Remove URL based image creation and import (#2898)

Remove both params::ImageSource::Url and params::ImportBlocksFromUrl
(along with associated HTTP endpoint): do not allow customers to create
an image from a URL, that was for development purposes only. Now that
Nexus supports importing blocks via the Pantry this is no longer
required.

Closes #2893

Co-authored-by: iliana etaoin <[email protected]>

.github/buildomat/jobs/deploy.sh

@@ -281,19 +281,15 @@ rmdir pkg
 E2E_TLS_CERT="/opt/oxide/sled-agent/pkg/initial-tls-cert.pem"
 
 #
-# Image-related tests use images served by catacomb. The lab network is
-# IPv4-only; the propolis zones are IPv6-only. These steps set up tcpproxy
-# configured to proxy to catacomb via port 54321 in the global zone.
+# Download the Oxide CLI and images from catacomb.
 #
 pfexec mkdir -p /usr/oxide
-pfexec rm -f /usr/oxide/tcpproxy
-pfexec curl -sSfL -o /usr/oxide/tcpproxy \
-	http://catacomb.eng.oxide.computer:12346/tcpproxy
-pfexec chmod +x /usr/oxide/tcpproxy
-pfexec rm -f /var/svc/manifest/site/tcpproxy.xml
-pfexec curl -sSfL -o /var/svc/manifest/site/tcpproxy.xml \
-	http://catacomb.eng.oxide.computer:12346/tcpproxy.xml
-pfexec svccfg import /var/svc/manifest/site/tcpproxy.xml
+pfexec curl -sSfL -o /usr/oxide/oxide \
+	http://catacomb.eng.oxide.computer:12346/oxide-v0.1.0
+pfexec chmod +x /usr/oxide/oxide
+
+curl -sSfL -o debian-11-genericcloud-amd64.raw \
+	http://catacomb.eng.oxide.computer:12346/debian-11-genericcloud-amd64.raw
 
 #
 # The lab-netdev target is a ramdisk system that is always cleared
@@ -336,7 +332,38 @@ echo "Waited for chrony: ${retry}s"
 
 export RUST_BACKTRACE=1
 export E2E_TLS_CERT IPPOOL_START IPPOOL_END
-./tests/bootstrap
+eval "$(./tests/bootstrap)"
+export OXIDE_HOST OXIDE_TOKEN
+
+#
+# The Nexus resolved in `$OXIDE_RESOLVE` is not necessarily the same one that we
+# successfully talked to in bootstrap, so wait a bit for it to fully come online.
+#
+retry=0
+while ! curl -sSf "$OXIDE_HOST/v1/ping" --resolve "$OXIDE_RESOLVE" --cacert "$E2E_TLS_CERT"; do
+	if [[ $retry -gt 60 ]]; then
+		echo "$OXIDE_RESOLVE failed to come up after 60 seconds"
+		exit 1
+	fi
+	sleep 1
+	retry=$((retry + 1))
+done
+
+/usr/oxide/oxide --resolve "$OXIDE_RESOLVE" --cacert "$E2E_TLS_CERT" \
+	project create --name images --description "some images"
+/usr/oxide/oxide --resolve "$OXIDE_RESOLVE" --cacert "$E2E_TLS_CERT" \
+	disk import \
+	--path debian-11-genericcloud-amd64.raw \
+	--disk debian11-boot \
+	--project images \
+	--description "debian 11 cloud image from distros" \
+	--snapshot debian11-snapshot \
+	--image debian11 \
+	--image-description "debian 11 original base image" \
+	--image-os debian \
+	--image-version "11"
+/usr/oxide/oxide --resolve "$OXIDE_RESOLVE" --cacert "$E2E_TLS_CERT" \
+	image promote --project images --image debian11
 
 rm ./tests/bootstrap
 for test_bin in tests/*; do

end-to-end-tests/Cargo.toml

@@ -10,14 +10,18 @@ async-trait.workspace = true
 base64.workspace = true
 chrono.workspace = true
 http.workspace = true
+hyper.workspace = true
 omicron-sled-agent.workspace = true
 omicron-test-utils.workspace = true
 oxide-client.workspace = true
 rand.workspace = true
 reqwest.workspace = true
 russh = "0.40.0"
 russh-keys = "0.40.0"
+serde.workspace = true
+serde_json.workspace = true
 tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
 toml.workspace = true
 trust-dns-resolver.workspace = true
+uuid.workspace = true
 omicron-workspace-hack.workspace = true

end-to-end-tests/src/bin/bootstrap.rs

@@ -1,18 +1,23 @@
 use anyhow::Result;
-use end_to_end_tests::helpers::ctx::{build_client, Context};
+use end_to_end_tests::helpers::ctx::{ClientParams, Context};
 use end_to_end_tests::helpers::{generate_name, get_system_ip_pool};
 use omicron_test_utils::dev::poll::{wait_for_condition, CondCheckError};
 use oxide_client::types::{
-    ByteCount, DiskCreate, DiskSource, IpRange, Ipv4Range,
+    ByteCount, DeviceAccessTokenRequest, DeviceAuthRequest, DeviceAuthVerify,
+    DiskCreate, DiskSource, IpRange, Ipv4Range,
 };
 use oxide_client::{
-    ClientDisksExt, ClientProjectsExt, ClientSystemNetworkingExt,
+    ClientDisksExt, ClientHiddenExt, ClientProjectsExt,
+    ClientSystemNetworkingExt,
 };
+use serde::{de::DeserializeOwned, Deserialize};
 use std::time::Duration;
+use uuid::Uuid;
 
 #[tokio::main]
 async fn main() -> Result<()> {
-    let client = build_client().await?;
+    let params = ClientParams::new()?;
+    let client = params.build_client().await?;
 
     // ===== ENSURE NEXUS IS UP ===== //
     eprintln!("waiting for nexus to come up...");
@@ -71,8 +76,61 @@ async fn main() -> Result<()> {
         .disk(disk_name)
         .send()
         .await?;
-    ctx.cleanup().await?;
 
+    // ===== PRINT CLI ENVIRONMENT ===== //
+    let client_id = Uuid::new_v4();
+    let DeviceAuthResponse { device_code, user_code } =
+        deserialize_byte_stream(
+            ctx.client
+                .device_auth_request()
+                .body(DeviceAuthRequest { client_id })
+                .send()
+                .await?,
+        )
+        .await?;
+    ctx.client
+        .device_auth_confirm()
+        .body(DeviceAuthVerify { user_code })
+        .send()
+        .await?;
+    let DeviceAccessTokenGrant { access_token } = deserialize_byte_stream(
+        ctx.client
+            .device_access_token()
+            .body(DeviceAccessTokenRequest {
+                client_id,
+                device_code,
+                grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+                    .to_string(),
+            })
+            .send()
+            .await?,
+    )
+    .await?;
+
+    println!("OXIDE_HOST={}", params.base_url());
+    println!("OXIDE_RESOLVE={}", params.resolve_nexus().await?);
+    println!("OXIDE_TOKEN={}", access_token);
+
+    ctx.cleanup().await?;
     eprintln!("let's roll.");
     Ok(())
 }
+
+async fn deserialize_byte_stream<T: DeserializeOwned>(
+    response: oxide_client::ResponseValue<oxide_client::ByteStream>,
+) -> Result<T> {
+    let body = hyper::Body::wrap_stream(response.into_inner_stream());
+    let bytes = hyper::body::to_bytes(body).await?;
+    Ok(serde_json::from_slice(&bytes)?)
+}
+
+#[derive(Deserialize)]
+struct DeviceAuthResponse {
+    device_code: String,
+    user_code: String,
+}
+
+#[derive(Deserialize)]
+struct DeviceAccessTokenGrant {
+    access_token: String,
+}