scl_lib/api_objects/

virtual_machine.rs

// SPDX-License-Identifier: EUPL-1.2
use crate::api_objects::{
    Error, MetaData, Node, Resources, Result, SclName, SclObject, SeparationContext,
    TransitionError, Url, Volume,
};
use crate::LogError;
use serde::{Deserialize, Serialize};
use std::str::FromStr;

#[cfg(feature = "openapi")]
use aide::OperationIo;
#[cfg(feature = "openapi")]
use schemars::JsonSchema;

#[derive(Clone, Debug, Default, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(OperationIo, JsonSchema))]
#[cfg_attr(feature = "openapi", aide(output))]
#[serde(rename_all = "camelCase")]
pub enum TargetVmStatus {
    #[default]
    Running,
    Paused,
    Stopped,
}

impl FromStr for TargetVmStatus {
    type Err = String;

    fn from_str(s: &str) -> std::result::Result<Self, Self::Err> {
        use TargetVmStatus::*;
        match s {
            "running" => Ok(Running),
            "paused" => Ok(Paused),
            "stopped" => Ok(Stopped),
            _ => Err("Valid variants are: running, paused, stopped.".to_string()),
        }
    }
}

// Important: Make sure to update `deny_illegal_field_changes` when new fields are added.
#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
#[cfg_attr(feature = "openapi", derive(OperationIo, JsonSchema))]
#[cfg_attr(feature = "openapi", aide(output))]
#[serde(rename_all = "camelCase")]
pub struct VirtualMachine {
    #[serde(flatten)]
    pub metadata: MetaData,
    pub separation_context: SclName,
    pub spec: VmSpec,
    /// Latest status of the virtual machine. Does not need to be specified by the user when
    /// creating (POST), as it is initialized with the default values.
    #[serde(default)]
    pub status: VmStatus,
}

use std::cmp::Ordering;

impl Ord for VirtualMachine {
    fn cmp(&self, other: &Self) -> Ordering {
        (&self.separation_context, &self.metadata.name)
            .cmp(&(&other.separation_context, &other.metadata.name))
    }
}

impl PartialOrd for VirtualMachine {
    fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
        Some(self.cmp(other))
    }
}

impl SclObject for VirtualMachine {
    /// Prefix for all [VirtualMachine]s (`"/vms"`).
    const PREFIX: &'static str = "/vms";

    fn name(&self) -> &SclName {
        &self.metadata.name
    }

    fn separation_context(&self) -> Option<&SclName> {
        Some(&self.separation_context)
    }

    fn metadata(&self) -> &MetaData {
        &self.metadata
    }

    fn metadata_mut(&mut self) -> &mut MetaData {
        &mut self.metadata
    }

    fn referenced_db_keys(&self) -> Vec<String> {
        use VmStatus::*;

        let mut references = vec![SeparationContext::db_key(
            self.separation_context.as_str(),
            None,
        )];

        if let BootVolume::Volume(ref vol) = self.spec.boot_volume {
            references.push(Volume::db_key(
                self.separation_context.as_str(),
                vol.as_str(),
            ))
        }

        match &self.status {
            NotAssigned(_) => references,
            Prepared(c) | Scheduled(c) | Running(c) | Paused(c) | Stopped(c) | Error(c) => {
                let node_key = Node::db_key(None, c.assigned_node.as_str());
                references.push(node_key);
                references
            }
        }
    }

    fn validate_fields_before_create(&self) -> Result<()> {
        self.metadata.validate_fields_before_create()?;

        if self.status != VmStatus::default() {
            return Err(Error::IllegalInitialValue(
                "Invalid initial VM status!".to_string(),
            ));
        }

        if self.spec.target_state != TargetVmStatus::default() {
            return Err(Error::IllegalInitialValue(
                "Invalid initial VM target state!".to_string(),
            ));
        }

        if !self.spec.resources.all_resources_are_greater_than_zero() {
            return Err(Error::IllegalInitialValue(
                "All resources must be greater than 0!".to_string(),
            ));
        }

        Ok(())
    }

    fn validate_fields_before_update(
        current_db_state: &Self,
        proposed_new_state: &Self,
    ) -> Result<()> {
        MetaData::validate_fields_before_regular_update(
            &current_db_state.metadata,
            &proposed_new_state.metadata,
        )?;

        if current_db_state.separation_context != proposed_new_state.separation_context
            || current_db_state.spec.resources != proposed_new_state.spec.resources
            || current_db_state.spec.boot_volume != proposed_new_state.spec.boot_volume
            || current_db_state.spec.network_device_name
                != proposed_new_state.spec.network_device_name
            || current_db_state.spec.cloud_init_config != proposed_new_state.spec.cloud_init_config
        {
            return Err(TransitionError::Other(
                "Only vm.status and vm.spec.target_state fields may be updated!".to_string(),
            )
            .into());
        }

        if let (VmStatus::NotAssigned(_), VmStatus::Scheduled(cond)) =
            (&current_db_state.status, &proposed_new_state.status)
        {
            if current_db_state.spec.resources != cond.reserved_resources {
                return Err(TransitionError::Other(
                    "Reserved resources must match specified resources".to_string(),
                )
                .into());
            }

            if !cond
                .reserved_resources
                .all_resources_are_greater_than_zero()
            {
                // Given that the specified resources and reserved resources are equal,
                // it was possible to insert vcpu / ram_mib values with 0, which must not happen.
                return Err(Error::Application);
            }
        }

        validate_status_transition(&current_db_state.status, &proposed_new_state.status).log_err()
    }
}

#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(OperationIo, JsonSchema))]
#[cfg_attr(feature = "openapi", aide(output))]
#[serde(rename_all = "camelCase")]
pub enum VmStatus {
    NotAssigned(NotAssignedStatus),
    Prepared(VmCondition),
    Scheduled(VmCondition),
    Running(VmCondition),
    Paused(VmCondition),
    Stopped(VmCondition),
    Error(VmCondition),
}

impl VmStatus {
    pub fn condition(&self) -> Option<&VmCondition> {
        use VmStatus::*;
        match self {
            Scheduled(c) | Prepared(c) | Running(c) | Paused(c) | Stopped(c) | Error(c) => Some(c),
            NotAssigned(_) => None,
        }
    }

    pub fn condition_mut(&mut self) -> Option<&mut VmCondition> {
        use VmStatus::*;
        match self {
            Scheduled(c) | Prepared(c) | Running(c) | Paused(c) | Stopped(c) | Error(c) => Some(c),
            NotAssigned(_) => None,
        }
    }
}

#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(OperationIo, JsonSchema))]
#[cfg_attr(feature = "openapi", aide(output))]
#[serde(rename_all = "camelCase")]
pub enum NotAssignedStatus {
    Pending,
    InsufficientResources,
}

#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(OperationIo, JsonSchema))]
#[cfg_attr(feature = "openapi", aide(output))]
#[serde(rename_all = "camelCase")]
pub struct VmCondition {
    pub reserved_resources: Resources,
    pub assigned_node: SclName,
    pub transition_info: Option<TransitionInfo>,
}

#[derive(Clone, Debug, Deserialize, Eq, Ord, PartialEq, PartialOrd, Serialize)]
#[cfg_attr(feature = "openapi", derive(OperationIo, JsonSchema))]
#[cfg_attr(feature = "openapi", aide(output))]
#[serde(rename_all = "camelCase")]
pub struct TransitionInfo {
    pub transition_time: u64,      // TODO do we need to change this?
    pub previous_vm_state: String, // Don't use `VmStatus` here in order to prevent infinite recursion.
    pub error_description: String, // Like "VM won't boot". TODO use proper error type instead.
}

impl Default for VmStatus {
    fn default() -> Self {
        VmStatus::NotAssigned(NotAssignedStatus::Pending)
    }
}

#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
#[cfg_attr(feature = "openapi", derive(OperationIo, JsonSchema))]
#[cfg_attr(feature = "openapi", aide(output))]
#[serde(rename_all = "camelCase")]
pub struct LocalStorage {
    /// Size in mebibyte reserved for the volume.
    #[cfg_attr(feature = "openapi", validate(range(min = 1)))]
    #[serde(rename = "sizeMiB")]
    pub size_mib: u64,
    // URL pointing to initial data that should be copied into the new volume.
    /// Make sure that the `size_mib` is at least as large as the required disk space.
    pub image: Url,
}

#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
#[cfg_attr(feature = "openapi", derive(OperationIo, JsonSchema))]
#[cfg_attr(feature = "openapi", aide(output))]
#[serde(rename_all = "camelCase")]
pub enum BootVolume {
    Volume(SclName),
    Local(LocalStorage),
}

#[derive(Clone, Debug, Deserialize, Eq, PartialEq, Serialize)]
#[cfg_attr(feature = "openapi", derive(OperationIo, JsonSchema))]
#[cfg_attr(feature = "openapi", aide(output))]
#[serde(rename_all = "camelCase")]
pub struct VmSpec {
    pub resources: Resources,
    #[serde(default)]
    pub target_state: TargetVmStatus,
    pub boot_volume: BootVolume,
    pub network_device_name: String,
    pub cloud_init_config: Option<serde_json::Value>,
}

/// Does **not** consider additional context (e.g, specified resources vs. reserved resources
/// in the [VmCondition]).
fn validate_status_transition(old_state: &VmStatus, new_state: &VmStatus) -> Result<()> {
    use NotAssignedStatus::*;
    use VmStatus::*;
    match (old_state, new_state) {
        (NotAssigned(_), Scheduled(_))
        | (NotAssigned(Pending), NotAssigned(InsufficientResources))
        | (Scheduled(_), NotAssigned(Pending))
        | (Stopped(_), NotAssigned(Pending)) => Ok(()),

        // Assigned node and reserved resources must stay the same.
        (Scheduled(a), Prepared(b))
        | (Scheduled(a), Scheduled(b))
        | (Prepared(a), Running(b))
        | (Prepared(a), Prepared(b))
        | (Running(a), Paused(b))
        | (Running(a), Stopped(b))
        | (Running(a), Running(b))
        | (Paused(a), Stopped(b))
        | (Paused(a), Running(b))
        | (Paused(a), Paused(b))
        | (Stopped(a), Running(b))
        | (Stopped(a), Stopped(b))
            if a.assigned_node == b.assigned_node
                && a.reserved_resources == b.reserved_resources =>
        {
            Ok(())
        }
        (_, Error(_)) => Ok(()),
        (_, _) => Err(TransitionError::Other(format!(
            "Invalid transition: Old({:?}) / New({:?})",
            old_state, new_state
        ))
        .into()),
    }
}

#[cfg(test)]
mod test {
    use super::{TargetVmStatus, VirtualMachine, VmSpec};
    use crate::api_objects::test::{
        detect_invalid_create_mutations, detect_invalid_metadata_create_mutations,
        detect_invalid_metadata_update_mutations, detect_invalid_update_mutations, parse_json_dir,
    };
    use crate::api_objects::virtual_machine::validate_status_transition;
    use crate::api_objects::{
        BootVolume, MetaData, Node, NotAssignedStatus, Resources, SclName, SclObject,
        SeparationContext, VmCondition, VmStatus, Volume,
    };
    use std::path::Path;

    #[test]
    fn parse_sample_json() {
        parse_json_dir::<VirtualMachine>(Path::new("../test/sample_json/vms"));
    }

    fn example_vm() -> VirtualMachine {
        VirtualMachine {
            metadata: MetaData::new(SclName::try_from("example").unwrap()),
            separation_context: SclName::try_from("sc-123").unwrap(),
            spec: VmSpec {
                resources: Resources {
                    vcpu: 10,
                    ram_mib: 5000,
                },
                boot_volume: BootVolume::Volume(SclName::try_from("vol-333").unwrap()),
                target_state: TargetVmStatus::default(),
                network_device_name: "tapvm".to_string(),
                cloud_init_config: None,
            },
            status: Default::default(),
        }
    }

    fn example_condition() -> VmCondition {
        VmCondition {
            reserved_resources: Resources {
                vcpu: 1,
                ram_mib: 1,
            },
            assigned_node: SclName::try_from("some-node").unwrap(),
            transition_info: None,
        }
    }

    #[test]
    fn metadata_references() {
        use std::convert::TryFrom;
        let mut vm = example_vm();
        let mut expected_refs = vec![
            SeparationContext::db_key(None, "sc-123"),
            Volume::db_key("sc-123", "vol-333"),
        ];
        assert_eq!(vm.referenced_db_keys(), expected_refs);

        vm.status = VmStatus::Scheduled(VmCondition {
            reserved_resources: Default::default(),
            assigned_node: SclName::try_from("node-456").unwrap(),
            transition_info: None,
        });

        expected_refs.push(Node::db_key(None, "node-456"));
        assert_eq!(vm.referenced_db_keys(), expected_refs);
    }

    /// Does not consider any [VmCondition] details.
    #[test]
    fn test_validate_status_transition() {
        use NotAssignedStatus::{InsufficientResources as IR, Pending as P}; // Better formatting.
        use VmStatus::*;

        let cond = example_condition();
        let inputs: Vec<(VmStatus, VmStatus, bool)> = vec![
            (NotAssigned(P), NotAssigned(P), false),
            (NotAssigned(P), NotAssigned(IR), true),
            (NotAssigned(P), Scheduled(cond.clone()), true),
            (NotAssigned(P), Running(cond.clone()), false),
            (NotAssigned(P), Paused(cond.clone()), false),
            (NotAssigned(P), Stopped(cond.clone()), false),
            (NotAssigned(IR), NotAssigned(P), false),
            (NotAssigned(IR), NotAssigned(IR), false),
            (NotAssigned(IR), Scheduled(cond.clone()), true),
            (NotAssigned(IR), Running(cond.clone()), false),
            (NotAssigned(IR), Paused(cond.clone()), false),
            (NotAssigned(IR), Stopped(cond.clone()), false),
            (Scheduled(cond.clone()), NotAssigned(P), true),
            (Scheduled(cond.clone()), NotAssigned(IR), false),
            (Scheduled(cond.clone()), Scheduled(cond.clone()), true),
            (Scheduled(cond.clone()), Running(cond.clone()), false),
            (Scheduled(cond.clone()), Paused(cond.clone()), false),
            (Scheduled(cond.clone()), Stopped(cond.clone()), false),
            (Scheduled(cond.clone()), Prepared(cond.clone()), true),
            (Running(cond.clone()), NotAssigned(P), false),
            (Running(cond.clone()), NotAssigned(IR), false),
            (Running(cond.clone()), Scheduled(cond.clone()), false),
            (Running(cond.clone()), Running(cond.clone()), true),
            (Running(cond.clone()), Paused(cond.clone()), true),
            (Running(cond.clone()), Stopped(cond.clone()), true),
            (Running(cond.clone()), Prepared(cond.clone()), false),
            (Paused(cond.clone()), NotAssigned(P), false),
            (Paused(cond.clone()), NotAssigned(IR), false),
            (Paused(cond.clone()), Scheduled(cond.clone()), false),
            (Paused(cond.clone()), Running(cond.clone()), true),
            (Paused(cond.clone()), Paused(cond.clone()), true),
            (Paused(cond.clone()), Stopped(cond.clone()), true),
            (Paused(cond.clone()), Prepared(cond.clone()), false),
            (Stopped(cond.clone()), NotAssigned(P), true),
            (Stopped(cond.clone()), NotAssigned(IR), false),
            (Stopped(cond.clone()), Scheduled(cond.clone()), false),
            (Stopped(cond.clone()), Running(cond.clone()), true),
            (Stopped(cond.clone()), Paused(cond.clone()), false),
            (Stopped(cond.clone()), Stopped(cond.clone()), true),
            (Stopped(cond.clone()), Prepared(cond), false),
        ];

        for (a, b, is_ok) in inputs {
            assert_eq!(validate_status_transition(&a, &b).is_ok(), is_ok);
        }
    }

    #[test]
    fn test_validate_status_transition_not_assigned_scheduled() {
        // Specified and reserved *resources* must match.
        let mut a = example_vm();
        assert!(matches!(
            &a.status,
            VmStatus::NotAssigned(NotAssignedStatus::Pending)
        ));
        let mut b = example_vm();
        b.status = VmStatus::Scheduled(example_condition());
        assert_ne!(a.spec.resources, example_condition().reserved_resources);
        assert!(VirtualMachine::validate_fields_before_update(&a, &b).is_err());

        a.spec.resources = example_condition().reserved_resources;
        b.spec.resources = example_condition().reserved_resources;
        assert!(VirtualMachine::validate_fields_before_update(&a, &b).is_ok());

        // Example: status validation is performed.
        a.status = VmStatus::NotAssigned(NotAssignedStatus::InsufficientResources);
        assert!(VirtualMachine::validate_fields_before_update(&b, &a).is_err());

        // Reserved resources must be greater than 0. (*specified* resources are validated during
        // creation and immutable later; *reserved* resources are specified during an update
        // from NotAssigned to Scheduled and otherwise (in theory) immutable).
        a.spec.resources = Resources {
            vcpu: 0,
            ram_mib: 0,
        };

        b.spec.resources = a.spec.resources.clone();
        b.status = VmStatus::Scheduled(VmCondition {
            reserved_resources: Resources {
                vcpu: 0,
                ram_mib: 0,
            },
            assigned_node: SclName::try_from("hello").unwrap(),
            transition_info: None,
        });
        assert!(VirtualMachine::validate_fields_before_update(&a, &b).is_err());
    }

    /// Checks for every [VmStatus] pair with a nested [VmCondition] that changes of its `assigned_node`,
    /// `reserved_resources.vcpu`, and `reserved_resources.ram_mib` fields are denied.
    macro_rules! test_invalid_vm_condition_changes {
        ($($name:ident: $value:expr,)*) => {
            $(
                #[test]
                fn $name() {
                    let cond = example_condition();
                    let scheduled: VmStatus = $value.0(cond.clone());

                    // Changed vcpu value must be denied.
                    let mut v1 = cond.clone();
                    v1.reserved_resources.vcpu = 0;
                    let c1: VmStatus = $value.1(v1);
                    assert!(validate_status_transition(&scheduled, &c1).is_err());

                    // Changed ram_mib value must be denied.
                    let mut v2 = cond.clone();
                    v2.reserved_resources.ram_mib = 0;
                    let c2: VmStatus = $value.1(v2);
                    assert!(validate_status_transition(&scheduled, &c2).is_err());

                    // Changed assigned host must be denied.
                    let mut v3 = cond.clone();
                    v3.assigned_node = SclName::try_from("changed").unwrap();
                    let c3: VmStatus = $value.1(v3);
                    assert!(validate_status_transition(&scheduled, &c3).is_err());
                }
            )*
        }
    }

    test_invalid_vm_condition_changes! {
        // The over-coverage (resulting from testing on a type level and therefore including
        // *currently* invalid deemed transitions) reduces the future need for test maintenance.
        test_vm_condition_changes_sc_sc: (VmStatus::Scheduled, VmStatus::Scheduled),
        test_vm_condition_changes_sc_ru: (VmStatus::Scheduled, VmStatus::Running),
        test_vm_condition_changes_sc_pa: (VmStatus::Scheduled, VmStatus::Paused),
        test_vm_condition_changes_sc_st: (VmStatus::Scheduled, VmStatus::Stopped),
        test_vm_condition_changes_ru_sc: (VmStatus::Running, VmStatus::Scheduled),
        test_vm_condition_changes_ru_ru: (VmStatus::Running, VmStatus::Running),
        test_vm_condition_changes_ru_pa: (VmStatus::Running, VmStatus::Paused),
        test_vm_condition_changes_ru_st: (VmStatus::Running, VmStatus::Stopped),
        test_vm_condition_changes_pa_sc: (VmStatus::Paused, VmStatus::Scheduled),
        test_vm_condition_changes_pa_ru: (VmStatus::Paused, VmStatus::Running),
        test_vm_condition_changes_pa_pa: (VmStatus::Paused, VmStatus::Paused),
        test_vm_condition_changes_pa_st: (VmStatus::Paused, VmStatus::Stopped),
        test_vm_condition_changes_st_sc: (VmStatus::Stopped, VmStatus::Scheduled),
        test_vm_condition_changes_st_ru: (VmStatus::Stopped, VmStatus::Running),
        test_vm_condition_changes_st_pa: (VmStatus::Stopped, VmStatus::Paused),
        test_vm_condition_changes_st_st: (VmStatus::Stopped, VmStatus::Stopped),
    }

    #[test]
    fn validate_fields_before_create() {
        use VmStatus::*;

        let vm = example_vm();
        assert!(VirtualMachine::validate_fields_before_create(&vm).is_ok());

        #[allow(clippy::type_complexity)]
        let invalid_mutations: Vec<Box<dyn Fn(&mut VirtualMachine)>> = vec![
            Box::new(|t| t.spec.resources.vcpu = 0),
            Box::new(|t| t.spec.resources.ram_mib = 0),
            Box::new(|t| t.spec.target_state = TargetVmStatus::Paused),
            Box::new(|t| t.spec.target_state = TargetVmStatus::Stopped),
            Box::new(|t| t.status = NotAssigned(NotAssignedStatus::InsufficientResources)),
            Box::new(|t| t.status = Scheduled(example_condition())),
            Box::new(|t| t.status = Running(example_condition())),
            Box::new(|t| t.status = Paused(example_condition())),
            Box::new(|t| t.status = Stopped(example_condition())),
        ];

        detect_invalid_create_mutations(&vm, invalid_mutations);
    }

    #[test]
    fn validate_fields_before_update() {
        let current = example_vm();

        #[allow(clippy::type_complexity)]
        let invalid_mutations: Vec<Box<dyn Fn(&mut VirtualMachine)>> = vec![
            Box::new(|t| t.separation_context = SclName::try_from("changed").unwrap()),
            Box::new(|t| t.spec.resources.vcpu = 4),
            Box::new(|t| t.spec.resources.vcpu = 0),
            Box::new(|t| t.spec.resources.ram_mib = 4),
            Box::new(|t| t.spec.resources.ram_mib = 0),
            Box::new(|t| {
                t.spec.boot_volume = BootVolume::Volume(SclName::try_from("changed").unwrap())
            }),
            Box::new(|t| t.spec.network_device_name = String::from("changed")),
            Box::new(|t| t.spec.cloud_init_config = Some(serde_json::from_str("{}").unwrap())),
        ];

        detect_invalid_update_mutations(&current, &current, invalid_mutations);
    }

    #[test]
    fn detect_invalid_metadata_mutations() {
        let t = example_vm();
        detect_invalid_metadata_create_mutations(&t);
        detect_invalid_metadata_update_mutations(&t);
    }
}