apiserver: add network configure endpoint

Adds POST /actions/network/configure endpoint to write network configuration
content directly to /.bottlerocket/net.toml. Includes error handling for
UTF-8 validation, directory creation, and file writing operations.

Signed-off-by: Yutong Sun <yutongsu@amazon.com>

Author: ytsssun

sources/api/apiserver/src/server/error.rs

@@ -203,6 +203,27 @@ pub enum Error {
 
     // =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=
 
+    // Network configuration errors
+    #[snafu(display("Network configuration content is not valid UTF-8"))]
+    NetworkConfigContent { source: std::string::FromUtf8Error },
+
+    #[snafu(display("Failed to create network configuration directory '{}'", path.display()))]
+    NetworkConfigDir {
+        path: std::path::PathBuf,
+        source: std::io::Error,
+    },
+
+    #[snafu(display("Network configuration directory '{}' does not exist. This directory should be managed by the system", path.display()))]
+    NetworkConfigDirMissing { path: std::path::PathBuf },
+
+    #[snafu(display("Failed to write network configuration to '{}'", path.display()))]
+    NetworkConfigWrite {
+        path: std::path::PathBuf,
+        source: std::io::Error,
+    },
+
+    // =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=   =^..^=
+
     // Update related errors
     #[snafu(display("Unable to start the update dispatcher: {} ", source))]
     UpdateDispatcher { source: io::Error },

sources/api/apiserver/src/server/mod.rs

@@ -14,7 +14,7 @@ use actix_web::{
 use datastore::{serialize_scalar, Committed, FilesystemDataStore, Key, KeyType, Value};
 use error::Result;
 use http::StatusCode;
-use log::info;
+use log::{debug, info};
 use model::ephemeral_storage::{Bind, Init};
 use model::generator::{RawSettingsGenerator, Strength};
 use model::{ConfigurationFiles, Model, Report, Services, Settings};
@@ -136,6 +136,7 @@ where
                     .route("/prepare-update", web::post().to(prepare_update))
                     .route("/activate-update", web::post().to(activate_update))
                     .route("/deactivate-update", web::post().to(deactivate_update))
+                    .route("/network/configure", web::post().to(configure_network))
                     .route(
                         "/ephemeral-storage/init",
                         web::post().to(initialize_ephemeral_storage),
@@ -651,6 +652,31 @@ async fn reboot() -> Result<HttpResponse> {
     Ok(HttpResponse::NoContent().finish())
 }
 
+/// Configures network settings by writing content to /.bottlerocket/net.toml.
+/// The configuration will be applied at next boot - a reboot is required for changes to take effect.
+async fn configure_network(body: web::Bytes) -> Result<HttpResponse> {
+    debug!("Configuring network settings");
+
+    // Convert the body bytes to a UTF-8 string
+    let content = String::from_utf8(body.to_vec()).context(error::NetworkConfigContentSnafu)?;
+
+    let config_dir = Path::new("/.bottlerocket");
+    let config_file = config_dir.join("net.toml");
+
+    // Ensure the directory exists. The target directory (/.bottlerocket) is managed by the system,
+    // we should throw error immediately if that does not exist.
+    ensure!(
+        config_dir.exists(),
+        error::NetworkConfigDirMissingSnafu { path: config_dir }
+    );
+
+    // Write the configuration content to the file
+    std::fs::write(&config_file, content)
+        .context(error::NetworkConfigWriteSnafu { path: &config_file })?;
+
+    Ok(HttpResponse::NoContent().finish())
+}
+
 /// Gets the set of report types supported by this host.
 async fn list_reports() -> Result<ReportListResponse> {
     // Add each report to list response when adding a new handler
@@ -908,6 +934,7 @@ impl ResponseError for error::Error {
             InvalidPrefix { .. } => StatusCode::BAD_REQUEST,
             DeserializeJson { .. } => StatusCode::BAD_REQUEST,
             InvalidKeyPair { .. } => StatusCode::BAD_REQUEST,
+            NetworkConfigContent { .. } => StatusCode::BAD_REQUEST,
 
             // 404 Not Found
             MissingData { .. } => StatusCode::NOT_FOUND,
@@ -962,6 +989,9 @@ impl ResponseError for error::Error {
             ReportExec { .. } => StatusCode::INTERNAL_SERVER_ERROR,
             ReportResult { .. } => StatusCode::INTERNAL_SERVER_ERROR,
             DeserializeSettingsGenerator { .. } => StatusCode::INTERNAL_SERVER_ERROR,
+            NetworkConfigDir { .. } => StatusCode::INTERNAL_SERVER_ERROR,
+            NetworkConfigDirMissing { .. } => StatusCode::INTERNAL_SERVER_ERROR,
+            NetworkConfigWrite { .. } => StatusCode::INTERNAL_SERVER_ERROR,
             DeserializeStrength { .. } => StatusCode::BAD_REQUEST,
             InvalidStrength { .. } => StatusCode::BAD_REQUEST,
             DisallowStrongToWeakStrength { .. } => StatusCode::BAD_REQUEST,

sources/api/openapi.yaml

@@ -712,6 +712,30 @@ paths:
         423:
           description: "Update write lock held. Try again in a moment"
 
+  /actions/network/configure:
+    post:
+      summary: "Configure network settings from net.toml content"
+      operationId: "configure_network"
+      requestBody:
+        required: true
+        content:
+          text/plain:
+            schema:
+              type: string
+            example: |
+              version = 2
+
+              [eth0]
+              dhcp4 = true
+              primary = true
+      responses:
+        204:
+          description: "Network configuration successfully written"
+        400:
+          description: "Invalid UTF-8 content or malformed configuration"
+        500:
+          description: "Server error writing configuration"
+
   /updates/status:
     get:
       summary: "Get update status"