manta_server/service/
sat_file.rs

1//! SAT file apply orchestration (backend trait + HSM groups).
2//!
3//! Rendering (Jinja2), parsing, and `image_only` / `session_template_only`
4//! filtering are performed client-side by the CLI; this layer receives
5//! the already-parsed SAT file as a `serde_json::Value`, looks up the
6//! caller's available HSM groups, and forwards everything to the
7//! backend's `SatTrait`. The backend fetches its own Kubernetes secrets
8//! from Vault internally.
9
10use manta_backend_dispatcher::{
11  error::Error,
12  interfaces::{
13    apply_sat_file::{
14      ApplySatFileParams as BackendApplySatFileParams, SatTrait,
15    },
16    hsm::group::GroupTrait,
17  },
18  types::{
19    bos::{session::BosSession, session_template::BosSessionTemplate},
20    cfs::cfs_configuration_response::CfsConfigurationResponse,
21    ims::Image,
22  },
23};
24
25use crate::server::common::app_context::InfraContext;
26pub use manta_shared::shared::params::sat_file::ApplySatFileParams;
27
28/// Apply a pre-rendered SAT file via the backend.
29///
30/// Returns the four lists of artifacts the backend produced (or would
31/// produce, in `dry_run` mode): CFS configurations, IMS images, BOS
32/// session templates, and BOS sessions. The handler serialises these as
33/// the JSON response body so `manta apply sat-file` can show them.
34pub async fn apply_sat_file(
35  infra: &InfraContext<'_>,
36  token: &str,
37  gitea_token: &str,
38  vault_base_url: &str,
39  k8s_api_url: &str,
40  params: ApplySatFileParams<'_>,
41) -> Result<
42  (
43    Vec<CfsConfigurationResponse>,
44    Vec<Image>,
45    Vec<BosSessionTemplate>,
46    Vec<BosSession>,
47  ),
48  Error,
49> {
50  let hsm_group_available_vec =
51    infra.backend.get_group_name_available(token).await?;
52
53  infra
54    .backend
55    .apply_sat_file(BackendApplySatFileParams {
56      shasta_token: token,
57      shasta_base_url: infra.shasta_base_url,
58      shasta_root_cert: infra.shasta_root_cert,
59      socks5_proxy: infra.socks5_proxy,
60      vault_base_url,
61      site_name: infra.site_name,
62      k8s_api_url,
63      sat_file: params.sat_file,
64      hsm_group_available_vec: &hsm_group_available_vec,
65      ansible_verbosity: params.ansible_verbosity,
66      ansible_passthrough: params.ansible_passthrough,
67      gitea_base_url: infra.gitea_base_url,
68      gitea_token,
69      reboot: params.reboot,
70      watch_logs: params.watch_logs,
71      timestamps: params.timestamps,
72      debug_on_failure: true,
73      overwrite: params.overwrite,
74      dry_run: params.dry_run,
75    })
76    .await
77}