[2/n] store blueprint zone image source in database (#7849)

As discussed in [RFD 554](https://rfd.shared.oxide.computer/rfd/554), we
only store zone image artifact hashes in the database, and look up
versions via a left join (so it is allowed to fail).

This lookup requires the kind + hash to be unique, so we add a database
and app-level constraint for that, mirroring the constraint implemented
in oxidecomputer/tufaceous#16.

Also change `tuf_artifact`'s `version` field to 64 bytes per [this
discussion](#7832 (comment)).

Author: sunshowers

clients/nexus-client/src/lib.rs

@@ -31,6 +31,7 @@ progenitor::generate_api!(
         Blueprint = nexus_types::deployment::Blueprint,
         BlueprintPhysicalDiskConfig = nexus_types::deployment::BlueprintPhysicalDiskConfig,
         BlueprintPhysicalDiskDisposition = nexus_types::deployment::BlueprintPhysicalDiskDisposition,
+        BlueprintZoneImageSource = nexus_types::deployment::BlueprintZoneImageSource,
         Certificate = omicron_common::api::internal::nexus::Certificate,
         ClickhouseMode = nexus_types::deployment::ClickhouseMode,
         ClickhousePolicy = nexus_types::deployment::ClickhousePolicy,

dev-tools/reconfigurator-cli/src/main.rs

@@ -26,6 +26,7 @@ use nexus_reconfigurator_simulation::SimStateBuilder;
 use nexus_reconfigurator_simulation::Simulator;
 use nexus_types::deployment::BlueprintZoneDisposition;
 use nexus_types::deployment::BlueprintZoneImageSource;
+use nexus_types::deployment::BlueprintZoneImageVersion;
 use nexus_types::deployment::OmicronZoneNic;
 use nexus_types::deployment::PlanningInput;
 use nexus_types::deployment::SledFilter;
@@ -53,6 +54,7 @@ use swrite::{SWrite, swriteln};
 use tabled::Tabled;
 use tufaceous_artifact::ArtifactHash;
 use tufaceous_artifact::ArtifactVersion;
+use tufaceous_artifact::ArtifactVersionError;
 
 mod log_capture;
 
@@ -464,7 +466,11 @@ enum ImageSourceArgs {
     /// the zone image comes from the `install` dataset
     InstallDataset,
     /// the zone image comes from a specific TUF repo artifact
-    Artifact { version: ArtifactVersion, hash: ArtifactHash },
+    Artifact {
+        #[clap(value_parser = parse_blueprint_zone_image_version)]
+        version: BlueprintZoneImageVersion,
+        hash: ArtifactHash,
+    },
 }
 
 impl From<ImageSourceArgs> for BlueprintZoneImageSource {
@@ -480,6 +486,19 @@ impl From<ImageSourceArgs> for BlueprintZoneImageSource {
     }
 }
 
+fn parse_blueprint_zone_image_version(
+    version: &str,
+) -> Result<BlueprintZoneImageVersion, ArtifactVersionError> {
+    // Treat the literal string "unknown" as an unknown version.
+    if version == "unknown" {
+        return Ok(BlueprintZoneImageVersion::Unknown);
+    }
+
+    Ok(BlueprintZoneImageVersion::Available {
+        version: version.parse::<ArtifactVersion>()?,
+    })
+}
+
 #[derive(Debug, Args)]
 struct BlueprintArgs {
     /// id of the blueprint

nexus/db-model/src/deployment.rs

@@ -9,8 +9,8 @@ use crate::inventory::ZoneType;
 use crate::omicron_zone_config::{self, OmicronZoneNic};
 use crate::typed_uuid::DbTypedUuid;
 use crate::{
-    ByteCount, Generation, MacAddr, Name, SledState, SqlU8, SqlU16, SqlU32,
-    impl_enum_type, ipv6,
+    ArtifactHash, ByteCount, Generation, MacAddr, Name, SledState, SqlU8,
+    SqlU16, SqlU32, TufArtifact, impl_enum_type, ipv6,
 };
 use anyhow::{Context, Result, anyhow, bail};
 use chrono::{DateTime, Utc};
@@ -24,7 +24,6 @@ use nexus_db_schema::schema::{
     bp_sled_metadata, bp_target,
 };
 use nexus_sled_agent_shared::inventory::OmicronZoneDataset;
-use nexus_types::deployment::BlueprintDatasetConfig;
 use nexus_types::deployment::BlueprintDatasetDisposition;
 use nexus_types::deployment::BlueprintPhysicalDiskConfig;
 use nexus_types::deployment::BlueprintPhysicalDiskDisposition;
@@ -34,6 +33,9 @@ use nexus_types::deployment::BlueprintZoneDisposition;
 use nexus_types::deployment::BlueprintZoneType;
 use nexus_types::deployment::ClickhouseClusterConfig;
 use nexus_types::deployment::CockroachDbPreserveDowngrade;
+use nexus_types::deployment::{
+    BlueprintDatasetConfig, BlueprintZoneImageVersion,
+};
 use nexus_types::deployment::{BlueprintZoneImageSource, blueprint_zone_type};
 use nexus_types::deployment::{
     OmicronZoneExternalFloatingAddr, OmicronZoneExternalFloatingIp,
@@ -449,6 +451,9 @@ pub struct BpOmicronZone {
 
     pub external_ip_id: Option<DbTypedUuid<ExternalIpKind>>,
     pub filesystem_pool: DbTypedUuid<ZpoolKind>,
+
+    pub image_source: DbBpZoneImageSource,
+    pub image_artifact_sha256: Option<ArtifactHash>,
 }
 
 impl BpOmicronZone {
@@ -468,6 +473,9 @@ impl BpOmicronZone {
             expunged_ready_for_cleanup: disposition_expunged_ready_for_cleanup,
         } = blueprint_zone.disposition.into();
 
+        let DbBpZoneImageSourceColumns { image_source, image_artifact_data } =
+            blueprint_zone.image_source.clone().into();
+
         // Create a dummy record to start, then fill in the rest
         let mut bp_omicron_zone = BpOmicronZone {
             // Fill in the known fields that don't require inspecting
@@ -481,6 +489,11 @@ impl BpOmicronZone {
             disposition_expunged_as_of_generation,
             disposition_expunged_ready_for_cleanup,
             zone_type: blueprint_zone.zone_type.kind().into(),
+            image_source,
+            // The version is not preserved here -- instead, it is looked up
+            // from the tuf_artifact table.
+            image_artifact_sha256: image_artifact_data
+                .map(|(_version, hash)| hash),
 
             // Set the remainder of the fields to a default
             primary_service_ip: "::1"
@@ -685,6 +698,7 @@ impl BpOmicronZone {
     pub fn into_blueprint_zone_config(
         self,
         nic_row: Option<BpOmicronZoneNic>,
+        image_artifact_row: Option<TufArtifact>,
     ) -> anyhow::Result<BlueprintZoneConfig> {
         // Build up a set of common fields for our `BlueprintZoneType`s
         //
@@ -871,14 +885,20 @@ impl BpOmicronZone {
                 .disposition_expunged_ready_for_cleanup,
         };
 
+        let image_source_cols = DbBpZoneImageSourceColumns::new(
+            self.image_source,
+            self.image_artifact_sha256,
+            image_artifact_row,
+        );
+
         Ok(BlueprintZoneConfig {
             disposition: disposition_cols.try_into()?,
             id: self.id.into(),
             filesystem_pool: ZpoolName::new_external(
                 self.filesystem_pool.into(),
             ),
             zone_type,
-            image_source: BlueprintZoneImageSource::InstallDataset,
+            image_source: image_source_cols.try_into()?,
         })
     }
 }
@@ -958,6 +978,93 @@ impl TryFrom<DbBpZoneDispositionColumns> for BlueprintZoneDisposition {
     }
 }
 
+impl_enum_type!(
+    BpZoneImageSourceEnum:
+
+    #[derive(Clone, Copy, Debug, AsExpression, FromSqlRow, PartialEq)]
+    pub enum DbBpZoneImageSource;
+
+    // Enum values
+    InstallDataset => b"install_dataset"
+    Artifact => b"artifact"
+);
+
+struct DbBpZoneImageSourceColumns {
+    image_source: DbBpZoneImageSource,
+    // image_artifact_data is Some if and only if image_source is Artifact.
+    //
+    // The BlueprintZoneImageVersion is not actually stored in bp_omicron_zone
+    // table directly, but is instead looked up from the tuf_artifact table at
+    // blueprint load time.
+    image_artifact_data: Option<(BlueprintZoneImageVersion, ArtifactHash)>,
+}
+
+impl DbBpZoneImageSourceColumns {
+    fn new(
+        image_source: DbBpZoneImageSource,
+        image_artifact_sha256: Option<ArtifactHash>,
+        image_artifact_row: Option<TufArtifact>,
+    ) -> Self {
+        // Note that artifact_row can only be Some if image_artifact_sha256 is
+        // Some.
+        let image_artifact_data = image_artifact_sha256.map(|hash| {
+            let version = match image_artifact_row {
+                Some(artifact_row) => BlueprintZoneImageVersion::Available {
+                    version: artifact_row.version.0,
+                },
+                None => BlueprintZoneImageVersion::Unknown,
+            };
+            (version, hash)
+        });
+        Self { image_source, image_artifact_data }
+    }
+}
+
+impl From<BlueprintZoneImageSource> for DbBpZoneImageSourceColumns {
+    fn from(image_source: BlueprintZoneImageSource) -> Self {
+        match image_source {
+            BlueprintZoneImageSource::InstallDataset => Self {
+                image_source: DbBpZoneImageSource::InstallDataset,
+                image_artifact_data: None,
+            },
+            BlueprintZoneImageSource::Artifact { version, hash } => Self {
+                image_source: DbBpZoneImageSource::Artifact,
+                image_artifact_data: Some((version, hash.into())),
+            },
+        }
+    }
+}
+
+impl TryFrom<DbBpZoneImageSourceColumns> for BlueprintZoneImageSource {
+    type Error = anyhow::Error;
+
+    fn try_from(
+        value: DbBpZoneImageSourceColumns,
+    ) -> Result<Self, Self::Error> {
+        match (value.image_source, value.image_artifact_data) {
+            (DbBpZoneImageSource::Artifact, Some((version, hash))) => {
+                Ok(Self::Artifact { version, hash: hash.into() })
+            }
+            (DbBpZoneImageSource::Artifact, None) => Err(anyhow!(
+                "illegal database state (CHECK constraint broken?!): \
+                 image_source {:?}, image_artifact_data None",
+                value.image_source,
+            )),
+            (DbBpZoneImageSource::InstallDataset, data @ Some(_)) => {
+                Err(anyhow!(
+                    "illegal database state (CHECK constraint broken?!): \
+                 image_source {:?}, image_artifact_data {:?}",
+                    value.image_source,
+                    data,
+                ))
+            }
+            (DbBpZoneImageSource::InstallDataset, None) => {
+                Ok(Self::InstallDataset)
+            }
+        }
+    }
+}
+
 #[derive(Queryable, Clone, Debug, Selectable, Insertable)]
 #[diesel(table_name = bp_omicron_zone_nic)]
 pub struct BpOmicronZoneNic {

nexus/db-model/src/schema_versions.rs

@@ -16,7 +16,7 @@ use std::{collections::BTreeMap, sync::LazyLock};
 ///
 /// This must be updated when you change the database schema.  Refer to
 /// schema/crdb/README.adoc in the root of this repository for details.
-pub const SCHEMA_VERSION: Version = Version::new(134, 0, 0);
+pub const SCHEMA_VERSION: Version = Version::new(135, 0, 0);
 
 /// List of all past database schema versions, in *reverse* order
 ///
@@ -28,6 +28,7 @@ static KNOWN_VERSIONS: LazyLock<Vec<KnownVersion>> = LazyLock::new(|| {
         // |  leaving the first copy as an example for the next person.
         // v
         // KnownVersion::new(next_int, "unique-dirname-with-the-sql-files"),
+        KnownVersion::new(135, "blueprint-zone-image-source"),
         KnownVersion::new(134, "crucible-agent-reservation-overhead"),
         KnownVersion::new(133, "delete-defunct-reservations"),
         KnownVersion::new(132, "bp-omicron-zone-filesystem-pool-not-null"),

nexus/db-model/src/tuf_repo.rs

@@ -285,11 +285,13 @@ pub struct TufRepoArtifact {
     Copy,
     Clone,
     Debug,
+    Hash,
+    PartialEq,
+    Eq,
     AsExpression,
     FromSqlRow,
     Serialize,
     Deserialize,
-    PartialEq,
 )]
 #[diesel(sql_type = Text)]
 #[serde(transparent)]