Remove legacy Artemis service snapshot serving.

src/cli/artemis.toit

@@ -14,7 +14,6 @@ import host.os
 import system
 
 import .cache as cache
-import .cache show cache-key-service-image
 import .config
 import .device
 import .git

src/cli/artemis_servers/http/base.toit

@@ -183,10 +183,6 @@ class ArtemisServerCliHttpToit implements ArtemisServerCli:
     if response.status-code != http.STATUS-OK and response.status-code != http.STATUS-IM-A-TEAPOT:
       throw "HTTP error: $response.status-code $response.status-message"
 
-    if (command == COMMAND-DOWNLOAD-SERVICE-IMAGE_)
-        and response.status-code != http.STATUS-IM-A-TEAPOT:
-      return utils.read-all response.body
-
     decoded := json.decode-stream response.body
     if response.status-code == http.STATUS-IM-A-TEAPOT:
       throw "Broker error: $decoded"

src/cli/cache.toit

@@ -10,14 +10,6 @@ import .server-config
 Manages cache keys.
 */
 
-cache-key-service-image -> string
-    --service-version/string
-    --sdk-version/string
-    --artemis-config/ServerConfig
-    --chip-family/string
-    --word-size/int:
-  return "$artemis-config.cache-key/service/$service-version/$(sdk-version)-$(chip-family)-$(word-size).image"
-
 cache-key-application-image id/Uuid --broker-config/ServerConfig -> string:
   return "$broker-config.cache-key/application/images/$(id).image"
 

src/shared/constants.toit

@@ -17,12 +17,6 @@ COMMAND-ORGANIZATION-MEMBER-REMOVE_ ::= 11
 COMMAND-ORGANIZATION-MEMBER-SET-ROLE_ ::= 12
 COMMAND-GET-PROFILE_ ::= 13
 COMMAND-UPDATE-PROFILE_ ::= 14
-/// Deprecated and unused in newer CLIs.
-COMMAND-LIST-SDK-SERVICE-VERSIONS_ ::= 15
-/// Deprecated and unused in newer CLIs.
-COMMAND-DOWNLOAD-SERVICE-IMAGE_ ::= 16
-/// Deprecated and unused in newer CLIs.
-COMMAND-UPLOAD-SERVICE-IMAGE_ ::= 17
 
 ARTEMIS-COMMAND-TO-STRING ::= {
   COMMAND-CHECK-IN_: "check-in",
@@ -41,9 +35,6 @@ ARTEMIS-COMMAND-TO-STRING ::= {
   COMMAND-ORGANIZATION-MEMBER-SET-ROLE_: "organization-member-set-role",
   COMMAND-GET-PROFILE_: "get-profile",
   COMMAND-UPDATE-PROFILE_: "update-profile",
-  COMMAND-LIST-SDK-SERVICE-VERSIONS_: "list-sdk-service-versions",
-  COMMAND-DOWNLOAD-SERVICE-IMAGE_: "download-service-image",
-  COMMAND-UPLOAD-SERVICE-IMAGE_: "upload-service-image"
 }
 
 /* Broker commands */

tests/artemis-server.toit

@@ -31,18 +31,6 @@ interface ArtemisServerBackdoor:
   /** Whether there exists a '$type'-event for the given $hardware-id. */
   has-event --hardware-id/Uuid --type/string -> bool
 
-  /**
-  Installs the given images.
-
-  The $images parameter is a list of maps, each containing the
-    following entries:
-  - sdk_version: The SDK version of the image.
-  - service_version: The service version of the image.
-  - image: The image identifier.
-  - contents: The image contents (a byte array).
-  */
-  install-service-images images/List
-
   /**
   Creates a new device in the given $organization-id.
 
@@ -94,20 +82,6 @@ class ToitHttpBackdoor implements ArtemisServerBackdoor:
         return true
     return false
 
-  install-service-images images/List -> none:
-    image-binaries := {:}
-    sdk-service-versions := []
-    images.do: | entry/Map |
-      sdk-service-versions.add {
-        "sdk_version": entry["sdk_version"],
-        "service_version": entry["service_version"],
-        "image": entry["image"],
-      }
-      image-binaries[entry["image"]] = entry["content"]
-
-    server.sdk-service-versions = sdk-service-versions
-    server.image-binaries = image-binaries
-
   create-device --organization-id/Uuid -> Map:
     // TODO(florian): the server should automatically generate an alias
     // if none is given.
@@ -203,43 +177,6 @@ class SupabaseBackdoor implements ArtemisServerBackdoor:
         return true
     return false
 
-  install-service-images images/List -> none:
-    with-backdoor-client_: | client/supabase.Client |
-      // Clear the sdks, service-versions and images table.
-      // Deletes require a where clause, so we use a filter that matches all IDs.
-      filter := greater-than-or-equal "id" 0
-      client.rest.delete "sdks" --filters=[filter]
-      client.rest.delete "artemis_services" --filters=[filter]
-      client.rest.delete "service_images" --filters=[filter]
-
-      sdk-versions := {:}
-      service-versions := {:}
-
-      images.do: | entry/Map |
-        sdk-version := entry["sdk_version"]
-        service-version := entry["service_version"]
-        image := entry["image"]
-        contents := entry["contents"]
-
-        sdk-id := sdk-versions.get sdk-version --init=:
-          new-entry := client.rest.insert "sdks" {
-            "version": sdk-version,
-          }
-          new-entry["id"]
-        service-id := service-versions.get service-version --init=:
-          new-entry := client.rest.insert "artemis_services" {
-            "version": service-version,
-          }
-          new-entry["id"]
-
-        client.rest.insert "service_images" {
-          "sdk_id": sdk-id,
-          "service_id": service-id,
-          "image": image,
-        }
-
-        client.storage.upload --path="service-images/$image" --content=contents
-
   create-device --organization-id/Uuid -> Map:
     alias := random-uuid
     with-backdoor-client_: | client/supabase.Client |

tests/supabase-policies-test.toit

@@ -485,213 +485,6 @@ main args:
     roles1 := client1.rest.select "roles"
     expect-equals 2 roles1.size
 
-    client-admin := supabase.Client --server-config=server-config
-    client-admin.auth.sign-in
-        --email="test-admin@toit.io"
-        --password="password"
-
-    // Admins can change the sdk table.
-    // All other users (including auth) can only see it.
-
-    // Clear the sdk table for simplicity.
-    // Delete requires a where clause, so we use a filter that is always true.
-    client-admin.rest.delete "sdks" --filters=[greater-than-or-equal "id" 0]
-    sdks := client-admin.rest.select "sdks"
-    expect-equals 0 sdks.size
-
-    // Admin can insert.
-    sdk := client-admin.rest.insert "sdks" {
-      "version": "v1.0.0",
-    }
-    expect-equals "v1.0.0" sdk["version"]
-    sdkv1-id := sdk["id"]
-
-    // Only one entry per version is allowed in the table.
-    expect-throws --contains="unique": client-admin.rest.insert "sdks" {
-      "version": "v1.0.0",
-    }
-
-    // Check that auth and anon can see it.
-    sdks = client-anon.rest.select "sdks"
-    expect-equals 1 sdks.size
-    expect-equals "v1.0.0" sdks[0]["version"]
-
-    sdks = client1.rest.select "sdks"
-    expect-equals 1 sdks.size
-    expect-equals "v1.0.0" sdks[0]["version"]
-
-    // Neither anon, nor auth can insert.
-    expect-throws --contains="policy": client-anon.rest.insert "sdks" {
-      "version": "v2.0.0",
-    }
-    expect-throws --contains="policy": client1.rest.insert "sdks" {
-      "version": "v2.0.0",
-    }
-
-    // Same is true for artemis services.
-    // Admins can change the sdk table.
-    // All other users (including auth) can only see it.
-
-    // Clear the sdk table for simplicity.
-    // Delete requires a where clause, so we use a filter that is always true.
-    client-admin.rest.delete "artemis_services" --filters=[greater-than-or-equal "id" 0]
-    artemis-services := client-admin.rest.select "artemis_services"
-    expect-equals 0 artemis-services.size
-
-    // Admin can insert.
-    services := client-admin.rest.insert "artemis_services" {
-      "version": "v9.8.7",
-    }
-    expect-equals "v9.8.7" services["version"]
-    service1-id := services["id"]
-
-    // Only one entry per version is allowed in the table.
-    expect-throws --contains="unique": client-admin.rest.insert "artemis_services" {
-      "version": "v9.8.7",
-    }
-
-    // Check that auth and anon can see it.
-    artemis-services = client-anon.rest.select "artemis_services"
-    expect-equals 1 artemis-services.size
-    expect-equals "v9.8.7" artemis-services[0]["version"]
-
-    artemis-services = client1.rest.select "artemis_services"
-    expect-equals 1 artemis-services.size
-    expect-equals "v9.8.7" artemis-services[0]["version"]
-
-    // Neither anon, nor auth can insert.
-    expect-throws --contains="policy": client-anon.rest.insert "artemis_services" {
-      "version": "2.0.0",
-    }
-    expect-throws --contains="policy": client1.rest.insert "artemis_services" {
-      "version": "2.0.0",
-    }
-
-    // Same is true for images.
-    // Admins can change the sdk table.
-    // All other users (including auth) can only see it.
-
-    // Clear the table for simplicity.
-    // Delete requires a where clause, so we use a filter that is always true.
-    client-admin.rest.delete "service_images" --filters=[greater-than-or-equal "id" 0]
-    images := client-admin.rest.select "service_images"
-    expect-equals 0 images.size
-
-    image := "test-$(random).image"
-
-    // Admin can insert.
-    service-snapshot := client-admin.rest.insert "service_images" {
-      "sdk_id": sdkv1-id,
-      "service_id": service1-id,
-      "image": image,
-    }
-    expect-equals sdkv1-id service-snapshot["sdk_id"]
-    expect-equals service1-id service-snapshot["service_id"]
-    expect-equals image service-snapshot["image"]
-    service-snapshot-id := service-snapshot["id"]
-
-    // sdk/service pair must be unique.
-    expect-throws --contains="unique": client-admin.rest.insert "service_images" {
-      "sdk_id": sdkv1-id,
-      "service_id": service1-id,
-      "image": image,
-    }
-
-    // Check that auth and anon can see it.
-    images = client-anon.rest.select "service_images"
-    expect-equals 1 images.size
-    expect-equals sdkv1-id images[0]["sdk_id"]
-    expect-equals service1-id service-snapshot["service_id"]
-    expect-equals image images[0]["image"]
-
-    images = client1.rest.select "service_images"
-    expect-equals 1 images.size
-    expect-equals sdkv1-id images[0]["sdk_id"]
-    expect-equals service1-id service-snapshot["service_id"]
-    expect-equals image images[0]["image"]
-
-    // Create a second service entry.
-    // We need it to avoid a unique constraint check for the failing tests below.
-    // We will also use it for organization-specific services.
-    services = client-admin.rest.insert "artemis_services" {
-      "version": "v9.9.9",
-    }
-    expect-equals "v9.9.9" services["version"]
-    service2-id := services["id"]
-
-    // Neither anon, nor auth can insert.
-    expect-throws --contains="policy": client-anon.rest.insert "service_images" {
-      "sdk_id": sdkv1-id,
-      "service_id": service2-id,
-      "image": image,
-    }
-    expect-throws --contains="policy": client1.rest.insert "service_images" {
-      "sdk_id": sdkv1-id,
-      "service_id": service2-id,
-      "image": image,
-    }
-
-    // Upload a service for a specific organization.
-    client-admin.rest.insert "service_images" {
-      "sdk_id": sdkv1-id,
-      "service_id": service2-id,
-      "image": image,
-      "organization_id": organization-id,
-    }
-
-    // Client1 can see it.
-    images = client1.rest.select "service_images"
-    expect (images.any: it["sdk_id"] == sdkv1-id and it["service_id"] == service2-id)
-
-    // Anon and client3 can't see it.
-    images = client-anon.rest.select "service_images"
-    expect-not (images.any: it["sdk_id"] == sdkv1-id and it["service_id"] == service2-id)
-    images = client3.rest.select "service_images"
-    expect-not (images.any: it["sdk_id"] == sdkv1-id and it["service_id"] == service2-id)
-
-    // Admins can write to the storage.
-    // All other users (including auth) can only see it.
-    IMAGE-BUCKET ::= "service-images"
-    client-admin.storage.upload
-        --path="$IMAGE-BUCKET/$image"
-        --content="test".to-byte-array
-
-    // Check that auth and anon can see it.
-    expect-equals "test".to-byte-array
-        client-anon.storage.download --path="$IMAGE-BUCKET/$image"
-    expect-equals "test".to-byte-array
-        client1.storage.download --path="$IMAGE-BUCKET/$image"
-    expect-equals "test".to-byte-array
-        client-anon.storage.download --public --path="$IMAGE-BUCKET/$image"
-    expect-equals "test".to-byte-array
-        client1.storage.download --public --path="$IMAGE-BUCKET/$image"
-
-    snapshot := "test-$(random).snapshot"
-
-    // Admins can read and write to the snapshot storage.
-    // All other users (including auth) can not see it.
-    SNAPSHOT-BUCKETS ::= [ "service-snapshots", "cli-snapshots" ]
-
-    SNAPSHOT-BUCKETS.do: | bucket/string |
-      client-admin.storage.upload
-          --path="$bucket/$snapshot"
-          --content="test snapshot".to-byte-array
-
-      // Check that admin can see it, but auth and anon can not see it.
-      expect-equals "test snapshot".to-byte-array
-          client-admin.storage.download --path="$bucket/$snapshot"
-
-      expect-throws --contains="Not found":
-        client-anon.storage.download --path="$bucket/$image"
-      expect-throws --contains="Not found":
-        client1.storage.download --path="$bucket/$image"
-
-      // Auth and anon don't have public access either.
-      expect-throws --contains="Not found":
-        client-anon.storage.download --public --path="$bucket/$image"
-      expect-throws --contains="Not found":
-        client1.storage.download --public --path="$bucket/$image"
-
 
 expect-throws --contains/string [block]:
   exception := catch: block.call