NULL
+			);
+		`);
+
+    // Insert test zone subnet configuration
+    db.prepare(
+      `INSERT INTO system_config (key, value, created_at, updated_at)
+			 VALUES (?, ?, datetime('now'), datetime('now'))`,
+    ).run('network.dmz.subnet', '10.0.10.0/24');
+
+    db.prepare(
+      `INSERT INTO system_config (key, value, created_at, updated_at)
+			 VALUES (?, ?, datetime('now'), datetime('now'))`,
+    ).run('network.app.subnet', '10.0.20.0/24');
+  });
+
+  describe('allocateForModule', () => {
+    test('allocates first VMID starting at 200', async () => {
+      const allocation = await allocateForModule('test-module', 'dmz', drizzleDb, db);
+
+      expect(allocation.vmid).toBe(200);
+      expect(allocation.moduleId).toBe('test-module');
+      expect(allocation.zone).toBe('dmz');
+    });
+
+    test('allocates first IP starting at .10 in CIDR format', async () => {
+      const allocation = await allocateForModule('test-module', 'dmz', drizzleDb, db);
+
+      expect(allocation.containerIp).toBe('10.0.10.10/24');
+    });
+
+    test('allocates sequential VMIDs for multiple modules', async () => {
+      const alloc1 = await allocateForModule('module-1', 'dmz', drizzleDb, db);
+      const alloc2 = await allocateForModule('module-2', 'dmz', drizzleDb, db);
+      const alloc3 = await allocateForModule('module-3', 'app', drizzleDb, db);
+
+      expect(alloc1.vmid).toBe(200);
+      expect(alloc2.vmid).toBe(201);
+      expect(alloc3.vmid).toBe(202);
+    });
+
+    test('allocates sequential IPs within same zone', async () => {
+      const alloc1 = await allocateForModule('module-1', 'dmz', drizzleDb, db);
+      const alloc2 = await allocateForModule('module-2', 'dmz', drizzleDb, db);
+
+      expect(alloc1.containerIp).toBe('10.0.10.10/24');
+      expect(alloc2.containerIp).toBe('10.0.10.11/24');
+    });
+
+    test('allocates IPs from different zone subnets', async () => {
+      const dmzAlloc = await allocateForModule('module-dmz', 'dmz', drizzleDb, db);
+      const appAlloc = await allocateForModule('module-app', 'app', drizzleDb, db);
+
+      expect(dmzAlloc.containerIp).toBe('10.0.10.10/24');
+      expect(appAlloc.containerIp).toBe('10.0.20.10/24');
+    });
+
+    test('skips reserved VMIDs', async () => {
+      // Reserve VMID 200
+      db.prepare(
+        `INSERT INTO vmid_reservations (vmid, reason, created_at)
+				 VALUES (?, ?, datetime('now'))`,
+      ).run(200, 'Test reservation');
+
+      const allocation = await allocateForModule('test-module', 'dmz', drizzleDb, db);
+
+      expect(allocation.vmid).toBe(201);
+    });
+
+    test('skips reserved IP addresses', async () => {
+      // Reserve IP 10.0.10.10
+      db.prepare(
+        `INSERT INTO ip_reservations (zone, ip_start, ip_end, reason, created_at)
+				 VALUES (?, ?, ?, ?, datetime('now'))`,
+      ).run('dmz', '10.0.10.10', null, 'Test reservation');
+
+      const allocation = await allocateForModule('test-module', 'dmz', drizzleDb, db);
+
+      expect(allocation.containerIp).toBe('10.0.10.11/24');
+    });
+
+    test('skips reserved IP ranges', async () => {
+      // Reserve range 10.0.10.10-10.0.10.12
+      db.prepare(
+        `INSERT INTO ip_reservations (zone, ip_start, ip_end, reason, created_at)
+				 VALUES (?, ?, ?, ?, datetime('now'))`,
+      ).run('dmz', '10.0.10.10', '10.0.10.12', 'Test range reservation');
+
+      const allocation = await allocateForModule('test-module', 'dmz', drizzleDb, db);
+
+      expect(allocation.containerIp).toBe('10.0.10.13/24');
+    });
+
+    test('reuses existing allocation for same module', async () => {
+      const alloc1 = await allocateForModule('test-module', 'dmz', drizzleDb, db);
+      const alloc2 = await allocateForModule('test-module', 'dmz', drizzleDb, db);
+
+      expect(alloc2.vmid).toBe(alloc1.vmid);
+      expect(alloc2.containerIp).toBe(alloc1.containerIp);
+    });
+
+    test('throws error when zone subnet not configured', async () => {
+      await expect(allocateForModule('test-module', 'invalid-zone', drizzleDb, db)).rejects.toThrow(
+        'Zone subnet not configured',
+      );
+    });
+  });
+
+  describe('getAllocation', () => {
+    test('returns null when no allocation exists', () => {
+      const allocation = getAllocation('nonexistent-module', drizzleDb);
+
+      expect(allocation).toBeNull();
+    });
+
+    test('returns existing allocation', async () => {
+      await allocateForModule('test-module', 'dmz', drizzleDb, db);
+
+      const allocation = getAllocation('test-module', drizzleDb);
+
+      expect(allocation).not.toBeNull();
+      expect(allocation?.moduleId).toBe('test-module');
+      expect(allocation?.vmid).toBe(200);
+      expect(allocation?.containerIp).toBe('10.0.10.10/24');
+      expect(allocation?.zone).toBe('dmz');
+    });
+  });
+
+  describe('deallocateForModule', () => {
+    test('removes allocation for module', async () => {
+      await allocateForModule('test-module', 'dmz', drizzleDb, db);
+
+      const removed = await deallocateForModule('test-module', drizzleDb);
+
+      expect(removed).toBe(true);
+
+      const allocation = getAllocation('test-module', drizzleDb);
+      expect(allocation).toBeNull();
+    });
+
+    test('returns false when no allocation exists', async () => {
+      const removed = await deallocateForModule('nonexistent-module', drizzleDb);
+
+      expect(removed).toBe(false);
+    });
+
+    test('makes VMID and IP available for reallocation', async () => {
+      await allocateForModule('module-1', 'dmz', drizzleDb, db);
+      await allocateForModule('module-2', 'dmz', drizzleDb, db);
+
+      // Remove first module
+      await deallocateForModule('module-1', drizzleDb);
+
+      // Allocate new module - should get VMID 200 (first available)
+      const newAlloc = await allocateForModule('module-3', 'dmz', drizzleDb, db);
+
+      expect(newAlloc.vmid).toBe(200);
+      expect(newAlloc.containerIp).toBe('10.0.10.10/24');
+    });
+  });
+
+  describe('VMID allocation edge cases', () => {
+    test('handles large VMID gaps with reservations', async () => {
+      // Reserve range 200-299
+      for (let i = 200; i < 300; i++) {
+        db.prepare(
+          `INSERT INTO vmid_reservations (vmid, reason, created_at)
+					 VALUES (?, ?, datetime('now'))`,
+        ).run(i, 'Reserved');
+      }
+
+      const allocation = await allocateForModule('test-module', 'dmz', drizzleDb, db);
+
+      expect(allocation.vmid).toBe(300);
+    });
+  });
+
+  describe('IP allocation edge cases', () => {
+    test('handles subnet with many allocations', async () => {
+      // Allocate first 10 IPs
+      for (let i = 0; i < 10; i++) {
+        await allocateForModule(`module-${i}`, 'dmz', drizzleDb, db);
+      }
+
+      const allocation = await allocateForModule('module-10', 'dmz', drizzleDb, db);
+
+      expect(allocation.containerIp).toBe('10.0.10.20/24'); // .10-.19 taken, .20 is next
+    });
+
+    test('skips infrastructure range (.1-.9)', async () => {
+      const allocation = await allocateForModule('test-module', 'dmz', drizzleDb, db);
+
+      // Should start at .10, not .1 or .2
+      expect(allocation.containerIp).toBe('10.0.10.10/24');
+    });
+  });
+});