feat: dynamic egress network rule updates for running sandboxes

packages/api/internal/handlers/sandbox_network_update.go

@@ -0,0 +1,81 @@
+package handlers
+
+import (
+	"fmt"
+	"net/http"
+	"slices"
+
+	"github.com/gin-gonic/gin"
+
+	"github.com/e2b-dev/infra/packages/api/internal/api"
+	"github.com/e2b-dev/infra/packages/api/internal/utils"
+	"github.com/e2b-dev/infra/packages/auth/pkg/auth"
+	sandbox_network "github.com/e2b-dev/infra/packages/shared/pkg/sandbox-network"
+	"github.com/e2b-dev/infra/packages/shared/pkg/telemetry"
+)
+
+func (a *APIStore) PutSandboxesSandboxIDNetwork(
+	c *gin.Context,
+	sandboxID string,
+) {
+	ctx := c.Request.Context()
+
+	var err error
+	sandboxID, err = utils.ShortID(sandboxID)
+	if err != nil {
+		a.sendAPIStoreError(c, http.StatusBadRequest, "Invalid sandbox ID")
+
+		return
+	}
+
+	team := auth.MustGetTeamInfo(c)
+
+	body, err := utils.ParseBody[api.PutSandboxesSandboxIDNetworkJSONBody](ctx, c)
+	if err != nil {
+		a.sendAPIStoreError(c, http.StatusBadRequest, fmt.Sprintf("Error when parsing request: %s", err))
+		telemetry.ReportCriticalError(ctx, "error when parsing request", err)
+
+		return
+	}
+
+	var allowedEntries []string
+	if body.AllowOut != nil {
+		allowedEntries = *body.AllowOut
+	}
+
+	var deniedEntries []string
+	if body.DenyOut != nil {
+		deniedEntries = *body.DenyOut
+	}
+
+	// Validate denyOut entries are valid IPs/CIDRs (not domains).
+	for _, entry := range deniedEntries {
+		if !sandbox_network.IsIPOrCIDR(entry) {
+			a.sendAPIStoreError(c, http.StatusBadRequest, fmt.Sprintf("invalid denied CIDR %s", entry))
+
+			return
+		}
+	}
+
+	// When specifying domains in allowOut, require deny-all (0.0.0.0/0) in denyOut.
+	// Without it, domain filtering is meaningless since traffic is allowed by default.
+	if len(allowedEntries) > 0 {
+		_, allowedDomains := sandbox_network.ParseAddressesAndDomains(allowedEntries)
+		hasBlockAll := slices.Contains(deniedEntries, sandbox_network.AllInternetTrafficCIDR)
+
+		if len(allowedDomains) > 0 && !hasBlockAll {
+			a.sendAPIStoreError(c, http.StatusBadRequest, ErrMsgDomainsRequireBlockAll)
+
+			return
+		}
+	}
+
+	if apiErr := a.orchestrator.UpdateSandboxNetworkConfig(ctx, team.ID, sandboxID, allowedEntries, deniedEntries); apiErr != nil {
+		telemetry.ReportError(ctx, "error updating sandbox network config", apiErr.Err)
+		a.sendAPIStoreError(c, apiErr.Code, apiErr.ClientMsg)
+
+		return
+	}
+
+	c.Status(http.StatusNoContent)
+}

packages/api/internal/orchestrator/update_network.go

@@ -0,0 +1,138 @@
+package orchestrator
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net/http"
+
+	"github.com/google/uuid"
+	"go.opentelemetry.io/otel/attribute"
+	"go.opentelemetry.io/otel/trace"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/status"
+
+	"github.com/e2b-dev/infra/packages/api/internal/api"
+	"github.com/e2b-dev/infra/packages/api/internal/sandbox"
+	"github.com/e2b-dev/infra/packages/api/internal/utils"
+	"github.com/e2b-dev/infra/packages/db/pkg/types"
+	orchestratorgrpc "github.com/e2b-dev/infra/packages/shared/pkg/grpc/orchestrator"
+	sandbox_network "github.com/e2b-dev/infra/packages/shared/pkg/sandbox-network"
+	"github.com/e2b-dev/infra/packages/shared/pkg/telemetry"
+)
+
+func (o *Orchestrator) UpdateSandboxNetworkConfig(
+	ctx context.Context,
+	teamID uuid.UUID,
+	sandboxID string,
+	allowedEntries []string,
+	deniedEntries []string,
+) *api.APIError {
+	// Split allowed entries into CIDRs/IPs and domains, matching the creation
+	// path in buildNetworkConfig.
+	allowedAddresses, allowedDomains := sandbox_network.ParseAddressesAndDomains(allowedEntries)
+
+	// If allowed domains are provided, add the default nameserver so the sandbox
+	// can resolve domain names — same as the creation path.
+	if len(allowedDomains) > 0 {
+		allowedAddresses = append(allowedAddresses, sandbox_network.DefaultNameserver)
+	}
+
+	allowedCIDRs := sandbox_network.AddressStringsToCIDRs(allowedAddresses)
+	deniedCIDRs := sandbox_network.AddressStringsToCIDRs(deniedEntries)
+
+	// Read the sandbox first to validate state and get routing info,
+	// without mutating the store yet.
+	sbx, err := o.sandboxStore.Get(ctx, teamID, sandboxID)
+	if err != nil {
+		var sbxNotFoundErr *sandbox.NotFoundError
+		if errors.As(err, &sbxNotFoundErr) {
+			return &api.APIError{Code: http.StatusNotFound, ClientMsg: utils.SandboxNotFoundMsg(sandboxID), Err: err}
+		}
+
+		return &api.APIError{Code: http.StatusInternalServerError, ClientMsg: "Error reading sandbox", Err: err}
+	}
+
+	if sbx.State != sandbox.StateRunning {
+		return &api.APIError{Code: http.StatusConflict, ClientMsg: utils.SandboxChangingStateMsg(sandboxID, sbx.State), Err: fmt.Errorf("sandbox '%s' is not running (state: %s)", sandboxID, sbx.State)}
+	}
+
+	// Apply the network update on the orchestrator node first.
+	// Only persist to the store after the node update succeeds.
+	if apiErr := o.updateSandboxNetworkOnNode(ctx, sbx, allowedCIDRs, deniedCIDRs, allowedDomains); apiErr != nil {
+		return apiErr
+	}
+
+	// Node update succeeded — now persist the new config in the store.
+	updateFunc := func(sbx sandbox.Sandbox) (sandbox.Sandbox, error) {
+		if sbx.Network == nil {
+			sbx.Network = &types.SandboxNetworkConfig{}
+		}
+
+		sbx.Network.Egress = &types.SandboxNetworkEgressConfig{
+			AllowedAddresses: allowedEntries,
+			DeniedAddresses:  deniedEntries,
+		}
+
+		return sbx, nil
+	}
+
+	if _, err := o.sandboxStore.Update(ctx, teamID, sandboxID, updateFunc); err != nil {
+		telemetry.ReportError(ctx, "network updated on node but failed to persist in store", err)
+
+		return &api.APIError{Code: http.StatusInternalServerError, ClientMsg: "Network rules applied but failed to persist config", Err: err}
+	}
+
+	return nil
+}
+
+func (o *Orchestrator) updateSandboxNetworkOnNode(
+	ctx context.Context,
+	sbx sandbox.Sandbox,
+	allowedCIDRs []string,
+	deniedCIDRs []string,
+	allowedDomains []string,
+) *api.APIError {
+	ctx, span := tracer.Start(ctx, "update-sandbox-network-on-node",
+		trace.WithAttributes(
+			attribute.String("instance.id", sbx.SandboxID),
+		),
+	)
+	defer span.End()
+
+	node := o.GetNode(sbx.ClusterID, sbx.NodeID)
+	if node == nil {
+		return &api.APIError{
+			Code:      http.StatusInternalServerError,
+			ClientMsg: fmt.Sprintf("Node hosting sandbox '%s' not found", sbx.SandboxID),
+			Err:       fmt.Errorf("node '%s' not found for cluster '%s'", sbx.NodeID, sbx.ClusterID),
+		}
+	}
+
+	client, ctx := node.GetClient(ctx)
+	_, err := client.Sandbox.UpdateNetwork(ctx, &orchestratorgrpc.SandboxUpdateNetworkRequest{
+		SandboxId:      sbx.SandboxID,
+		AllowedCidrs:   allowedCIDRs,
+		DeniedCidrs:    deniedCIDRs,
+		AllowedDomains: allowedDomains,
+	})
+	if err != nil {
+		grpcErr, ok := status.FromError(err)
+		if ok && grpcErr.Code() == codes.NotFound {
+			return &api.APIError{Code: http.StatusNotFound, ClientMsg: utils.SandboxNotFoundMsg(sbx.SandboxID), Err: err}
+		}
+
+		err = utils.UnwrapGRPCError(err)
+		telemetry.ReportCriticalError(ctx, "failed to update sandbox network on node", err)
+
+		return &api.APIError{
+			Code:      http.StatusInternalServerError,
+			ClientMsg: "Error applying network config to sandbox",
+			Err:       fmt.Errorf("failed to update sandbox network on node: %w", err),
+		}
+	}
+
+	telemetry.ReportEvent(ctx, "Updated sandbox network on node")
+
+	return nil
+}

packages/orchestrator/internal/proxy/proxy.go

@@ -72,10 +72,8 @@ func NewSandboxProxy(meterProvider metric.MeterProvider, port uint16, sandboxes
 				return nil, reverseproxy.NewErrSandboxNotFound(sandboxId)
 			}
 
-			var accessToken *string = nil
-			if net := sbx.Config.Network; net != nil && net.GetIngress() != nil {
-				accessToken = net.GetIngress().TrafficAccessToken
-			}
+			ingress := sbx.GetNetwork().GetIngress()
+			accessToken := ingress.TrafficAccessToken
 
 			isNonEnvdTraffic := int64(port) != consts.DefaultEnvdServerPort
 
@@ -92,7 +90,7 @@ func NewSandboxProxy(meterProvider metric.MeterProvider, port uint16, sandboxes
 
 			// Handle request host masking only for non-envd traffic.
 			var maskRequestHost *string = nil
-			if h := sbx.Config.Network.GetIngress().GetMaskRequestHost(); isNonEnvdTraffic && h != "" {
+			if h := ingress.GetMaskRequestHost(); isNonEnvdTraffic && h != "" {
 				h = strings.ReplaceAll(h, pool.MaskRequestHostPortPlaceholder, strconv.FormatUint(port, 10))
 				maskRequestHost = &h
 			}