oxidecomputer · davepacheco · Mar 31, 2022 · Mar 20, 2022 · Mar 20, 2022 · Mar 20, 2022
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/nexus/src/authz/api_resources.rs b/nexus/src/authz/api_resources.rs
@@ -421,6 +421,10 @@ impl Project {
             lookup_type,
         }
     }
+
+    pub fn organization(&self) -> &Organization {
+        &self.parent
+    }
 }
 
 impl Eq for Project {}

diff --git a/nexus/src/db/datastore.rs b/nexus/src/db/datastore.rs
@@ -119,11 +119,11 @@ impl DataStore {
     // the database.  Eventually, this function should only be used for doing
     // authentication in the first place (since we can't do an authz check in
     // that case).
-    fn pool(&self) -> &bb8::Pool<ConnectionManager<DbConnection>> {
+    pub(super) fn pool(&self) -> &bb8::Pool<ConnectionManager<DbConnection>> {
         self.pool.pool()
     }
 
-    async fn pool_authorized(
+    pub(super) async fn pool_authorized(
         &self,
         opctx: &OpContext,
     ) -> Result<&bb8::Pool<ConnectionManager<DbConnection>>, Error> {

diff --git a/nexus/src/db/db-macros/Cargo.toml b/nexus/src/db/db-macros/Cargo.toml
@@ -9,6 +9,9 @@ license = "MPL-2.0"
 proc-macro = true
 
 [dependencies]
+heck = "0.4"
 proc-macro2 = { version = "1.0" }
 quote = { version = "1.0" }
+serde = { version = "1.0", features = [ "derive" ] }
+serde_tokenstream = "0.1"
 syn = { version = "1.0", features = [ "full", "derive", "extra-traits" ] }
diff --git a/nexus/src/db/db-macros/src/lib.rs b/nexus/src/db/db-macros/src/lib.rs
@@ -18,6 +18,62 @@ use quote::{format_ident, quote};
 use syn::spanned::Spanned;
 use syn::{Data, DataStruct, DeriveInput, Error, Fields, Ident, Lit, Meta};
 
+mod lookup;
+
+/// Defines a structure and helper functions for looking up resources
+///
+/// # Examples
+///
+/// ```ignore
+/// lookup_resource! {
+///     name = "Organization",
+///     ancestors = [],
+///     children = [ "Project" ],
+///     authz_kind = Typed
+/// }
+/// ```
+///
+/// See [`lookup::Input`] for documentation on the named arguments.
+///
+/// This defines a struct `Organization<'a>` with functions `fetch()`,
+/// `fetch_for(authz::Action)`, and `lookup_for(authz::Action)` for looking up
+/// an Organization in the database.  These functions are all protected by
+/// access controls.
+///
+/// Building on that, we have:
+///
+/// ```ignore
+/// lookup_resource! {
+///     name = "Organization",
+///     ancestors = [],
+///     children = [ "Project" ],
+///     authz_kind = Typed
+/// }
+///
+/// lookup_resource! {
+///     name = "Instance",
+///     ancestors = [ "Organization", "Project" ],
+///     children = [],
+///     authz_kind = Generic
+/// }
+/// ```
+///
+/// These define `Project<'a>` and `Instance<'a>`.  For more on these structs
+/// and how they're used, see nexus/src/db/lookup.rs.
+// Allow private intra-doc links.  This is useful because the `Input` struct
+// cannot be exported (since we're a proc macro crate, and we can't expose
+// a struct), but its documentation is very useful.
+#[allow(rustdoc::private_intra_doc_links)]
+#[proc_macro]
+pub fn lookup_resource(
+    input: proc_macro::TokenStream,
+) -> proc_macro::TokenStream {
+    match lookup::lookup_resource(input.into()) {
+        Ok(output) => output.into(),
+        Err(error) => error.to_compile_error().into(),
+    }
+}
+
 /// Looks for a Meta-style attribute with a particular identifier.
 ///
 /// As an example, for an attribute like `#[foo = "bar"]`, we can find this