System Update API

Cargo.toml

@@ -197,6 +197,7 @@ ring = "0.16"
 rustfmt-wrapper = "0.2"
 samael = { git = "https://github.com/njaremko/samael", features = ["xmlsec"], branch = "master" }
 schemars = "0.8.10"
+semver = { version = "1.0.16", features = ["std", "serde"] }
 serde = { version = "1.0", default-features = false, features = [ "derive" ] }
 serde_derive = "1.0"
 serde_json = "1.0.91"

common/Cargo.toml

@@ -19,6 +19,7 @@ rand.workspace = true
 reqwest = { workspace = true, features = ["rustls-tls", "stream"] }
 ring.workspace = true
 schemars = { workspace = true, features = [ "chrono", "uuid1" ] }
+semver.workspace = true
 serde.workspace = true
 serde_derive.workspace = true
 serde_json.workspace = true

common/src/api/external/mod.rs

@@ -24,6 +24,7 @@ use futures::stream::StreamExt;
 use parse_display::Display;
 use parse_display::FromStr;
 use schemars::JsonSchema;
+use semver;
 use serde::Deserialize;
 use serde::Serialize;
 use serde_with::{DeserializeFromStr, SerializeDisplay};
@@ -373,6 +374,38 @@ impl JsonSchema for NameOrId {
     }
 }
 
+// TODO: remove wrapper for semver::Version once this PR goes through
+// https://github.com/GREsau/schemars/pull/195
+#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, Eq, Display)]
+#[display("{0}")]
+pub struct SemverVersion(pub semver::Version);
+
+impl SemverVersion {
+    pub fn new(major: u64, minor: u64, patch: u64) -> Self {
+        Self(semver::Version::new(major, minor, patch))
+    }
+}
+
+impl JsonSchema for SemverVersion {
+    fn schema_name() -> String {
+        "SemverVersion".to_string()
+    }
+
+    fn json_schema(
+        _: &mut schemars::gen::SchemaGenerator,
+    ) -> schemars::schema::Schema {
+        schemars::schema::SchemaObject {
+            instance_type: Some(schemars::schema::InstanceType::String.into()),
+            string: Some(Box::new(schemars::schema::StringValidation {
+                pattern: Some(r"^\d+\.\d+\.\d+([\-\+].+)?$".to_owned()),
+                ..Default::default()
+            })),
+            ..Default::default()
+        }
+        .into()
+    }
+}
+
 /// Name for a built-in role
 #[derive(
     Clone,
@@ -666,6 +699,10 @@ pub enum ResourceType {
     MetricProducer,
     RoleBuiltin,
     UpdateAvailableArtifact,
+    SystemUpdate,
+    ComponentUpdate,
+    SystemUpdateComponentUpdate,
+    UpdateableComponent,
     UserBuiltin,
     Zpool,
 }

common/src/sql/dbinit.sql

@@ -1419,6 +1419,98 @@ CREATE INDEX ON omicron.public.update_available_artifact (
     targets_role_version
 );
 
+/*
+ * System updates
+ */
+CREATE TABLE omicron.public.system_update (
+    /* Unique semver version */
+    version STRING(64) PRIMARY KEY,
+
+    -- The ID is not strictly necessary here because we're using the version
+    -- string as the PK. However, removing it would make this one of the only
+    -- resources without an ID, which means we'd have to do a bunch of special
+    -- stuff that we get more or less for free with other resources. For
+    -- example, paginating by ID (note this is distinct from sorting by ID).
+
+    /* Identity metadata (asset) */
+    id UUID NOT NULL,
+    time_created TIMESTAMPTZ NOT NULL,
+    time_modified TIMESTAMPTZ NOT NULL
+);
+
+
+-- Used for the join with components. That and pagination is all id is used for
+CREATE UNIQUE INDEX ON omicron.public.system_update (
+    id
+);
+
+CREATE TYPE omicron.public.updateable_component_type AS ENUM (
+    'bootloader_for_rot',
+    'bootloader_for_sp',
+    'bootloader_for_host_proc',
+    'hubris_for_psc_rot',
+    'hubris_for_psc_sp',
+    'hubris_for_sidecar_rot',
+    'hubris_for_sidecar_sp',
+    'hubris_for_gimlet_rot',
+    'hubris_for_gimlet_sp',
+    'helios_host_phase_1',
+    'helios_host_phase_2',
+    'host_omicron'
+);
+
+/*
+ * Component updates. Associated with at least one system_update through
+ * system_update_component_update.
+ */
+CREATE TABLE omicron.public.component_update (
+    /* Identity metadata (asset) */
+    id UUID PRIMARY KEY,
+    time_created TIMESTAMPTZ NOT NULL,
+    time_modified TIMESTAMPTZ NOT NULL,
+
+    -- On component updates there's no device ID because the update can apply to
+    -- multiple instances of a given device kind
+
+    -- So far we are not implementing fetch component update by (component_type,
+    -- version). If we did, we'd probably want to make that pair the PK.
+    -- TODO: figure out the actual length version strings should have
+    version STRING(64) NOT NULL,
+    component_type omicron.public.updateable_component_type NOT NULL,
+
+    -- the ID of another component_update
+    parent_id UUID
+);
+
+/*
+ * Associate system updates with component updates. Not done with a
+ * system_update_id field on component_update because the same component update
+ * may be part of more than one system update.
+ */
+CREATE TABLE omicron.public.system_update_component_update (
+    system_update_id UUID NOT NULL,
+    component_update_id UUID NOT NULL,
+
+    PRIMARY KEY (system_update_id, component_update_id)
+);
+
+/*
+ * Updateable components and their update status
+ */
+CREATE TABLE omicron.public.updateable_component (
+    /* Identity metadata (asset) */
+    id UUID PRIMARY KEY,
+    time_created TIMESTAMPTZ NOT NULL,
+    time_modified TIMESTAMPTZ NOT NULL,
+
+    -- free-form string that comes from the device
+    device_id STRING(40) NOT NULL,
+    component_type omicron.public.updateable_component_type NOT NULL,
+    version STRING(64) NOT NULL,
+    parent_id UUID
+    -- TODO: status and reason
+);
+
 /*******************************************************************/
 
 /*

nexus/db-model/Cargo.toml

@@ -22,6 +22,7 @@ pq-sys = "*"
 rand.workspace = true
 ref-cast.workspace = true
 schemars = { workspace = true, features = ["chrono", "uuid1"] }
+semver.workspace = true
 serde.workspace = true
 serde_json.workspace = true
 steno.workspace = true

nexus/db-model/src/lib.rs

@@ -39,6 +39,8 @@ mod organization;
 mod oximeter_info;
 mod producer_endpoint;
 mod project;
+mod semver_version;
+mod system_update;
 // These actually represent subqueries, not real table.
 // However, they must be defined in the same crate as our tables
 // for join-based marker trait generation.
@@ -115,6 +117,7 @@ pub use region::*;
 pub use region_snapshot::*;
 pub use role_assignment::*;
 pub use role_builtin::*;
+pub use semver_version::*;
 pub use service::*;
 pub use service_kind::*;
 pub use silo::*;
@@ -124,6 +127,7 @@ pub use silo_user_password_hash::*;
 pub use sled::*;
 pub use snapshot::*;
 pub use ssh_key::*;
+pub use system_update::*;
 pub use update_artifact::*;
 pub use user_builtin::*;
 pub use vni::*;

nexus/db-model/src/schema.rs

@@ -633,6 +633,58 @@ table! {
     }
 }
 
+table! {
+    system_update (version) {
+        id -> Uuid,
+        time_created -> Timestamptz,
+        time_modified -> Timestamptz,
+
+        version -> Text,
+    }
+}
+
+table! {
+    component_update (id) {
+        id -> Uuid,
+        time_created -> Timestamptz,
+        time_modified -> Timestamptz,
+
+        version -> Text,
+        component_type -> crate::UpdateableComponentTypeEnum,
+        // parent component update ID
+        parent_id -> Nullable<Uuid>,
+    }
+}
+
+table! {
+    updateable_component (id) {
+        id -> Uuid,
+        time_created -> Timestamptz,
+        time_modified -> Timestamptz,
+
+        device_id -> Text,
+        version -> Text,
+        component_type -> crate::UpdateableComponentTypeEnum,
+        parent_id -> Nullable<Uuid>,
+        // status
+        // reason
+    }
+}
+
+table! {
+    system_update_component_update (system_update_id, component_update_id) {
+        system_update_id -> Uuid,
+        component_update_id -> Uuid,
+    }
+}
+
+allow_tables_to_appear_in_same_query!(
+    system_update,
+    component_update,
+    system_update_component_update,
+);
+joinable!(system_update_component_update -> component_update (component_update_id));
+
 allow_tables_to_appear_in_same_query!(ip_pool_range, ip_pool);
 joinable!(ip_pool_range -> ip_pool (ip_pool_id));
 

nexus/db-model/src/semver_version.rs

@@ -0,0 +1,64 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+use diesel::backend::{Backend, RawValue};
+use diesel::deserialize::{self, FromSql};
+use diesel::query_builder::bind_collector::RawBytesBindCollector;
+use diesel::serialize::{self, ToSql};
+use diesel::sql_types;
+use omicron_common::api::external;
+use parse_display::Display;
+use serde::{Deserialize, Serialize};
+
+// We wrap semver::Version in external to impl JsonSchema, and we wrap it again
+// here to impl ToSql/FromSql
+
+#[derive(
+    Clone,
+    Debug,
+    AsExpression,
+    FromSqlRow,
+    Serialize,
+    Deserialize,
+    PartialEq,
+    Display,
+)]
+#[diesel(sql_type = sql_types::Text)]
+#[display("{0}")]
+pub struct SemverVersion(pub external::SemverVersion);
+
+NewtypeFrom! { () pub struct SemverVersion(external::SemverVersion); }
+NewtypeDeref! { () pub struct SemverVersion(external::SemverVersion); }
+
+impl SemverVersion {
+    pub fn new(major: u64, minor: u64, patch: u64) -> Self {
+        Self(external::SemverVersion(semver::Version::new(major, minor, patch)))
+    }
+}
+
+impl<DB> ToSql<sql_types::Text, DB> for SemverVersion
+where
+    DB: Backend<BindCollector = RawBytesBindCollector<DB>>,
+    String: ToSql<sql_types::Text, DB>,
+{
+    fn to_sql<'a>(
+        &'a self,
+        out: &mut serialize::Output<'a, '_, DB>,
+    ) -> serialize::Result {
+        (self.0).0.to_string().to_sql(&mut out.reborrow())
+    }
+}
+
+impl<DB> FromSql<sql_types::Text, DB> for SemverVersion
+where
+    DB: Backend,
+    String: FromSql<sql_types::Text, DB>,
+{
+    fn from_sql(raw: RawValue<DB>) -> deserialize::Result<Self> {
+        String::from_sql(raw)?
+            .parse()
+            .map(|s| SemverVersion(external::SemverVersion(s)))
+            .map_err(|e| e.into())
+    }
+}