From 593209d71da3c2b29fc651aeb2cff5efeabecc64 Mon Sep 17 00:00:00 2001 From: "Sean P. Kelly" Date: Fri, 6 Sep 2024 23:11:08 +0000 Subject: [PATCH] twoliter: refactor lock to be a private project submodule The lock abstractions force the project interface to perform the appropriate validations when resolving and using dependencies. This change moves the `lock` module under `project` so that we can more-tightly control access to that functionality. --- twoliter/src/cmd/build.rs | 5 +- twoliter/src/cmd/build_clean.rs | 3 +- twoliter/src/cmd/fetch.rs | 3 +- twoliter/src/cmd/make.rs | 9 ++-- twoliter/src/cmd/publish_kit.rs | 3 +- twoliter/src/cmd/update.rs | 3 +- twoliter/src/main.rs | 1 - twoliter/src/{ => project}/lock/archive.rs | 0 twoliter/src/{ => project}/lock/image.rs | 0 twoliter/src/{ => project}/lock/mod.rs | 50 ++++++------------- .../src/{ => project}/lock/verification.rs | 0 twoliter/src/{ => project}/lock/views.rs | 0 twoliter/src/{project.rs => project/mod.rs} | 34 ++++++++++++- twoliter/src/test/cargo_make.rs | 16 ++---- 14 files changed, 61 insertions(+), 66 deletions(-) rename twoliter/src/{ => project}/lock/archive.rs (100%) rename twoliter/src/{ => project}/lock/image.rs (100%) rename twoliter/src/{ => project}/lock/mod.rs (86%) rename twoliter/src/{ => project}/lock/verification.rs (100%) rename twoliter/src/{ => project}/lock/views.rs (100%) rename twoliter/src/{project.rs => project/mod.rs} (96%) diff --git a/twoliter/src/cmd/build.rs b/twoliter/src/cmd/build.rs index 26457c1ca..3efb4dae9 100644 --- a/twoliter/src/cmd/build.rs +++ b/twoliter/src/cmd/build.rs @@ -1,7 +1,6 @@ use super::build_clean::BuildClean; use crate::cargo_make::CargoMake; use crate::common::fs; -use crate::lock::Lock; use crate::project; use crate::tools::install_tools; use anyhow::{Context, Result}; @@ -53,7 +52,7 @@ pub(crate) struct BuildKit { impl BuildKit { pub(super) async fn run(&self) -> Result<()> { let project = project::load_or_find_project(self.project_path.clone()).await?; - let lock = Lock::load(&project).await?; + let lock = project.load_lock().await?; let toolsdir = project.project_dir().join("build/tools"); install_tools(&toolsdir).await?; let makefile_path = toolsdir.join("Makefile.toml"); @@ -113,7 +112,7 @@ pub(crate) struct BuildVariant { impl BuildVariant { pub(super) async fn run(&self) -> Result<()> { let project = project::load_or_find_project(self.project_path.clone()).await?; - let lock = Lock::load(&project).await?; + let lock = project.load_lock().await?; let toolsdir = project.project_dir().join("build/tools"); install_tools(&toolsdir).await?; let makefile_path = toolsdir.join("Makefile.toml"); diff --git a/twoliter/src/cmd/build_clean.rs b/twoliter/src/cmd/build_clean.rs index 754327d58..9aa3140c2 100644 --- a/twoliter/src/cmd/build_clean.rs +++ b/twoliter/src/cmd/build_clean.rs @@ -1,5 +1,4 @@ use crate::cargo_make::CargoMake; -use crate::lock::Lock; use crate::project; use crate::tools; use anyhow::Result; @@ -16,7 +15,7 @@ pub(crate) struct BuildClean { impl BuildClean { pub(super) async fn run(&self) -> Result<()> { let project = project::load_or_find_project(self.project_path.clone()).await?; - let lock = Lock::load(&project).await?; + let lock = project.load_lock().await?; let toolsdir = project.project_dir().join("build/tools"); tools::install_tools(&toolsdir).await?; let makefile_path = toolsdir.join("Makefile.toml"); diff --git a/twoliter/src/cmd/fetch.rs b/twoliter/src/cmd/fetch.rs index 5db655900..089d2f49b 100644 --- a/twoliter/src/cmd/fetch.rs +++ b/twoliter/src/cmd/fetch.rs @@ -1,4 +1,3 @@ -use crate::lock::Lock; use crate::project; use anyhow::Result; use clap::Parser; @@ -18,7 +17,7 @@ pub(crate) struct Fetch { impl Fetch { pub(super) async fn run(&self) -> Result<()> { let project = project::load_or_find_project(self.project_path.clone()).await?; - let lock_file = Lock::load(&project).await?; + let lock_file = project.load_lock().await?; lock_file.fetch(&project, self.arch.as_str()).await?; Ok(()) } diff --git a/twoliter/src/cmd/make.rs b/twoliter/src/cmd/make.rs index 1ca7ee798..1a4bfb028 100644 --- a/twoliter/src/cmd/make.rs +++ b/twoliter/src/cmd/make.rs @@ -1,5 +1,4 @@ use crate::cargo_make::CargoMake; -use crate::lock::{Lock, LockedSDK}; use crate::project::{self}; use crate::tools::install_tools; use anyhow::Result; @@ -80,10 +79,10 @@ impl Make { /// Returns the locked SDK image for the project. async fn locked_sdk(&self, project: &project::Project) -> Result { let sdk_source = if self.can_skip_kit_verification(project) { - let lock = LockedSDK::load(project).await?; + let lock = project.load_locked_sdk().await?; lock.0.source } else { - let lock = Lock::load(project).await?; + let lock = project.load_lock().await?; lock.sdk.source }; Ok(sdk_source) @@ -95,7 +94,7 @@ mod test { use std::path::Path; use crate::cmd::update::Update; - use crate::lock::VerificationTagger; + use crate::project::VerificationTagger; use super::*; @@ -215,7 +214,7 @@ mod test { let project = project::load_or_find_project(Some(project_path)) .await .unwrap(); - let sdk_source = LockedSDK::load(&project).await.unwrap().0.source; + let sdk_source = project.load_locked_sdk().await.unwrap().0.source; if delete_verifier_tags { // Clean up tags so that the build fails diff --git a/twoliter/src/cmd/publish_kit.rs b/twoliter/src/cmd/publish_kit.rs index 8cf35fca8..f223fb9f7 100644 --- a/twoliter/src/cmd/publish_kit.rs +++ b/twoliter/src/cmd/publish_kit.rs @@ -1,5 +1,4 @@ use crate::cargo_make::CargoMake; -use crate::lock::Lock; use crate::project; use crate::tools::install_tools; use anyhow::Result; @@ -37,7 +36,7 @@ pub(crate) struct PublishKit { impl PublishKit { pub(super) async fn run(&self) -> Result<()> { let project = project::load_or_find_project(self.project_path.clone()).await?; - let lock = Lock::load(&project).await?; + let lock = project.load_lock().await?; let toolsdir = project.project_dir().join("build/tools"); install_tools(&toolsdir).await?; let makefile_path = toolsdir.join("Makefile.toml"); diff --git a/twoliter/src/cmd/update.rs b/twoliter/src/cmd/update.rs index e225c5c63..ed274f31c 100644 --- a/twoliter/src/cmd/update.rs +++ b/twoliter/src/cmd/update.rs @@ -1,4 +1,3 @@ -use crate::lock::Lock; use crate::project; use anyhow::Result; use clap::Parser; @@ -14,7 +13,7 @@ pub(crate) struct Update { impl Update { pub(super) async fn run(&self) -> Result<()> { let project = project::load_or_find_project(self.project_path.clone()).await?; - Lock::create(&project).await?; + project.create_lock().await?; Ok(()) } } diff --git a/twoliter/src/main.rs b/twoliter/src/main.rs index d5f3e4328..f53eb9723 100644 --- a/twoliter/src/main.rs +++ b/twoliter/src/main.rs @@ -6,7 +6,6 @@ mod cargo_make; mod cmd; mod common; mod docker; -mod lock; mod project; mod schema_version; /// Test code that should only be compiled when running tests. diff --git a/twoliter/src/lock/archive.rs b/twoliter/src/project/lock/archive.rs similarity index 100% rename from twoliter/src/lock/archive.rs rename to twoliter/src/project/lock/archive.rs diff --git a/twoliter/src/lock/image.rs b/twoliter/src/project/lock/image.rs similarity index 100% rename from twoliter/src/lock/image.rs rename to twoliter/src/project/lock/image.rs diff --git a/twoliter/src/lock/mod.rs b/twoliter/src/project/lock/mod.rs similarity index 86% rename from twoliter/src/lock/mod.rs rename to twoliter/src/project/lock/mod.rs index b61a2f67b..c6a430ef6 100644 --- a/twoliter/src/lock/mod.rs +++ b/twoliter/src/project/lock/mod.rs @@ -4,13 +4,13 @@ /// do not mutate unexpectedly. /// Contains operations for working with an OCI Archive -pub mod archive; +mod archive; /// Covers resolution and validation of a single image dependency in a lock file -pub mod image; +mod image; /// Provides tools for marking artifacts as having been verified against the Twoliter lockfile -pub mod verification; +mod verification; /// Implements view models of common OCI manifest and configuration types -pub mod views; +mod views; pub(crate) use self::verification::VerificationTagger; @@ -61,24 +61,14 @@ impl LockedSDK { /// /// Re-resolves the project's SDK to ensure that the lockfile matches the state of the world. #[instrument(level = "trace", skip(project))] - pub(crate) async fn load(project: &Project) -> Result { - VerificationTagger::cleanup_existing_tags(project.external_kits_dir()).await?; - + pub(super) async fn load(project: &Project) -> Result { info!("Resolving project references to check against lock file"); - let resolved_lock = { - // bind `current_lock` in a block so that we can't accidentally pass it to the - // VerificationTagger. - let current_lock = Lock::current_lock_state(project).await?; - let resolved_lock = Self::resolve_sdk(project) - .await? - .context("Project does not have explicit SDK image.")?; - ensure!(¤t_lock.sdk == resolved_lock.as_ref(), "changes have occured to Twoliter.toml or the remote SDK image that require an update to Twoliter.lock"); - resolved_lock - }; - VerificationTagger::from(&resolved_lock) - .write_tags(project.external_kits_dir()) - .await?; + let current_lock = Lock::current_lock_state(project).await?; + let resolved_lock = Self::resolve_sdk(project) + .await? + .context("Project does not have explicit SDK image.")?; + ensure!(¤t_lock.sdk == resolved_lock.as_ref(), "changes have occured to Twoliter.toml or the remote SDK image that require an update to Twoliter.lock"); Ok(resolved_lock) } @@ -130,7 +120,7 @@ impl PartialEq for Lock { #[allow(dead_code)] impl Lock { #[instrument(level = "trace", skip(project))] - pub(crate) async fn create(project: &Project) -> Result { + pub(super) async fn create(project: &Project) -> Result { let lock_file_path = project.project_dir().join(TWOLITER_LOCK); info!("Resolving project references to create lock file"); @@ -149,22 +139,12 @@ impl Lock { /// Re-resolves the project's dependencies to ensure that the lockfile matches the state of the /// world. #[instrument(level = "trace", skip(project))] - pub(crate) async fn load(project: &Project) -> Result { - VerificationTagger::cleanup_existing_tags(project.external_kits_dir()).await?; - + pub(super) async fn load(project: &Project) -> Result { info!("Resolving project references to check against lock file"); - let resolved_lock = { - // bind `current_lock` in a block so that we can't accidentally pass it to the - // VerificationTagger. - let current_lock = Self::current_lock_state(project).await?; - let resolved_lock = Self::resolve(project).await?; - ensure!(current_lock == resolved_lock, "changes have occured to Twoliter.toml or the remote kit images that require an update to Twoliter.lock"); - resolved_lock - }; - VerificationTagger::from(&resolved_lock) - .write_tags(project.external_kits_dir()) - .await?; + let current_lock = Self::current_lock_state(project).await?; + let resolved_lock = Self::resolve(project).await?; + ensure!(current_lock == resolved_lock, "changes have occured to Twoliter.toml or the remote kit images that require an update to Twoliter.lock"); Ok(resolved_lock) } diff --git a/twoliter/src/lock/verification.rs b/twoliter/src/project/lock/verification.rs similarity index 100% rename from twoliter/src/lock/verification.rs rename to twoliter/src/project/lock/verification.rs diff --git a/twoliter/src/lock/views.rs b/twoliter/src/project/lock/views.rs similarity index 100% rename from twoliter/src/lock/views.rs rename to twoliter/src/project/lock/views.rs diff --git a/twoliter/src/project.rs b/twoliter/src/project/mod.rs similarity index 96% rename from twoliter/src/project.rs rename to twoliter/src/project/mod.rs index afdc8102c..7303c5b07 100644 --- a/twoliter/src/project.rs +++ b/twoliter/src/project/mod.rs @@ -1,6 +1,10 @@ +mod lock; + +pub(crate) use lock::VerificationTagger; + +use self::lock::{Lock, LockedSDK, Override}; use crate::common::fs::{self, read_to_string}; use crate::docker::ImageUri; -use crate::lock::{Override, VerificationTagger}; use crate::schema_version::SchemaVersion; use anyhow::{ensure, Context, Result}; use async_recursion::async_recursion; @@ -112,6 +116,34 @@ impl Project { Self::find_and_load(parent).await } + pub(crate) async fn create_lock(&self) -> Result { + Lock::create(self).await + } + + pub(crate) async fn load_lock(&self) -> Result { + VerificationTagger::cleanup_existing_tags(self.external_kits_dir()).await?; + + let resolved_lock = Lock::load(self).await?; + + VerificationTagger::from(&resolved_lock) + .write_tags(self.external_kits_dir()) + .await?; + + Ok(resolved_lock) + } + + pub(crate) async fn load_locked_sdk(&self) -> Result { + VerificationTagger::cleanup_existing_tags(self.external_kits_dir()).await?; + + let resolved_lock = LockedSDK::load(self).await?; + + VerificationTagger::from(&resolved_lock) + .write_tags(self.external_kits_dir()) + .await?; + + Ok(resolved_lock) + } + pub(crate) fn filepath(&self) -> PathBuf { self.filepath.clone() } diff --git a/twoliter/src/test/cargo_make.rs b/twoliter/src/test/cargo_make.rs index 849fd87ae..93b934563 100644 --- a/twoliter/src/test/cargo_make.rs +++ b/twoliter/src/test/cargo_make.rs @@ -3,7 +3,6 @@ use std::collections::BTreeMap; use semver::Version; use serde::Deserialize; -use crate::lock::{image::LockedImage, Lock}; use crate::project::ValidIdentifier; use crate::{cargo_make::CargoMake, project::Project, test::data_dir}; @@ -14,18 +13,9 @@ async fn test_cargo_make() { let version = Version::new(1, 2, 3); let vendor_id = ValidIdentifier("my-vendor".into()); let registry = "a.com/b"; - let lock = Lock { - schema_version: project.schema_version(), - kit: Vec::new(), - sdk: LockedImage { - name: "my-bottlerocket-sdk".parse().unwrap(), - version, - vendor: "my-vendor".parse().unwrap(), - source: format!("{}/{}:v{}", registry, "my-bottlerocket-sdk", "1.2.3"), - digest: "abc".to_string(), - }, - }; - let cargo_make = CargoMake::new(&lock.sdk.source) + let source = format!("{}/{}:v{}", registry, "my-bottlerocket-sdk", "1.2.3"); + + let cargo_make = CargoMake::new(&source) .unwrap() .makefile(data_dir().join("Makefile.toml")); cargo_make.exec("verify-twoliter-env").await.unwrap();