SiloSettings -> SiloAuthSettings

Author: david-crespo

common/src/api/external/mod.rs

@@ -1009,7 +1009,7 @@ pub enum ResourceType {
     ProjectImage,
     Instance,
     LoopbackAddress,
-    SiloSettings,
+    SiloAuthSettings,
     SwitchPortSettings,
     SupportBundle,
     IpPool,

nexus/db-model/src/silo_auth_settings.rs

@@ -15,7 +15,7 @@ use uuid::Uuid;
     AsChangeset,
 )]
 #[diesel(table_name = silo_auth_settings)]
-pub struct SiloSettings {
+pub struct SiloAuthSettings {
     pub silo_id: Uuid,
     pub time_created: DateTime<Utc>,
     pub time_modified: DateTime<Utc>,
@@ -25,7 +25,7 @@ pub struct SiloSettings {
     pub device_token_max_ttl_seconds: Option<i64>,
 }
 
-impl SiloSettings {
+impl SiloAuthSettings {
     pub fn new(silo_id: Uuid) -> Self {
         Self {
             silo_id,
@@ -36,8 +36,8 @@ impl SiloSettings {
     }
 }
 
-impl From<SiloSettings> for views::SiloSettings {
-    fn from(silo_auth_settings: SiloSettings) -> Self {
+impl From<SiloAuthSettings> for views::SiloAuthSettings {
+    fn from(silo_auth_settings: SiloAuthSettings) -> Self {
         Self {
             silo_id: silo_auth_settings.silo_id,
             device_token_max_ttl_seconds: silo_auth_settings
@@ -46,18 +46,18 @@ impl From<SiloSettings> for views::SiloSettings {
     }
 }
 
-// Describes a set of updates for the [`SiloSettings`] model.
+// Describes a set of updates for the [`SiloAuthSettings`] model.
 #[derive(AsChangeset)]
 #[diesel(table_name = silo_auth_settings)]
-pub struct SiloSettingsUpdate {
+pub struct SiloAuthSettingsUpdate {
     // Needs to be double Option so we can set a value of null in the DB by
     // passing Some(None). None by itself is ignored by Diesel.
     pub device_token_max_ttl_seconds: Option<Option<i64>>,
     pub time_modified: DateTime<Utc>,
 }
 
-impl From<params::SiloSettingsUpdate> for SiloSettingsUpdate {
-    fn from(params: params::SiloSettingsUpdate) -> Self {
+impl From<params::SiloAuthSettingsUpdate> for SiloAuthSettingsUpdate {
+    fn from(params: params::SiloAuthSettingsUpdate) -> Self {
         Self {
             device_token_max_ttl_seconds: Some(
                 params.device_token_max_ttl_seconds.map(|ttl| ttl.get().into()),

nexus/db-queries/src/db/datastore/silo.rs

@@ -30,8 +30,8 @@ use nexus_db_fixed_data::silo::{DEFAULT_SILO, INTERNAL_SILO};
 use nexus_db_lookup::DbConnection;
 use nexus_db_model::Certificate;
 use nexus_db_model::ServiceKind;
+use nexus_db_model::SiloAuthSettings;
 use nexus_db_model::SiloQuotas;
-use nexus_db_model::SiloSettings;
 use nexus_types::external_api::params;
 use nexus_types::external_api::shared;
 use nexus_types::external_api::shared::SiloRole;
@@ -82,7 +82,7 @@ impl DataStore {
                     .execute_async(&conn)
                     .await?;
                 diesel::insert_into(silo_auth_settings::table)
-                    .values(SiloSettings::new(DEFAULT_SILO.id()))
+                    .values(SiloAuthSettings::new(DEFAULT_SILO.id()))
                     .on_conflict(silo_auth_settings::silo_id)
                     .do_nothing()
                     .execute_async(&conn)
@@ -311,7 +311,7 @@ impl DataStore {
                 self.silo_auth_settings_create(
                     &conn,
                     &authz_silo,
-                    SiloSettings::new(authz_silo.id()),
+                    SiloAuthSettings::new(authz_silo.id()),
                 )
                 .await?;
 

nexus/db-queries/src/db/datastore/silo_auth_settings.rs

@@ -6,8 +6,8 @@ use diesel::prelude::*;
 use nexus_db_errors::ErrorHandler;
 use nexus_db_errors::public_error_from_diesel;
 use nexus_db_lookup::DbConnection;
-use nexus_db_model::SiloSettings;
-use nexus_db_model::SiloSettingsUpdate;
+use nexus_db_model::SiloAuthSettings;
+use nexus_db_model::SiloAuthSettingsUpdate;
 use omicron_common::api::external::DeleteResult;
 use omicron_common::api::external::Error;
 use omicron_common::api::external::ResourceType;
@@ -27,7 +27,7 @@ impl DataStore {
         &self,
         conn: &async_bb8_diesel::Connection<DbConnection>,
         authz_silo: &authz::Silo,
-        settings: SiloSettings,
+        settings: SiloAuthSettings,
     ) -> Result<(), Error> {
         let silo_id = authz_silo.id();
         use nexus_db_schema::schema::silo_auth_settings;
@@ -40,7 +40,7 @@ impl DataStore {
                 public_error_from_diesel(
                     e,
                     ErrorHandler::Conflict(
-                        ResourceType::SiloSettings,
+                        ResourceType::SiloAuthSettings,
                         &silo_id.to_string(),
                     ),
                 )
@@ -72,22 +72,22 @@ impl DataStore {
         &self,
         opctx: &OpContext,
         authz_silo: &authz::Silo,
-        updates: SiloSettingsUpdate,
-    ) -> UpdateResult<SiloSettings> {
+        updates: SiloAuthSettingsUpdate,
+    ) -> UpdateResult<SiloAuthSettings> {
         opctx.authorize(authz::Action::Modify, authz_silo).await?;
         use nexus_db_schema::schema::silo_auth_settings::dsl;
         let silo_id = authz_silo.id();
         diesel::update(dsl::silo_auth_settings)
             .filter(dsl::silo_id.eq(silo_id))
             .set(updates)
-            .returning(SiloSettings::as_returning())
+            .returning(SiloAuthSettings::as_returning())
             .get_result_async(&*self.pool_connection_authorized(opctx).await?)
             .await
             .map_err(|e| {
                 public_error_from_diesel(
                     e,
                     ErrorHandler::Conflict(
-                        ResourceType::SiloSettings,
+                        ResourceType::SiloAuthSettings,
                         &silo_id.to_string(),
                     ),
                 )
@@ -98,7 +98,7 @@ impl DataStore {
         &self,
         opctx: &OpContext,
         authz_silo: &authz::Silo,
-    ) -> Result<SiloSettings, Error> {
+    ) -> Result<SiloAuthSettings, Error> {
         // Works for everyone when making a token because everyone can read
         // their own silo. Operators looking at silo settings will have silo
         // read on all silos.

nexus/external-api/src/lib.rs

@@ -286,7 +286,7 @@ pub trait NexusExternalApi {
     }]
     async fn auth_settings_view(
         rqctx: RequestContext<Self::Context>,
-    ) -> Result<HttpResponseOk<views::SiloSettings>, HttpError>;
+    ) -> Result<HttpResponseOk<views::SiloAuthSettings>, HttpError>;
 
     /// Update current silo's auth settings
     #[endpoint {
@@ -296,8 +296,8 @@ pub trait NexusExternalApi {
     }]
     async fn auth_settings_update(
         rqctx: RequestContext<Self::Context>,
-        new_settings: TypedBody<params::SiloSettingsUpdate>,
-    ) -> Result<HttpResponseOk<views::SiloSettings>, HttpError>;
+        new_settings: TypedBody<params::SiloAuthSettingsUpdate>,
+    ) -> Result<HttpResponseOk<views::SiloAuthSettings>, HttpError>;
 
     /// Fetch resource utilization for user's current silo
     #[endpoint {

nexus/src/app/silo.rs

@@ -9,7 +9,7 @@ use crate::external_api::shared;
 use anyhow::Context;
 use nexus_db_lookup::LookupPath;
 use nexus_db_lookup::lookup;
-use nexus_db_model::SiloSettings;
+use nexus_db_model::SiloAuthSettings;
 use nexus_db_model::{DnsGroup, UserProvisionType};
 use nexus_db_queries::authz::ApiResource;
 use nexus_db_queries::context::OpContext;
@@ -230,7 +230,7 @@ impl super::Nexus {
         &self,
         opctx: &OpContext,
         silo_lookup: &lookup::Silo<'_>,
-    ) -> LookupResult<SiloSettings> {
+    ) -> LookupResult<SiloAuthSettings> {
         // TODO: can everyone view this on their own silo? why not, right?
         let (.., authz_silo) =
             silo_lookup.lookup_for(authz::Action::Read).await?;
@@ -241,8 +241,8 @@ impl super::Nexus {
         &self,
         opctx: &OpContext,
         silo_lookup: &lookup::Silo<'_>,
-        settings: &params::SiloSettingsUpdate,
-    ) -> UpdateResult<SiloSettings> {
+        settings: &params::SiloAuthSettingsUpdate,
+    ) -> UpdateResult<SiloAuthSettings> {
         // TODO: modify seems fine, but look into why policy has its own
         // separate permission
         let (.., authz_silo) =

nexus/src/external_api/http_entrypoints.rs

@@ -231,7 +231,7 @@ impl NexusExternalApi for NexusExternalApiImpl {
 
     async fn auth_settings_view(
         rqctx: RequestContext<ApiContext>,
-    ) -> Result<HttpResponseOk<views::SiloSettings>, HttpError> {
+    ) -> Result<HttpResponseOk<views::SiloAuthSettings>, HttpError> {
         let apictx = rqctx.context();
         let handler = async {
             let nexus = &apictx.context.nexus;
@@ -258,8 +258,8 @@ impl NexusExternalApi for NexusExternalApiImpl {
 
     async fn auth_settings_update(
         rqctx: RequestContext<Self::Context>,
-        new_settings: TypedBody<params::SiloSettingsUpdate>,
-    ) -> Result<HttpResponseOk<views::SiloSettings>, HttpError> {
+        new_settings: TypedBody<params::SiloAuthSettingsUpdate>,
+    ) -> Result<HttpResponseOk<views::SiloAuthSettings>, HttpError> {
         let apictx = rqctx.context();
         let handler = async {
             let nexus = &apictx.context.nexus;

nexus/tests/integration_tests/device_auth.rs

@@ -253,7 +253,7 @@ async fn get_device_token(testctx: &ClientTestContext) -> String {
 async fn test_device_token_expiration(cptestctx: &ControlPlaneTestContext) {
     let testctx = &cptestctx.external_client;
 
-    let settings: views::SiloSettings =
+    let settings: views::SiloAuthSettings =
         object_get(testctx, "/v1/auth-settings").await;
     assert_eq!(settings.device_token_max_ttl_seconds, None);
 
@@ -301,10 +301,10 @@ async fn test_device_token_expiration(cptestctx: &ControlPlaneTestContext) {
     assert!(error.message.starts_with("unable to parse JSON body: missing field `device_token_max_ttl_seconds`"));
 
     // set token expiration on silo to 3 seconds
-    let settings: views::SiloSettings = object_put(
+    let settings: views::SiloAuthSettings = object_put(
         testctx,
         "/v1/auth-settings",
-        &params::SiloSettingsUpdate {
+        &params::SiloAuthSettingsUpdate {
             device_token_max_ttl_seconds: NonZeroU32::new(3).into(),
         },
     )
@@ -313,7 +313,7 @@ async fn test_device_token_expiration(cptestctx: &ControlPlaneTestContext) {
     assert_eq!(settings.device_token_max_ttl_seconds, Some(3));
 
     // might as well test the get endpoint as well
-    let settings: views::SiloSettings =
+    let settings: views::SiloAuthSettings =
         object_get(testctx, "/v1/auth-settings").await;
     assert_eq!(settings.device_token_max_ttl_seconds, Some(3));
 
@@ -339,17 +339,17 @@ async fn test_device_token_expiration(cptestctx: &ControlPlaneTestContext) {
         .expect("initial token should still work");
 
     // now test setting the silo max TTL back to null
-    let settings: views::SiloSettings = object_put(
+    let settings: views::SiloAuthSettings = object_put(
         testctx,
         "/v1/auth-settings",
-        &params::SiloSettingsUpdate {
+        &params::SiloAuthSettingsUpdate {
             device_token_max_ttl_seconds: None.into(),
         },
     )
     .await;
     assert_eq!(settings.device_token_max_ttl_seconds, None);
 
-    let settings: views::SiloSettings =
+    let settings: views::SiloAuthSettings =
         object_get(testctx, "/v1/auth-settings").await;
     assert_eq!(settings.device_token_max_ttl_seconds, None);
 }

nexus/tests/integration_tests/endpoints.rs

@@ -1641,7 +1641,7 @@ pub static VERIFY_ENDPOINTS: LazyLock<Vec<VerifyEndpoint>> =
                 allowed_methods: vec![
                     AllowedMethod::Get,
                     AllowedMethod::Put(
-                        serde_json::to_value(&params::SiloSettingsUpdate {
+                        serde_json::to_value(&params::SiloAuthSettingsUpdate {
                             device_token_max_ttl_seconds: Nullable(
                                 NonZeroU32::new(3),
                             ),

nexus/types/src/external_api/params.rs

@@ -491,7 +491,7 @@ pub struct SiloQuotasUpdate {
 
 /// Updateable properties of a silo's settings.
 #[derive(Clone, Debug, Serialize, Deserialize, JsonSchema)]
-pub struct SiloSettingsUpdate {
+pub struct SiloAuthSettingsUpdate {
     /// Maximum lifetime of a device token in seconds. If set to null, users
     /// will be able to create tokens that do not expire.
     #[schemars(range(min = 1))]