"lookup_resource" macro needs to be more flexible (#905)

oxidecomputer · Apr 13, 2022 · f380f83 · f380f83
1 parent 7948781
commit f380f83
Show file tree

Hide file tree

Showing 15 changed files with 502 additions and 229 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/common/src/api/external/error.rs b/common/src/api/external/error.rs
@@ -68,6 +68,9 @@ pub enum LookupType {
     ById(Uuid),
     /// a session token was requested
     BySessionToken(String),
+    /// a specific id was requested with some composite type
+    /// (caller summarizes it)
+    ByCompositeId(String),
 }
 
 impl LookupType {
@@ -160,6 +163,7 @@ impl From<Error> for HttpError {
                 let (lookup_field, lookup_value) = match lt {
                     LookupType::ByName(name) => ("name", name),
                     LookupType::ById(id) => ("id", id.to_string()),
+                    LookupType::ByCompositeId(label) => ("id", label),
                     LookupType::BySessionToken(token) => {
                         ("session token", token)
                     }

diff --git a/common/src/api/external/mod.rs b/common/src/api/external/mod.rs
@@ -537,6 +537,7 @@ pub enum ResourceType {
     Oximeter,
     MetricProducer,
     Role,
+    UpdateAvailableArtifact,
     User,
     Zpool,
 }

diff --git a/common/src/api/internal/nexus.rs b/common/src/api/internal/nexus.rs
@@ -88,7 +88,15 @@ pub struct UpdateArtifact {
 /// Kinds of update artifacts, as used by Nexus to determine what updates are available and by
 /// sled-agent to determine how to apply an update when asked.
 #[derive(
-    Clone, Copy, Debug, PartialEq, Display, Deserialize, Serialize, JsonSchema,
+    Clone,
+    Copy,
+    Debug,
+    PartialEq,
+    Eq,
+    Display,
+    Deserialize,
+    Serialize,
+    JsonSchema,
 )]
 #[display(style = "kebab-case")]
 #[serde(rename_all = "kebab-case")]

diff --git a/nexus/src/authz/api_resources.rs b/nexus/src/authz/api_resources.rs
@@ -38,6 +38,7 @@ use crate::authn;
 use crate::context::OpContext;
 use crate::db::fixed_data::FLEET_ID;
 use crate::db::model::Name;
+use crate::db::model::UpdateArtifactKind;
 use crate::db::DataStore;
 use authz_macros::authz_resource;
 use futures::future::BoxFuture;
@@ -262,6 +263,14 @@ authz_resource! {
 
 // Miscellaneous resources nested directly below "Fleet"
 
+authz_resource! {
+    name = "SiloUser",
+    parent = "Fleet",
+    primary_key = Uuid,
+    roles_allowed = false,
+    polar_snippet = FleetChild,
+}
+
 authz_resource! {
     name = "Role",
     parent = "Fleet",
@@ -293,3 +302,11 @@ authz_resource! {
     roles_allowed = false,
     polar_snippet = FleetChild,
 }
+
+authz_resource! {
+    name = "UpdateAvailableArtifact",
+    parent = "Fleet",
+    primary_key = (String, i64, UpdateArtifactKind),
+    roles_allowed = false,
+    polar_snippet = FleetChild,
+}
diff --git a/nexus/src/authz/mod.rs b/nexus/src/authz/mod.rs
@@ -162,22 +162,7 @@
 mod actor;
 
 mod api_resources;
-pub use api_resources::ApiResourceError;
-pub use api_resources::Disk;
-pub use api_resources::Fleet;
-pub use api_resources::Instance;
-pub use api_resources::NetworkInterface;
-pub use api_resources::Organization;
-pub use api_resources::Project;
-pub use api_resources::Rack;
-pub use api_resources::Role;
-pub use api_resources::RouterRoute;
-pub use api_resources::Sled;
-pub use api_resources::User;
-pub use api_resources::Vpc;
-pub use api_resources::VpcRouter;
-pub use api_resources::VpcSubnet;
-pub use api_resources::FLEET;
+pub use api_resources::*;
 
 mod context;
 pub use context::AuthorizedResource;

diff --git a/nexus/src/authz/oso_generic.rs b/nexus/src/authz/oso_generic.rs
@@ -60,6 +60,7 @@ pub fn make_omicron_oso() -> Result<Oso, anyhow::Error> {
         RouterRoute::init(),
         VpcSubnet::init(),
         Role::init(),
+        UpdateAvailableArtifact::init(),
         User::init(),
         Rack::init(),
         Sled::init(),

diff --git a/nexus/src/db/datastore.rs b/nexus/src/db/datastore.rs
@@ -53,7 +53,6 @@ use omicron_common::api::external::UpdateResult;
 use omicron_common::api::external::{
     CreateResult, IdentityMetadataCreateParams,
 };
-use omicron_common::api::internal::nexus::UpdateArtifact;
 use omicron_common::bail_unless;
 use std::convert::{TryFrom, TryInto};
 use std::net::Ipv6Addr;
@@ -70,9 +69,9 @@ use crate::db::{
         Name, NetworkInterface, Organization, OrganizationUpdate, OximeterInfo,
         ProducerEndpoint, Project, ProjectUpdate, Region,
         RoleAssignmentBuiltin, RoleBuiltin, RouterRoute, RouterRouteUpdate,
-        Silo, SiloUser, Sled, UpdateArtifactKind, UpdateAvailableArtifact,
-        UserBuiltin, Volume, Vpc, VpcFirewallRule, VpcRouter, VpcRouterUpdate,
-        VpcSubnet, VpcSubnetUpdate, VpcUpdate, Zpool,
+        Silo, SiloUser, Sled, UpdateAvailableArtifact, UserBuiltin, Volume,
+        Vpc, VpcFirewallRule, VpcRouter, VpcRouterUpdate, VpcSubnet,
+        VpcSubnetUpdate, VpcUpdate, Zpool,
     },
     pagination::paginated,
     pagination::paginated_multicolumn,
@@ -2554,32 +2553,6 @@ impl DataStore {
             })
     }
 
-    pub async fn update_available_artifact_fetch(
-        &self,
-        opctx: &OpContext,
-        artifact: &UpdateArtifact,
-    ) -> LookupResult<UpdateAvailableArtifact> {
-        opctx.authorize(authz::Action::Read, &authz::FLEET).await?;
-
-        use db::schema::update_available_artifact::dsl;
-        dsl::update_available_artifact
-            .filter(
-                dsl::name
-                    .eq(artifact.name.clone())
-                    .and(dsl::version.eq(artifact.version))
-                    .and(dsl::kind.eq(UpdateArtifactKind(artifact.kind))),
-            )
-            .select(UpdateAvailableArtifact::as_select())
-            .first_async(self.pool_authorized(opctx).await?)
-            .await
-            .map_err(|e| {
-                Error::internal_error(&format!(
-                    "error fetching artifact: {:?}",
-                    e
-                ))
-            })
-    }
-
     pub async fn silo_user_fetch(
         &self,
         silo_user_id: Uuid,

diff --git a/nexus/src/db/db-macros/Cargo.toml b/nexus/src/db/db-macros/Cargo.toml
@@ -15,3 +15,6 @@ quote = { version = "1.0" }
 serde = { version = "1.0", features = [ "derive" ] }
 serde_tokenstream = "0.1"
 syn = { version = "1.0", features = [ "full", "derive", "extra-traits" ] }
+
+[dev-dependencies]
+rustfmt-wrapper = "0.1"
diff --git a/nexus/src/db/db-macros/src/lib.rs b/nexus/src/db/db-macros/src/lib.rs
@@ -29,6 +29,9 @@ mod lookup;
 ///     name = "Organization",
 ///     ancestors = [],
 ///     children = [ "Project" ],
+///     lookup_by_name = true,
+///     soft_deletes = true,
+///     primary_key_columns = [ { column_name = "id", rust_type = Uuid } ]
 /// }
 /// ```
 ///
@@ -46,12 +49,18 @@ mod lookup;
 ///     name = "Organization",
 ///     ancestors = [],
 ///     children = [ "Project" ],
+///     lookup_by_name = true,
+///     soft_deletes = true,
+///     primary_key_columns = [ { column_name = "id", rust_type = Uuid } ]
 /// }
 ///
 /// lookup_resource! {
 ///     name = "Instance",
 ///     ancestors = [ "Organization", "Project" ],
 ///     children = [],
+///     lookup_by_name = true,
+///     soft_deletes = true,
+///     primary_key_columns = [ { column_name = "id", rust_type = Uuid } ]
 /// }
 /// ```
 ///
-Original file line number
+Diff line change
@@ Expand Up / @@ -537,6 +537,7 @@ pub enum ResourceType { @@
         Oximeter,
         MetricProducer,
         Role,
+        UpdateAvailableArtifact,
         User,
         Zpool,
     }
@@ Expand Down @@