Rename static allowlist UUID

oxidecomputer · May 2, 2024 · eb16907 · eb16907
1 parent e2cc1c1
commit eb16907
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 13 deletions.
diff --git a/nexus/db-queries/src/db/datastore/allowed_source_ips.rs b/nexus/db-queries/src/db/datastore/allowed_source_ips.rs
@@ -8,7 +8,7 @@ use crate::authz;
 use crate::context::OpContext;
 use crate::db::error::public_error_from_diesel;
 use crate::db::error::ErrorHandler;
-use crate::db::fixed_data::allowed_source_ips::ALLOWED_SOURCE_IPS_ID;
+use crate::db::fixed_data::allowed_source_ips::USER_FACING_SERVICES_ALLOW_LIST_ID;
 use crate::db::DbConnection;
 use async_bb8_diesel::AsyncRunQueryDsl;
 use diesel::ExpressionMethods;
@@ -33,15 +33,15 @@ impl super::DataStore {
         let conn = self.pool_connection_authorized(opctx).await?;
         opctx.authorize(authz::Action::Read, &authz::FLEET).await?;
         allowed_source_ip::dsl::allowed_source_ip
-            .find(ALLOWED_SOURCE_IPS_ID)
+            .find(USER_FACING_SERVICES_ALLOW_LIST_ID)
             .first_async::<AllowedSourceIp>(&*conn)
             .await
             .map_err(|e| {
                 public_error_from_diesel(
                     e,
                     ErrorHandler::NotFoundByLookup(
                         ResourceType::AllowedSourceIps,
-                        LookupType::ById(ALLOWED_SOURCE_IPS_ID),
+                        LookupType::ById(USER_FACING_SERVICES_ALLOW_LIST_ID),
                     ),
                 )
             })
@@ -65,7 +65,10 @@ impl super::DataStore {
     ) -> Result<AllowedSourceIp, Error> {
         use allowed_source_ip::dsl;
         opctx.authorize(authz::Action::Modify, &authz::FLEET).await?;
-        let record = AllowedSourceIp::new(ALLOWED_SOURCE_IPS_ID, allowed_ips);
+        let record = AllowedSourceIp::new(
+            USER_FACING_SERVICES_ALLOW_LIST_ID,
+            allowed_ips,
+        );
         diesel::insert_into(dsl::allowed_source_ip)
             .values(record.clone())
             .returning(AllowedSourceIp::as_returning())
@@ -85,7 +88,7 @@ impl super::DataStore {
 mod tests {
     use crate::db::{
         datastore::test_utils::datastore_test,
-        fixed_data::allowed_source_ips::ALLOWED_SOURCE_IPS_ID,
+        fixed_data::allowed_source_ips::USER_FACING_SERVICES_ALLOW_LIST_ID,
     };
     use nexus_test_utils::db::test_setup_database;
     use omicron_common::api::external::{
@@ -108,7 +111,9 @@ mod tests {
             result,
             Error::ObjectNotFound {
                 type_name: ResourceType::AllowedSourceIps,
-                lookup_type: LookupType::ById(ALLOWED_SOURCE_IPS_ID)
+                lookup_type: LookupType::ById(
+                    USER_FACING_SERVICES_ALLOW_LIST_ID
+                )
             },
             "Expected an ObjectNotFound error when there is no IP allowlist"
         );
@@ -123,7 +128,7 @@ mod tests {
             .await
             .expect("Expected this insert to succeed");
         assert_eq!(
-            record.id, ALLOWED_SOURCE_IPS_ID,
+            record.id, USER_FACING_SERVICES_ALLOW_LIST_ID,
             "Record should have hard-coded allowlist ID"
         );
         assert_eq!(
@@ -142,7 +147,7 @@ mod tests {
             .await
             .expect("Expected this insert to succeed");
         assert_eq!(
-            new_record.id, ALLOWED_SOURCE_IPS_ID,
+            new_record.id, USER_FACING_SERVICES_ALLOW_LIST_ID,
             "Record should have hard-coded allowlist ID"
         );
         assert_eq!(
@@ -167,7 +172,7 @@ mod tests {
             .await
             .expect("Expected this insert to succeed");
         assert_eq!(
-            new_record.id, ALLOWED_SOURCE_IPS_ID,
+            new_record.id, USER_FACING_SERVICES_ALLOW_LIST_ID,
             "Record should have hard-coded allowlist ID"
         );
         assert_eq!(
@@ -192,7 +197,7 @@ mod tests {
             .await
             .expect("Expected this insert to succeed");
         assert_eq!(
-            new_record.id, ALLOWED_SOURCE_IPS_ID,
+            new_record.id, USER_FACING_SERVICES_ALLOW_LIST_ID,
             "Record should have hard-coded allowlist ID"
         );
         assert_eq!(

diff --git a/nexus/db-queries/src/db/fixed_data/allowed_source_ips.rs b/nexus/db-queries/src/db/fixed_data/allowed_source_ips.rs
@@ -7,5 +7,5 @@
 //! Fixed data for source IP allowlist implementation.
 
 /// UUID of singleton source IP allowlist.
-pub static ALLOWED_SOURCE_IPS_ID: uuid::Uuid =
+pub static USER_FACING_SERVICES_ALLOW_LIST_ID: uuid::Uuid =
     uuid::uuid!("001de000-a110-4000-8000-000000000000");
diff --git a/nexus/db-queries/src/db/fixed_data/mod.rs b/nexus/db-queries/src/db/fixed_data/mod.rs
@@ -67,7 +67,7 @@ fn assert_valid_uuid(id: &uuid::Uuid) {
 
 #[cfg(test)]
 mod test {
-    use super::allowed_source_ips::ALLOWED_SOURCE_IPS_ID;
+    use super::allowed_source_ips::USER_FACING_SERVICES_ALLOW_LIST_ID;
     use super::assert_valid_uuid;
     use super::FLEET_ID;
 
@@ -78,6 +78,6 @@ mod test {
 
     #[test]
     fn test_allowlist_id_is_valid() {
-        assert_valid_uuid(&ALLOWED_SOURCE_IPS_ID);
+        assert_valid_uuid(&USER_FACING_SERVICES_ALLOW_LIST_ID);
     }
 }