ensure (not exclusively create) silo groups

so multiple logins do not cause one another to fail

Author: jmpesp

common/src/sql/dbinit.sql

@@ -296,8 +296,7 @@ CREATE INDEX ON omicron.public.silo_group (
 CREATE UNIQUE INDEX ON omicron.public.silo_group (
     silo_id,
     external_id
-) WHERE
-    time_deleted IS NULL;
+);
 
 /*
  * Silo group membership

nexus/src/app/silo.rs

@@ -252,7 +252,7 @@ impl super::Nexus {
 
             None => {
                 self.db_datastore
-                    .silo_group_create(
+                    .silo_group_ensure(
                         opctx,
                         authz_silo,
                         db::model::SiloGroup::new(

nexus/src/db/datastore/silo.rs

@@ -85,11 +85,11 @@ impl DataStore {
         let authz_silo =
             authz::Silo::new(authz::FLEET, silo_id, LookupType::ById(silo_id));
 
-        let silo_admin_group_create_query = if let Some(ref admin_group_name) =
+        let silo_admin_group_ensure_query = if let Some(ref admin_group_name) =
             new_silo_params.admin_group_name
         {
-            let silo_admin_group_create_query =
-                DataStore::silo_group_create_query(
+            let silo_admin_group_ensure_query =
+                DataStore::silo_group_ensure_query(
                     opctx,
                     &authz_silo,
                     db::model::SiloGroup::new(
@@ -100,7 +100,7 @@ impl DataStore {
                 )
                 .await?;
 
-            Some(silo_admin_group_create_query)
+            Some(silo_admin_group_ensure_query)
         } else {
             None
         };
@@ -134,7 +134,7 @@ impl DataStore {
             .transaction(move |conn| {
                 let silo = silo_create_query.get_result(conn)?;
 
-                if let Some(query) = silo_admin_group_create_query {
+                if let Some(query) = silo_admin_group_ensure_query {
                     query.get_result(conn)?;
                 }
 

nexus/src/db/datastore/silo_group.rs

@@ -28,7 +28,7 @@ use omicron_common::api::external::UpdateResult;
 use uuid::Uuid;
 
 impl DataStore {
-    pub async fn silo_group_create_query(
+    pub(super) async fn silo_group_ensure_query(
         opctx: &OpContext,
         authz_silo: &authz::Silo,
         silo_group: SiloGroup,
@@ -38,20 +38,31 @@ impl DataStore {
         use db::schema::silo_group::dsl;
         Ok(diesel::insert_into(dsl::silo_group)
             .values(silo_group)
+            .on_conflict((dsl::silo_id, dsl::external_id))
+            .do_nothing()
             .returning(SiloGroup::as_returning()))
     }
 
-    pub async fn silo_group_create(
+    pub async fn silo_group_ensure(
         &self,
         opctx: &OpContext,
         authz_silo: &authz::Silo,
         silo_group: SiloGroup,
     ) -> CreateResult<SiloGroup> {
-        DataStore::silo_group_create_query(opctx, authz_silo, silo_group)
+        let external_id = silo_group.external_id.clone();
+
+        DataStore::silo_group_ensure_query(opctx, authz_silo, silo_group)
             .await?
-            .get_result_async(self.pool_authorized(opctx).await?)
+            .execute_async(self.pool_authorized(opctx).await?)
             .await
-            .map_err(|e| public_error_from_diesel_pool(e, ErrorHandler::Server))
+            .map_err(|e| {
+                public_error_from_diesel_pool(e, ErrorHandler::Server)
+            })?;
+
+        Ok(self
+            .silo_group_optional_lookup(opctx, authz_silo, external_id)
+            .await?
+            .unwrap())
     }
 
     pub async fn silo_group_optional_lookup(