From 99ac94fe19fd093a189d53dca670b11d720ee35c Mon Sep 17 00:00:00 2001 From: Rain Date: Wed, 13 Dec 2023 15:41:14 -0800 Subject: [PATCH 1/6] =?UTF-8?q?[=F0=9D=98=80=F0=9D=97=BD=F0=9D=97=BF]=20ch?= =?UTF-8?q?anges=20to=20main=20this=20commit=20is=20based=20on?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Created using spr 1.3.5 [skip ci] --- Cargo.lock | 30 ++++++++++++ Cargo.toml | 3 ++ update-common/Cargo.toml | 32 ++++++++++++ update-common/src/artifacts/artifact_types.rs | 31 ++++++++++++ .../src/artifacts/artifacts_with_plan.rs | 22 ++++----- .../src/artifacts/extracted_artifacts.rs | 22 ++++----- update-common/src/artifacts/mod.rs | 15 ++++++ .../src/artifacts/update_plan.rs | 49 +++++++++---------- .../error.rs => update-common/src/errors.rs | 6 ++- update-common/src/lib.rs | 8 +++ wicketd/Cargo.toml | 1 + wicketd/src/artifacts.rs | 29 ----------- wicketd/src/artifacts/store.rs | 6 +-- wicketd/src/update_tracker.rs | 4 +- 14 files changed, 173 insertions(+), 85 deletions(-) create mode 100644 update-common/Cargo.toml create mode 100644 update-common/src/artifacts/artifact_types.rs rename {wicketd => update-common}/src/artifacts/artifacts_with_plan.rs (96%) rename {wicketd => update-common}/src/artifacts/extracted_artifacts.rs (95%) create mode 100644 update-common/src/artifacts/mod.rs rename {wicketd => update-common}/src/artifacts/update_plan.rs (97%) rename wicketd/src/artifacts/error.rs => update-common/src/errors.rs (98%) create mode 100644 update-common/src/lib.rs diff --git a/Cargo.lock b/Cargo.lock index d9b0f91d5e..bc8b729da1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -9191,6 +9191,35 @@ version = "0.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" +[[package]] +name = "update-common" +version = "0.1.0" +dependencies = [ + "anyhow", + "bytes", + "camino", + "camino-tempfile", + "clap 4.4.3", + "debug-ignore", + "display-error-chain", + "dropshot", + "futures", + "hex", + "hubtools", + "omicron-common", + "omicron-test-utils", + "omicron-workspace-hack", + "rand 0.8.5", + "sha2", + "slog", + "thiserror", + "tokio", + "tokio-util", + "tough", + "tufaceous", + "tufaceous-lib", +] + [[package]] name = "update-engine" version = "0.1.0" @@ -9693,6 +9722,7 @@ dependencies = [ "trust-dns-resolver", "tufaceous", "tufaceous-lib", + "update-common", "update-engine", "uuid", "wicket", diff --git a/Cargo.toml b/Cargo.toml index 9fc450878b..f1fac7b3d3 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -62,6 +62,7 @@ members = [ "test-utils", "tufaceous-lib", "tufaceous", + "update-common", "update-engine", "wicket-common", "wicket-dbg", @@ -130,6 +131,7 @@ default-members = [ "test-utils", "tufaceous-lib", "tufaceous", + "update-common", "update-engine", "wicket-common", "wicket-dbg", @@ -382,6 +384,7 @@ trybuild = "1.0.85" tufaceous = { path = "tufaceous" } tufaceous-lib = { path = "tufaceous-lib" } unicode-width = "0.1.11" +update-common = { path = "update-common" } update-engine = { path = "update-engine" } usdt = "0.3" uuid = { version = "1.6.1", features = ["serde", "v4"] } diff --git a/update-common/Cargo.toml b/update-common/Cargo.toml new file mode 100644 index 0000000000..cc2ee86232 --- /dev/null +++ b/update-common/Cargo.toml @@ -0,0 +1,32 @@ +[package] +name = "update-common" +version = "0.1.0" +edition = "2021" +license = "MPL-2.0" + +[dependencies] +anyhow.workspace = true +bytes.workspace = true +camino.workspace = true +camino-tempfile.workspace = true +debug-ignore.workspace = true +display-error-chain.workspace = true +dropshot.workspace = true +futures.workspace = true +hex.workspace = true +hubtools.workspace = true +omicron-common.workspace = true +sha2.workspace = true +slog.workspace = true +thiserror.workspace = true +tokio.workspace = true +tokio-util.workspace = true +tough.workspace = true +tufaceous-lib.workspace = true +omicron-workspace-hack.workspace = true + +[dev-dependencies] +clap.workspace = true +omicron-test-utils.workspace = true +rand.workspace = true +tufaceous.workspace = true diff --git a/update-common/src/artifacts/artifact_types.rs b/update-common/src/artifacts/artifact_types.rs new file mode 100644 index 0000000000..e70970993a --- /dev/null +++ b/update-common/src/artifacts/artifact_types.rs @@ -0,0 +1,31 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +//! General types for artifacts that don't quite fit into the other modules. + +use std::borrow::Borrow; + +use omicron_common::update::ArtifactId; + +use super::ExtractedArtifactDataHandle; + +/// A pair containing both the ID of an artifact and a handle to its data. +/// +/// Note that cloning an `ArtifactIdData` will clone the handle, which has +/// implications on temporary directory cleanup. See +/// [`ExtractedArtifactDataHandle`] for details. +#[derive(Debug, Clone)] +pub struct ArtifactIdData { + pub id: ArtifactId, + pub data: ExtractedArtifactDataHandle, +} + +#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)] +pub struct Board(pub String); + +impl Borrow for Board { + fn borrow(&self) -> &String { + &self.0 + } +} diff --git a/wicketd/src/artifacts/artifacts_with_plan.rs b/update-common/src/artifacts/artifacts_with_plan.rs similarity index 96% rename from wicketd/src/artifacts/artifacts_with_plan.rs rename to update-common/src/artifacts/artifacts_with_plan.rs index d3319d7f6b..94c7294d48 100644 --- a/wicketd/src/artifacts/artifacts_with_plan.rs +++ b/update-common/src/artifacts/artifacts_with_plan.rs @@ -2,10 +2,10 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at https://mozilla.org/MPL/2.0/. -use super::error::RepositoryError; -use super::update_plan::UpdatePlanBuilder; use super::ExtractedArtifactDataHandle; use super::UpdatePlan; +use super::UpdatePlanBuilder; +use crate::errors::RepositoryError; use camino_tempfile::Utf8TempDir; use debug_ignore::DebugIgnore; use omicron_common::update::ArtifactHash; @@ -22,7 +22,7 @@ use tufaceous_lib::OmicronRepo; /// A collection of artifacts along with an update plan using those artifacts. #[derive(Debug)] -pub(super) struct ArtifactsWithPlan { +pub struct ArtifactsWithPlan { // Map of top-level artifact IDs (present in the TUF repo) to the actual // artifacts we're serving (e.g., a top-level RoT artifact will map to two // artifact hashes: one for each of the A and B images). @@ -50,7 +50,7 @@ pub(super) struct ArtifactsWithPlan { } impl ArtifactsWithPlan { - pub(super) async fn from_zip( + pub async fn from_zip( zip_data: T, log: &Logger, ) -> Result @@ -81,7 +81,7 @@ impl ArtifactsWithPlan { // these are just direct copies of artifacts we just unpacked into // `dir`, but we'll also unpack nested artifacts like the RoT dual A/B // archives. - let mut plan_builder = + let mut builder = UpdatePlanBuilder::new(artifacts.system_version, log)?; // Make a pass through each artifact in the repo. For each artifact, we @@ -146,7 +146,7 @@ impl ArtifactsWithPlan { RepositoryError::MissingTarget(artifact.target.clone()) })?; - plan_builder + builder .add_artifact( artifact.into_id(), artifact_hash, @@ -159,12 +159,12 @@ impl ArtifactsWithPlan { // Ensure we know how to apply updates from this set of artifacts; we'll // remember the plan we create. - let plan = plan_builder.build()?; + let artifacts = builder.build()?; - Ok(Self { by_id, by_hash: by_hash.into(), plan }) + Ok(Self { by_id, by_hash: by_hash.into(), plan: artifacts }) } - pub(super) fn by_id(&self) -> &BTreeMap> { + pub fn by_id(&self) -> &BTreeMap> { &self.by_id } @@ -175,11 +175,11 @@ impl ArtifactsWithPlan { &self.by_hash } - pub(super) fn plan(&self) -> &UpdatePlan { + pub fn plan(&self) -> &UpdatePlan { &self.plan } - pub(super) fn get_by_hash( + pub fn get_by_hash( &self, id: &ArtifactHashId, ) -> Option { diff --git a/wicketd/src/artifacts/extracted_artifacts.rs b/update-common/src/artifacts/extracted_artifacts.rs similarity index 95% rename from wicketd/src/artifacts/extracted_artifacts.rs rename to update-common/src/artifacts/extracted_artifacts.rs index 5683cd1c13..06e0e5ec65 100644 --- a/wicketd/src/artifacts/extracted_artifacts.rs +++ b/update-common/src/artifacts/extracted_artifacts.rs @@ -2,7 +2,7 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at https://mozilla.org/MPL/2.0/. -use super::error::RepositoryError; +use crate::errors::RepositoryError; use anyhow::Context; use camino::Utf8PathBuf; use camino_tempfile::NamedUtf8TempFile; @@ -39,7 +39,7 @@ use tokio_util::io::ReaderStream; /// contexts where you need the data and need the temporary directory containing /// it to stick around. #[derive(Debug, Clone)] -pub(crate) struct ExtractedArtifactDataHandle { +pub struct ExtractedArtifactDataHandle { tempdir: Arc, file_size: usize, hash_id: ArtifactHashId, @@ -61,11 +61,11 @@ impl Eq for ExtractedArtifactDataHandle {} impl ExtractedArtifactDataHandle { /// File size of this artifact in bytes. - pub(crate) fn file_size(&self) -> usize { + pub fn file_size(&self) -> usize { self.file_size } - pub(crate) fn hash(&self) -> ArtifactHash { + pub fn hash(&self) -> ArtifactHash { self.hash_id.hash } @@ -73,7 +73,7 @@ impl ExtractedArtifactDataHandle { /// /// This can fail due to I/O errors outside our control (e.g., something /// removed the contents of our temporary directory). - pub(crate) async fn reader_stream( + pub async fn reader_stream( &self, ) -> anyhow::Result> { let path = path_for_artifact(&self.tempdir, &self.hash_id); @@ -96,7 +96,7 @@ impl ExtractedArtifactDataHandle { /// (e.g., when a new TUF repository is uploaded). The handles can be used to /// on-demand read files that were copied into the temp dir during ingest. #[derive(Debug)] -pub(crate) struct ExtractedArtifacts { +pub struct ExtractedArtifacts { // Directory in which we store extracted artifacts. This is currently a // single flat directory with files named by artifact hash; we don't expect // more than a few dozen files total, so no need to nest directories. @@ -104,7 +104,7 @@ pub(crate) struct ExtractedArtifacts { } impl ExtractedArtifacts { - pub(super) fn new(log: &Logger) -> Result { + pub fn new(log: &Logger) -> Result { let tempdir = camino_tempfile::Builder::new() .prefix("wicketd-update-artifacts.") .tempdir() @@ -125,7 +125,7 @@ impl ExtractedArtifacts { /// Copy from `stream` into our temp directory, returning a handle to the /// extracted artifact on success. - pub(super) async fn store( + pub async fn store( &mut self, artifact_hash_id: ArtifactHashId, stream: impl Stream>, @@ -185,7 +185,7 @@ impl ExtractedArtifacts { /// As the returned file is written to, the data will be hashed; once /// writing is complete, call [`ExtractedArtifacts::store_tempfile()`] to /// persist the temporary file into an [`ExtractedArtifactDataHandle`]. - pub(super) fn new_tempfile( + pub fn new_tempfile( &self, ) -> Result { let file = NamedUtf8TempFile::new_in(self.tempdir.path()).map_err( @@ -203,7 +203,7 @@ impl ExtractedArtifacts { /// Persist a temporary file that was returned by /// [`ExtractedArtifacts::new_tempfile()`] as an extracted artifact. - pub(super) fn store_tempfile( + pub fn store_tempfile( &self, kind: ArtifactKind, file: HashingNamedUtf8TempFile, @@ -249,7 +249,7 @@ fn path_for_artifact( } // Wrapper around a `NamedUtf8TempFile` that hashes contents as they're written. -pub(super) struct HashingNamedUtf8TempFile { +pub struct HashingNamedUtf8TempFile { file: io::BufWriter, hasher: Sha256, bytes_written: usize, diff --git a/update-common/src/artifacts/mod.rs b/update-common/src/artifacts/mod.rs new file mode 100644 index 0000000000..d68c488599 --- /dev/null +++ b/update-common/src/artifacts/mod.rs @@ -0,0 +1,15 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +//! Types to represent update artifacts. + +mod artifact_types; +mod artifacts_with_plan; +mod extracted_artifacts; +mod update_plan; + +pub use artifact_types::*; +pub use artifacts_with_plan::*; +pub use extracted_artifacts::*; +pub use update_plan::*; diff --git a/wicketd/src/artifacts/update_plan.rs b/update-common/src/artifacts/update_plan.rs similarity index 97% rename from wicketd/src/artifacts/update_plan.rs rename to update-common/src/artifacts/update_plan.rs index c6db7c1b65..e30389f646 100644 --- a/wicketd/src/artifacts/update_plan.rs +++ b/update-common/src/artifacts/update_plan.rs @@ -8,12 +8,12 @@ //! apply to which components; the ordering and application of the plan lives //! elsewhere. -use super::error::RepositoryError; -use super::extracted_artifacts::ExtractedArtifacts; -use super::extracted_artifacts::HashingNamedUtf8TempFile; use super::ArtifactIdData; use super::Board; use super::ExtractedArtifactDataHandle; +use super::ExtractedArtifacts; +use super::HashingNamedUtf8TempFile; +use crate::errors::RepositoryError; use bytes::Bytes; use futures::Stream; use futures::StreamExt; @@ -34,21 +34,20 @@ use std::io; use tufaceous_lib::HostPhaseImages; use tufaceous_lib::RotArchives; -/// The update plan currently in effect. -/// -/// Exposed for testing. +/// Artifacts with their hashes and sources, as obtained from an uploaded +/// repository. #[derive(Debug, Clone)] pub struct UpdatePlan { - pub(crate) system_version: SemverVersion, - pub(crate) gimlet_sp: BTreeMap, - pub(crate) gimlet_rot_a: Vec, - pub(crate) gimlet_rot_b: Vec, - pub(crate) psc_sp: BTreeMap, - pub(crate) psc_rot_a: Vec, - pub(crate) psc_rot_b: Vec, - pub(crate) sidecar_sp: BTreeMap, - pub(crate) sidecar_rot_a: Vec, - pub(crate) sidecar_rot_b: Vec, + pub system_version: SemverVersion, + pub gimlet_sp: BTreeMap, + pub gimlet_rot_a: Vec, + pub gimlet_rot_b: Vec, + pub psc_sp: BTreeMap, + pub psc_rot_a: Vec, + pub psc_rot_b: Vec, + pub sidecar_sp: BTreeMap, + pub sidecar_rot_a: Vec, + pub sidecar_rot_b: Vec, // Note: The Trampoline image is broken into phase1/phase2 as part of our // update plan (because they go to different destinations), but the two @@ -58,21 +57,17 @@ pub struct UpdatePlan { // The same would apply to the host phase1/phase2, but we don't actually // need the `host_phase_2` data as part of this plan (we serve it from the // artifact server instead). - pub(crate) host_phase_1: ArtifactIdData, - pub(crate) trampoline_phase_1: ArtifactIdData, - pub(crate) trampoline_phase_2: ArtifactIdData, + pub host_phase_1: ArtifactIdData, + pub trampoline_phase_1: ArtifactIdData, + pub trampoline_phase_2: ArtifactIdData, // We need to send installinator the hash of the host_phase_2 data it should // fetch from us; we compute it while generating the plan. - // - // This is exposed for testing. pub host_phase_2_hash: ArtifactHash, // We also need to send installinator the hash of the control_plane image it // should fetch from us. This is already present in the TUF repository, but // we record it here for use by the update process. - // - // This is exposed for testing. pub control_plane_hash: ArtifactHash, } @@ -81,7 +76,7 @@ pub struct UpdatePlan { /// [`UpdatePlanBuilder::build()`] will (fallibly) convert from the builder to /// the final plan. #[derive(Debug)] -pub(super) struct UpdatePlanBuilder<'a> { +pub struct UpdatePlanBuilder<'a> { // fields that mirror `UpdatePlan` system_version: SemverVersion, gimlet_sp: BTreeMap, @@ -118,7 +113,7 @@ pub(super) struct UpdatePlanBuilder<'a> { } impl<'a> UpdatePlanBuilder<'a> { - pub(super) fn new( + pub fn new( system_version: SemverVersion, log: &'a Logger, ) -> Result { @@ -145,7 +140,7 @@ impl<'a> UpdatePlanBuilder<'a> { }) } - pub(super) async fn add_artifact( + pub async fn add_artifact( &mut self, artifact_id: ArtifactId, artifact_hash: ArtifactHash, @@ -665,7 +660,7 @@ impl<'a> UpdatePlanBuilder<'a> { Ok((image1, image2)) } - pub(super) fn build(self) -> Result { + pub fn build(self) -> Result { // Ensure our multi-board-supporting kinds have at least one board // present. for (kind, no_artifacts) in [ diff --git a/wicketd/src/artifacts/error.rs b/update-common/src/errors.rs similarity index 98% rename from wicketd/src/artifacts/error.rs rename to update-common/src/errors.rs index ada8fbe011..5fba43b944 100644 --- a/wicketd/src/artifacts/error.rs +++ b/update-common/src/errors.rs @@ -2,6 +2,8 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at https://mozilla.org/MPL/2.0/. +//! Error types for this crate. + use camino::Utf8PathBuf; use display_error_chain::DisplayErrorChain; use dropshot::HttpError; @@ -12,7 +14,7 @@ use slog::error; use thiserror::Error; #[derive(Debug, Error)] -pub(super) enum RepositoryError { +pub enum RepositoryError { #[error("error opening archive")] OpenArchive(#[source] anyhow::Error), @@ -129,7 +131,7 @@ pub(super) enum RepositoryError { } impl RepositoryError { - pub(super) fn to_http_error(&self) -> HttpError { + pub fn to_http_error(&self) -> HttpError { let message = DisplayErrorChain::new(self).to_string(); match self { diff --git a/update-common/src/lib.rs b/update-common/src/lib.rs new file mode 100644 index 0000000000..b1f0d88484 --- /dev/null +++ b/update-common/src/lib.rs @@ -0,0 +1,8 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +//! Common update types and code shared between wicketd and Nexus. + +pub mod artifacts; +pub mod errors; diff --git a/wicketd/Cargo.toml b/wicketd/Cargo.toml index 97550342d0..83e7bf33ca 100644 --- a/wicketd/Cargo.toml +++ b/wicketd/Cargo.toml @@ -56,6 +56,7 @@ omicron-common.workspace = true omicron-passwords.workspace = true sled-hardware.workspace = true tufaceous-lib.workspace = true +update-common.workspace = true update-engine.workspace = true wicket-common.workspace = true wicketd-client.workspace = true diff --git a/wicketd/src/artifacts.rs b/wicketd/src/artifacts.rs index 7b55d73dcb..3e5854d17e 100644 --- a/wicketd/src/artifacts.rs +++ b/wicketd/src/artifacts.rs @@ -2,37 +2,8 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at https://mozilla.org/MPL/2.0/. -use omicron_common::update::ArtifactId; -use std::borrow::Borrow; - -mod artifacts_with_plan; -mod error; -mod extracted_artifacts; mod server; mod store; -mod update_plan; -pub(crate) use self::extracted_artifacts::ExtractedArtifactDataHandle; pub(crate) use self::server::WicketdArtifactServer; pub(crate) use self::store::WicketdArtifactStore; -pub use self::update_plan::UpdatePlan; - -/// A pair containing both the ID of an artifact and a handle to its data. -/// -/// Note that cloning an `ArtifactIdData` will clone the handle, which has -/// implications on temporary directory cleanup. See -/// [`ExtractedArtifactDataHandle`] for details. -#[derive(Debug, Clone)] -pub(crate) struct ArtifactIdData { - pub(crate) id: ArtifactId, - pub(crate) data: ExtractedArtifactDataHandle, -} - -#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)] -pub(crate) struct Board(pub(crate) String); - -impl Borrow for Board { - fn borrow(&self) -> &String { - &self.0 - } -} diff --git a/wicketd/src/artifacts/store.rs b/wicketd/src/artifacts/store.rs index 2a7b4a646b..a5f24993a8 100644 --- a/wicketd/src/artifacts/store.rs +++ b/wicketd/src/artifacts/store.rs @@ -2,9 +2,6 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at https://mozilla.org/MPL/2.0/. -use super::artifacts_with_plan::ArtifactsWithPlan; -use super::ExtractedArtifactDataHandle; -use super::UpdatePlan; use crate::http_entrypoints::InstallableArtifacts; use dropshot::HttpError; use omicron_common::api::external::SemverVersion; @@ -13,6 +10,9 @@ use slog::Logger; use std::io; use std::sync::Arc; use std::sync::Mutex; +use update_common::artifacts::ArtifactsWithPlan; +use update_common::artifacts::ExtractedArtifactDataHandle; +use update_common::artifacts::UpdatePlan; /// The artifact store for wicketd. /// diff --git a/wicketd/src/update_tracker.rs b/wicketd/src/update_tracker.rs index 336333f899..823a7964de 100644 --- a/wicketd/src/update_tracker.rs +++ b/wicketd/src/update_tracker.rs @@ -4,8 +4,6 @@ // Copyright 2023 Oxide Computer Company -use crate::artifacts::ArtifactIdData; -use crate::artifacts::UpdatePlan; use crate::artifacts::WicketdArtifactStore; use crate::helpers::sps_to_string; use crate::http_entrypoints::ClearUpdateStateResponse; @@ -65,6 +63,8 @@ use tokio::sync::watch; use tokio::sync::Mutex; use tokio::task::JoinHandle; use tokio_util::io::StreamReader; +use update_common::artifacts::ArtifactIdData; +use update_common::artifacts::UpdatePlan; use update_engine::events::ProgressUnits; use update_engine::AbortHandle; use update_engine::StepSpec; From 711dd7d929ca4a92201f7ad8c556c390d4e3b65d Mon Sep 17 00:00:00 2001 From: Rain Date: Fri, 15 Dec 2023 15:39:53 -0800 Subject: [PATCH 2/6] =?UTF-8?q?[=F0=9D=98=80=F0=9D=97=BD=F0=9D=97=BF]=20ch?= =?UTF-8?q?anges=20introduced=20through=20rebase?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Created using spr 1.3.5 [skip ci] --- nexus/authz-macros/src/lib.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nexus/authz-macros/src/lib.rs b/nexus/authz-macros/src/lib.rs index cc555bcfd8..3d6f265fea 100644 --- a/nexus/authz-macros/src/lib.rs +++ b/nexus/authz-macros/src/lib.rs @@ -480,6 +480,8 @@ mod tests { name = "Instance", parent = "Project", primary_key = (String, String), + // The SomeCompositeId type doesn't exist, but that's okay because + // this code is never compiled, just printed out. input_key = SomeCompositeId, roles_allowed = false, polar_snippet = InProject, From 8a9325cffb3d66281dc2b5bc698a19b34984b07e Mon Sep 17 00:00:00 2001 From: Rain Date: Fri, 15 Dec 2023 16:00:32 -0800 Subject: [PATCH 3/6] Fix doc issues Created using spr 1.3.5 --- common/src/api/external/mod.rs | 2 +- nexus/src/app/update/mod.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/common/src/api/external/mod.rs b/common/src/api/external/mod.rs index 8cc07b1618..01ed7b46eb 100644 --- a/common/src/api/external/mod.rs +++ b/common/src/api/external/mod.rs @@ -2674,7 +2674,7 @@ pub struct TufRepoInsertResponse { /// Status of a TUF repo import. /// -/// Part of [`TufRepoImport`]. +/// Part of [`TufRepoInsertResponse`]. #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, JsonSchema)] #[serde(rename_all = "snake_case")] pub enum TufRepoInsertStatus { diff --git a/nexus/src/app/update/mod.rs b/nexus/src/app/update/mod.rs index b7baf41dfa..97ee9ea730 100644 --- a/nexus/src/app/update/mod.rs +++ b/nexus/src/app/update/mod.rs @@ -72,7 +72,7 @@ impl super::Nexus { Ok(response.into_external()) } - /// Downloads a file from within [`BASE_ARTIFACT_DIR`]. + /// Downloads a file (currently not implemented). pub(crate) async fn download_artifact( &self, _opctx: &OpContext, From c0127658d9e0d3aba6635e451cada3dc50863396 Mon Sep 17 00:00:00 2001 From: Rain Date: Wed, 17 Jan 2024 14:28:06 -0800 Subject: [PATCH 4/6] Fix tests Created using spr 1.3.5 --- common/src/api/external/mod.rs | 5 -- nexus/db-queries/src/authz/api_resources.rs | 16 ----- nexus/db-queries/src/authz/oso_generic.rs | 2 - .../src/authz/policy_test/resources.rs | 16 ----- nexus/db-queries/tests/output/authz-roles.out | 4 +- nexus/types/src/external_api/views.rs | 61 +------------------ 6 files changed, 3 insertions(+), 101 deletions(-) diff --git a/common/src/api/external/mod.rs b/common/src/api/external/mod.rs index 3bf21980f8..e175fd8b83 100644 --- a/common/src/api/external/mod.rs +++ b/common/src/api/external/mod.rs @@ -764,11 +764,6 @@ pub enum ResourceType { TufRepo, TufArtifact, SwitchPort, - SystemUpdate, - ComponentUpdate, - SystemUpdateComponentUpdate, - UpdateDeployment, - UpdateableComponent, UserBuiltin, Zpool, Vmm, diff --git a/nexus/db-queries/src/authz/api_resources.rs b/nexus/db-queries/src/authz/api_resources.rs index c75754750a..de731953b9 100644 --- a/nexus/db-queries/src/authz/api_resources.rs +++ b/nexus/db-queries/src/authz/api_resources.rs @@ -1031,22 +1031,6 @@ authz_resource! { polar_snippet = Custom, } -authz_resource! { - name = "SystemUpdate", - parent = "Fleet", - primary_key = Uuid, - roles_allowed = false, - polar_snippet = FleetChild, -} - -authz_resource! { - name = "UpdateDeployment", - parent = "Fleet", - primary_key = Uuid, - roles_allowed = false, - polar_snippet = FleetChild, -} - authz_resource! { name = "IpPool", parent = "Fleet", diff --git a/nexus/db-queries/src/authz/oso_generic.rs b/nexus/db-queries/src/authz/oso_generic.rs index 4622b72106..de4b6c8a77 100644 --- a/nexus/db-queries/src/authz/oso_generic.rs +++ b/nexus/db-queries/src/authz/oso_generic.rs @@ -157,8 +157,6 @@ pub fn make_omicron_oso(log: &slog::Logger) -> Result { Zpool::init(), Service::init(), UserBuiltin::init(), - SystemUpdate::init(), - UpdateDeployment::init(), ]; for init in generated_inits { diff --git a/nexus/db-queries/src/authz/policy_test/resources.rs b/nexus/db-queries/src/authz/policy_test/resources.rs index 977cc89379..846604880d 100644 --- a/nexus/db-queries/src/authz/policy_test/resources.rs +++ b/nexus/db-queries/src/authz/policy_test/resources.rs @@ -139,22 +139,6 @@ pub async fn make_resources( LookupType::ByCompositeId(artifact_id_desc), )); - let system_update_id = - "9c86d713-1bc2-4927-9892-ada3eb6f5f62".parse().unwrap(); - builder.new_resource(authz::SystemUpdate::new( - authz::FLEET, - system_update_id, - LookupType::ById(system_update_id), - )); - - let update_deployment_id = - "c617a035-7c42-49ff-a36a-5dfeee382832".parse().unwrap(); - builder.new_resource(authz::UpdateDeployment::new( - authz::FLEET, - update_deployment_id, - LookupType::ById(update_deployment_id), - )); - let address_lot_id = "43259fdc-c5c0-4a21-8b1d-2f673ad00d93".parse().unwrap(); builder.new_resource(authz::AddressLot::new( diff --git a/nexus/db-queries/tests/output/authz-roles.out b/nexus/db-queries/tests/output/authz-roles.out index 54fb6481a9..10cbccde45 100644 --- a/nexus/db-queries/tests/output/authz-roles.out +++ b/nexus/db-queries/tests/output/authz-roles.out @@ -922,7 +922,7 @@ resource: DeviceAccessToken "a-device-access-token" silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! -resource: SystemUpdate id "9c86d713-1bc2-4927-9892-ada3eb6f5f62" +resource: TufRepo id "3c52d72f-cbf7-4951-a62f-a4154e74da87" USER Q R LC RP M MP CC D fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ @@ -936,7 +936,7 @@ resource: SystemUpdate id "9c86d713-1bc2-4927-9892-ada3eb6f5f62" silo1-proj1-viewer ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ unauthenticated ! ! ! ! ! ! ! ! -resource: UpdateDeployment id "c617a035-7c42-49ff-a36a-5dfeee382832" +resource: TufArtifact id "a v1.0.0 (b)" USER Q R LC RP M MP CC D fleet-admin ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ diff --git a/nexus/types/src/external_api/views.rs b/nexus/types/src/external_api/views.rs index c85597e94c..a363b95249 100644 --- a/nexus/types/src/external_api/views.rs +++ b/nexus/types/src/external_api/views.rs @@ -13,7 +13,7 @@ use chrono::DateTime; use chrono::Utc; use omicron_common::api::external::{ ByteCount, Digest, IdentityMetadata, InstanceState, Ipv4Net, Ipv6Net, Name, - ObjectIdentity, RoleName, SemverVersion, SimpleIdentity, + ObjectIdentity, RoleName, SimpleIdentity, }; use schemars::JsonSchema; use serde::{Deserialize, Serialize}; @@ -559,65 +559,6 @@ pub enum DeviceAccessTokenType { Bearer, } -// SYSTEM UPDATES - -#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema, PartialEq, Eq)] -pub struct VersionRange { - pub low: SemverVersion, - pub high: SemverVersion, -} - -#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema, PartialEq, Eq)] -#[serde(tag = "status", rename_all = "snake_case")] -pub enum UpdateStatus { - Updating, - Steady, -} - -#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema, PartialEq, Eq)] -pub struct SystemVersion { - pub version_range: VersionRange, - pub status: UpdateStatus, - // TODO: time_released? time_last_applied? I got a fever and the only - // prescription is more timestamps -} - -#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)] -pub struct SystemUpdate { - #[serde(flatten)] - pub identity: AssetIdentityMetadata, - pub version: SemverVersion, -} - -#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)] -pub struct ComponentUpdate { - #[serde(flatten)] - pub identity: AssetIdentityMetadata, - - pub component_type: shared::UpdateableComponentType, - pub version: SemverVersion, -} - -#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)] -pub struct UpdateableComponent { - #[serde(flatten)] - pub identity: AssetIdentityMetadata, - - pub device_id: String, - pub component_type: shared::UpdateableComponentType, - pub version: SemverVersion, - pub system_version: SemverVersion, - pub status: UpdateStatus, -} - -#[derive(Clone, Debug, Deserialize, Serialize, JsonSchema)] -pub struct UpdateDeployment { - #[serde(flatten)] - pub identity: AssetIdentityMetadata, - pub version: SemverVersion, - pub status: UpdateStatus, -} - // SYSTEM HEALTH #[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, JsonSchema)] From b1e183c75b6f2cf3849924a3c6f8f8114fea4be9 Mon Sep 17 00:00:00 2001 From: Rain Date: Wed, 17 Jan 2024 14:32:57 -0800 Subject: [PATCH 5/6] Fix clippy Created using spr 1.3.5 --- nexus/tests/integration_tests/updates.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nexus/tests/integration_tests/updates.rs b/nexus/tests/integration_tests/updates.rs index 35e861b2ef..d79d969d10 100644 --- a/nexus/tests/integration_tests/updates.rs +++ b/nexus/tests/integration_tests/updates.rs @@ -318,11 +318,11 @@ fn make_upload_request<'a>( request } -fn make_get_request<'a>( - client: &'a dropshot::test_util::ClientTestContext, +fn make_get_request( + client: &dropshot::test_util::ClientTestContext, system_version: SemverVersion, expected_status: StatusCode, -) -> NexusRequest<'a> { +) -> NexusRequest<'_> { let request = NexusRequest::new( RequestBuilder::new( client, From a539a1939338960210769ad6c938d70aa5aec30a Mon Sep 17 00:00:00 2001 From: Rain Date: Wed, 17 Jan 2024 15:21:18 -0800 Subject: [PATCH 6/6] ugh Created using spr 1.3.5 --- nexus/tests/integration_tests/updates.rs | 3 +++ update-common/src/artifacts/artifacts_with_plan.rs | 2 ++ 2 files changed, 5 insertions(+) diff --git a/nexus/tests/integration_tests/updates.rs b/nexus/tests/integration_tests/updates.rs index d79d969d10..e830348103 100644 --- a/nexus/tests/integration_tests/updates.rs +++ b/nexus/tests/integration_tests/updates.rs @@ -85,6 +85,9 @@ async fn test_update_uninitialized() -> Result<()> { .context("repository fetch should have failed with 500 error")?; } + cptestctx.teardown().await; + logctx.cleanup_successful(); + Ok(()) } diff --git a/update-common/src/artifacts/artifacts_with_plan.rs b/update-common/src/artifacts/artifacts_with_plan.rs index ecd34254f1..312b70e577 100644 --- a/update-common/src/artifacts/artifacts_with_plan.rs +++ b/update-common/src/artifacts/artifacts_with_plan.rs @@ -435,6 +435,8 @@ mod tests { "artifacts match" ); + logctx.cleanup_successful(); + Ok(()) }