diff --git a/Cargo.lock b/Cargo.lock index b27115b42a..2a0a9a9415 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1614,7 +1614,7 @@ dependencies = [ [[package]] name = "ddm-admin-client" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/maghemite?rev=6e0a232fd0b443c19f61f94bf02b7695505aa8e3#6e0a232fd0b443c19f61f94bf02b7695505aa8e3" +source = "git+https://github.com/oxidecomputer/maghemite?rev=d1686c86f92ead77e07ddc6024837dee4a401d6d#d1686c86f92ead77e07ddc6024837dee4a401d6d" dependencies = [ "oxnet", "percent-encoding", @@ -4313,7 +4313,7 @@ dependencies = [ [[package]] name = "mg-admin-client" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/maghemite?rev=6e0a232fd0b443c19f61f94bf02b7695505aa8e3#6e0a232fd0b443c19f61f94bf02b7695505aa8e3" +source = "git+https://github.com/oxidecomputer/maghemite?rev=d1686c86f92ead77e07ddc6024837dee4a401d6d#d1686c86f92ead77e07ddc6024837dee4a401d6d" dependencies = [ "anyhow", "chrono", @@ -8492,9 +8492,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.203" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" dependencies = [ "serde_derive", ] @@ -8539,9 +8539,9 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.203" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", diff --git a/Cargo.toml b/Cargo.toml index 06d3ef3130..dfb9b051d9 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -333,8 +333,8 @@ macaddr = { version = "1.0.1", features = ["serde_std"] } maplit = "1.0.2" mockall = "0.12" newtype_derive = "0.1.6" -mg-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "6e0a232fd0b443c19f61f94bf02b7695505aa8e3" } -ddm-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "6e0a232fd0b443c19f61f94bf02b7695505aa8e3" } +mg-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "d1686c86f92ead77e07ddc6024837dee4a401d6d" } +ddm-admin-client = { git = "https://github.com/oxidecomputer/maghemite", rev = "d1686c86f92ead77e07ddc6024837dee4a401d6d" } multimap = "0.10.0" nexus-auth = { path = "nexus/auth" } nexus-client = { path = "clients/nexus-client" } diff --git a/nexus/db-queries/src/db/datastore/bgp.rs b/nexus/db-queries/src/db/datastore/bgp.rs index feb41443b2..d73e7ff327 100644 --- a/nexus/db-queries/src/db/datastore/bgp.rs +++ b/nexus/db-queries/src/db/datastore/bgp.rs @@ -314,6 +314,78 @@ impl DataStore { }) } + pub async fn bgp_update_announce_set( + &self, + opctx: &OpContext, + announce: ¶ms::BgpAnnounceSetCreate, + ) -> CreateResult<(BgpAnnounceSet, Vec)> { + use db::schema::bgp_announce_set::dsl as announce_set_dsl; + use db::schema::bgp_announcement::dsl as bgp_announcement_dsl; + + let conn = self.pool_connection_authorized(opctx).await?; + + self.transaction_retry_wrapper("bgp_update_announce_set") + .transaction(&conn, |conn| async move { + let bas: BgpAnnounceSet = announce.clone().into(); + + // ensure the announce set exists + let found_as: Option = + announce_set_dsl::bgp_announce_set + .filter( + announce_set_dsl::name + .eq(Name::from(bas.name().clone())), + ) + .filter(announce_set_dsl::time_deleted.is_null()) + .select(BgpAnnounceSet::as_select()) + .limit(1) + .first_async(&conn) + .await + .ok(); + + let db_as = match found_as { + Some(v) => v, + None => { + diesel::insert_into(announce_set_dsl::bgp_announce_set) + .values(bas.clone()) + .returning(BgpAnnounceSet::as_returning()) + .get_result_async::(&conn) + .await? + } + }; + + // clear existing announcements + diesel::delete(bgp_announcement_dsl::bgp_announcement) + .filter( + bgp_announcement_dsl::announce_set_id.eq(db_as.id()), + ) + .execute_async(&conn) + .await?; + + // repopulate announcements + let mut db_annoucements = Vec::new(); + for a in &announce.announcement { + let an = BgpAnnouncement { + announce_set_id: db_as.id(), + address_lot_block_id: bas.identity.id, + network: a.network.into(), + }; + let db_an = diesel::insert_into( + bgp_announcement_dsl::bgp_announcement, + ) + .values(an.clone()) + .returning(BgpAnnouncement::as_returning()) + .get_result_async::(&conn) + .await?; + + db_annoucements.push(db_an); + } + + Ok((db_as, db_annoucements)) + }) + .await + .map_err(|e| public_error_from_diesel(e, ErrorHandler::Server)) + } + pub async fn bgp_create_announce_set( &self, opctx: &OpContext, diff --git a/nexus/db-queries/src/db/datastore/switch_port.rs b/nexus/db-queries/src/db/datastore/switch_port.rs index d373ae2f5b..159933dce0 100644 --- a/nexus/db-queries/src/db/datastore/switch_port.rs +++ b/nexus/db-queries/src/db/datastore/switch_port.rs @@ -336,13 +336,7 @@ impl DataStore { } } else { - public_error_from_diesel( - e, - ErrorHandler::Conflict( - ResourceType::SwitchPortSettings, - params.identity.name.as_str(), - ), - ) + public_error_from_diesel(e, ErrorHandler::Server) } }) } @@ -1451,6 +1445,36 @@ async fn do_switch_port_settings_delete( .execute_async(conn) .await?; + // delete allowed exports + use db::schema::switch_port_settings_bgp_peer_config_allow_export as allow_export; + use db::schema::switch_port_settings_bgp_peer_config_allow_export::dsl as allow_export_dsl; + diesel::delete( + allow_export_dsl::switch_port_settings_bgp_peer_config_allow_export, + ) + .filter(allow_export::port_settings_id.eq(id)) + .execute_async(conn) + .await?; + + // delete allowed imports + use db::schema::switch_port_settings_bgp_peer_config_allow_import as allow_import; + use db::schema::switch_port_settings_bgp_peer_config_allow_import::dsl as allow_import_dsl; + diesel::delete( + allow_import_dsl::switch_port_settings_bgp_peer_config_allow_import, + ) + .filter(allow_import::port_settings_id.eq(id)) + .execute_async(conn) + .await?; + + // delete communities + use db::schema::switch_port_settings_bgp_peer_config_communities as bgp_communities; + use db::schema::switch_port_settings_bgp_peer_config_communities::dsl as bgp_communities_dsl; + diesel::delete( + bgp_communities_dsl::switch_port_settings_bgp_peer_config_communities, + ) + .filter(bgp_communities::port_settings_id.eq(id)) + .execute_async(conn) + .await?; + // delete address configs use db::schema::switch_port_settings_address_config::{ self as address_config, dsl as address_config_dsl, diff --git a/nexus/src/app/bgp.rs b/nexus/src/app/bgp.rs index b6e3f25263..118011500a 100644 --- a/nexus/src/app/bgp.rs +++ b/nexus/src/app/bgp.rs @@ -53,14 +53,18 @@ impl super::Nexus { Ok(result) } - pub async fn bgp_create_announce_set( + pub async fn bgp_update_announce_set( &self, opctx: &OpContext, announce: ¶ms::BgpAnnounceSetCreate, ) -> CreateResult<(BgpAnnounceSet, Vec)> { opctx.authorize(authz::Action::Modify, &authz::FLEET).await?; let result = - self.db_datastore.bgp_create_announce_set(opctx, announce).await?; + self.db_datastore.bgp_update_announce_set(opctx, announce).await?; + + // eagerly propagate changes via rpw + self.background_tasks + .activate(&self.background_tasks.task_switch_port_settings_manager); Ok(result) } diff --git a/nexus/src/app/switch_port.rs b/nexus/src/app/switch_port.rs index 57ebe5eee7..9726a59d33 100644 --- a/nexus/src/app/switch_port.rs +++ b/nexus/src/app/switch_port.rs @@ -43,8 +43,12 @@ impl super::Nexus { ) .await { - Ok(id) => self.switch_port_settings_update(opctx, id, params).await, + Ok(id) => { + info!(self.log, "updating port settings {id}"); + self.switch_port_settings_update(opctx, id, params).await + } Err(_) => { + info!(self.log, "creating new switch port settings"); self.switch_port_settings_create(opctx, params, None).await } } diff --git a/nexus/src/external_api/http_entrypoints.rs b/nexus/src/external_api/http_entrypoints.rs index 2678768b48..1e11004191 100644 --- a/nexus/src/external_api/http_entrypoints.rs +++ b/nexus/src/external_api/http_entrypoints.rs @@ -278,7 +278,7 @@ pub(crate) fn external_api() -> NexusApiDescription { api.register(networking_bgp_status)?; api.register(networking_bgp_imported_routes_ipv4)?; api.register(networking_bgp_config_delete)?; - api.register(networking_bgp_announce_set_create)?; + api.register(networking_bgp_announce_set_update)?; api.register(networking_bgp_announce_set_list)?; api.register(networking_bgp_announce_set_delete)?; api.register(networking_bgp_message_history)?; @@ -4059,13 +4059,16 @@ async fn networking_bgp_config_delete( .await } -/// Create new BGP announce set +/// Update BGP announce set +/// +/// If the announce set exists, this endpoint replaces the existing announce +/// set with the one specified. #[endpoint { - method = POST, + method = PUT, path = "/v1/system/networking/bgp-announce", tags = ["system/networking"], }] -async fn networking_bgp_announce_set_create( +async fn networking_bgp_announce_set_update( rqctx: RequestContext, config: TypedBody, ) -> Result, HttpError> { @@ -4074,7 +4077,7 @@ async fn networking_bgp_announce_set_create( let nexus = &apictx.context.nexus; let config = config.into_inner(); let opctx = crate::context::op_context_for_external_api(&rqctx).await?; - let result = nexus.bgp_create_announce_set(&opctx, &config).await?; + let result = nexus.bgp_update_announce_set(&opctx, &config).await?; Ok(HttpResponseCreated::(result.0.into())) }; apictx diff --git a/nexus/tests/integration_tests/endpoints.rs b/nexus/tests/integration_tests/endpoints.rs index a29b45c4ce..52d9e14e35 100644 --- a/nexus/tests/integration_tests/endpoints.rs +++ b/nexus/tests/integration_tests/endpoints.rs @@ -2307,7 +2307,7 @@ pub static VERIFY_ENDPOINTS: Lazy> = Lazy::new(|| { visibility: Visibility::Public, unprivileged_access: UnprivilegedAccess::None, allowed_methods: vec![ - AllowedMethod::Post( + AllowedMethod::Put( serde_json::to_value(&*DEMO_BGP_ANNOUNCE).unwrap(), ), AllowedMethod::GetNonexistent, diff --git a/nexus/tests/output/nexus_tags.txt b/nexus/tests/output/nexus_tags.txt index 35d8c32561..4af018c5af 100644 --- a/nexus/tests/output/nexus_tags.txt +++ b/nexus/tests/output/nexus_tags.txt @@ -179,9 +179,9 @@ networking_allow_list_view GET /v1/system/networking/allow-li networking_bfd_disable POST /v1/system/networking/bfd-disable networking_bfd_enable POST /v1/system/networking/bfd-enable networking_bfd_status GET /v1/system/networking/bfd-status -networking_bgp_announce_set_create POST /v1/system/networking/bgp-announce networking_bgp_announce_set_delete DELETE /v1/system/networking/bgp-announce networking_bgp_announce_set_list GET /v1/system/networking/bgp-announce +networking_bgp_announce_set_update PUT /v1/system/networking/bgp-announce networking_bgp_config_create POST /v1/system/networking/bgp networking_bgp_config_delete DELETE /v1/system/networking/bgp networking_bgp_config_list GET /v1/system/networking/bgp diff --git a/openapi/nexus.json b/openapi/nexus.json index 2489639646..67c89e1b0c 100644 --- a/openapi/nexus.json +++ b/openapi/nexus.json @@ -6630,12 +6630,13 @@ } } }, - "post": { + "put": { "tags": [ "system/networking" ], - "summary": "Create new BGP announce set", - "operationId": "networking_bgp_announce_set_create", + "summary": "Update BGP announce set", + "description": "If the announce set exists, this endpoint replaces the existing announce set with the one specified.", + "operationId": "networking_bgp_announce_set_update", "requestBody": { "content": { "application/json": { diff --git a/package-manifest.toml b/package-manifest.toml index 1c39dcb151..9484d933d2 100644 --- a/package-manifest.toml +++ b/package-manifest.toml @@ -563,10 +563,10 @@ source.repo = "maghemite" # `tools/maghemite_openapi_version`. Failing to do so will cause a failure when # building `ddm-admin-client` (which will instruct you to update # `tools/maghemite_openapi_version`). -source.commit = "6e0a232fd0b443c19f61f94bf02b7695505aa8e3" +source.commit = "d1686c86f92ead77e07ddc6024837dee4a401d6d" # The SHA256 digest is automatically posted to: # https://buildomat.eng.oxide.computer/public/file/oxidecomputer/maghemite/image//mg-ddm-gz.sha256.txt -source.sha256 = "01b63e4b2b9537b223a417b9283cefb998ae8a3180108b7fbd7710adcf49bbf0" +source.sha256 = "280bd6e5c30d8f1076bac9b8dbbdbc45379e76259aa6319da257192fcbf64a54" output.type = "tarball" [package.mg-ddm] @@ -579,10 +579,10 @@ source.repo = "maghemite" # `tools/maghemite_openapi_version`. Failing to do so will cause a failure when # building `ddm-admin-client` (which will instruct you to update # `tools/maghemite_openapi_version`). -source.commit = "6e0a232fd0b443c19f61f94bf02b7695505aa8e3" +source.commit = "d1686c86f92ead77e07ddc6024837dee4a401d6d" # The SHA256 digest is automatically posted to: # https://buildomat.eng.oxide.computer/public/file/oxidecomputer/maghemite/image//mg-ddm.sha256.txt -source.sha256 = "29ac6f5f61795795a2b1026606ac43d48435f1d685d2db2ab097aaaa9c5d6e6c" +source.sha256 = "f15f8bb0e13b1a9372c895775dae96b68ff1cc5e395e6bad4389c2a97957354e" output.type = "zone" output.intermediate_only = true @@ -594,10 +594,10 @@ source.repo = "maghemite" # `tools/maghemite_openapi_version`. Failing to do so will cause a failure when # building `ddm-admin-client` (which will instruct you to update # `tools/maghemite_openapi_version`). -source.commit = "6e0a232fd0b443c19f61f94bf02b7695505aa8e3" +source.commit = "d1686c86f92ead77e07ddc6024837dee4a401d6d" # The SHA256 digest is automatically posted to: # https://buildomat.eng.oxide.computer/public/file/oxidecomputer/maghemite/image//mgd.sha256.txt -source.sha256 = "49f5224ea5f5078c11d71098fea29db9aafe9575876825f4e0216d9c64361f55" +source.sha256 = "b0223e0aad4c22bf980da17084caf6704d0428bad1b3e5daf54e7d415ce82d3e" output.type = "zone" output.intermediate_only = true diff --git a/tools/maghemite_ddm_openapi_version b/tools/maghemite_ddm_openapi_version index 001b707f25..980081379e 100644 --- a/tools/maghemite_ddm_openapi_version +++ b/tools/maghemite_ddm_openapi_version @@ -1,2 +1,2 @@ -COMMIT="6e0a232fd0b443c19f61f94bf02b7695505aa8e3" +COMMIT="d1686c86f92ead77e07ddc6024837dee4a401d6d" SHA2="007bfb717ccbc077c0250dee3121aeb0c5bb0d1c16795429a514fa4f8635a5ef" diff --git a/tools/maghemite_mg_openapi_version b/tools/maghemite_mg_openapi_version index 61901b1562..a0f7ac10ec 100644 --- a/tools/maghemite_mg_openapi_version +++ b/tools/maghemite_mg_openapi_version @@ -1,2 +1,2 @@ -COMMIT="6e0a232fd0b443c19f61f94bf02b7695505aa8e3" +COMMIT="d1686c86f92ead77e07ddc6024837dee4a401d6d" SHA2="e4b42ab9daad90f0c561a830b62a9d17e294b4d0da0a6d44b4030929b0c37b7e" diff --git a/tools/maghemite_mgd_checksums b/tools/maghemite_mgd_checksums index 7c62e15a73..2e7d8a863c 100644 --- a/tools/maghemite_mgd_checksums +++ b/tools/maghemite_mgd_checksums @@ -1,2 +1,2 @@ -CIDL_SHA256="49f5224ea5f5078c11d71098fea29db9aafe9575876825f4e0216d9c64361f55" -MGD_LINUX_SHA256="48aa39bb2d68a81be5ad49986d9ebd3cbad64eee0bd6b4556c91b089760265ec" +CIDL_SHA256="b0223e0aad4c22bf980da17084caf6704d0428bad1b3e5daf54e7d415ce82d3e" +MGD_LINUX_SHA256="776f18e9e7fc905d5a2f33d1a1bdd8863ed988bb2965a222217ec06790a3f452" \ No newline at end of file diff --git a/tools/update_maghemite.sh b/tools/update_maghemite.sh index b2b31ca58a..77f5d80a0c 100755 --- a/tools/update_maghemite.sh +++ b/tools/update_maghemite.sh @@ -23,6 +23,45 @@ PACKAGES=( REPO="oxidecomputer/maghemite" . "$SOURCE_DIR/update_helpers.sh" +function update_openapi { + TARGET_COMMIT="$1" + DRY_RUN="$2" + DAEMON="$3" + SHA=$(get_sha "$REPO" "$TARGET_COMMIT" "${DAEMON}-admin.json" "openapi") + OUTPUT=$(printf "COMMIT=\"%s\"\nSHA2=\"%s\"\n" "$TARGET_COMMIT" "$SHA") + + if [ -n "$DRY_RUN" ]; then + OPENAPI_PATH="/dev/null" + else + OPENAPI_PATH="$SOURCE_DIR/maghemite_${DAEMON}_openapi_version" + fi + echo "Updating Maghemite OpenAPI from: $TARGET_COMMIT" + set -x + echo "$OUTPUT" > "$OPENAPI_PATH" + set +x +} + +function update_mgd { + TARGET_COMMIT="$1" + DRY_RUN="$2" + DAEMON="$3" + SHA=$(get_sha "$REPO" "$TARGET_COMMIT" "mgd" "image") + OUTPUT=$(printf "CIDL_SHA256=\"%s\"\n" "$SHA") + + SHA_LINUX=$(get_sha "$REPO" "$TARGET_COMMIT" "mgd" "linux") + OUTPUT_LINUX=$(printf "MGD_LINUX_SHA256=\"%s\"\n" "$SHA_LINUX") + + if [ -n "$DRY_RUN" ]; then + MGD_PATH="/dev/null" + else + MGD_PATH="$SOURCE_DIR/maghemite_mgd_checksums" + fi + echo "Updating Maghemite mgd from: $TARGET_COMMIT" + set -x + printf "$OUTPUT\n$OUTPUT_LINUX" > $MGD_PATH + set +x +} + function main { TARGET_COMMIT="" DRY_RUN="" @@ -47,6 +86,9 @@ function main { TARGET_COMMIT=$(get_latest_commit_from_gh "$REPO" "$TARGET_BRANCH") fi install_toml2json + update_mgd "$TARGET_COMMIT" "$DRY_RUN" + update_openapi "$TARGET_COMMIT" "$DRY_RUN" ddm + update_openapi "$TARGET_COMMIT" "$DRY_RUN" mg do_update_packages "$TARGET_COMMIT" "$DRY_RUN" "$REPO" "${PACKAGES[@]}" } diff --git a/workspace-hack/Cargo.toml b/workspace-hack/Cargo.toml index 977936d653..cd76fd2611 100644 --- a/workspace-hack/Cargo.toml +++ b/workspace-hack/Cargo.toml @@ -92,7 +92,7 @@ ring = { version = "0.17.8", features = ["std"] } schemars = { version = "0.8.21", features = ["bytes", "chrono", "uuid1"] } scopeguard = { version = "1.2.0" } semver = { version = "1.0.23", features = ["serde"] } -serde = { version = "1.0.203", features = ["alloc", "derive", "rc"] } +serde = { version = "1.0.204", features = ["alloc", "derive", "rc"] } serde_json = { version = "1.0.120", features = ["raw_value", "unbounded_depth"] } sha2 = { version = "0.10.8", features = ["oid"] } similar = { version = "2.5.0", features = ["inline", "unicode"] } @@ -196,7 +196,7 @@ ring = { version = "0.17.8", features = ["std"] } schemars = { version = "0.8.21", features = ["bytes", "chrono", "uuid1"] } scopeguard = { version = "1.2.0" } semver = { version = "1.0.23", features = ["serde"] } -serde = { version = "1.0.203", features = ["alloc", "derive", "rc"] } +serde = { version = "1.0.204", features = ["alloc", "derive", "rc"] } serde_json = { version = "1.0.120", features = ["raw_value", "unbounded_depth"] } sha2 = { version = "0.10.8", features = ["oid"] } similar = { version = "2.5.0", features = ["inline", "unicode"] }