canic-host 0.69.4

Host-side build, install, deployment, and fleet-template library for Canic workspaces
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135

use super::super::*;
use serde::Serialize;

#[derive(Serialize)]
struct DeploymentRootVerificationReportDigestInput<'a> {
    report_id: &'a str,
    requested_at: &'a str,
    evidence_status: DeploymentRootVerificationEvidenceStatusV1,
    state_transition: DeploymentRootVerificationStateTransitionV1,
    deployment_name: &'a str,
    network: &'a str,
    expected_fleet_template: &'a str,
    expected_root_principal: &'a str,
    observed_deployment_name: &'a Option<String>,
    observed_network: &'a Option<String>,
    observed_fleet_template: &'a Option<String>,
    observed_root_principal: &'a Option<String>,
    observed_root_canister_id: &'a Option<String>,
    observed_root_observation_source: &'a Option<DeploymentRootObservationSourceV1>,
    source: DeploymentRootVerificationSourceV1,
    source_check_id: &'a str,
    source_check_digest: &'a str,
    source_deployment_plan_id: &'a str,
    source_deployment_plan_digest: &'a str,
    source_inventory_id: &'a str,
    source_inventory_digest: &'a str,
    current_root_verification: DeploymentRootVerificationStateV1,
    identity_checks: &'a [DeploymentRootVerificationCheckV1],
    evidence_checks: &'a [DeploymentRootVerificationCheckV1],
    blockers: &'a [SafetyFindingV1],
    warnings: &'a [SafetyFindingV1],
    recommended_next_actions: &'a [String],
}

#[derive(Serialize)]
struct DeploymentRootVerificationReceiptDigestInput<'a> {
    receipt_id: &'a str,
    deployment_name: &'a str,
    network: &'a str,
    fleet_template: &'a str,
    root_principal: &'a str,
    previous_root_verification: DeploymentRootVerificationStateV1,
    new_root_verification: DeploymentRootVerificationStateV1,
    state_transition: DeploymentRootVerificationStateTransitionV1,
    source_report_id: &'a str,
    source_report_digest: &'a str,
    source_report_requested_at: &'a str,
    source_report_source: DeploymentRootVerificationSourceV1,
    source_report_evidence_status: DeploymentRootVerificationEvidenceStatusV1,
    source_report_current_root_verification: DeploymentRootVerificationStateV1,
    source_report_state_transition: DeploymentRootVerificationStateTransitionV1,
    source_root_observation_source: DeploymentRootObservationSourceV1,
    source_observed_root_canister_id: &'a str,
    source_check_id: &'a str,
    source_check_digest: &'a str,
    source_deployment_plan_id: &'a str,
    source_deployment_plan_digest: &'a str,
    source_inventory_id: &'a str,
    source_inventory_digest: &'a str,
    verified_at_unix_secs: u64,
    local_state_path: &'a str,
    local_state_digest_before: &'a str,
    local_state_digest_after: &'a str,
    warnings: &'a [SafetyFindingV1],
}
/// Calculate the stable digest for a root-verification state-transition
/// receipt.
#[must_use]
pub fn deployment_root_verification_receipt_digest(
    receipt: &DeploymentRootVerificationReceiptV1,
) -> String {
    stable_json_sha256_hex(&DeploymentRootVerificationReceiptDigestInput {
        receipt_id: &receipt.receipt_id,
        deployment_name: &receipt.deployment_name,
        network: &receipt.network,
        fleet_template: &receipt.fleet_template,
        root_principal: &receipt.root_principal,
        previous_root_verification: receipt.previous_root_verification,
        new_root_verification: receipt.new_root_verification,
        state_transition: receipt.state_transition,
        source_report_id: &receipt.source_report_id,
        source_report_digest: &receipt.source_report_digest,
        source_report_requested_at: &receipt.source_report_requested_at,
        source_report_source: receipt.source_report_source,
        source_report_evidence_status: receipt.source_report_evidence_status,
        source_report_current_root_verification: receipt.source_report_current_root_verification,
        source_report_state_transition: receipt.source_report_state_transition,
        source_root_observation_source: receipt.source_root_observation_source,
        source_observed_root_canister_id: &receipt.source_observed_root_canister_id,
        source_check_id: &receipt.source_check_id,
        source_check_digest: &receipt.source_check_digest,
        source_deployment_plan_id: &receipt.source_deployment_plan_id,
        source_deployment_plan_digest: &receipt.source_deployment_plan_digest,
        source_inventory_id: &receipt.source_inventory_id,
        source_inventory_digest: &receipt.source_inventory_digest,
        verified_at_unix_secs: receipt.verified_at_unix_secs,
        local_state_path: &receipt.local_state_path,
        local_state_digest_before: &receipt.local_state_digest_before,
        local_state_digest_after: &receipt.local_state_digest_after,
        warnings: &receipt.warnings,
    })
}
pub(super) fn deployment_root_verification_report_digest(
    report: &DeploymentRootVerificationReportV1,
) -> String {
    stable_json_sha256_hex(&DeploymentRootVerificationReportDigestInput {
        report_id: &report.report_id,
        requested_at: &report.requested_at,
        evidence_status: report.evidence_status,
        state_transition: report.state_transition,
        deployment_name: &report.deployment_name,
        network: &report.network,
        expected_fleet_template: &report.expected_fleet_template,
        expected_root_principal: &report.expected_root_principal,
        observed_deployment_name: &report.observed_deployment_name,
        observed_network: &report.observed_network,
        observed_fleet_template: &report.observed_fleet_template,
        observed_root_principal: &report.observed_root_principal,
        observed_root_canister_id: &report.observed_root_canister_id,
        observed_root_observation_source: &report.observed_root_observation_source,
        source: report.source,
        source_check_id: &report.source_check_id,
        source_check_digest: &report.source_check_digest,
        source_deployment_plan_id: &report.source_deployment_plan_id,
        source_deployment_plan_digest: &report.source_deployment_plan_digest,
        source_inventory_id: &report.source_inventory_id,
        source_inventory_digest: &report.source_inventory_digest,
        current_root_verification: report.current_root_verification,
        identity_checks: &report.identity_checks,
        evidence_checks: &report.evidence_checks,
        blockers: &report.blockers,
        warnings: &report.warnings,
        recommended_next_actions: &report.recommended_next_actions,
    })
}