Extract (a subset of) nexus::external_api into new nexus-types crate

Author: jgallagher

Cargo.lock

@@ -15,6 +15,7 @@ members = [
     "nexus/db-macros",
     "nexus/test-utils",
     "nexus/test-utils-macros",
+    "nexus/types",
     "nexus-client",
     "package",
     "rpaths",
@@ -45,6 +46,7 @@ default-members = [
     "nexus",
     "nexus/authz-macros",
     "nexus/db-macros",
+    "nexus/types",
     "package",
     "rpaths",
     "sled-agent",

Cargo.toml

@@ -60,9 +60,7 @@ usdt = "0.3.1"
 
 authz-macros = { path = "authz-macros" }
 db-macros = { path = "db-macros" }
-
-[dependencies.api_identity]
-path = "../api_identity"
+nexus-types = { path = "types" }
 
 [dependencies.chrono]
 version = "0.4"

nexus/Cargo.toml

@@ -339,8 +339,8 @@ fn build_resource_impl(
                 self.identity.id
             }
 
-            fn name(&self) -> &crate::db::model::Name {
-                &self.identity.name
+            fn name(&self) -> &::omicron_common::api::external::Name {
+                &self.identity.name.0
             }
 
             fn description(&self) -> &str {

nexus/db-macros/src/lib.rs

@@ -326,7 +326,7 @@ async fn sic_create_custom_network_interfaces(
     //
     // This isn't strictly necessary, as the queries would fail below, but it's
     // easier to handle here.
-    if interface_params.iter().any(|p| p.vpc_name != db_vpc.name().0) {
+    if interface_params.iter().any(|p| &p.vpc_name != db_vpc.name()) {
         return Err(ActionError::action_failed(Error::invalid_request(
             "All interfaces must be in the same VPC",
         )));
@@ -806,7 +806,7 @@ async fn sic_create_instance_record(
         .await
         .map_err(ActionError::action_failed)?;
 
-    Ok(instance.name().clone())
+    Ok(instance.name().clone().into())
 }
 
 async fn sic_delete_instance_record(

nexus/src/app/sagas/instance_create.rs

@@ -234,7 +234,7 @@ impl super::Nexus {
             .ssh_key_name(ssh_key_name)
             .fetch()
             .await?;
-        assert_eq!(ssh_key.name(), ssh_key_name);
+        assert_eq!(ssh_key.name(), &ssh_key_name.0);
         Ok(ssh_key)
     }
 

nexus/src/app/silo.rs

@@ -6,7 +6,7 @@ use serde::Serialize;
 use std::io::{self, Cursor, Write};
 use uuid::Uuid;
 
-pub const MAX_USER_DATA_BYTES: usize = 32 * 1024; // 32 KiB
+pub use nexus_types::external_api::params::MAX_USER_DATA_BYTES;
 
 impl Instance {
     pub fn generate_cidata(

nexus/src/cidata.rs

@@ -245,6 +245,7 @@ mod test {
         ByteCount, Error, IdentityMetadataCreateParams, LookupType, Name,
     };
     use omicron_test_utils::dev;
+    use ref_cast::RefCast;
     use std::collections::HashSet;
     use std::net::Ipv6Addr;
     use std::net::SocketAddrV6;
@@ -285,7 +286,9 @@ mod test {
 
         let (.., organization_after_project_create) =
             LookupPath::new(&opctx, &datastore)
-                .organization_name(organization.name())
+                .organization_name(db::model::Name::ref_cast(
+                    organization.name(),
+                ))
                 .fetch()
                 .await
                 .unwrap();

nexus/src/db/datastore/mod.rs

@@ -32,7 +32,6 @@ mod update_and_check;
 #[cfg(test)]
 mod test_utils;
 
-pub mod identity;
 pub mod model;
 pub mod schema;
 
@@ -42,3 +41,5 @@ pub use pool::Pool;
 pub use saga_recovery::{recover, RecoveryTask};
 pub use saga_types::SecId;
 pub use sec_store::CockroachDbSecStore;
+
+pub use nexus_types::identity;

nexus/src/db/mod.rs

@@ -9,6 +9,7 @@
 use crate::db::schema::{device_access_token, device_auth_request};
 
 use chrono::{DateTime, Duration, Utc};
+use nexus_types::external_api::views;
 use rand::{distributions::Slice, rngs::StdRng, Rng, RngCore, SeedableRng};
 use uuid::Uuid;
 
@@ -29,6 +30,26 @@ pub struct DeviceAuthRequest {
     pub time_expires: DateTime<Utc>,
 }
 
+impl DeviceAuthRequest {
+    // We need the host to construct absolute verification URIs.
+    pub fn into_response(self, host: &str) -> views::DeviceAuthResponse {
+        views::DeviceAuthResponse {
+            // TODO-security: use HTTPS
+            verification_uri: format!("http://{}/device/verify", host),
+            verification_uri_complete: format!(
+                "http://{}/device/verify?user_code={}",
+                host, &self.user_code
+            ),
+            user_code: self.user_code,
+            device_code: self.device_code,
+            expires_in: self
+                .time_expires
+                .signed_duration_since(self.time_created)
+                .num_seconds() as u16,
+        }
+    }
+}
+
 /// Neither the device code nor the access token is meant to be
 /// human-readable, so we use 20 random bytes (160 bits), hex-encoded.
 const TOKEN_LENGTH: usize = 20;
@@ -135,6 +156,15 @@ impl DeviceAccessToken {
     }
 }
 
+impl From<DeviceAccessToken> for views::DeviceAccessTokenGrant {
+    fn from(access_token: DeviceAccessToken) -> Self {
+        Self {
+            access_token: format!("oxide-token-{}", access_token.token),
+            token_type: views::DeviceAccessTokenType::Bearer,
+        }
+    }
+}
+
 #[cfg(test)]
 mod test {
     use super::*;

nexus/src/db/model/device_auth.rs

@@ -2,10 +2,12 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
+use crate::db::identity::Resource;
 use crate::db::model::impl_enum_type;
 use crate::db::schema::{identity_provider, saml_identity_provider};
 use db_macros::Resource;
 
+use nexus_types::external_api::views;
 use serde::{Deserialize, Serialize};
 use uuid::Uuid;
 
@@ -22,6 +24,14 @@ impl_enum_type!(
     Saml => b"saml"
 );
 
+impl From<IdentityProviderType> for views::IdentityProviderType {
+    fn from(idp_type: IdentityProviderType) -> Self {
+        match idp_type {
+            IdentityProviderType::Saml => views::IdentityProviderType::Saml,
+        }
+    }
+}
+
 #[derive(Queryable, Insertable, Clone, Debug, Selectable, Resource)]
 #[diesel(table_name = identity_provider)]
 pub struct IdentityProvider {
@@ -33,6 +43,15 @@ pub struct IdentityProvider {
     pub provider_type: IdentityProviderType,
 }
 
+impl From<IdentityProvider> for views::IdentityProvider {
+    fn from(idp: IdentityProvider) -> Self {
+        Self {
+            identity: idp.identity(),
+            provider_type: idp.provider_type.into(),
+        }
+    }
+}
+
 #[derive(Queryable, Insertable, Clone, Debug, Selectable, Resource)]
 #[diesel(table_name = saml_identity_provider)]
 pub struct SamlIdentityProvider {
@@ -51,3 +70,17 @@ pub struct SamlIdentityProvider {
     pub public_cert: Option<String>,
     pub private_key: Option<String>,
 }
+
+impl From<SamlIdentityProvider> for views::SamlIdentityProvider {
+    fn from(saml_idp: SamlIdentityProvider) -> Self {
+        Self {
+            identity: saml_idp.identity(),
+            idp_entity_id: saml_idp.idp_entity_id,
+            sp_client_id: saml_idp.sp_client_id,
+            acs_url: saml_idp.acs_url,
+            slo_url: saml_idp.slo_url,
+            technical_contact_email: saml_idp.technical_contact_email,
+            public_cert: saml_idp.public_cert,
+        }
+    }
+}

nexus/src/db/model/identity_provider.rs

@@ -5,6 +5,7 @@
 //! Model types for IP Pools and the CIDR blocks therein.
 
 use crate::db::collection_insert::DatastoreCollection;
+use crate::db::identity::Resource;
 use crate::db::model::Name;
 use crate::db::schema::ip_pool;
 use crate::db::schema::ip_pool_range;
@@ -15,6 +16,7 @@ use chrono::Utc;
 use db_macros::Resource;
 use diesel::Selectable;
 use ipnetwork::IpNetwork;
+use nexus_types::external_api::views;
 use omicron_common::api::external;
 use std::net::IpAddr;
 use uuid::Uuid;
@@ -50,6 +52,12 @@ impl IpPool {
     }
 }
 
+impl From<IpPool> for views::IpPool {
+    fn from(pool: IpPool) -> Self {
+        Self { identity: pool.identity(), project_id: pool.project_id }
+    }
+}
+
 /// A set of updates to an IP Pool
 #[derive(AsChangeset)]
 #[diesel(table_name = ip_pool)]
@@ -120,6 +128,16 @@ impl IpPoolRange {
     }
 }
 
+impl From<IpPoolRange> for views::IpPoolRange {
+    fn from(range: IpPoolRange) -> Self {
+        Self {
+            id: range.id,
+            time_created: range.time_created,
+            range: IpRange::from(&range),
+        }
+    }
+}
+
 impl From<&IpPoolRange> for IpRange {
     fn from(range: &IpPoolRange) -> Self {
         let maybe_range =

nexus/src/db/model/ip_pool.rs

@@ -4,10 +4,12 @@
 
 use super::{Generation, Name, Project};
 use crate::db::collection_insert::DatastoreCollection;
+use crate::db::identity::Resource;
 use crate::db::schema::{organization, project};
 use crate::external_api::params;
 use chrono::{DateTime, Utc};
 use db_macros::Resource;
+use nexus_types::external_api::views;
 use uuid::Uuid;
 
 /// Describes an organization within the database.
@@ -35,6 +37,12 @@ impl Organization {
     }
 }
 
+impl From<Organization> for views::Organization {
+    fn from(org: Organization) -> Self {
+        Self { identity: org.identity() }
+    }
+}
+
 impl DatastoreCollection<Project> for Organization {
     type CollectionId = Uuid;
     type GenerationNumberColumn = organization::dsl::rcgen;

nexus/src/db/model/organization.rs

@@ -3,10 +3,11 @@
 // file, You can obtain one at https://mozilla.org/MPL/2.0/.
 
 use super::Name;
-use crate::db::schema::project;
+use crate::db::{identity::Resource, schema::project};
 use crate::external_api::params;
 use chrono::{DateTime, Utc};
 use db_macros::Resource;
+use nexus_types::external_api::views;
 use uuid::Uuid;
 
 /// Describes a project within the database.
@@ -29,6 +30,15 @@ impl Project {
     }
 }
 
+impl From<Project> for views::Project {
+    fn from(project: Project) -> Self {
+        Self {
+            identity: project.identity(),
+            organization_id: project.organization_id,
+        }
+    }
+}
+
 /// Describes a set of updates for the [`Project`] model.
 #[derive(AsChangeset)]
 #[diesel(table_name = project)]

nexus/src/db/model/project.rs

@@ -4,6 +4,7 @@
 
 use crate::db::schema::rack;
 use db_macros::Asset;
+use nexus_types::external_api::views;
 use uuid::Uuid;
 
 /// Information about a local rack.
@@ -26,3 +27,9 @@ impl Rack {
         }
     }
 }
+
+impl From<Rack> for views::Rack {
+    fn from(rack: Rack) -> Self {
+        Self { identity: views::AssetIdentityMetadata::from(&rack) }
+    }
+}