From bf6831332d826d4ab58ce6723396036b475ce2ce Mon Sep 17 00:00:00 2001 From: "oxide-renovate[bot]" <146848827+oxide-renovate[bot]@users.noreply.github.com> Date: Tue, 14 May 2024 06:20:52 +0000 Subject: [PATCH 1/7] Update Rust crate async-recursion to 1.1.1 (#5632) --- Cargo.lock | 4 ++-- oximeter/db/Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 0601dc0588..5796ac9c67 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -266,9 +266,9 @@ dependencies = [ [[package]] name = "async-recursion" -version = "1.1.0" +version = "1.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30c5ef0ede93efbf733c1a727f3b6b5a1060bbedd5600183e66f6e4be4af0ec5" +checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11" dependencies = [ "proc-macro2", "quote", diff --git a/oximeter/db/Cargo.toml b/oximeter/db/Cargo.toml index b1c394b219..c446bc7822 100644 --- a/oximeter/db/Cargo.toml +++ b/oximeter/db/Cargo.toml @@ -10,7 +10,7 @@ workspace = true [dependencies] anyhow.workspace = true -async-recursion = "1.1.0" +async-recursion = "1.1.1" async-trait.workspace = true bcs.workspace = true camino.workspace = true From b16b151ae5df001050274890d2cb835fdc95858a Mon Sep 17 00:00:00 2001 From: "oxide-renovate[bot]" <146848827+oxide-renovate[bot]@users.noreply.github.com> Date: Tue, 14 May 2024 07:27:13 +0000 Subject: [PATCH 2/7] Update Rust crate num to 0.4.3 (#5756) --- Cargo.lock | 21 ++++++++++----------- Cargo.toml | 2 +- workspace-hack/Cargo.toml | 8 ++++---- 3 files changed, 15 insertions(+), 16 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5796ac9c67..da45845d14 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4992,9 +4992,9 @@ dependencies = [ [[package]] name = "num" -version = "0.4.2" +version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3135b08af27d103b0a51f2ae0f8632117b7b185ccf931445affa8df530576a41" +checksum = "35bd024e8b2ff75562e5f34e7f4905839deb4b22955ef5e73d2fea1b9813cb23" dependencies = [ "num-complex", "num-integer", @@ -5035,9 +5035,9 @@ dependencies = [ [[package]] name = "num-complex" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23c6602fda94a57c990fe0df199a035d83576b496aa29f4e634a8ac6004e68a6" +checksum = "73f88a1307638156682bada9d7604135552957b7818057dcef22705b4d509495" dependencies = [ "num-traits", ] @@ -5070,9 +5070,9 @@ dependencies = [ [[package]] name = "num-iter" -version = "0.1.44" +version = "0.1.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d869c01cc0c455284163fd0092f1f93835385ccab5a98a0dcc497b2f8bf055a9" +checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf" dependencies = [ "autocfg", "num-integer", @@ -5081,20 +5081,19 @@ dependencies = [ [[package]] name = "num-rational" -version = "0.4.1" +version = "0.4.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0638a1c9d0a3c0914158145bc76cff373a75a627e6ecbfb71cbe6f453a5a19b0" +checksum = "f83d14da390562dca69fc84082e73e548e1ad308d24accdedd2720017cb37824" dependencies = [ - "autocfg", "num-integer", "num-traits", ] [[package]] name = "num-traits" -version = "0.2.18" +version = "0.2.19" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" dependencies = [ "autocfg", "libm", diff --git a/Cargo.toml b/Cargo.toml index aa85ce6421..90045f4d32 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -335,7 +335,7 @@ nexus-test-utils-macros = { path = "nexus/test-utils-macros" } nexus-test-utils = { path = "nexus/test-utils" } nexus-types = { path = "nexus/types" } num-integer = "0.1.46" -num = { version = "0.4.2", default-features = false, features = [ "libm" ] } +num = { version = "0.4.3", default-features = false, features = [ "libm" ] } omicron-common = { path = "common" } omicron-gateway = { path = "gateway" } omicron-nexus = { path = "nexus" } diff --git a/workspace-hack/Cargo.toml b/workspace-hack/Cargo.toml index 45ed25e59b..625832637a 100644 --- a/workspace-hack/Cargo.toml +++ b/workspace-hack/Cargo.toml @@ -74,8 +74,8 @@ memchr = { version = "2.7.1" } nom = { version = "7.1.3" } num-bigint = { version = "0.4.4", features = ["rand"] } num-integer = { version = "0.1.46", features = ["i128"] } -num-iter = { version = "0.1.44", default-features = false, features = ["i128"] } -num-traits = { version = "0.2.18", features = ["i128", "libm"] } +num-iter = { version = "0.1.45", default-features = false, features = ["i128"] } +num-traits = { version = "0.2.19", features = ["i128", "libm"] } openapiv3 = { version = "2.0.0", default-features = false, features = ["skip_serializing_defaults"] } peg-runtime = { version = "0.8.3", default-features = false, features = ["std"] } pem-rfc7468 = { version = "0.7.0", default-features = false, features = ["std"] } @@ -181,8 +181,8 @@ memchr = { version = "2.7.1" } nom = { version = "7.1.3" } num-bigint = { version = "0.4.4", features = ["rand"] } num-integer = { version = "0.1.46", features = ["i128"] } -num-iter = { version = "0.1.44", default-features = false, features = ["i128"] } -num-traits = { version = "0.2.18", features = ["i128", "libm"] } +num-iter = { version = "0.1.45", default-features = false, features = ["i128"] } +num-traits = { version = "0.2.19", features = ["i128", "libm"] } openapiv3 = { version = "2.0.0", default-features = false, features = ["skip_serializing_defaults"] } peg-runtime = { version = "0.8.3", default-features = false, features = ["std"] } pem-rfc7468 = { version = "0.7.0", default-features = false, features = ["std"] } From ecf21a447d0bf36cb6dadf473fd3a2f0fcb72df2 Mon Sep 17 00:00:00 2001 From: "oxide-renovate[bot]" <146848827+oxide-renovate[bot]@users.noreply.github.com> Date: Tue, 14 May 2024 07:41:14 +0000 Subject: [PATCH 3/7] Update Rust crate paste to 1.0.15 (#5757) --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index da45845d14..46f91c8b00 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -6462,9 +6462,9 @@ dependencies = [ [[package]] name = "paste" -version = "1.0.14" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de3145af08024dea9fa9914f381a17b8fc6034dfb00f3a84013f7ff43f29ed4c" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" [[package]] name = "path-slash" diff --git a/Cargo.toml b/Cargo.toml index 90045f4d32..28028c5f2b 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -367,7 +367,7 @@ p256 = "0.13" parse-display = "0.9.0" partial-io = { version = "0.5.4", features = ["proptest1", "tokio1"] } parse-size = "1.0.0" -paste = "1.0.14" +paste = "1.0.15" percent-encoding = "2.3.1" peg = "0.8.3" pem = "3.0" From 0418e8ac02852ef68a7d7f3c440428cbe136b273 Mon Sep 17 00:00:00 2001 From: "oxide-renovate[bot]" <146848827+oxide-renovate[bot]@users.noreply.github.com> Date: Tue, 14 May 2024 09:08:55 +0000 Subject: [PATCH 4/7] Update taiki-e/install-action digest to 2f990e9 (#5759) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [taiki-e/install-action](https://togithub.com/taiki-e/install-action) | action | digest | [`c2927f0` -> `2f990e9`](https://togithub.com/taiki-e/install-action/compare/c2927f0...2f990e9) | --- ### Configuration 📅 **Schedule**: Branch creation - "after 8pm,before 6am" in timezone America/Los_Angeles, Automerge - "after 8pm,before 6am" in timezone America/Los_Angeles. 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). Co-authored-by: oxide-renovate[bot] <146848827+oxide-renovate[bot]@users.noreply.github.com> --- .github/workflows/hakari.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/hakari.yml b/.github/workflows/hakari.yml index 45cc926d3c..d6207dc0f0 100644 --- a/.github/workflows/hakari.yml +++ b/.github/workflows/hakari.yml @@ -24,7 +24,7 @@ jobs: with: toolchain: stable - name: Install cargo-hakari - uses: taiki-e/install-action@c2927f0c5b5adc6a76bc4a7847bc6e0503754bed # v2 + uses: taiki-e/install-action@2f990e9c484f0590cb76a07296e9677b417493e9 # v2 with: tool: cargo-hakari - name: Check workspace-hack Cargo.toml is up-to-date From 4eacb9288ac300bd2b9c5718eb5d85c8d2d4c081 Mon Sep 17 00:00:00 2001 From: Rain Date: Tue, 14 May 2024 02:27:35 -0700 Subject: [PATCH 5/7] [common] remove From for IpNet impls (#5711) Closes #5687. --- common/src/api/external/mod.rs | 47 ++++++++++++--------- common/src/api/internal/shared.rs | 2 +- nexus/networking/src/firewall_rules.rs | 4 +- nexus/tests/integration_tests/allow_list.rs | 11 +++-- 4 files changed, 36 insertions(+), 28 deletions(-) diff --git a/common/src/api/external/mod.rs b/common/src/api/external/mod.rs index 9ce5e6ce46..1c01782cc6 100644 --- a/common/src/api/external/mod.rs +++ b/common/src/api/external/mod.rs @@ -1234,6 +1234,13 @@ impl DiskState { pub struct Ipv4Net(pub ipnetwork::Ipv4Network); impl Ipv4Net { + /// Constructs a new `Ipv4Net` representing a single IP. + pub fn single(ip: Ipv4Addr) -> Self { + Ipv4Net( + ipnetwork::Ipv4Network::new(ip, 32).expect("32 is within range"), + ) + } + /// Return `true` if this IPv4 subnetwork is from an RFC 1918 private /// address space. pub fn is_private(&self) -> bool { @@ -1301,6 +1308,13 @@ impl Ipv6Net { /// The prefix length for all VPC Sunets pub const VPC_SUBNET_IPV6_PREFIX_LENGTH: u8 = 64; + /// Constructs a new `Ipv6Net` representing a single IPv6 address. + pub fn single(ip: Ipv6Addr) -> Self { + Ipv6Net( + ipnetwork::Ipv6Network::new(ip, 128).expect("128 is within range"), + ) + } + /// Return `true` if this subnetwork is in the IPv6 Unique Local Address /// range defined in RFC 4193, e.g., `fd00:/8` pub fn is_unique_local(&self) -> bool { @@ -1436,6 +1450,14 @@ pub enum IpNet { } impl IpNet { + /// Constructs a new `IpNet` representing a single IP. + pub fn single(ip: IpAddr) -> Self { + match ip { + IpAddr::V4(ip) => IpNet::V4(Ipv4Net::single(ip)), + IpAddr::V6(ip) => IpNet::V6(Ipv6Net::single(ip)), + } + } + /// Return the underlying address. pub fn ip(&self) -> IpAddr { match self { @@ -1508,39 +1530,22 @@ impl From for IpNet { } } +// NOTE: We deliberately do *NOT* implement `From for IpNet`. +// This is because there are many ways to convert an address into a network. +// See https://github.com/oxidecomputer/omicron/issues/5687. + impl From for IpNet { fn from(n: Ipv4Net) -> IpNet { IpNet::V4(n) } } -impl From for IpNet { - fn from(n: Ipv4Addr) -> IpNet { - IpNet::V4(Ipv4Net(ipnetwork::Ipv4Network::from(n))) - } -} - impl From for IpNet { fn from(n: Ipv6Net) -> IpNet { IpNet::V6(n) } } -impl From for IpNet { - fn from(n: Ipv6Addr) -> IpNet { - IpNet::V6(Ipv6Net(ipnetwork::Ipv6Network::from(n))) - } -} - -impl From for IpNet { - fn from(n: IpAddr) -> IpNet { - match n { - IpAddr::V4(v4) => IpNet::from(v4), - IpAddr::V6(v6) => IpNet::from(v6), - } - } -} - impl std::fmt::Display for IpNet { fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { match self { diff --git a/common/src/api/internal/shared.rs b/common/src/api/internal/shared.rs index 6bd40d3ff0..9d9ff083e4 100644 --- a/common/src/api/internal/shared.rs +++ b/common/src/api/internal/shared.rs @@ -608,7 +608,7 @@ mod tests { assert_eq!( parsed, AllowedSourceIps::try_from(vec![ - IpNet::from(Ipv4Addr::LOCALHOST), + IpNet::V4(Ipv4Net::single(Ipv4Addr::LOCALHOST)), IpNet::V4(Ipv4Net( Ipv4Network::new(Ipv4Addr::new(10, 0, 0, 0), 24).unwrap() )), diff --git a/nexus/networking/src/firewall_rules.rs b/nexus/networking/src/firewall_rules.rs index dc67ce5937..623c545702 100644 --- a/nexus/networking/src/firewall_rules.rs +++ b/nexus/networking/src/firewall_rules.rs @@ -353,7 +353,7 @@ pub async fn resolve_firewall_rules_for_sled_agent( .unwrap_or(&no_interfaces) { host_addrs.push( - HostIdentifier::Ip(IpNet::from( + HostIdentifier::Ip(IpNet::single( interface.ip, )) .into(), @@ -373,7 +373,7 @@ pub async fn resolve_firewall_rules_for_sled_agent( } external::VpcFirewallRuleHostFilter::Ip(addr) => { host_addrs.push( - HostIdentifier::Ip(IpNet::from(*addr)).into(), + HostIdentifier::Ip(IpNet::single(*addr)).into(), ) } external::VpcFirewallRuleHostFilter::IpNet(net) => { diff --git a/nexus/tests/integration_tests/allow_list.rs b/nexus/tests/integration_tests/allow_list.rs index 319696b5f5..fde0fe5db7 100644 --- a/nexus/tests/integration_tests/allow_list.rs +++ b/nexus/tests/integration_tests/allow_list.rs @@ -9,6 +9,7 @@ use nexus_test_utils::http_testing::{AuthnMode, NexusRequest}; use nexus_test_utils_macros::nexus_test; use nexus_types::external_api::{params, views}; use omicron_common::api::external::AllowedSourceIps; +use omicron_common::api::external::IpNet; use std::net::IpAddr; use std::net::Ipv4Addr; @@ -74,7 +75,7 @@ async fn test_allow_list(cptestctx: &ControlPlaneTestContext) { } // Set the list with exactly one IP, make sure it's the same. - let allowed_ips = AllowedSourceIps::try_from(vec![our_addr.into()]) + let allowed_ips = AllowedSourceIps::try_from(vec![IpNet::single(our_addr)]) .expect("Expected a valid IP list"); update_list_and_compare(client, allowed_ips).await; @@ -82,8 +83,10 @@ async fn test_allow_list(cptestctx: &ControlPlaneTestContext) { // // This is a regression for // https://github.com/oxidecomputer/omicron/issues/5727. - let addrs = - vec![our_addr.into(), IpAddr::V4(Ipv4Addr::new(10, 0, 0, 1)).into()]; + let addrs = vec![ + IpNet::single(our_addr), + IpNet::single(IpAddr::V4(Ipv4Addr::new(10, 0, 0, 1))), + ]; let allowed_ips = AllowedSourceIps::try_from(addrs.clone()) .expect("Expected a valid IP list"); update_list_and_compare(client, allowed_ips).await; @@ -98,7 +101,7 @@ async fn test_allow_list(cptestctx: &ControlPlaneTestContext) { // Check that we cannot make the request with a list that doesn't include // us. - let addrs = vec![IpAddr::V4(Ipv4Addr::new(1, 1, 1, 1)).into()]; + let addrs = vec![IpNet::single(IpAddr::V4(Ipv4Addr::new(1, 1, 1, 1)))]; let allowed_ips = AllowedSourceIps::try_from(addrs.clone()) .expect("Expected a valid IP list"); let new_list = params::AllowListUpdate { allowed_ips }; From 978a437826857403b5db132c1c701fd30aa18ac3 Mon Sep 17 00:00:00 2001 From: "oxide-renovate[bot]" <146848827+oxide-renovate[bot]@users.noreply.github.com> Date: Tue, 14 May 2024 09:41:16 +0000 Subject: [PATCH 6/7] Update Rust crate petgraph to 0.6.5 (#5758) --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- workspace-hack/Cargo.toml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 46f91c8b00..6cad030295 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -6607,9 +6607,9 @@ dependencies = [ [[package]] name = "petgraph" -version = "0.6.4" +version = "0.6.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1d3afd2628e69da2be385eb6f2fd57c8ac7977ceeff6dc166ff1657b0e386a9" +checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db" dependencies = [ "fixedbitset", "indexmap 2.2.6", diff --git a/Cargo.toml b/Cargo.toml index 28028c5f2b..f04fffff7d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -371,7 +371,7 @@ paste = "1.0.15" percent-encoding = "2.3.1" peg = "0.8.3" pem = "3.0" -petgraph = "0.6.4" +petgraph = "0.6.5" postgres-protocol = "0.6.6" predicates = "3.1.0" pretty_assertions = "1.4.0" diff --git a/workspace-hack/Cargo.toml b/workspace-hack/Cargo.toml index 625832637a..75af094200 100644 --- a/workspace-hack/Cargo.toml +++ b/workspace-hack/Cargo.toml @@ -79,7 +79,7 @@ num-traits = { version = "0.2.19", features = ["i128", "libm"] } openapiv3 = { version = "2.0.0", default-features = false, features = ["skip_serializing_defaults"] } peg-runtime = { version = "0.8.3", default-features = false, features = ["std"] } pem-rfc7468 = { version = "0.7.0", default-features = false, features = ["std"] } -petgraph = { version = "0.6.4", features = ["serde-1"] } +petgraph = { version = "0.6.5", features = ["serde-1"] } postgres-types = { version = "0.2.6", default-features = false, features = ["with-chrono-0_4", "with-serde_json-1", "with-uuid-1"] } ppv-lite86 = { version = "0.2.17", default-features = false, features = ["simd", "std"] } predicates = { version = "3.1.0" } @@ -186,7 +186,7 @@ num-traits = { version = "0.2.19", features = ["i128", "libm"] } openapiv3 = { version = "2.0.0", default-features = false, features = ["skip_serializing_defaults"] } peg-runtime = { version = "0.8.3", default-features = false, features = ["std"] } pem-rfc7468 = { version = "0.7.0", default-features = false, features = ["std"] } -petgraph = { version = "0.6.4", features = ["serde-1"] } +petgraph = { version = "0.6.5", features = ["serde-1"] } postgres-types = { version = "0.2.6", default-features = false, features = ["with-chrono-0_4", "with-serde_json-1", "with-uuid-1"] } ppv-lite86 = { version = "0.2.17", default-features = false, features = ["simd", "std"] } predicates = { version = "3.1.0" } From 8c38ad1f07f90b6caca0062a6be5a3aabb5e6e79 Mon Sep 17 00:00:00 2001 From: iliana etaoin Date: Tue, 14 May 2024 08:17:58 -0700 Subject: [PATCH 7/7] re-use reqwest::Client in disk_manual_import (#5750) Fixes #5717. @faithanalog will follow-up with performance numbers she's running now. We should probably do this to other clients we generate on-the-fly in Nexus, too, but this is probably the worst offender to fix. --- nexus/src/app/disk.rs | 8 ++++---- nexus/src/app/mod.rs | 14 ++++++++++++++ 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/nexus/src/app/disk.rs b/nexus/src/app/disk.rs index 2286d2f183..78ae002dd3 100644 --- a/nexus/src/app/disk.rs +++ b/nexus/src/app/disk.rs @@ -488,10 +488,10 @@ impl super::Nexus { // that user's program can act accordingly. In a way, the user's // program is an externally driven saga instead. - let client = crucible_pantry_client::Client::new(&format!( - "http://{}", - endpoint - )); + let client = crucible_pantry_client::Client::new_with_client( + &format!("http://{}", endpoint), + self.reqwest_client.clone(), + ); let request = crucible_pantry_client::types::BulkWriteRequest { offset: param.offset, base64_encoded_data: param.base64_encoded_data, diff --git a/nexus/src/app/mod.rs b/nexus/src/app/mod.rs index a22fad0c81..2807f77455 100644 --- a/nexus/src/app/mod.rs +++ b/nexus/src/app/mod.rs @@ -152,6 +152,13 @@ pub struct Nexus { /// The metric producer server from which oximeter collects metric data. producer_server: std::sync::Mutex>, + /// Reusable `reqwest::Client`, to be cloned and used with the Progenitor- + /// generated `Client::new_with_client`. + /// + /// (This does not need to be in an `Arc` because `reqwest::Client` uses + /// `Arc` internally.) + reqwest_client: reqwest::Client, + /// Client to the timeseries database. timeseries_client: LazyTimeseriesClient, @@ -343,6 +350,12 @@ impl Nexus { } } + let reqwest_client = reqwest::ClientBuilder::new() + .connect_timeout(std::time::Duration::from_secs(15)) + .timeout(std::time::Duration::from_secs(15)) + .build() + .map_err(|e| e.to_string())?; + // Connect to clickhouse - but do so lazily. // Clickhouse may not be executing when Nexus starts. let timeseries_client = if let Some(address) = @@ -412,6 +425,7 @@ impl Nexus { internal_server: std::sync::Mutex::new(None), producer_server: std::sync::Mutex::new(None), populate_status, + reqwest_client, timeseries_client, updates_config: config.pkg.updates.clone(), tunables: config.pkg.tunables.clone(),