feat(mazenet): per-LAN swarm host pin

Adds nullable LAN.host_uuid (FK swarm_hosts.uuid). Resolution order when deploying a LAN: lan.host_uuid → topology.target_host_uuid → master. A LAN is one Docker bridge so the bridge cannot span hosts; this pin forces every decky in the LAN onto the named host. LANCreateRequest / LANUpdateRequest accept host_uuid; both validate that the host exists, returning 400 on unknown UUIDs. PATCH still gated by the existing pending-only guard, so reassignment of a live LAN is not yet possible (deferred to mutator support). LANRow surfaces the field so the frontend can render per-host badges.
2026-04-25 03:04:23 -04:00
parent 36031fa10a
commit 0d92170a57
3 changed files with 98 additions and 0 deletions
--- a/tests/api/topology/test_child_crud.py
+++ b/tests/api/topology/test_child_crud.py
@@ -111,6 +111,78 @@ async def test_lan_requires_admin(client, viewer_token):
    assert r.status_code == 403


+# ── LAN host_uuid (per-Net SWARM assignment) ──────────────────────
+
+
+async def _enroll_host(uuid: str = "h-test", name: str = "test-host") -> str:
+    await _repo.add_swarm_host(
+        {
+            "uuid": uuid,
+            "name": name,
+            "address": "10.99.0.2",
+            "agent_port": 8765,
+            "status": "active",
+            "client_cert_fingerprint": "a" * 64,
+            "cert_bundle_path": "/tmp/test",
+        }
+    )
+    return uuid
+
+
+@pytest.mark.anyio
+async def test_lan_create_with_host_uuid(client, auth_token):
+    topology_id = await _seed("lan-host-create")
+    host_uuid = await _enroll_host("h-create", "host-create")
+    r = await client.post(
+        f"{_V1}/{topology_id}/lans",
+        json={"name": "remote-lan", "host_uuid": host_uuid},
+        headers=_hdr(auth_token),
+    )
+    assert r.status_code == 201, r.text
+    assert r.json()["host_uuid"] == host_uuid
+
+
+@pytest.mark.anyio
+async def test_lan_create_rejects_unknown_host(client, auth_token):
+    topology_id = await _seed("lan-host-bad")
+    r = await client.post(
+        f"{_V1}/{topology_id}/lans",
+        json={"name": "ghost-lan", "host_uuid": "ghost-uuid"},
+        headers=_hdr(auth_token),
+    )
+    assert r.status_code == 400
+
+
+@pytest.mark.anyio
+async def test_lan_patch_host_uuid(client, auth_token):
+    topology_id = await _seed("lan-host-patch")
+    host_uuid = await _enroll_host("h-patch", "host-patch")
+    lans = await _repo.list_lans_for_topology(topology_id)
+    lan_id = lans[0]["id"]
+
+    r = await client.patch(
+        f"{_V1}/{topology_id}/lans/{lan_id}",
+        json={"host_uuid": host_uuid},
+        headers=_hdr(auth_token),
+    )
+    assert r.status_code == 200, r.text
+    assert r.json()["host_uuid"] == host_uuid
+
+
+@pytest.mark.anyio
+async def test_lan_patch_rejects_unknown_host(client, auth_token):
+    topology_id = await _seed("lan-host-patch-bad")
+    lans = await _repo.list_lans_for_topology(topology_id)
+    lan_id = lans[0]["id"]
+
+    r = await client.patch(
+        f"{_V1}/{topology_id}/lans/{lan_id}",
+        json={"host_uuid": "ghost-uuid"},
+        headers=_hdr(auth_token),
+    )
+    assert r.status_code == 400
+
+
 # ── Decky CRUD ────────────────────────────────────────────────────