Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions pkg/servers/e2b/api_key.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,7 @@ func (sc *Controller) DeleteAPIKey(r *http.Request) (web.ApiResponse[struct{}],
Message: fmt.Sprintf("Failed to delete API key: %v", err),
}
}
sc.deletedAPIKeys.Add(key.ID.String())
if key.QuotaSpec != nil && key.QuotaSpec.IsLimited() {
// Deleted-key quota cleanup is bounded best-effort. If Redis stays
// unavailable past the retry window, the leftover q:live/q:sum keys become
Expand Down
1 change: 1 addition & 0 deletions pkg/servers/e2b/api_key_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -660,6 +660,7 @@ func TestDeleteAPIKeyPermissionMiddleware(t *testing.T) {
}
require.Nil(t, apiError)
assert.Equal(t, tt.expectCode, resp.Code)
assert.True(t, controller.deletedAPIKeys.Contains(tt.targetID))
})
}
}
Expand Down
56 changes: 56 additions & 0 deletions pkg/servers/e2b/api_key_tombstone.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
/*
Copyright 2026.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package e2b

import (
"sync"
"time"
)

const defaultAPIKeyDeletionTombstoneTTL = 10 * time.Minute

type apiKeyDeletionTombstones struct {
ttl time.Duration
entries sync.Map
}

func newAPIKeyDeletionTombstones(ttl time.Duration) *apiKeyDeletionTombstones {
return &apiKeyDeletionTombstones{ttl: ttl}
}

func (t *apiKeyDeletionTombstones) Add(id string) {
if t == nil || id == "" {
return
}
t.entries.Store(id, time.Now().Add(t.ttl))
}

func (t *apiKeyDeletionTombstones) Contains(id string) bool {
if t == nil || id == "" {
return false
}
value, ok := t.entries.Load(id)
if !ok {
return false
}
expiresAt, ok := value.(time.Time)
if !ok || time.Now().After(expiresAt) {
t.entries.Delete(id)
return false
}
return true
}
54 changes: 54 additions & 0 deletions pkg/servers/e2b/api_key_tombstone_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
/*
Copyright 2026.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package e2b

import (
"testing"
"time"

"github.com/stretchr/testify/assert"
)

func TestAPIKeyDeletionTombstones(t *testing.T) {
t.Run("nil and empty id are ignored", func(t *testing.T) {
var tombstones *apiKeyDeletionTombstones

tombstones.Add("deleted-key")
assert.False(t, tombstones.Contains("deleted-key"))

tombstones = newAPIKeyDeletionTombstones(time.Minute)
tombstones.Add("")
assert.False(t, tombstones.Contains(""))
})

t.Run("active tombstone is visible", func(t *testing.T) {
tombstones := newAPIKeyDeletionTombstones(time.Minute)

tombstones.Add("deleted-key")

assert.True(t, tombstones.Contains("deleted-key"))
assert.False(t, tombstones.Contains("other-key"))
})

t.Run("expired tombstone is removed", func(t *testing.T) {
tombstones := newAPIKeyDeletionTombstones(-time.Second)
tombstones.Add("deleted-key")

assert.False(t, tombstones.Contains("deleted-key"))
assert.False(t, tombstones.Contains("deleted-key"))
})
}
2 changes: 2 additions & 0 deletions pkg/servers/e2b/core.go
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,7 @@ type Controller struct {
domain string
manager *sandboxmanager.SandboxManager
keys keys.KeyStorage
deletedAPIKeys *apiKeyDeletionTombstones
}

// NewController creates a new E2B Controller
Expand All @@ -88,6 +89,7 @@ func NewController(domain, sysNs, peerSelector, sandboxNamespace, sandboxLabelSe
memberlistBindPort: memberlistBindPort,
keyCfg: keyCfg,
quotaOpts: quotaOpts,
deletedAPIKeys: newAPIKeyDeletionTombstones(defaultAPIKeyDeletionTombstoneTTL),
}

sc.server = &http.Server{
Expand Down
54 changes: 54 additions & 0 deletions pkg/servers/e2b/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ import (
managererrors "github.com/openkruise/agents/pkg/sandbox-manager/errors"
"github.com/openkruise/agents/pkg/sandbox-manager/infra"
"github.com/openkruise/agents/pkg/sandbox-manager/infra/sandboxcr"
quotaspec "github.com/openkruise/agents/pkg/sandbox-manager/quota/spec"
"github.com/openkruise/agents/pkg/servers/e2b/keys"
"github.com/openkruise/agents/pkg/servers/e2b/models"
"github.com/openkruise/agents/pkg/servers/web"
"github.com/openkruise/agents/pkg/utils"
Expand Down Expand Up @@ -111,6 +113,9 @@ func (sc *Controller) CreateSandbox(r *http.Request) (web.ApiResponse[*models.Sa
if validateErr := validateCreateResourceOverride(request); validateErr != nil {
return web.ApiResponse[*models.Sandbox]{}, validateErr
}
if apiErr := sc.ensureCreateAPIKeyActive(user); apiErr != nil {
return web.ApiResponse[*models.Sandbox]{}, apiErr
}
namespace := sc.getNamespaceOfUser(user)
log.Info("create sandbox request received", "request", request)
if sc.manager.GetInfra().HasTemplate(ctx, infra.HasTemplateOptions{
Expand All @@ -132,6 +137,45 @@ func (sc *Controller) CreateSandbox(r *http.Request) (web.ApiResponse[*models.Sa
}
}

func (sc *Controller) ensureCreateAPIKeyActive(user *models.CreatedTeamAPIKey) *web.ApiError {
if sc.keys == nil || user == nil || user.ID == keys.AdminKeyID {
return nil
}
if sc.deletedAPIKeys.Contains(user.ID.String()) {
return &web.ApiError{
Code: http.StatusUnauthorized,
Message: "API key is no longer active",
}
}
return nil
}

func (sc *Controller) cleanupSandboxForDeletedAPIKey(ctx context.Context, sbx infra.Sandbox, user *models.CreatedTeamAPIKey) {
if sbx == nil {
return
}
var userID string
var quotaSpec *quotaspec.QuotaSpec
if user != nil {
userID = user.ID.String()
quotaSpec = user.QuotaSpec
if quotaSpec != nil {
quotaSpec = quotaSpec.DeepCopy()
}
}
log := klog.FromContext(ctx).WithValues("sandbox", klog.KObj(sbx))
cleanupCtx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
defer cancel()
cleanupCtx = klog.NewContext(cleanupCtx, log)
if err := sc.manager.DeleteSandbox(cleanupCtx, sandboxmanager.DeleteSandboxOptions{
Sandbox: sbx,
User: userID,
Quota: quotaSpec,
}); err != nil {
log.Error(err, "failed to cleanup sandbox after API key deletion")
}
}

func (sc *Controller) createSandboxWithClaim(ctx context.Context, request models.NewSandboxRequest, user *models.CreatedTeamAPIKey) (web.ApiResponse[*models.Sandbox], *web.ApiError) {
if request.Extensions.Name != "" || request.Extensions.GenerateName != "" {
return web.ApiResponse[*models.Sandbox]{}, &web.ApiError{
Expand Down Expand Up @@ -211,6 +255,11 @@ func (sc *Controller) createSandboxWithClaim(ctx context.Context, request models
log.Error(err, "sandbox creation failed")
return web.ApiResponse[*models.Sandbox]{}, mapInfraErrorToApiError(err)
}
if apiErr := sc.ensureCreateAPIKeyActive(user); apiErr != nil {
log.Info("API key was deleted while sandbox was being created, cleaning up sandbox", "id", sbx.GetSandboxID())
sc.cleanupSandboxForDeletedAPIKey(ctx, sbx, user)
return web.ApiResponse[*models.Sandbox]{}, apiErr
}
log.Info("sandbox created", "id", sbx.GetSandboxID(), "sbx", klog.KObj(sbx),
"resourceVersion", sbx.GetResourceVersion(), "totalCost", time.Since(claimStart))
return web.ApiResponse[*models.Sandbox]{
Expand Down Expand Up @@ -275,6 +324,11 @@ func (sc *Controller) createSandboxWithClone(ctx context.Context, request models
log.Error(err, "sandbox clone failed")
return web.ApiResponse[*models.Sandbox]{}, mapInfraErrorToApiError(err)
}
if apiErr := sc.ensureCreateAPIKeyActive(user); apiErr != nil {
log.Info("API key was deleted while sandbox was being cloned, cleaning up sandbox", "id", sbx.GetSandboxID())
sc.cleanupSandboxForDeletedAPIKey(ctx, sbx, user)
return web.ApiResponse[*models.Sandbox]{}, apiErr
}
log.Info("sandbox cloned", "id", sbx.GetSandboxID(), "sbx", klog.KObj(sbx),
"resourceVersion", sbx.GetResourceVersion(), "totalCost", time.Since(start))
return web.ApiResponse[*models.Sandbox]{
Expand Down
Loading
Loading