[floating-ip,fix,api] Fix floating IP creation API to distinguish explicit IP from pool selection (#9687)

Fixes #9680. 

This work clears up ambiguity. 

`AddressAllocator::Explicit` now requires only an IP field, with the pool inferred from the address (since IP pools cannot have overlapping ranges). Pool-based allocation moves to `AddressAllocator::Auto` with `PoolSelector::Explicit { pool }`.

Includes:
- Simplifies `AddressAllocator::Explicit` to only require `ip` as a field (pool inferred)
- Moves explicit pool selection to `Auto { pool_selector: PoolSelector::Explicit { pool } }`
- Adds API version 2026012200 (`FLOATING_IP_ALLOCATOR_UPDATE`)
- Adds `ip_pool_fetch_containing_address()` to resolve pool from explicit IP address correctly
  * Consolidates multicast pool resolution to use `ip_pool_fetch_containing_address()` too
- Adds versioned types in v2026011600.rs and updates v2026011501.rs delegation chain
- Adds unit tests for wire format compatibility and version conversions
- Adds FloatingIpAllocation enum at datastore layer (type-safe, mirrors multicast pattern)
- Adds Display impl for consistent pool selection logging (inferred/explicit/default/auto)
- Converts `NotFound` to `InvalidRequest` for an IP not in any configured pool
- Adds an index on `ip_pool_range.ip_pool_id` (schema version 223) for optimizing `ip_pool_fetch_containing_address()` and other queries

Current params JSON:

- Explicit IP (pool inferred from address):
```json
{"type": "explicit", "ip": "10.0.0.1"} 
```

- Auto with explicit pool:
```json
{"type": "auto", "pool_selector": {"type": "explicit", "pool": "my-pool"}}
```

- Auto with default pool (specific IP version)
```json
{"type": "auto", "pool_selector": {"type": "auto", "ip_version": "v4"}}
```

- Auto with default pool (silo default, works only if there's a single
default pool)
```json
{"type": "auto", "pool_selector": {"type": "auto"}}
```

- Auto with all defaults (works only if there's a single default pool)
```json
{"type": "auto"}
```

Example `FloatingIpCreate` request body:

```json
{
  "name": "my-floating-ip",
  "description": "Example floating IP",
  "address_allocator": {"type": "explicit", "ip": "10.0.0.1"}
}
```
  
Or with pool selection:

```json
{
  "name": "my-floating-ip",
  "description": "Example floating IP",
  "address_allocator": {
    "type": "auto",
    "pool_selector": {"type": "explicit", "pool": "my-pool"}
  }
}
```

Note: There's some multicast cleanup here to make sure of the same functionality, which just removes unnecessary code.

Author: zeeshanlakhani

Cargo.lock

@@ -16,7 +16,7 @@ use std::{collections::BTreeMap, sync::LazyLock};
 ///
 /// This must be updated when you change the database schema.  Refer to
 /// schema/crdb/README.adoc in the root of this repository for details.
-pub const SCHEMA_VERSION: Version = Version::new(222, 0, 0);
+pub const SCHEMA_VERSION: Version = Version::new(223, 0, 0);
 
 /// List of all past database schema versions, in *reverse* order
 ///
@@ -28,6 +28,7 @@ static KNOWN_VERSIONS: LazyLock<Vec<KnownVersion>> = LazyLock::new(|| {
         // |  leaving the first copy as an example for the next person.
         // v
         // KnownVersion::new(next_int, "unique-dirname-with-the-sql-files"),
+        KnownVersion::new(223, "ip-pool-range-by-pool-id-index"),
         KnownVersion::new(222, "audit-log-credential-id"),
         KnownVersion::new(221, "audit-log-auth-method-enum"),
         KnownVersion::new(220, "multicast-implicit-lifecycle"),

nexus/db-model/src/schema_versions.rs

@@ -58,9 +58,40 @@ use omicron_uuid_kinds::InstanceUuid;
 use omicron_uuid_kinds::OmicronZoneUuid;
 use ref_cast::RefCast;
 use sled_agent_types::inventory::ZoneKind;
+use slog::debug;
 use std::net::IpAddr;
 use uuid::Uuid;
 
+/// Floating IP allocation method.
+///
+/// Separate from `params::AddressAllocator` because pool resolution requires
+/// async authz lookup. The app layer converts API params to this type.
+#[derive(Debug, Clone)]
+pub enum FloatingIpAllocation {
+    /// Use a specific IP address. Pool is inferred from the address since
+    /// IP pool ranges cannot overlap.
+    Explicit { ip: IpAddr },
+    /// Auto-allocate from a pool.
+    Auto {
+        /// Explicit pool to allocate from. If None, uses the silo's default.
+        pool: Option<authz::IpPool>,
+        /// IP version for default pool selection.
+        /// Required if both IPv4 and IPv6 default pools exist and no explicit
+        /// pool is specified.
+        ip_version: Option<IpVersion>,
+    },
+}
+
+impl std::fmt::Display for FloatingIpAllocation {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            Self::Explicit { .. } => write!(f, "inferred"),
+            Self::Auto { pool: Some(_), .. } => write!(f, "explicit"),
+            Self::Auto { pool: None, .. } => write!(f, "default"),
+        }
+    }
+}
+
 // NOTE: This number includes the automatically-created SNAT IP for every
 // instance. We need to change that allocation so that it's only when necessary,
 // tracked by https://github.com/oxidecomputer/omicron/issues/9003.
@@ -220,31 +251,56 @@ impl DataStore {
     }
 
     /// Allocates a floating IP address for instance usage.
-    ///
-    /// If `ip_version` is provided and no pool is specified, the default pool
-    /// lookup will be filtered to that version. If both IPv4 and IPv6 default
-    /// pools exist and `ip_version` is `None`, an error is returned.
     pub async fn allocate_floating_ip(
         &self,
         opctx: &OpContext,
         project_id: Uuid,
         identity: IdentityMetadataCreateParams,
-        ip: Option<IpAddr>,
-        pool: Option<authz::IpPool>,
-        ip_version: Option<IpVersion>,
+        allocation: FloatingIpAllocation,
     ) -> CreateResult<ExternalIp> {
         let ip_id = Uuid::new_v4();
 
-        let authz_pool = self
-            .resolve_pool_for_allocation(
-                opctx,
-                pool,
-                IpPoolType::Unicast,
-                ip_version,
-            )
-            .await?;
+        let (authz_pool, explicit_ip) = match &allocation {
+            FloatingIpAllocation::Explicit { ip } => {
+                let pool = self
+                    .ip_pool_fetch_containing_address(
+                        opctx,
+                        *ip,
+                        IpPoolType::Unicast,
+                    )
+                    .await
+                    .map_err(|e| match e {
+                        Error::ObjectNotFound { .. } => {
+                            Error::invalid_request(format!(
+                                "IP address {ip} is not in any configured pool"
+                            ))
+                        }
+                        other => other,
+                    })?;
+                (pool, Some(*ip))
+            }
+            FloatingIpAllocation::Auto { pool, ip_version } => {
+                let pool = self
+                    .resolve_pool_for_allocation(
+                        opctx,
+                        pool.clone(),
+                        IpPoolType::Unicast,
+                        *ip_version,
+                    )
+                    .await?;
+                (pool, None)
+            }
+        };
+
+        debug!(
+            opctx.log,
+            "floating IP allocation";
+            "pool_selection" => %allocation,
+            "pool_id" => %authz_pool.id(),
+            "project_id" => %project_id,
+        );
 
-        let data = if let Some(ip) = ip {
+        let data = if let Some(ip) = explicit_ip {
             IncompleteExternalIp::for_floating_explicit(
                 ip_id,
                 &Name(identity.name),
@@ -1699,7 +1755,7 @@ mod tests {
             .await
             .expect("Should link multicast pool");
 
-        // Try to allocate floating IP
+        // Try to allocate floating IP from default pool (no pool, no IP version)
         let res = datastore
             .allocate_floating_ip(
                 &opctx,
@@ -1708,9 +1764,7 @@ mod tests {
                     name: "my-floating-ip".parse().unwrap(),
                     description: "A floating IP".to_string(),
                 },
-                None, // No specific IP
-                None, // No specific pool - use default
-                None, // No specific IP version
+                FloatingIpAllocation::Auto { pool: None, ip_version: None },
             )
             .await;
 
@@ -1773,7 +1827,7 @@ mod tests {
             .await
             .expect("Should link unicast pool");
 
-        // Now floating IP allocation should succeed
+        // Now floating IP allocation from default pool should succeed
         let floating_ip = datastore
             .allocate_floating_ip(
                 &opctx,
@@ -1782,9 +1836,7 @@ mod tests {
                     name: "my-floating-ip".parse().unwrap(),
                     description: "A floating IP".to_string(),
                 },
-                None, // No specific IP
-                None, // No specific pool - use default
-                None, // No specific IP version, but just 1 default pool
+                FloatingIpAllocation::Auto { pool: None, ip_version: None },
             )
             .await
             .expect("Floating IP allocation should succeed with unicast default pool");