From 4c58f9eae13e47e535595366a36d345833fc6a25 Mon Sep 17 00:00:00 2001
From: Justin Bennett <git@just-be.dev>
Date: Thu, 7 Dec 2023 02:19:26 -0500
Subject: [PATCH] Add WIP integration test setup for quotas

---
 nexus/tests/integration_tests/mod.rs    |   1 +
 nexus/tests/integration_tests/quotas.rs | 159 ++++++++++++++++++++++++
 2 files changed, 160 insertions(+)
 create mode 100644 nexus/tests/integration_tests/quotas.rs

diff --git a/nexus/tests/integration_tests/mod.rs b/nexus/tests/integration_tests/mod.rs
index 4d7b41cfa8..58d2fcfbcc 100644
--- a/nexus/tests/integration_tests/mod.rs
+++ b/nexus/tests/integration_tests/mod.rs
@@ -23,6 +23,7 @@ mod oximeter;
 mod pantry;
 mod password_login;
 mod projects;
+mod quotas;
 mod rack;
 mod role_assignments;
 mod roles_builtin;
diff --git a/nexus/tests/integration_tests/quotas.rs b/nexus/tests/integration_tests/quotas.rs
new file mode 100644
index 0000000000..9c6f581277
--- /dev/null
+++ b/nexus/tests/integration_tests/quotas.rs
@@ -0,0 +1,159 @@
+use anyhow::Error;
+use dropshot::test_util::ClientTestContext;
+use nexus_test_utils::http_testing::AuthnMode;
+use nexus_test_utils::http_testing::NexusRequest;
+use nexus_test_utils::http_testing::TestResponse;
+use nexus_test_utils::resource_helpers::create_local_user;
+use nexus_test_utils::resource_helpers::grant_iam;
+use nexus_test_utils::resource_helpers::object_create;
+use nexus_test_utils_macros::nexus_test;
+use nexus_types::external_api::params;
+use nexus_types::external_api::shared;
+use nexus_types::external_api::shared::SiloRole;
+use omicron_common::api::external::ByteCount;
+use omicron_common::api::external::IdentityMetadataCreateParams;
+use omicron_common::api::external::InstanceCpuCount;
+
+type ControlPlaneTestContext =
+    nexus_test_utils::ControlPlaneTestContext<omicron_nexus::Server>;
+
+struct ResourceAllocator {
+    auth: AuthnMode,
+}
+
+impl ResourceAllocator {
+    fn new(auth: AuthnMode) -> Self {
+        Self { auth }
+    }
+
+    async fn provision_instance(
+        &self,
+        client: &ClientTestContext,
+        name: &str,
+        cpus: u16,
+        memory: u32,
+    ) -> Result<TestResponse, Error> {
+        NexusRequest::objects_post(
+            client,
+            "/v1/instances?project=project",
+            &params::InstanceCreate {
+                identity: IdentityMetadataCreateParams {
+                    name: name.parse().unwrap(),
+                    description: "".into(),
+                },
+                ncpus: InstanceCpuCount(cpus),
+                memory: ByteCount::from_gibibytes_u32(memory),
+                hostname: "host".to_string(),
+                user_data: b"#cloud-config\nsystem_info:\n  default_user:\n    name: oxide"
+                    .to_vec(),
+                network_interfaces: params::InstanceNetworkInterfaceAttachment::Default,
+                external_ips: Vec::<params::ExternalIpCreate>::new(),
+                disks: Vec::<params::InstanceDiskAttachment>::new(),
+                start: true,
+            },
+        )
+        .authn_as(self.auth.clone())
+        .execute()
+        .await
+    }
+
+    async fn provision_disk(
+        &self,
+        client: &ClientTestContext,
+        name: &str,
+        size: u32,
+    ) -> Result<TestResponse, Error> {
+        NexusRequest::objects_post(
+            client,
+            "/v1/disks?project=project",
+            &params::DiskCreate {
+                identity: IdentityMetadataCreateParams {
+                    name: name.parse().unwrap(),
+                    description: "".into(),
+                },
+                size: ByteCount::from_gibibytes_u32(size),
+                disk_source: params::DiskSource::Blank {
+                    block_size: params::BlockSize::try_from(512).unwrap(),
+                },
+            },
+        )
+        .authn_as(self.auth.clone())
+        .execute()
+        .await
+    }
+}
+
+async fn setup_silo_with_quota(
+    client: &ClientTestContext,
+    silo_name: &str,
+    quotas: params::SiloQuotasCreate,
+) -> ResourceAllocator {
+    let silo = object_create(
+        client,
+        "/v1/system/silos",
+        &params::SiloCreate {
+            identity: IdentityMetadataCreateParams {
+                name: silo_name.parse().unwrap(),
+                description: "".into(),
+            },
+            quotas,
+            discoverable: true,
+            identity_mode: shared::SiloIdentityMode::LocalOnly,
+            admin_group_name: None,
+            tls_certificates: vec![],
+            mapped_fleet_roles: Default::default(),
+        },
+    )
+    .await;
+
+    // Create a silo user
+    let user = create_local_user(
+        client,
+        &silo,
+        &"user".parse().unwrap(),
+        params::UserPassword::LoginDisallowed,
+    )
+    .await;
+
+    // Make silo admin
+    grant_iam(
+        client,
+        format!("/v1/system/silos/{}", silo_name).as_str(),
+        SiloRole::Admin,
+        user.id,
+        AuthnMode::PrivilegedUser,
+    )
+    .await;
+
+    let auth_mode = AuthnMode::SiloUser(user.id);
+
+    NexusRequest::objects_post(
+        client,
+        "/v1/projects",
+        &params::ProjectCreate {
+            identity: IdentityMetadataCreateParams {
+                name: "project".parse().unwrap(),
+                description: "".into(),
+            },
+        },
+    )
+    .authn_as(auth_mode.clone())
+    .execute()
+    .await?;
+
+    ResourceAllocator::new(auth_mode)
+}
+
+#[nexus_test]
+async fn test_quotas(cptestctx: &ControlPlaneTestContext) {
+    let client = &cptestctx.external_client;
+    // let nexus = &cptestctx.server.apictx().nexus;
+
+    let system = setup_silo_with_quota(
+        &client,
+        "rationed_silo",
+        params::SiloQuotasCreate::empty(),
+    )
+    .await;
+    system.provision_instance(client, "instance", 1, 1).await;
+}