Move /global-images/ to live under /system/ as per RFD-288

docs/debugging-authz.adoc

@@ -305,7 +305,7 @@ In this example, we found _no_ roles for this user on the resource we were autho
   "pid": 12898,
   "actor": "001de000-05e4-4000-8000-000000004007",
   "authenticated": true,
-  "uri": "/images/alpine-edge",
+  "uri": "/system/images/alpine-edge",
   "method": "GET",
   "req_id": "c37ebae6-2252-4cd1-a9d5-73462522d56a",
   "remote_addr": "127.0.0.1:36233",
@@ -634,7 +634,7 @@ $ grep 'full Oso configuration' log | bunyan
     #
     # The resources here do not correspond to anything that appears explicitly in
     # the API or is stored in the database.  These are used either at the top level
-    # of the API path (e.g., "/images") or as an implementation detail of the system
+    # of the API path (e.g., "/system/images") or as an implementation detail of the system
     # (in the case of console sessions and "Database").  The policies are
     # either statically-defined in this file or driven by role assignments on the
     # Fleet.  None of these resources defines their own roles.
@@ -659,7 +659,7 @@ $ grep 'full Oso configuration' log | bunyan
     has_relation(fleet: Fleet, "parent_fleet", ip_pool_list: IpPoolList)
         if ip_pool_list.fleet = fleet;
 
-    # Describes the policy for accessing "/images" (in the API)
+    # Describes the policy for accessing "/system/images" (in the API)
     resource GlobalImageList {
         permissions = [
             "list_children",

docs/how-to-run.adoc

@@ -224,7 +224,7 @@ the exact addresses that are available depends on the environment.
 
  a. This can be the alpine.iso image that ships with propolis:
 
-    oxide api /images --method POST --input - <<EOF
+    oxide api /system/images --method POST --input - <<EOF
     {
       "name": "alpine",
       "description": "boot from propolis zone blob!",
@@ -241,7 +241,7 @@ the exact addresses that are available depends on the environment.
 
  b. Or an ISO / raw disk image / etc hosted at a URL:
 
-    oxide api /images --method POST --input - <<EOF
+    oxide api /system/images --method POST --input - <<EOF
     {
       "name": "crucible-tester-sparse",
       "description": "boot from a url!",
@@ -267,7 +267,7 @@ the exact addresses that are available depends on the environment.
       "size": 1073741824,
       "disk_source": {
           "type": "global_image",
-          "image_id": "$(oxide api /images/alpine | jq -r .id)"
+          "image_id": "$(oxide api /system/images/alpine | jq -r .id)"
       }
     }
     EOF

nexus/src/app/mod.rs

@@ -469,11 +469,11 @@ impl Nexus {
 /// For unimplemented endpoints, indicates whether the resource identified
 /// by this endpoint will always be publicly visible or not
 ///
-/// For example, the resource "/images" is well-known (it's part of the
+/// For example, the resource "/system/images" is well-known (it's part of the
 /// API).  Being unauthorized to list images will result in a "403
 /// Forbidden".  It's `UnimplResourceVisibility::Public'.
 ///
-/// By contrast, the resource "/images/some-image" is not publicly-known.
+/// By contrast, the resource "/system/images/some-image" is not publicly-known.
 /// If you're not authorized to view it, you'll get a "404 Not Found".  It's
 /// `Unimpl::ProtectedLookup(LookupType::ByName("some-image"))`.
 pub enum Unimpl {

nexus/src/authz/omicron.polar

@@ -322,7 +322,7 @@ has_relation(silo: Silo, "parent_silo", saml_identity_provider: SamlIdentityProv
 #
 # The resources here do not correspond to anything that appears explicitly in
 # the API or is stored in the database.  These are used either at the top level
-# of the API path (e.g., "/images") or as an implementation detail of the system
+# of the API path (e.g., "/system/images") or as an implementation detail of the system
 # (in the case of console sessions and "Database").  The policies are
 # either statically-defined in this file or driven by role assignments on the
 # Fleet.  None of these resources defines their own roles.
@@ -347,7 +347,7 @@ resource IpPoolList {
 has_relation(fleet: Fleet, "parent_fleet", ip_pool_list: IpPoolList)
 	if ip_pool_list.fleet = fleet;
 
-# Describes the policy for accessing "/images" (in the API)
+# Describes the policy for accessing "/system/images" (in the API)
 resource GlobalImageList {
 	permissions = [
 	    "list_children",

nexus/src/external_api/http_entrypoints.rs

@@ -234,11 +234,11 @@ pub fn external_api() -> NexusApiDescription {
         api.register(silo_identity_provider_create)?;
         api.register(silo_identity_provider_view)?;
 
-        api.register(image_global_list)?;
-        api.register(image_global_create)?;
-        api.register(image_global_view)?;
-        api.register(image_global_view_by_id)?;
-        api.register(image_global_delete)?;
+        api.register(system_image_list)?;
+        api.register(system_image_create)?;
+        api.register(system_image_view)?;
+        api.register(system_image_view_by_id)?;
+        api.register(system_image_delete)?;
 
         api.register(updates_refresh)?;
         api.register(user_list)?;
@@ -2243,16 +2243,16 @@ async fn instance_disk_detach(
 
 // Images
 
-/// List global images
+/// List system-wide images
 ///
-/// Returns a list of all the global images. Global images are returned sorted
+/// Returns a list of all the system-wide images. System-wide images are returned sorted
 /// by creation date, with the most recent images appearing first.
 #[endpoint {
     method = GET,
-    path = "/images",
-    tags = ["images:global"],
+    path = "/system/images",
+    tags = ["system"],
 }]
-async fn image_global_list(
+async fn system_image_list(
     rqctx: Arc<RequestContext<Arc<ServerContext>>>,
     query_params: Query<PaginatedByName>,
 ) -> Result<HttpResponseOk<ResultsPage<GlobalImage>>, HttpError> {
@@ -2280,16 +2280,16 @@ async fn image_global_list(
     apictx.external_latencies.instrument_dropshot_handler(&rqctx, handler).await
 }
 
-/// Create a global image
+/// Create a system-wide image
 ///
-/// Create a new global image. This image can then be used by any user as a
+/// Create a new system-wide image. This image can then be used by any user in any silo as a
 /// base for instances.
 #[endpoint {
     method = POST,
-    path = "/images",
-    tags = ["images:global"]
+    path = "/system/images",
+    tags = ["system"]
 }]
-async fn image_global_create(
+async fn system_image_create(
     rqctx: Arc<RequestContext<Arc<ServerContext>>>,
     new_image: TypedBody<params::GlobalImageCreate>,
 ) -> Result<HttpResponseCreated<GlobalImage>, HttpError> {
@@ -2310,15 +2310,15 @@ struct GlobalImagePathParam {
     image_name: Name,
 }
 
-/// Fetch a global image
+/// Fetch a system-wide image
 ///
-/// Returns the details of a specific global image.
+/// Returns the details of a specific system-wide image.
 #[endpoint {
     method = GET,
-    path = "/images/{image_name}",
-    tags = ["images:global"],
+    path = "/system/images/{image_name}",
+    tags = ["system"],
 }]
-async fn image_global_view(
+async fn system_image_view(
     rqctx: Arc<RequestContext<Arc<ServerContext>>>,
     path_params: Path<GlobalImagePathParam>,
 ) -> Result<HttpResponseOk<GlobalImage>, HttpError> {
@@ -2334,13 +2334,13 @@ async fn image_global_view(
     apictx.external_latencies.instrument_dropshot_handler(&rqctx, handler).await
 }
 
-/// Fetch a global image by id
+/// Fetch a system-wide image by id
 #[endpoint {
     method = GET,
-    path = "/by-id/global-images/{id}",
-    tags = ["images:global"],
+    path = "/system/by-id/images/{id}",
+    tags = ["system"],
 }]
-async fn image_global_view_by_id(
+async fn system_image_view_by_id(
     rqctx: Arc<RequestContext<Arc<ServerContext>>>,
     path_params: Path<ByIdPathParams>,
 ) -> Result<HttpResponseOk<GlobalImage>, HttpError> {
@@ -2356,17 +2356,17 @@ async fn image_global_view_by_id(
     apictx.external_latencies.instrument_dropshot_handler(&rqctx, handler).await
 }
 
-/// Delete a global image
+/// Delete a system-wide image
 ///
-/// Permanently delete a global image. This operation cannot be undone. Any
-/// instances using the global image will continue to run, however new instances
+/// Permanently delete a system-wide image. This operation cannot be undone. Any
+/// instances using the system-wide image will continue to run, however new instances
 /// can not be created with this image.
 #[endpoint {
     method = DELETE,
-    path = "/images/{image_name}",
-    tags = ["images:global"],
+    path = "/system/images/{image_name}",
+    tags = ["system"],
 }]
-async fn image_global_delete(
+async fn system_image_delete(
     rqctx: Arc<RequestContext<Arc<ServerContext>>>,
     path_params: Path<GlobalImagePathParam>,
 ) -> Result<HttpResponseDeleted, HttpError> {

nexus/tests/integration_tests/authz.rs

@@ -170,7 +170,7 @@ async fn test_global_image_read_for_unpriv(
         block_size: params::BlockSize::try_from(512).unwrap(),
     };
 
-    NexusRequest::objects_post(client, "/images", &image_create_params)
+    NexusRequest::objects_post(client, "/system/images", &image_create_params)
         .authn_as(AuthnMode::PrivilegedUser)
         .execute()
         .await
@@ -180,7 +180,7 @@ async fn test_global_image_read_for_unpriv(
 
     // - can list global images
     let _images: ResultsPage<views::GlobalImage> =
-        NexusRequest::object_get(client, &"/images")
+        NexusRequest::object_get(client, &"/system/images")
             .authn_as(AuthnMode::SiloUser(new_silo_user_id))
             .execute()
             .await
@@ -190,7 +190,7 @@ async fn test_global_image_read_for_unpriv(
 
     // - can read a global image
     let _image: views::GlobalImage =
-        NexusRequest::object_get(client, &"/images/alpine-edge")
+        NexusRequest::object_get(client, &"/system/images/alpine-edge")
             .authn_as(AuthnMode::SiloUser(new_silo_user_id))
             .execute()
             .await

nexus/tests/integration_tests/endpoints.rs

@@ -280,7 +280,7 @@ lazy_static! {
     // Global Images
     pub static ref DEMO_GLOBAL_IMAGE_NAME: Name = "alpine-edge".parse().unwrap();
     pub static ref DEMO_GLOBAL_IMAGE_URL: String =
-        format!("/images/{}", *DEMO_GLOBAL_IMAGE_NAME);
+        format!("/system/images/{}", *DEMO_GLOBAL_IMAGE_NAME);
     pub static ref DEMO_GLOBAL_IMAGE_CREATE: params::GlobalImageCreate =
         params::GlobalImageCreate {
             identity: IdentityMetadataCreateParams {
@@ -1378,7 +1378,7 @@ lazy_static! {
         /* Global Images */
 
         VerifyEndpoint {
-            url: "/images",
+            url: "/system/images",
             visibility: Visibility::Public,
             unprivileged_access: UnprivilegedAccess::ReadOnly,
             allowed_methods: vec![
@@ -1390,7 +1390,7 @@ lazy_static! {
         },
 
         VerifyEndpoint {
-            url: "/by-id/global-images/{id}",
+            url: "/system/by-id/images/{id}",
             visibility: Visibility::Protected,
             unprivileged_access: UnprivilegedAccess::ReadOnly,
             allowed_methods: vec![

nexus/tests/integration_tests/images.rs

@@ -40,7 +40,7 @@ async fn test_global_image_create(cptestctx: &ControlPlaneTestContext) {
 
     // No global images yet
     let global_images: Vec<GlobalImage> =
-        NexusRequest::iter_collection_authn(client, "/images", "", None)
+        NexusRequest::iter_collection_authn(client, "/system/images", "", None)
             .await
             .expect("failed to list images")
             .all_items;
@@ -65,15 +65,15 @@ async fn test_global_image_create(cptestctx: &ControlPlaneTestContext) {
         block_size: params::BlockSize::try_from(512).unwrap(),
     };
 
-    NexusRequest::objects_post(client, "/images", &image_create_params)
+    NexusRequest::objects_post(client, "/system/images", &image_create_params)
         .authn_as(AuthnMode::PrivilegedUser)
         .execute()
         .await
         .unwrap();
 
     // Verify one global image
     let global_images: Vec<GlobalImage> =
-        NexusRequest::iter_collection_authn(client, "/images", "", None)
+        NexusRequest::iter_collection_authn(client, "/system/images", "", None)
             .await
             .expect("failed to list images")
             .all_items;
@@ -112,7 +112,7 @@ async fn test_global_image_create_url_404(cptestctx: &ControlPlaneTestContext) {
     };
 
     let error = NexusRequest::new(
-        RequestBuilder::new(client, Method::POST, &"/images")
+        RequestBuilder::new(client, Method::POST, &"/system/images")
             .body(Some(&image_create_params))
             .expect_status(Some(StatusCode::BAD_REQUEST)),
     )
@@ -149,7 +149,7 @@ async fn test_global_image_create_bad_url(cptestctx: &ControlPlaneTestContext) {
     };
 
     let error = NexusRequest::new(
-        RequestBuilder::new(client, Method::POST, &"/images")
+        RequestBuilder::new(client, Method::POST, &"/system/images")
             .body(Some(&image_create_params))
             .expect_status(Some(StatusCode::BAD_REQUEST)),
     )
@@ -199,7 +199,7 @@ async fn test_global_image_create_bad_content_length(
     };
 
     let error = NexusRequest::new(
-        RequestBuilder::new(client, Method::POST, &"/images")
+        RequestBuilder::new(client, Method::POST, &"/system/images")
             .body(Some(&image_create_params))
             .expect_status(Some(StatusCode::BAD_REQUEST)),
     )
@@ -250,7 +250,7 @@ async fn test_global_image_create_bad_image_size(
     };
 
     let error = NexusRequest::new(
-        RequestBuilder::new(client, Method::POST, &"/images")
+        RequestBuilder::new(client, Method::POST, &"/system/images")
             .body(Some(&image_create_params))
             .expect_status(Some(StatusCode::BAD_REQUEST)),
     )
@@ -300,14 +300,17 @@ async fn test_make_disk_from_global_image(cptestctx: &ControlPlaneTestContext) {
         block_size: params::BlockSize::try_from(512).unwrap(),
     };
 
-    let alpine_image: GlobalImage =
-        NexusRequest::objects_post(client, "/images", &image_create_params)
-            .authn_as(AuthnMode::PrivilegedUser)
-            .execute()
-            .await
-            .unwrap()
-            .parsed_body()
-            .unwrap();
+    let alpine_image: GlobalImage = NexusRequest::objects_post(
+        client,
+        "/system/images",
+        &image_create_params,
+    )
+    .authn_as(AuthnMode::PrivilegedUser)
+    .execute()
+    .await
+    .unwrap()
+    .parsed_body()
+    .unwrap();
 
     create_organization(&client, "myorg").await;
     create_project(client, "myorg", "myproj").await;
@@ -370,14 +373,17 @@ async fn test_make_disk_from_global_image_too_small(
         block_size: params::BlockSize::try_from(512).unwrap(),
     };
 
-    let alpine_image: GlobalImage =
-        NexusRequest::objects_post(client, "/images", &image_create_params)
-            .authn_as(AuthnMode::PrivilegedUser)
-            .execute()
-            .await
-            .unwrap()
-            .parsed_body()
-            .unwrap();
+    let alpine_image: GlobalImage = NexusRequest::objects_post(
+        client,
+        "/system/images",
+        &image_create_params,
+    )
+    .authn_as(AuthnMode::PrivilegedUser)
+    .execute()
+    .await
+    .unwrap()
+    .parsed_body()
+    .unwrap();
 
     create_organization(&client, "myorg").await;
     create_project(client, "myorg", "myproj").await;