delete Role, RoleName, RolePage views and params

Author: david-crespo

common/src/api/external/mod.rs

@@ -495,72 +495,6 @@ fn name_schema(
     .into()
 }
 
-/// Name for a built-in role
-#[derive(
-    Clone,
-    Debug,
-    DeserializeFromStr,
-    Display,
-    Eq,
-    FromStr,
-    Ord,
-    PartialEq,
-    PartialOrd,
-    SerializeDisplay,
-)]
-#[display("{resource_type}.{role_name}")]
-pub struct RoleName {
-    // "resource_type" is generally the String value of one of the
-    // `ResourceType` variants.  We could store the parsed `ResourceType`
-    // instead, but it's useful to be able to represent RoleNames for resource
-    // types that we don't know about.  That could happen if we happen to find
-    // them in the database, for example.
-    #[from_str(regex = "[a-z-]+")]
-    resource_type: String,
-    #[from_str(regex = "[a-z-]+")]
-    role_name: String,
-}
-
-impl RoleName {
-    pub fn new(resource_type: &str, role_name: &str) -> RoleName {
-        RoleName {
-            resource_type: String::from(resource_type),
-            role_name: String::from(role_name),
-        }
-    }
-}
-
-/// Custom JsonSchema implementation to encode the constraints on RoleName
-impl JsonSchema for RoleName {
-    fn schema_name() -> String {
-        "RoleName".to_string()
-    }
-    fn json_schema(
-        _: &mut schemars::gen::SchemaGenerator,
-    ) -> schemars::schema::Schema {
-        schemars::schema::Schema::Object(schemars::schema::SchemaObject {
-            metadata: Some(Box::new(schemars::schema::Metadata {
-                title: Some("A name for a built-in role".to_string()),
-                description: Some(
-                    "Role names consist of two string components \
-                     separated by dot (\".\")."
-                        .to_string(),
-                ),
-                ..Default::default()
-            })),
-            instance_type: Some(schemars::schema::SingleOrVec::Single(
-                Box::new(schemars::schema::InstanceType::String),
-            )),
-            string: Some(Box::new(schemars::schema::StringValidation {
-                max_length: Some(63),
-                min_length: None,
-                pattern: Some("[a-z-]+\\.[a-z-]+".to_string()),
-            })),
-            ..Default::default()
-        })
-    }
-}
-
 /// Byte count to express memory or storage capacity.
 //
 // The maximum supported byte count is [`i64::MAX`].  This makes it somewhat
@@ -1040,6 +974,7 @@ pub enum ResourceType {
     RouterRoute,
     Oximeter,
     MetricProducer,
+    RoleBuiltin,
     TufRepo,
     TufArtifact,
     SwitchPort,
@@ -3324,8 +3259,8 @@ mod test {
     use super::VpcFirewallRuleHostFilter;
     use super::VpcFirewallRuleTarget;
     use super::{
-        ByteCount, Digest, L4Port, L4PortRange, Name, RoleName,
-        VpcFirewallRuleAction, VpcFirewallRuleDirection, VpcFirewallRuleFilter,
+        ByteCount, Digest, L4Port, L4PortRange, Name, VpcFirewallRuleAction,
+        VpcFirewallRuleDirection, VpcFirewallRuleFilter,
         VpcFirewallRulePriority, VpcFirewallRuleProtocol,
         VpcFirewallRuleStatus, VpcFirewallRuleUpdate,
         VpcFirewallRuleUpdateParams,
@@ -3408,54 +3343,6 @@ mod test {
         }
     }
 
-    #[test]
-    fn test_role_name_parse() {
-        // Error cases
-        let bad_inputs = vec![
-            // empty string is always worth testing
-            "",
-            // missing dot
-            "project",
-            // extra dot (or, illegal character in the second component)
-            "project.admin.super",
-            // missing resource type (or, another bogus resource type)
-            ".admin",
-            // missing role name
-            "project.",
-            // illegal characters in role name
-            "project.not_good",
-        ];
-
-        for input in bad_inputs {
-            eprintln!("check name {:?} (expecting error)", input);
-            let result =
-                input.parse::<RoleName>().expect_err("unexpectedly succeeded");
-            eprintln!("(expected) error: {:?}", result);
-        }
-
-        eprintln!("check name \"project.admin\" (expecting success)");
-        let role_name =
-            "project.admin".parse::<RoleName>().expect("failed to parse");
-        assert_eq!(role_name.to_string(), "project.admin");
-        assert_eq!(role_name.resource_type, "project");
-        assert_eq!(role_name.role_name, "admin");
-
-        eprintln!("check name \"barf.admin\" (expecting success)");
-        let role_name =
-            "barf.admin".parse::<RoleName>().expect("failed to parse");
-        assert_eq!(role_name.to_string(), "barf.admin");
-        assert_eq!(role_name.resource_type, "barf");
-        assert_eq!(role_name.role_name, "admin");
-
-        eprintln!("check name \"organization.super-user\" (expecting success)");
-        let role_name = "organization.super-user"
-            .parse::<RoleName>()
-            .expect("failed to parse");
-        assert_eq!(role_name.to_string(), "organization.super-user");
-        assert_eq!(role_name.resource_type, "organization");
-        assert_eq!(role_name.role_name, "super-user");
-    }
-
     #[test]
     fn test_resource_name_parse() {
         let bad_inputs = vec![

nexus/types/src/external_api/params.rs

@@ -2398,22 +2398,6 @@ pub struct AllowListUpdate {
     pub allowed_ips: AllowedSourceIps,
 }
 
-// Roles
-
-// Roles have their own pagination scheme because they do not use the usual "id"
-// or "name" types.  For more, see the comment in dbinit.sql.
-#[derive(Deserialize, JsonSchema, Serialize)]
-pub struct RolePage {
-    pub last_seen: String,
-}
-
-/// Path parameters for global (system) role requests
-#[derive(Deserialize, JsonSchema)]
-pub struct RolePath {
-    /// The built-in role's unique name.
-    pub role_name: String,
-}
-
 // Console API
 
 #[derive(Deserialize, JsonSchema)]

nexus/types/src/external_api/views.rs

@@ -15,7 +15,7 @@ use daft::Diffable;
 use omicron_common::api::external::{
     AffinityPolicy, AllowedSourceIps as ExternalAllowedSourceIps, ByteCount,
     Digest, Error, FailureDomain, IdentityMetadata, InstanceState, Name,
-    ObjectIdentity, RoleName, SimpleIdentity, SimpleIdentityOrName,
+    ObjectIdentity, SimpleIdentity, SimpleIdentityOrName,
 };
 use omicron_uuid_kinds::{AlertReceiverUuid, AlertUuid};
 use oxnet::{Ipv4Net, Ipv6Net};
@@ -963,15 +963,6 @@ pub struct UserBuiltin {
     pub identity: IdentityMetadata,
 }
 
-// ROLES
-
-/// View of a Role
-#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize, JsonSchema)]
-pub struct Role {
-    pub name: RoleName,
-    pub description: String,
-}
-
 // SSH KEYS
 
 /// View of an SSH Key