apiclient: add high-level 'set' subcommand for changing settings

sources/api/apiclient/Cargo.toml

@@ -10,12 +10,15 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
+datastore = { path = "../datastore" }
 http = "0.2"
 hyper = { version = "0.13", default-features = false }
 hyper-unix-connector = "0.1"
 # when we update hyper to 0.14+ and tokio to 1
 # hyper-unix-connector = "0.2"
 log = "0.4"
+models = { path = "../../models" }
+rand = "0.8"
 serde_json = "1.0"
 simplelog = "0.9"
 snafu = "0.6"

sources/api/apiclient/README.md

@@ -10,6 +10,54 @@ There's also a low-level `raw` subcommand for direct interaction with the HTTP A
 It talks to the Bottlerocket socket by default.
 It can be pointed to another socket using `--socket-path`, for example for local testing.
 
+### Set mode
+
+This allows you to change settings on the system.
+
+After the settings are changed, they'll be committed and applied.
+For example, if you change an NTP setting, the NTP configuration will be updated and the daemon will be restarted.
+
+#### Key=value input
+
+There are two input methods.
+The simpler method looks like this:
+
+```
+apiclient set settings.x.y.z=VALUE
+```
+
+The "settings." prefix on the setting names is optional; this makes it easy to copy and paste settings from documentation, but you can skip the prefix when typing them manually.
+Here's an example call:
+
+```
+apiclient set kernel.lockdown=integrity motd="hi there"
+```
+
+If you're changing a setting whose name requires quoting, please quote the whole key=value argument, so the inner quotes aren't eaten by the shell:
+
+```
+apiclient set 'kubernetes.node-labels."my.label"=hello'
+```
+
+#### JSON input
+
+This simpler key=value form is convenient for most changes, but sometimes you'll want to specify input in JSON form.
+This can be useful if you have multiple changes within a subsection:
+
+```
+apiclient set --json '{"kernel": {"sysctl": {"vm.max_map_count": "262144", "user.max_user_namespaces": "16384"}}}'
+```
+
+It can also be useful if your desired value is "complex" or looks like a different type.
+For example, the "vm.max_map_count" value set above looks like an integer, but the kernel requires a string, so it has to be specified in JSON form and as a string.
+
+As another example, if you want settings.motd to be "42", running `apiclient set motd=42` would fail because `42` is seen as an integer, and motd is a string.
+You can use JSON form to set it:
+
+```
+apiclient set --json '{"motd": "42"}'
+```
+
 ### Update mode
 
 To start, you can check what updates are available:
@@ -37,6 +85,15 @@ apiclient update apply --check --reboot
 
 > Note that available updates are controlled by your settings under `settings.updates`; see [README](../../../README.md#updates-settings) for details.
 
+### Reboot mode
+
+This will reboot the system.
+You should use this after updating if you didn't specify the `--reboot` flag.
+
+```
+apiclient reboot
+```
+
 ### Raw mode
 
 Raw mode lets you make HTTP requests to a UNIX socket.
@@ -78,7 +135,7 @@ apiclient raw -m GET -u /tx
 ## apiclient library
 
 The apiclient library provides high-level methods to interact with the Bottlerocket API.  See
-the documentation for the [`update`] submodule for high-level helpers.
+the documentation for submodules [`reboot`], [`set`], and [`update`] for high-level helpers.
 
 For more control, and to handle APIs without high-level wrappers, there are also 'raw' methods
 to query an HTTP API over a Unix-domain socket.

sources/api/apiclient/README.tpl

@@ -10,6 +10,54 @@ There's also a low-level `raw` subcommand for direct interaction with the HTTP A
 It talks to the Bottlerocket socket by default.
 It can be pointed to another socket using `--socket-path`, for example for local testing.
 
+### Set mode
+
+This allows you to change settings on the system.
+
+After the settings are changed, they'll be committed and applied.
+For example, if you change an NTP setting, the NTP configuration will be updated and the daemon will be restarted.
+
+#### Key=value input
+
+There are two input methods.
+The simpler method looks like this:
+
+```
+apiclient set settings.x.y.z=VALUE
+```
+
+The "settings." prefix on the setting names is optional; this makes it easy to copy and paste settings from documentation, but you can skip the prefix when typing them manually.
+Here's an example call:
+
+```
+apiclient set kernel.lockdown=integrity motd="hi there"
+```
+
+If you're changing a setting whose name requires quoting, please quote the whole key=value argument, so the inner quotes aren't eaten by the shell:
+
+```
+apiclient set 'kubernetes.node-labels."my.label"=hello'
+```
+
+#### JSON input
+
+This simpler key=value form is convenient for most changes, but sometimes you'll want to specify input in JSON form.
+This can be useful if you have multiple changes within a subsection:
+
+```
+apiclient set --json '{"kernel": {"sysctl": {"vm.max_map_count": "262144", "user.max_user_namespaces": "16384"}}}'
+```
+
+It can also be useful if your desired value is "complex" or looks like a different type.
+For example, the "vm.max_map_count" value set above looks like an integer, but the kernel requires a string, so it has to be specified in JSON form and as a string.
+
+As another example, if you want settings.motd to be "42", running `apiclient set motd=42` would fail because `42` is seen as an integer, and motd is a string.
+You can use JSON form to set it:
+
+```
+apiclient set --json '{"motd": "42"}'
+```
+
 ### Update mode
 
 To start, you can check what updates are available:
@@ -37,6 +85,15 @@ apiclient update apply --check --reboot
 
 > Note that available updates are controlled by your settings under `settings.updates`; see [README](../../../README.md#updates-settings) for details.
 
+### Reboot mode
+
+This will reboot the system.
+You should use this after updating if you didn't specify the `--reboot` flag.
+
+```
+apiclient reboot
+```
+
 ### Raw mode
 
 Raw mode lets you make HTTP requests to a UNIX socket.

sources/api/apiclient/src/lib.rs

@@ -1,7 +1,7 @@
 #![deny(rust_2018_idioms)]
 
 //! The apiclient library provides high-level methods to interact with the Bottlerocket API.  See
-//! the documentation for the [`update`] submodule for high-level helpers.
+//! the documentation for submodules [`reboot`], [`set`], and [`update`] for high-level helpers.
 //!
 //! For more control, and to handle APIs without high-level wrappers, there are also 'raw' methods
 //! to query an HTTP API over a Unix-domain socket.
@@ -19,6 +19,8 @@ use hyper_unix_connector::{UnixClient, Uri};
 use snafu::{ensure, ResultExt};
 use std::path::Path;
 
+pub mod reboot;
+pub mod set;
 pub mod update;
 
 mod error {