Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the server kind to the Nexus API context #5751

Merged
merged 2 commits into from
May 14, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dev-tools/reconfigurator-cli/tests/test_basic.rs
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ type ControlPlaneTestContext =
#[nexus_test]
async fn test_blueprint_edit(cptestctx: &ControlPlaneTestContext) {
// Setup
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let log = &cptestctx.logctx.log;
let opctx = OpContext::for_background(
Expand Down
2 changes: 1 addition & 1 deletion nexus/reconfigurator/execution/src/datasets.rs
Original file line number Diff line number Diff line change
Expand Up @@ -147,7 +147,7 @@ mod tests {
const TEST_NAME: &str = "test_ensure_crucible_dataset_records_exist";

// Set up.
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
2 changes: 1 addition & 1 deletion nexus/reconfigurator/execution/src/dns.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1126,7 +1126,7 @@ mod test {
async fn test_silos_external_dns_end_to_end(
cptestctx: &ControlPlaneTestContext,
) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let log = &cptestctx.logctx.log;
let opctx = OpContext::for_background(
Expand Down
4 changes: 2 additions & 2 deletions nexus/reconfigurator/execution/src/external_networking.rs
Original file line number Diff line number Diff line change
Expand Up @@ -883,7 +883,7 @@ mod tests {
cptestctx: &ControlPlaneTestContext,
) {
// Set up.
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down Expand Up @@ -1141,7 +1141,7 @@ mod tests {
cptestctx: &ControlPlaneTestContext,
) {
// Set up.
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ mod test {

#[nexus_test]
async fn test_deploy_omicron_disks(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
2 changes: 1 addition & 1 deletion nexus/reconfigurator/execution/src/omicron_zones.rs
Original file line number Diff line number Diff line change
Expand Up @@ -139,7 +139,7 @@ mod test {

#[nexus_test]
async fn test_deploy_omicron_zones(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
13 changes: 12 additions & 1 deletion nexus/src/app/allow_list.rs
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@ use omicron_common::api::external;
use omicron_common::api::external::Error;
use std::net::IpAddr;

use crate::context::ServerKind;

impl super::Nexus {
/// Fetch the allowlist of source IPs that can reach user-facing services.
pub async fn allow_list_view(
Expand All @@ -30,6 +32,7 @@ impl super::Nexus {
&self,
opctx: &OpContext,
remote_addr: IpAddr,
server_kind: ServerKind,
params: params::AllowListUpdate,
) -> Result<AllowList, Error> {
if let external::AllowedSourceIps::List(list) = &params.allowed_ips {
Expand All @@ -50,6 +53,14 @@ impl super::Nexus {
// the request came from is on the allowlist. This is our only real
// guardrail to prevent accidentally preventing any future access to
// the rack!
//
// Note that we elide this check when handling a request proxied
// from `wicketd`. This is intentional and used as a safety
// mechanism in the even of lockout or other recovery scenarios.
let check_remote_addr = match server_kind {
ServerKind::External => true,
ServerKind::Techport | ServerKind::Internal => false,
};
let mut contains_remote = false;
for entry in list.iter() {
contains_remote |= entry.contains(remote_addr);
Expand All @@ -67,7 +78,7 @@ impl super::Nexus {
));
}
}
if !contains_remote {
if check_remote_addr && !contains_remote {
return Err(Error::invalid_request(
"The source IP allow list would prevent access \
from the current client! Ensure that the allowlist \
Expand Down
2 changes: 1 addition & 1 deletion nexus/src/app/background/blueprint_execution.rs
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ mod test {
#[nexus_test(server = crate::Server)]
async fn test_deploy_omicron_zones(cptestctx: &ControlPlaneTestContext) {
// Set up the test.
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_background(
cptestctx.logctx.log.clone(),
Expand Down
2 changes: 1 addition & 1 deletion nexus/src/app/background/blueprint_load.rs
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ mod test {

#[nexus_test(server = crate::Server)]
async fn test_load_blueprints(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
6 changes: 3 additions & 3 deletions nexus/src/app/background/common.rs
Original file line number Diff line number Diff line change
Expand Up @@ -533,7 +533,7 @@ mod test {
// activated
#[nexus_test(server = crate::Server)]
async fn test_driver_basic(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down Expand Up @@ -698,7 +698,7 @@ mod test {
// activated.
#[nexus_test(server = crate::Server)]
async fn test_activation_in_progress(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down Expand Up @@ -843,7 +843,7 @@ mod test {

#[nexus_test(server = crate::Server)]
async fn test_saga_request_flow(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
2 changes: 1 addition & 1 deletion nexus/src/app/background/dns_config.rs
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ mod test {

#[nexus_test(server = crate::Server)]
async fn test_basic(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
2 changes: 1 addition & 1 deletion nexus/src/app/background/dns_propagation.rs
Original file line number Diff line number Diff line change
Expand Up @@ -196,7 +196,7 @@ mod test {

#[nexus_test(server = crate::Server)]
async fn test_basic(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
2 changes: 1 addition & 1 deletion nexus/src/app/background/external_endpoints.rs
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ mod test {

#[nexus_test(server = crate::Server)]
async fn test_basic(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
2 changes: 1 addition & 1 deletion nexus/src/app/background/init.rs
Original file line number Diff line number Diff line change
Expand Up @@ -503,7 +503,7 @@ pub mod test {
// the new DNS configuration
#[nexus_test(server = crate::Server)]
async fn test_dns_propagation_basic(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
4 changes: 2 additions & 2 deletions nexus/src/app/background/inventory_collection.rs
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,7 @@ mod test {
// collections, too.
#[nexus_test(server = crate::Server)]
async fn test_basic(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down Expand Up @@ -328,7 +328,7 @@ mod test {

#[nexus_test(server = crate::Server)]
async fn test_db_sled_enumerator(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
2 changes: 1 addition & 1 deletion nexus/src/app/background/metrics_producer_gc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ mod tests {

#[nexus_test(server = crate::Server)]
async fn test_pruning(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let datastore = nexus.datastore();
let opctx = OpContext::for_tests(
cptestctx.logctx.log.clone(),
Expand Down
4 changes: 2 additions & 2 deletions nexus/src/app/external_endpoints.rs
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
//! "certificate resolver" object that impls
//! [`rustls::server::ResolvesServerCert`]. See [`NexusCertResolver`].

use crate::ServerContext;
use crate::context::ApiContext;
use anyhow::anyhow;
use anyhow::bail;
use anyhow::Context;
Expand Down Expand Up @@ -674,7 +674,7 @@ impl super::Nexus {
/// case, we'll choose an arbitrary Silo.
pub fn endpoint_for_request(
&self,
rqctx: &dropshot::RequestContext<Arc<ServerContext>>,
rqctx: &dropshot::RequestContext<ApiContext>,
) -> Result<Arc<ExternalEndpoint>, Error> {
let log = &rqctx.log;
let rqinfo = &rqctx.request;
Expand Down
10 changes: 10 additions & 0 deletions nexus/src/app/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -643,6 +643,16 @@ impl Nexus {
.map(|server| server.local_addr())
}

pub(crate) async fn get_techport_server_address(
&self,
) -> Option<std::net::SocketAddr> {
self.techport_external_server
.lock()
.unwrap()
.as_ref()
.map(|server| server.local_addr())
}

pub(crate) async fn get_internal_server_address(
&self,
) -> Option<std::net::SocketAddr> {
Expand Down
14 changes: 7 additions & 7 deletions nexus/src/app/sagas/disk_create.rs
Original file line number Diff line number Diff line change
Expand Up @@ -882,7 +882,7 @@ pub(crate) mod test {
pub fn test_opctx(cptestctx: &ControlPlaneTestContext) -> OpContext {
OpContext::for_tests(
cptestctx.logctx.log.new(o!()),
cptestctx.server.apictx().nexus.datastore().clone(),
cptestctx.server.server_context().nexus.datastore().clone(),
)
}

Expand All @@ -893,7 +893,7 @@ pub(crate) mod test {
DiskTest::new(cptestctx).await;

let client = &cptestctx.external_client;
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let project_id =
create_project(&client, PROJECT_NAME).await.identity.id;

Expand Down Expand Up @@ -1033,7 +1033,7 @@ pub(crate) mod test {
test: &DiskTest,
) {
let sled_agent = &cptestctx.sled_agent.sled_agent;
let datastore = cptestctx.server.apictx().nexus.datastore();
let datastore = cptestctx.server.server_context().nexus.datastore();

crate::app::sagas::test_helpers::assert_no_failed_undo_steps(
&cptestctx.logctx.log,
Expand Down Expand Up @@ -1063,7 +1063,7 @@ pub(crate) mod test {
let log = &cptestctx.logctx.log;

let client = &cptestctx.external_client;
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let project_id =
create_project(&client, PROJECT_NAME).await.identity.id;
let opctx = test_opctx(cptestctx);
Expand Down Expand Up @@ -1093,7 +1093,7 @@ pub(crate) mod test {
let log = &cptestctx.logctx.log;

let client = &cptestctx.external_client;
let nexus = &cptestctx.server.apictx.nexus;
let nexus = &cptestctx.server.server_context().nexus;
let project_id =
create_project(&client, PROJECT_NAME).await.identity.id;
let opctx = test_opctx(&cptestctx);
Expand All @@ -1111,7 +1111,7 @@ pub(crate) mod test {
}

async fn destroy_disk(cptestctx: &ControlPlaneTestContext) {
let nexus = &cptestctx.server.apictx.nexus;
let nexus = &cptestctx.server.server_context().nexus;
let opctx = test_opctx(&cptestctx);
let disk_selector = params::DiskSelector {
project: Some(
Expand All @@ -1134,7 +1134,7 @@ pub(crate) mod test {
let test = DiskTest::new(cptestctx).await;

let client = &cptestctx.external_client;
let nexus = &cptestctx.server.apictx.nexus;
let nexus = &cptestctx.server.server_context().nexus;
let project_id =
create_project(&client, PROJECT_NAME).await.identity.id;

Expand Down
8 changes: 4 additions & 4 deletions nexus/src/app/sagas/disk_delete.rs
Original file line number Diff line number Diff line change
Expand Up @@ -201,12 +201,12 @@ pub(crate) mod test {
pub fn test_opctx(cptestctx: &ControlPlaneTestContext) -> OpContext {
OpContext::for_tests(
cptestctx.logctx.log.new(o!()),
cptestctx.server.apictx.nexus.datastore().clone(),
cptestctx.server.server_context().nexus.datastore().clone(),
)
}

async fn create_disk(cptestctx: &ControlPlaneTestContext) -> Disk {
let nexus = &cptestctx.server.apictx.nexus;
let nexus = &cptestctx.server.server_context().nexus;
let opctx = test_opctx(&cptestctx);

let project_selector = params::ProjectSelector {
Expand All @@ -232,7 +232,7 @@ pub(crate) mod test {
DiskTest::new(cptestctx).await;

let client = &cptestctx.external_client;
let nexus = &cptestctx.server.apictx.nexus;
let nexus = &cptestctx.server.server_context().nexus;
let project_id = create_project(client, PROJECT_NAME).await.identity.id;
let disk = create_disk(&cptestctx).await;

Expand All @@ -258,7 +258,7 @@ pub(crate) mod test {
let test = DiskTest::new(cptestctx).await;

let client = &cptestctx.external_client;
let nexus = &cptestctx.server.apictx.nexus;
let nexus = &cptestctx.server.server_context().nexus;
let project_id = create_project(client, PROJECT_NAME).await.identity.id;
let disk = create_disk(&cptestctx).await;

Expand Down
10 changes: 5 additions & 5 deletions nexus/src/app/sagas/instance_create.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1137,7 +1137,7 @@ pub mod test {
) {
DiskTest::new(cptestctx).await;
let client = &cptestctx.external_client;
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let project_id = create_org_project_and_disk(&client).await;

// Build the saga DAG with the provided test parameters
Expand Down Expand Up @@ -1264,7 +1264,7 @@ pub mod test {
cptestctx: &ControlPlaneTestContext,
) {
let sled_agent = &cptestctx.sled_agent.sled_agent;
let datastore = cptestctx.server.apictx().nexus.datastore();
let datastore = cptestctx.server.server_context().nexus.datastore();

// Check that no partial artifacts of instance creation exist
assert!(no_instance_records_exist(datastore).await);
Expand Down Expand Up @@ -1300,7 +1300,7 @@ pub mod test {
let log = &cptestctx.logctx.log;

let client = &cptestctx.external_client;
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let project_id = create_org_project_and_disk(&client).await;

// Build the saga DAG with the provided test parameters
Expand Down Expand Up @@ -1329,7 +1329,7 @@ pub mod test {
let log = &cptestctx.logctx.log;

let client = &cptestctx.external_client;
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let project_id = create_org_project_and_disk(&client).await;
let opctx = test_helpers::test_opctx(&cptestctx);

Expand All @@ -1353,7 +1353,7 @@ pub mod test {
DiskTest::new(cptestctx).await;

let client = &cptestctx.external_client;
let nexus = &cptestctx.server.apictx().nexus;
let nexus = &cptestctx.server.server_context().nexus;
let project_id = create_org_project_and_disk(&client).await;

// Build the saga DAG with the provided test parameters
Expand Down
Loading
Loading