[21/n] reconfigurator-cli] add tuf-assemble command for TUF repo generation (#8469)

I need the ability to generate TUF repos for upcoming tests, and
adapting the `target-release.txt` test seemed like the easiest way to do
it.

This also means that we no longer need to handle that test through a
custom wrapper -- the standard `test-scripts.rs` test harness works well
for it now.

This is a standalone PR that can land independently of the rest.

Author: sunshowers

Cargo.lock

@@ -42,7 +42,10 @@ slog.workspace = true
 swrite.workspace = true
 tabled.workspace = true
 tokio.workspace = true
+toml.workspace = true
+tufaceous.workspace = true
 tufaceous-artifact.workspace = true
+tufaceous-lib.workspace = true
 update-common.workspace = true
 uuid.workspace = true
 omicron-workspace-hack.workspace = true
@@ -59,7 +62,6 @@ omicron-test-utils.workspace = true
 serde.workspace = true
 subprocess.workspace = true
 tokio.workspace = true
-tufaceous.workspace = true
 
 # Disable doc builds by default for our binaries to work around issue
 # rust-lang/cargo#8373.  These docs would not be very useful anyway.

dev-tools/reconfigurator-cli/Cargo.toml

@@ -60,10 +60,19 @@ use tabled::Tabled;
 use tufaceous_artifact::ArtifactHash;
 use tufaceous_artifact::ArtifactVersion;
 use tufaceous_artifact::ArtifactVersionError;
+use tufaceous_lib::assemble::ArtifactManifest;
 use update_common::artifacts::{ArtifactsWithPlan, ControlPlaneZonesMode};
 
 mod log_capture;
 
+/// The default key for TUF repository generation.
+///
+/// This was randomly generated through a tufaceous invocation.
+pub static DEFAULT_TUFACEOUS_KEY: &str = "ed25519:\
+MFECAQEwBQYDK2VwBCIEIJ9CnAhwk8PPt1x8icu\
+z9c12PdfCRHJpoUkuqJmIZ8GbgSEAbNGMpsHK5_w32\
+qwYdZH_BeVssmKzQlFsnPuaiHx2hy0=";
+
 /// REPL state
 #[derive(Debug)]
 struct ReconfiguratorSim {
@@ -228,6 +237,7 @@ fn process_command(
         Commands::BlueprintSave(args) => cmd_blueprint_save(sim, args),
         Commands::Show => cmd_show(sim),
         Commands::Set(args) => cmd_set(sim, args),
+        Commands::TufAssemble(args) => cmd_tuf_assemble(sim, args),
         Commands::Load(args) => cmd_load(sim, args),
         Commands::LoadExample(args) => cmd_load_example(sim, args),
         Commands::FileContents(args) => cmd_file_contents(args),
@@ -303,6 +313,9 @@ enum Commands {
     #[command(subcommand)]
     Set(SetArgs),
 
+    /// use tufaceous to generate a repo from a manifest
+    TufAssemble(TufAssembleArgs),
+
     /// save state to a file
     Save(SaveArgs),
     /// load state from a file
@@ -735,6 +748,20 @@ enum SetArgs {
     },
 }
 
+#[derive(Debug, Args)]
+struct TufAssembleArgs {
+    /// The tufaceous manifest path (relative to this crate's root)
+    manifest_path: Utf8PathBuf,
+
+    #[clap(
+        long,
+        // Use help here rather than a doc comment because rustdoc doesn't like
+        // `<` and `>` in help messages.
+        help = "The path to the output [default: repo-<system-version>.zip]"
+    )]
+    output: Option<Utf8PathBuf>,
+}
+
 #[derive(Debug, Args)]
 struct LoadArgs {
     /// input file
@@ -1770,6 +1797,60 @@ fn cmd_set(
     Ok(Some(rv))
 }
 
+fn cmd_tuf_assemble(
+    sim: &ReconfiguratorSim,
+    args: TufAssembleArgs,
+) -> anyhow::Result<Option<String>> {
+    let manifest_path = if args.manifest_path.is_absolute() {
+        args.manifest_path.clone()
+    } else {
+        // Use CARGO_MANIFEST_DIR to resolve relative paths.
+        let dir = std::env::var("CARGO_MANIFEST_DIR").context(
+            "CARGO_MANIFEST_DIR not set in environment \
+             (are you running with `cargo run`?)",
+        )?;
+        let mut dir = Utf8PathBuf::from(dir);
+        dir.push(&args.manifest_path);
+        dir
+    };
+
+    // Obtain the system version from the manifest.
+    let manifest =
+        ArtifactManifest::from_path(&manifest_path).with_context(|| {
+            format!("error parsing manifest from `{manifest_path}`")
+        })?;
+
+    let output_path = if let Some(output_path) = &args.output {
+        output_path.clone()
+    } else {
+        // This is relative to the current directory.
+        Utf8PathBuf::from(format!("repo-{}.zip", manifest.system_version))
+    };
+
+    // Just use a fixed key for now.
+    //
+    // In the future we may want to test changing the TUF key.
+    let args = tufaceous::Args::try_parse_from([
+        "tufaceous",
+        "--key",
+        DEFAULT_TUFACEOUS_KEY,
+        "assemble",
+        manifest_path.as_str(),
+        output_path.as_str(),
+    ])
+    .expect("args are valid so this shouldn't fail");
+    let rt =
+        tokio::runtime::Runtime::new().context("creating tokio runtime")?;
+    rt.block_on(async move { args.exec(&sim.log).await })
+        .context("error executing tufaceous assemble")?;
+
+    let rv = format!(
+        "created {} for system version {}",
+        output_path, manifest.system_version,
+    );
+    Ok(Some(rv))
+}
+
 fn read_file(
     input_path: &camino::Utf8Path,
 ) -> anyhow::Result<UnstableReconfiguratorState> {

dev-tools/reconfigurator-cli/src/lib.rs

@@ -57,6 +57,7 @@ pub fn script_with_cwd(
     // However, it's necessary to redact paths from generated log entries.
     let stdout_text = Redactor::default()
         .uuids(false)
+        .field("assembling repository in", ".*")
         .field("extracting uploaded archive to", ".*")
         .field("created directory to store extracted artifacts, path:", ".*")
         .do_redact(&stdout_text);

dev-tools/reconfigurator-cli/tests/common/mod.rs

@@ -4,9 +4,12 @@ load-example --nsleds 3 --ndisks-per-sled 3
 # Print the default target release
 show
 
-# Load a target release from a fake file.
-# This file was generated by the test runner in a temporary directory that this
-# invocation of `reconfigurator-cli` is running out of as its working directory.
+# Create a TUF repository from a fake manifest. (The output TUF repo is
+# written to a temporary directory that this invocation of `reconfigurator-cli`
+# is running out of as its working directory.)
+tuf-assemble ../../update-common/manifests/fake.toml
+
+# Load the target release from the assembled TUF repository.
 set target-release repo-1.0.0.zip
 
 # Print the default target release again.

dev-tools/reconfigurator-cli/tests/input/target-release.txt renamed to dev-tools/reconfigurator-cli/tests/input/cmds-target-release.txt

@@ -17,9 +17,16 @@ target release (generation 1): unset
 
 
 
-> # Load a target release from a fake file.
-> # This file was generated by the test runner in a temporary directory that this
-> # invocation of `reconfigurator-cli` is running out of as its working directory.
+> # Create a TUF repository from a fake manifest. (The output TUF repo is
+> # written to a temporary directory that this invocation of `reconfigurator-cli`
+> # is running out of as its working directory.)
+> tuf-assemble ../../update-common/manifests/fake.toml
+INFO assembling repository in <ASSEMBLING_REPOSITORY_IN_REDACTED>
+INFO artifacts assembled and archived to `repo-1.0.0.zip`, component: OmicronRepoAssembler
+created repo-1.0.0.zip for system version 1.0.0
+
+
+> # Load the target release from the assembled TUF repository.
 > set target-release repo-1.0.0.zip
 INFO extracting uploaded archive to <EXTRACTING_UPLOADED_ARCHIVE_TO_REDACTED>
 INFO created directory to store extracted artifacts, path: <CREATED_DIRECTORY_TO_STORE_EXTRACTED_ARTIFACTS_PATH_REDACTED>