fix: Allow setting routing profile type when creating VPCs

[bcavnvidia]

Description

This change adds VPC routing profile selection to the REST API for VPC creation.

Callers can now include routingProfileType when creating a VPC.

routingProfileType is only accepted when networkVirtualizationType is FNN, and the API response only returns routingProfileType for that network virtualization type.

I considered using a string "enum" with conversion methods, but it didn't seem to add much benefit.

Type of Change

• Feature - New feature or functionality (feat:)
• Fix - Bug fixes (fix:)
• Chore - Modification or removal of existing functionality (chore:)
• Refactor - Refactoring of existing functionality (refactor:)
• Docs - Changes in documentation or OpenAPI schema (docs:)
• CI - Changes in GitHub workflows. Requires additional scrutiny (ci:)
• Version - Issuing a new release version (version:)

Services Affected

• API - API models or endpoints updated
• Workflow - Workflow service updated
• DB - DB DAOs or migrations updated
• Site Manager - Site Manager updated
• Cert Manager - Cert Manager updated
• Site Agent - Site Agent updated
• RLA - RLA service updated
• Powershelf Manager - Powershelf Manager updated
• NVSwitch Manager - NVSwitch Manager updated

Related Issues (Optional)

Breaking Changes

• This PR contains breaking changes

Testing

• Unit tests added/updated
• Integration tests added/updated
• Manual testing performed
• No testing required (docs, internal refactor, etc.)

Additional Notes

Satisfies #327

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Summary by CodeRabbit

• New Features

  • Added optional routingProfileType for VPC create/response (External, Internal, PrivilegedInternal, Maintenance) and surfaced VNI fields in API responses.

• Deprecated

  • Marked InfrastructureProviderId and TenantId parameters as deprecated in relevant SDK requests; access inferred from org membership.

• Bug Fixes

  • Validation now rejects routingProfileType when network type is not FNN.

• Docs

  • OpenAPI updated to document routingProfileType and examples.

• Tests

  • Expanded tests to cover routingProfile behavior and workflow propagation.

Walkthrough

Adds optional VPC routing profile type support end-to-end: API fields and validation, model conversions to protobuf/DB, persistence, Temporal workflow propagation, OpenAPI and SDK surface updates, tests, and a DB migration to add routing_profile_type to the vpc table.

Changes

Cohort / File(s)	Summary
API Handler & Tests api/pkg/api/handler/vpc.go, api/pkg/api/handler/vpc_test.go	Enforces routingProfileType only when resolved networkVirtualizationType is FNN, converts API value to protobuf via VpcRoutingProfileTypeProtobufFromAPI, returns 400/500 on validation/conversion failures, persists converted value into DB input and Temporal CreateVPCV2 request. Tests add FNN+INTERNAL success, non‑FNN rejection cases, stronger Temporal mock assertions, and per‑subtest mock resets.
API Model & Tests api/pkg/api/model/vpc.go, api/pkg/api/model/vpc_test.go	Adds API constants and lookup maps for routing profile types; extends APIVpcCreateRequest and APIVpc with optional RoutingProfileType; validation enforces FNN-only constraint when provided; NewAPIVpc populates routing profile only for FNN. Tests expanded for routing profile validation and conditional VNI assertions.
Database Model & Tests db/pkg/db/model/vpc.go, db/pkg/db/model/vpc_test.go	Introduces exported routing-profile constants and whitelist map; adds nullable RoutingProfileType to Vpc, VpcCreateInput, VpcUpdateInput; VpcSQLDAO.Create/Update persist/update routing_profile_type. Tests updated to pass and assert routing profile values and tighten VNI assertions.
Database Migration db/pkg/migrations/20260406130000_vpc_routing_profile_type.go	New migration adding nullable routing_profile_type VARCHAR column on up, and dropping it on down. Both use transactions and handle execution/commit errors.
OpenAPI Spec openapi/spec.yaml	Adds optional routingProfileType enum to VPC and VpcCreateRequest schemas (External, Internal, PrivilegedInternal, Maintenance), documents FNN-only support, and updates the FNN example to include routingProfileType: Internal.
SDK — VPC Model sdk/standard/model_vpc.go	Adds nullable RoutingProfileType field with accessor/mutator methods and conditional serialization (omitted when unset).
SDK — VPC Create Request sdk/standard/model_vpc_create_request.go	Adds nullable RoutingProfileType to VpcCreateRequest with full accessor/mutator suite and conditional ToMap() inclusion.
SDK Docs — Allocation & Instance Type sdk/standard/api_allocation.go, sdk/standard/api_instance_type.go	Marked InfrastructureProviderId/TenantId builder methods deprecated; updated docs to describe org-membership–inferred role logic (FORGE_PROVIDER_ADMIN or FORGE_TENANT_ADMIN) and removed prior strict parameter requirements; in instance type executor removed mandatory siteId runtime check and made siteId query optional.

Sequence Diagram

sequenceDiagram
    participant Client
    participant API as API Handler
    participant Model as Validation/Conversion
    participant DB as Database
    participant Temporal as Temporal Worker

    Client->>API: POST /vpcs {networkVirtualizationType, routingProfileType?}
    API->>Model: Validate APIVpcCreateRequest
    alt routingProfileType provided
        Model->>Model: ensure networkVirtualizationType == FNN
        alt not FNN
            Model-->>API: validation error (400)
            API-->>Client: 400 Bad Request
        else is FNN
            Model->>Model: VpcRoutingProfileTypeProtobufFromAPI(routingProfileType)
            alt conversion fails
                Model-->>API: conversion error (500)
                API-->>Client: 500 Internal Server Error
            else conversion succeeds
                Model-->>API: protobuf routingProfileType
            end
        end
    end
    API->>DB: Create VPC (routing_profile_type if present)
    DB-->>API: created VPC
    API->>Temporal: Start CreateVPCV2 (VpcCreationRequest with routingProfileType)
    Temporal-->>API: workflow started
    API-->>Client: 201 Created {routingProfileType?, ...}

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 14.29% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: Allow setting routing profile type when creating VPCs' accurately describes the primary feature addition—enabling routing profile type specification in VPC creation—though the 'fix:' prefix is inconsistent with the author's Feature classification.
Description check	✅ Passed	The description comprehensively explains the feature, implementation constraints, and design decisions, directly correlating to the changeset across API models, database layer, and SDK updates.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

⚔️ Resolve merge conflicts

• Resolve merge conflict in branch vpc-routing-profile

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

api/pkg/api/model/vpc_test.go (1)

95-133: Add one edge-case test for routingProfileType with nil networkVirtualizationType.

Current cases do not pin behavior when RoutingProfileType is set and NetworkVirtualizationType is omitted. Adding this case will lock the intended contract and prevent future drift.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@api/pkg/api/model/vpc_test.go` around lines 95 - 133, Add a table-driven test
case in the vpc_test.go cases where RoutingProfileType is set (e.g.
APIVpcRoutingProfileTypeInternal) but NetworkVirtualizationType is nil to assert
the validator behavior; specifically add an entry in the test slice (same shape
as the others using the fields struct and symbols RoutingProfileType and
NetworkVirtualizationType) expecting an error (wantErr: true) so we pin the
contract when network virtualization is omitted.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@api/pkg/api/handler/vpc_test.go`:
- Around line 892-907: The test reuses the mock tsc across subtests so
tsc.AssertCalled("ExecuteWorkflow", ...) can falsely match earlier calls; fix by
isolating mock state per subtest—create a fresh mock (reinitialize tsc) inside
each subtest setup or call tsc.ExpectedCalls = nil / tsc.Calls = nil (or use
t.Cleanup to reset) before the assert, and ensure the specific ExecuteWorkflow
expectation is set on that per-subtest mock; refer to the tsc mock, the
ExecuteWorkflow assertion, and the subtest loop to locate where to
reinitialize/reset the mock.

In `@api/pkg/api/model/vpc.go`:
- Around line 123-135: The routingProfileType check currently allows a nil
NetworkVirtualizationType; update the validation in the block where
ascr.RoutingProfileType is checked so that you fail when
NetworkVirtualizationType is nil OR not equal to cdbm.VpcFNN. Specifically, keep
the existing existence/enum validation against
VpcRoutingProfileTypeProtobufFromAPI, then replace the second condition that
references ascr.NetworkVirtualizationType with a stricter check: if
ascr.NetworkVirtualizationType == nil || *ascr.NetworkVirtualizationType !=
cdbm.VpcFNN, return validation.Errors for "routingProfileType" stating it is
only supported when networkVirtualizationType is FNN.

---

Nitpick comments:
In `@api/pkg/api/model/vpc_test.go`:
- Around line 95-133: Add a table-driven test case in the vpc_test.go cases
where RoutingProfileType is set (e.g. APIVpcRoutingProfileTypeInternal) but
NetworkVirtualizationType is nil to assert the validator behavior; specifically
add an entry in the test slice (same shape as the others using the fields struct
and symbols RoutingProfileType and NetworkVirtualizationType) expecting an error
(wantErr: true) so we pin the contract when network virtualization is omitted.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4f788513-a809-4551-9136-9e749d9fc75a

📥 Commits

Reviewing files that changed from the base of the PR and between a8defc9 and 155a833.

⛔ Files ignored due to path filters (2)

• workflow-schema/schema/site-agent/workflows/v1/forge_carbide.pb.go is excluded by !**/*.pb.go, !**/*.pb.go
• workflow-schema/site-agent/workflows/v1/forge_carbide.proto is excluded by !workflow-schema/site-agent/workflows/v1/*_carbide.proto

📒 Files selected for processing (13)

• api/pkg/api/handler/vpc.go
• api/pkg/api/handler/vpc_test.go
• api/pkg/api/model/vpc.go
• api/pkg/api/model/vpc_test.go
• db/pkg/db/model/vpc.go
• db/pkg/db/model/vpc_test.go
• db/pkg/migrations/20260406130000_vpc_routing_profile_type.go
• docs/index.html
• openapi/spec.yaml
• sdk/standard/api_allocation.go
• sdk/standard/api_instance_type.go
• sdk/standard/model_vpc.go
• sdk/standard/model_vpc_create_request.go

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (1)

sdk/standard/api_allocation.go (1)

523-525: Correct Go deprecation marker syntax to improve IDE and tooling recognition.

Lines 524, 933, and 940 use // Deprecated without the required colon. Go's doc-comment convention (used by go doc, pkg.go.dev, and gopls) recognizes only paragraphs beginning with Deprecated: (case-sensitive). Update these comments to:

// Deprecated: reason or replacement guidance here.

This ensures the deprecation is properly surfaced by IDE inspectors and documentation tooling.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@sdk/standard/api_allocation.go` around lines 523 - 525, Replace bare "//
Deprecated" comments in this file with the proper Go doc comment prefix
"Deprecated: " so tooling recognizes them; specifically update the comment above
the method ApiGetAllAllocationRequest.InfrastructureProviderId to read "//
Deprecated: <reason or replacement>" and do the same for the two other
occurrences of bare "// Deprecated" elsewhere in the same file (replace with "//
Deprecated: <reason or replacement>").

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@api/pkg/api/handler/vpc.go`:
- Around line 303-313: The handler currently persists the protobuf enum string
by calling cdb.GetStrPtr(routingProfileTypeValue.String()), which couples
storage to generated protobuf labels; instead map the validated protobuf value
to the repo-owned DB constant and persist that. After resolving
routingProfileTypeValue via model.VpcRoutingProfileTypeProtobufFromAPI (based on
apiRequest.RoutingProfileType), replace the String() usage with the
corresponding db constant from the repo model (e.g.,
cdbm.VpcRoutingProfileType<Variant>) and pass that into cdb.GetStrPtr, keeping
protobuf-to-db conversion localized here and leaving routingProfileType
(cwssaws.RoutingProfileType) usage unchanged for API boundary handling.

In `@api/pkg/api/model/vpc.go`:
- Around line 123-135: The validation rejects routingProfileType when
NetworkVirtualizationType is nil, but site-aware defaults set by
CreateVPCHandler may later set it to FNN; update the logic in Validate() (around
ascr.RoutingProfileType handling) so you still verify routingProfileType exists
in VpcRoutingProfileTypeProtobufFromAPI, but only return the
"`routingProfileType` is only supported when `networkVirtualizationType` is FNN"
error when ascr.NetworkVirtualizationType is non-nil and its value is not
cdbm.VpcFNN (i.e., allow nil to pass and only reject explicit non-FNN values).
Ensure references: ascr.RoutingProfileType,
VpcRoutingProfileTypeProtobufFromAPI, ascr.NetworkVirtualizationType,
cdbm.VpcFNN, Validate(), and CreateVPCHandler.

In `@db/pkg/db/model/vpc.go`:
- Around line 91-97: Validate RoutingProfileType at the DAO boundary by checking
input.RoutingProfileType against VpcRoutingProfileTypeMap inside the VpcDAO
create and update methods (e.g., the functions/methods that persist VPCs in
vpc.go), returning a validation error if the value is not present; also add
similar checks in any bulk/patch methods referenced around the other noted
locations (the blocks around the symbols handling persistence at lines ~498-509
and ~578-582) and add a DB-level CHECK constraint for the routing_profile_type
column to enforce allowed values in the database as a final safeguard.

In `@sdk/standard/api_allocation.go`:
- Around line 530-531: Update the OpenAPI spec for the GetAllAllocation endpoint
so the tenantId parameter description clarifies it is only honored for
provider-role requests and ignored for tenant-role requests (rather than always
filtering); then regenerate the SDK so generated code (e.g., the
ApiGetAllAllocationRequest.TenantId method in sdk/standard/api_allocation.go)
contains the corrected parameter docstring and behavior note.

---

Nitpick comments:
In `@sdk/standard/api_allocation.go`:
- Around line 523-525: Replace bare "// Deprecated" comments in this file with
the proper Go doc comment prefix "Deprecated: " so tooling recognizes them;
specifically update the comment above the method
ApiGetAllAllocationRequest.InfrastructureProviderId to read "// Deprecated:
<reason or replacement>" and do the same for the two other occurrences of bare
"// Deprecated" elsewhere in the same file (replace with "// Deprecated: <reason
or replacement>").

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 87ae5a91-6d65-4c36-9cd2-d9429d5a9fa0

📥 Commits

Reviewing files that changed from the base of the PR and between 155a833 and 64d79b9.

⛔ Files ignored due to path filters (2)

• workflow-schema/schema/site-agent/workflows/v1/forge_carbide.pb.go is excluded by !**/*.pb.go, !**/*.pb.go
• workflow-schema/site-agent/workflows/v1/forge_carbide.proto is excluded by !workflow-schema/site-agent/workflows/v1/*_carbide.proto

📒 Files selected for processing (13)

• api/pkg/api/handler/vpc.go
• api/pkg/api/handler/vpc_test.go
• api/pkg/api/model/vpc.go
• api/pkg/api/model/vpc_test.go
• db/pkg/db/model/vpc.go
• db/pkg/db/model/vpc_test.go
• db/pkg/migrations/20260406130000_vpc_routing_profile_type.go
• docs/index.html
• openapi/spec.yaml
• sdk/standard/api_allocation.go
• sdk/standard/api_instance_type.go
• sdk/standard/model_vpc.go
• sdk/standard/model_vpc_create_request.go

🚧 Files skipped from review as they are similar to previous changes (6)

• db/pkg/migrations/20260406130000_vpc_routing_profile_type.go
• db/pkg/db/model/vpc_test.go
• sdk/standard/model_vpc.go
• sdk/standard/api_instance_type.go
• api/pkg/api/model/vpc_test.go
• openapi/spec.yaml

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

db/pkg/db/model/vpc_test.go (1)

1021-1023: Exercise the supported FNN path in the new DAO coverage.

Both new routingProfileType fixtures pair the field with Ethernet variants. If this test is meant to cover the feature, it is still exercising an unsupported state and can miss FNN-specific regressions. Switching these fixtures to VpcFNN would keep the regression coverage aligned with the contract.

Suggested adjustment

-		NetworkVirtualizationType: db.GetStrPtr(VpcEthernetVirtualizer),
+		NetworkVirtualizationType: db.GetStrPtr(VpcFNN),
 		RoutingProfileType:        db.GetStrPtr(VpcRoutingProfileTypeInternal),

-		NetworkVirtualizationType: db.GetStrPtr(VpcEthernetVirtualizerWithNVUE),
+		NetworkVirtualizationType: db.GetStrPtr(VpcFNN),
 		RoutingProfileType:        db.GetStrPtr(VpcRoutingProfileTypeMaintenance),

Also applies to: 1168-1170

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@db/pkg/db/model/vpc_test.go` around lines 1021 - 1023, The test fixtures
currently set NetworkVirtualizationType to VpcEthernetVirtualizer while using
FNN-related routing profile fixtures, which exercises an unsupported
Ethernet+FNN state; update the fixtures in vpc_test.go (the blocks that set
NetworkVirtualizationType, RoutingProfileType, ControllerVpcID) to use VpcFNN
instead of VpcEthernetVirtualizer so the RoutingProfileType FNN path is actually
exercised (apply the same change to the second occurrence around lines shown in
the comment).

api/pkg/api/handler/vpc_test.go (1)

533-554: Add the site-default FNN happy path as well.

This table now covers explicit FNN success and default-to-Ethernet rejection, but not the path that motivated relaxing validation: omitted networkVirtualizationType on a native-networking-enabled site with routingProfileType set. A regression in that resolution branch would still pass all new tests.

Suggested table entry

+		{
+			name: "test VPC create API endpoint accepts routing profile when site default resolves to FNN",
+			fields: fields{
+				dbSession: dbSession,
+				tc:        tc,
+				cfg:       cfg,
+			},
+			args: args{
+				reqData: &model.APIVpcCreateRequest{
+					Name:               "Test VPC default fnn routing profile",
+					Description:        cdb.GetStrPtr("Test VPC Description"),
+					SiteID:             st1.ID.String(),
+					RoutingProfileType: cdb.GetStrPtr(model.APIVpcRoutingProfileTypeInternal),
+				},
+				reqOrg:   tnOrg,
+				reqUser:  tnu,
+				respCode: http.StatusCreated,
+			},
+			wantErr:            false,
+			verifyChildSpanner: true,
+		},

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@api/pkg/api/handler/vpc_test.go` around lines 533 - 554, Add a table entry in
the same test case slice in vpc_test.go (the test that defines the cases for
creating VPCs, likely in TestCreateVPC) that covers the happy path where the
site default resolves to FNN: create an entry named like "site-default FNN
allows routing profile when networkVirtualizationType omitted" using the same
fields (dbSession, tc, cfg) and args where reqData is a
model.APIVpcCreateRequest that omits NetworkVirtualizationType (leave zero
value) but sets RoutingProfileType to model.APIVpcRoutingProfileTypeInternal and
SiteID to the native-networking-enabled site (st3.ID.String()); set
reqOrg/reqUser to tnOrg/tnu, expect a successful create response
(http.StatusCreated) with no error (wantErr false) and verifyChildSpanner true
so the test exercises the resolution branch for default-to-FNN behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@api/pkg/api/model/vpc.go`:
- Around line 344-345: The RoutingProfileType field on the VPC model is being
serialized as "routingProfileType": null for non-FNN VPCs; update the JSON
struct tag for RoutingProfileType in api/pkg/api/model/vpc.go to include
omitempty so nil values are omitted (preserving the FNN-only response contract),
and ensure callers that construct NewAPIVpc still leave RoutingProfileType as
nil for non-FNN rows so the field is dropped from JSON output.

---

Nitpick comments:
In `@api/pkg/api/handler/vpc_test.go`:
- Around line 533-554: Add a table entry in the same test case slice in
vpc_test.go (the test that defines the cases for creating VPCs, likely in
TestCreateVPC) that covers the happy path where the site default resolves to
FNN: create an entry named like "site-default FNN allows routing profile when
networkVirtualizationType omitted" using the same fields (dbSession, tc, cfg)
and args where reqData is a model.APIVpcCreateRequest that omits
NetworkVirtualizationType (leave zero value) but sets RoutingProfileType to
model.APIVpcRoutingProfileTypeInternal and SiteID to the
native-networking-enabled site (st3.ID.String()); set reqOrg/reqUser to
tnOrg/tnu, expect a successful create response (http.StatusCreated) with no
error (wantErr false) and verifyChildSpanner true so the test exercises the
resolution branch for default-to-FNN behavior.

In `@db/pkg/db/model/vpc_test.go`:
- Around line 1021-1023: The test fixtures currently set
NetworkVirtualizationType to VpcEthernetVirtualizer while using FNN-related
routing profile fixtures, which exercises an unsupported Ethernet+FNN state;
update the fixtures in vpc_test.go (the blocks that set
NetworkVirtualizationType, RoutingProfileType, ControllerVpcID) to use VpcFNN
instead of VpcEthernetVirtualizer so the RoutingProfileType FNN path is actually
exercised (apply the same change to the second occurrence around lines shown in
the comment).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 68ff5b2d-fd01-4cb7-8f34-b1308de45354

📥 Commits

Reviewing files that changed from the base of the PR and between 64d79b9 and d8fa778.

⛔ Files ignored due to path filters (2)

• workflow-schema/schema/site-agent/workflows/v1/forge_carbide.pb.go is excluded by !**/*.pb.go, !**/*.pb.go
• workflow-schema/site-agent/workflows/v1/forge_carbide.proto is excluded by !workflow-schema/site-agent/workflows/v1/*_carbide.proto

📒 Files selected for processing (13)

• api/pkg/api/handler/vpc.go
• api/pkg/api/handler/vpc_test.go
• api/pkg/api/model/vpc.go
• api/pkg/api/model/vpc_test.go
• db/pkg/db/model/vpc.go
• db/pkg/db/model/vpc_test.go
• db/pkg/migrations/20260406130000_vpc_routing_profile_type.go
• docs/index.html
• openapi/spec.yaml
• sdk/standard/api_allocation.go
• sdk/standard/api_instance_type.go
• sdk/standard/model_vpc.go
• sdk/standard/model_vpc_create_request.go

✅ Files skipped from review due to trivial changes (2)

• db/pkg/migrations/20260406130000_vpc_routing_profile_type.go
• db/pkg/db/model/vpc.go

🚧 Files skipped from review as they are similar to previous changes (4)

• api/pkg/api/handler/vpc.go
• sdk/standard/api_instance_type.go
• sdk/standard/api_allocation.go
• openapi/spec.yaml

[github-actions]

🔐 TruffleHog Secret Scan

✅ No secrets or credentials found!

Your code has been scanned for 700+ types of secrets and credentials. All clear! 🎉

🔗 View scan details

_{🕐 Last updated: 2026-04-06 22:46:27 UTC | Commit: 172521e}

[thossain-nv]

Thanks for the implementation @bcavnvidia Left some notes.

[thossain-nv]

Since we're providing the message with attribute keyed context, we could say:

"routingProfileType": fmt.Errorf("specified value: %s is not valid. Available options are: %s", *ascr.RoutingProfileType, <comma-separated-options>),

[bcavnvidia]

We might be very close to switching this over to being a purely config/db-defined string. I.e., external might be a required minimum, but any number of profiles could be defined, and the proto would switch to being a string. I was trying to strike a middle-ground since we do need to expose this now.

[bcavnvidia]

I'm going to switch this back to draft. Once this goes into -rest it'll make it a bit more concrete.

[thossain-nv]

Sounds good.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

db/pkg/db/model/vpc_test.go (1)

1279-1279: Guard VNI pointer dereference in assertion.

Use a nil guard before dereferencing got.Vni so failures remain assertion-based instead of panicking.

Proposed test-hardening diff

-			assert.Equal(t, *tt.want.Vni, *got.Vni)
+			require.NotNil(t, got.Vni)
+			assert.Equal(t, *tt.want.Vni, *got.Vni)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@db/pkg/db/model/vpc_test.go` at line 1279, Guard the pointer dereference of
got.Vni before asserting equality: check tt.want.Vni for nil and assert got.Vni
is nil in that case, otherwise assert got.Vni is non-nil (e.g., assert.NotNil(t,
got.Vni)) and then compare values by dereferencing both pointers; update the
assertion around got.Vni and tt.want.Vni to follow this nil-guard pattern so the
test fails with assertions instead of panicking.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@api/pkg/api/model/vpc.go`:
- Around line 56-61: Add the missing ADMIN routing profile type constant and
mapping so protobuf values round-trip into API responses: define
APIVpcRoutingProfileTypeAdmin (matching naming of
APIVpcRoutingProfileTypeExternal/Internal/PrivilegedInternal/Maintenance) and
add an entry in VpcRoutingProfileTypeAPIFromProtobuf mapping
cwssaws.RoutingProfileType_ROUTING_PROFILE_TYPE_ADMIN.String() to
APIVpcRoutingProfileTypeAdmin; update any related reverse map/lookups if present
so conversions (e.g., in the conversion at line ~377) no longer drop ADMIN
values.

---

Nitpick comments:
In `@db/pkg/db/model/vpc_test.go`:
- Line 1279: Guard the pointer dereference of got.Vni before asserting equality:
check tt.want.Vni for nil and assert got.Vni is nil in that case, otherwise
assert got.Vni is non-nil (e.g., assert.NotNil(t, got.Vni)) and then compare
values by dereferencing both pointers; update the assertion around got.Vni and
tt.want.Vni to follow this nil-guard pattern so the test fails with assertions
instead of panicking.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2398fea6-aeae-4bcb-9c6b-9ef657e4f207

📥 Commits

Reviewing files that changed from the base of the PR and between 172521e and d71ff0c.

⛔ Files ignored due to path filters (2)

• workflow-schema/schema/site-agent/workflows/v1/forge_carbide.pb.go is excluded by !**/*.pb.go, !**/*.pb.go
• workflow-schema/site-agent/workflows/v1/forge_carbide.proto is excluded by !workflow-schema/site-agent/workflows/v1/*_carbide.proto

📒 Files selected for processing (13)

• api/pkg/api/handler/vpc.go
• api/pkg/api/handler/vpc_test.go
• api/pkg/api/model/vpc.go
• api/pkg/api/model/vpc_test.go
• db/pkg/db/model/vpc.go
• db/pkg/db/model/vpc_test.go
• db/pkg/migrations/20260406130000_vpc_routing_profile_type.go
• docs/index.html
• openapi/spec.yaml
• sdk/standard/api_allocation.go
• sdk/standard/api_instance_type.go
• sdk/standard/model_vpc.go
• sdk/standard/model_vpc_create_request.go

🚧 Files skipped from review as they are similar to previous changes (7)

• sdk/standard/model_vpc.go
• db/pkg/migrations/20260406130000_vpc_routing_profile_type.go
• sdk/standard/model_vpc_create_request.go
• db/pkg/db/model/vpc.go
• api/pkg/api/handler/vpc.go
• sdk/standard/api_instance_type.go
• openapi/spec.yaml

[thossain-nv]

Thanks for the changes @bcavnvidia One more question I have, if routing profile type is not specified, should we set a default value for FNN VPCs?

[bcavnvidia]

Thanks for the changes @bcavnvidia One more question I have, if routing profile type is not specified, should we set a default value for FNN VPCs?

In -core, it would default to the tenant's type, which defaults to external, but it can be changed via the admin-cli and there's a restriction that prevents a tenant from creating a VPC with a type "higher" than the type of the tenant. E.g., if a tenant is internal, they could create a VPC marked internal or external, but a tenant marked external could only create a VPC marked external. We'd need to figure out tenant profile types in -rest before we could default here.

Interesting, @bcavnvidia seems like a valid ask?

I responded to code-rabbit to give it context. 😄