oxidecomputer · david-crespo · Jan 30, 2023 · Dec 29, 2022 · Dec 29, 2022 · Dec 29, 2022
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -183,6 +183,7 @@ ring = "0.16"
 rustfmt-wrapper = "0.2"
 samael = { git = "https://github.com/njaremko/samael", features = ["xmlsec"], branch = "master" }
 schemars = "0.8.10"
+semver = { version = "1.0.16", features = ["std", "serde"] }
 serde = { version = "1.0", default-features = false, features = [ "derive" ] }
 serde_derive = "1.0"
 serde_json = "1.0.91"

diff --git a/common/src/api/external/mod.rs b/common/src/api/external/mod.rs
@@ -615,6 +615,7 @@ pub enum ResourceType {
     MetricProducer,
     RoleBuiltin,
     UpdateAvailableArtifact,
+    SystemUpdate,
     UserBuiltin,
     Zpool,
 }

diff --git a/common/src/sql/dbinit.sql b/common/src/sql/dbinit.sql
@@ -1419,6 +1419,20 @@ CREATE INDEX ON omicron.public.update_available_artifact (
     targets_role_version
 );
 
+/*
+ * System updates
+ */
+CREATE TABLE omicron.public.system_update (
+    /* Unique identifier for this update package */
+    id UUID PRIMARY KEY,
+    time_created TIMESTAMPTZ NOT NULL,
+    time_modified TIMESTAMPTZ NOT NULL
+
+    /* Unique semver version */
+    /* TODO: If the version is really supposed to be unique, we could make it the PK? */
+    version STRING(40) NOT NULL,
+);
+
 /*******************************************************************/
 
 /*

diff --git a/nexus/Cargo.toml b/nexus/Cargo.toml
@@ -54,6 +54,7 @@ reqwest = { workspace = true, features = [ "json" ] }
 ring.workspace = true
 samael.workspace = true
 schemars = { workspace = true, features = ["chrono", "uuid1"] }
+semver.workspace = true
 serde.workspace = true
 serde_json.workspace = true
 serde_urlencoded.workspace = true

diff --git a/nexus/db-model/src/lib.rs b/nexus/db-model/src/lib.rs
@@ -39,6 +39,7 @@ mod organization;
 mod oximeter_info;
 mod producer_endpoint;
 mod project;
+mod system_update;
 // These actually represent subqueries, not real table.
 // However, they must be defined in the same crate as our tables
 // for join-based marker trait generation.
@@ -124,6 +125,7 @@ pub use silo_user_password_hash::*;
 pub use sled::*;
 pub use snapshot::*;
 pub use ssh_key::*;
+pub use system_update::*;
 pub use update_artifact::*;
 pub use user_builtin::*;
 pub use vni::*;

diff --git a/nexus/db-model/src/rack.rs b/nexus/db-model/src/rack.rs
@@ -4,7 +4,7 @@
 
 use crate::schema::rack;
 use db_macros::Asset;
-use nexus_types::external_api::views;
+use nexus_types::{external_api::views, identity::Asset};
 use uuid::Uuid;
 
 /// Information about a local rack.
@@ -30,6 +30,6 @@ impl Rack {
 
 impl From<Rack> for views::Rack {
     fn from(rack: Rack) -> Self {
-        Self { identity: views::AssetIdentityMetadata::from(&rack) }
+        Self { identity: rack.identity() }
     }
 }
diff --git a/nexus/db-model/src/schema.rs b/nexus/db-model/src/schema.rs
@@ -633,6 +633,18 @@ table! {
     }
 }
 
+table! {
+    system_update (id) {
+        id -> Uuid,
+        name -> Text,
+        description -> Text,
+        time_created -> Timestamptz,
+        time_modified -> Timestamptz,
+
+        version -> Text,
+    }
+}
+
 allow_tables_to_appear_in_same_query!(ip_pool_range, ip_pool);
 joinable!(ip_pool_range -> ip_pool (ip_pool_id));
 

diff --git a/nexus/db-model/src/sled.rs b/nexus/db-model/src/sled.rs
@@ -8,7 +8,7 @@ use crate::ipv6;
 use crate::schema::{service, sled, zpool};
 use chrono::{DateTime, Utc};
 use db_macros::Asset;
-use nexus_types::external_api::views;
+use nexus_types::{external_api::views, identity::Asset};
 use std::net::Ipv6Addr;
 use std::net::SocketAddrV6;
 use uuid::Uuid;
@@ -77,10 +77,7 @@ impl Sled {
 
 impl From<Sled> for views::Sled {
     fn from(sled: Sled) -> Self {
-        Self {
-            identity: views::AssetIdentityMetadata::from(&sled),
-            service_address: sled.address(),
-        }
+        Self { identity: sled.identity(), service_address: sled.address() }
     }
 }
 

diff --git a/nexus/db-model/src/system_update.rs b/nexus/db-model/src/system_update.rs
@@ -0,0 +1,32 @@
+use crate::schema::system_update;
+use db_macros::Asset;
+use nexus_types::{external_api::views, identity::Asset};
+use serde::{Deserialize, Serialize};
+
+#[derive(
+    Queryable,
+    Insertable,
+    Selectable,
+    Clone,
+    Debug,
+    Asset,
+    Serialize,
+    Deserialize,
+)]
+#[diesel(table_name = system_update)]
+pub struct SystemUpdate {
+    #[diesel(embed)]
+    identity: SystemUpdateIdentity,
+    pub version: String,
+}
+
+impl From<SystemUpdate> for views::SystemUpdate {
+    fn from(system_update: SystemUpdate) -> Self {
+        Self {
+            identity: system_update.identity(),
+            // TODO: figure out how to ser/de semver versions
+            // version: system_update.version,
+            version: views::SemverVersion::new(1, 0, 0),
+        }
+    }
+}
diff --git a/nexus/src/app/update.rs b/nexus/src/app/update.rs
@@ -6,20 +6,22 @@
 
 use crate::authz;
 use crate::context::OpContext;
+use crate::db;
 use crate::db::identity::Asset;
 use crate::db::lookup::LookupPath;
 use crate::db::model::UpdateArtifactKind;
 use hex;
-use omicron_common::api::external::DataPageParams;
-use omicron_common::api::external::Error;
-use omicron_common::api::external::PaginationOrder;
+use omicron_common::api::external::{
+    DataPageParams, Error, LookupResult, PaginationOrder,
+};
 use omicron_common::api::internal::nexus::UpdateArtifact;
 use rand::Rng;
 use ring::digest;
 use std::convert::TryFrom;
 use std::num::NonZeroU32;
 use std::path::Path;
 use tokio::io::AsyncWriteExt;
+use uuid::Uuid;
 
 static BASE_ARTIFACT_DIR: &str = "/var/tmp/oxide_artifacts";
 
@@ -276,4 +278,16 @@ impl super::Nexus {
         })?;
         Ok(body)
     }
+
+    pub async fn system_update_fetch_by_id(
+        &self,
+        opctx: &OpContext,
+        update_id: &Uuid,
+    ) -> LookupResult<db::model::SystemUpdate> {
+        let (.., db_system_update) = LookupPath::new(opctx, &self.db_datastore)
+            .system_update_id(*update_id)
+            .fetch()
+            .await?;
+        Ok(db_system_update)
+    }
 }
diff --git a/nexus/src/authz/api_resources.rs b/nexus/src/authz/api_resources.rs
@@ -963,6 +963,14 @@ authz_resource! {
     polar_snippet = FleetChild,
 }
 
+authz_resource! {
+    name = "SystemUpdate",
+    parent = "Fleet",
+    primary_key = Uuid,
+    roles_allowed = false,
+    polar_snippet = FleetChild,
+}
+
 authz_resource! {
     name = "GlobalImage",
     parent = "Fleet",

diff --git a/nexus/src/db/lookup.rs b/nexus/src/db/lookup.rs
@@ -394,6 +394,11 @@ impl<'a> LookupPath<'a> {
         )
     }
 
+    /// Select a resource of type SystemUpdate, identified by its id
+    pub fn system_update_id(self, id: Uuid) -> SystemUpdate<'a> {
+        SystemUpdate::PrimaryKey(Root { lookup_root: self }, id)
+    }
+
     /// Select a resource of type UserBuiltin, identified by its `name`
     pub fn user_builtin_name<'b, 'c>(self, name: &'b Name) -> UserBuiltin<'c>
     where
@@ -686,6 +691,15 @@ lookup_resource! {
     ]
 }
 
+lookup_resource! {
+    name = "SystemUpdate",
+    ancestors = [],
+    children = [],
+    lookup_by_name = false,
+    soft_deletes = false,
+    primary_key_columns = [ { column_name = "id", rust_type = Uuid } ]
+}
+
 lookup_resource! {
     name = "UserBuiltin",
     ancestors = [],