squib-api 0.2.0

Firecracker-compatible HTTP API server for squib (axum on a Unix domain socket)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

//! `--config-file` static-config envelope ([20-firecracker-api.md §
//! 6](../../../specs/20-firecracker-api.md#6-static-config-file---config-file)).
//!
//! Kebab-case top-level keys per upstream. The `"squib": {...}` extension is
//! `#[serde(default)]` so files remain portable in the squib→firecracker direction;
//! upstream Firecracker silently ignores unknown top-level keys. The `"squib"`
//! sub-object itself is `deny_unknown_fields` so typos inside it fail loudly.
//!
//! Top-level `deny_unknown_fields` is **not** applied to this envelope: per the spec
//! we tolerate unknown keys for forward-compat with future squib extensions.

use serde::Deserialize;

use super::{
    balloon::RawBalloonConfig, boot_source::RawBootSourceConfig, cpu_config::RawCpuConfig,
    drive::RawDriveConfig, entropy::RawEntropyConfig, logger::RawLoggerConfig,
    machine_config::RawMachineConfig, metrics::RawMetricsConfig, mmds::RawMmdsConfig,
    network::RawNetworkInterfaceConfig, pmem::RawPmemConfig, serial::RawSerialConfig,
    vsock::RawVsockConfig,
};

/// Networking mode squib understands. Mirrors `apps/squib-cli::cli::NetworkMode`.
#[derive(Debug, Clone, Copy, Eq, PartialEq, Default, Deserialize)]
#[serde(rename_all = "lowercase")]
pub enum SquibNetworkMode {
    /// vmnet-shared (NAT). Default.
    #[default]
    Shared,
    /// vmnet-bridged.
    Bridged,
    /// vmnet-host (host-only network).
    Host,
    /// Embedded gvproxy userspace stack.
    Userspace,
}

/// Squib-only extension keys. Always `#[serde(default)]` and never required.
#[derive(Debug, Clone, Default, Deserialize)]
#[serde(deny_unknown_fields)]
pub struct SquibExtension {
    /// Networking mode override.
    #[serde(default)]
    pub network: Option<SquibNetworkMode>,
    /// Opt-in TSI mode for vsock.
    #[serde(default)]
    pub vsock_tsi: bool,
    /// Path to a bundled `gvproxy` binary.
    #[serde(default)]
    pub gvproxy_path: Option<String>,
    /// Optional macOS sandbox profile name.
    #[serde(default)]
    pub macos_sandbox_profile: Option<String>,
}

/// Static-config-file envelope.
///
/// Replayed in the deterministic order documented in [20 §
/// 6](../../../specs/20-firecracker-api.md#6-static-config-file---config-file): `machine-config` →
/// `cpu-config` → `boot-source` → drives → NICs → vsock → mmds-config → mmds → balloon → entropy →
/// serial → pmem → hotplug-memory → logger → metrics → `Action(InstanceStart)` (only if `--no-api`
/// is also set).
#[derive(Debug, Clone, Default, Deserialize)]
#[serde(rename_all = "kebab-case")]
pub struct ConfigFile {
    /// `boot-source` is the only mandatory member at the controller level. Marked
    /// optional here so the parser can produce a precise "missing boot-source" error
    /// rather than serde's terser one.
    #[serde(default)]
    pub boot_source: Option<RawBootSourceConfig>,
    /// `drives` array (max 8 — enforced at the controller).
    #[serde(default)]
    pub drives: Vec<RawDriveConfig>,
    /// `machine-config`.
    #[serde(default)]
    pub machine_config: Option<RawMachineConfig>,
    /// `cpu-config`.
    #[serde(default)]
    pub cpu_config: Option<RawCpuConfig>,
    /// `network-interfaces` array (max 8).
    #[serde(default)]
    pub network_interfaces: Vec<RawNetworkInterfaceConfig>,
    /// `vsock`.
    #[serde(default)]
    pub vsock: Option<RawVsockConfig>,
    /// `mmds-config`.
    #[serde(default)]
    pub mmds_config: Option<RawMmdsConfig>,
    /// `mmds` data store seed (any JSON tree).
    #[serde(default)]
    pub mmds: Option<serde_json::Value>,
    /// `balloon`.
    #[serde(default)]
    pub balloon: Option<RawBalloonConfig>,
    /// `entropy`.
    #[serde(default)]
    pub entropy: Option<RawEntropyConfig>,
    /// `serial`.
    #[serde(default)]
    pub serial: Option<RawSerialConfig>,
    /// `pmem` array (max 4).
    #[serde(default)]
    pub pmem: Vec<RawPmemConfig>,
    /// `hotplug-memory`.
    #[serde(default)]
    pub hotplug_memory: Option<super::hotplug_memory::RawHotplugMemoryConfig>,
    /// `logger`.
    #[serde(default)]
    pub logger: Option<RawLoggerConfig>,
    /// `metrics`.
    #[serde(default)]
    pub metrics: Option<RawMetricsConfig>,
    /// Squib-only extension sub-object (forward-compat).
    #[serde(default)]
    pub squib: SquibExtension,
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_should_parse_minimal_config_file() {
        let json = r#"{"boot-source":{"kernel_image_path":"/tmp/k"}}"#;
        let cfg: ConfigFile = serde_json::from_str(json).unwrap();
        assert!(cfg.boot_source.is_some());
        assert!(cfg.drives.is_empty());
    }

    #[test]
    fn test_should_tolerate_unknown_top_level_keys() {
        let json = r#"{"boot-source":{"kernel_image_path":"/tmp/k"},"future-key":42}"#;
        let cfg: ConfigFile = serde_json::from_str(json).unwrap();
        assert!(cfg.boot_source.is_some());
    }

    #[test]
    fn test_should_reject_unknown_keys_inside_squib_extension() {
        let json = r#"{"squib":{"unknown":1}}"#;
        let res: Result<ConfigFile, _> = serde_json::from_str(json);
        assert!(res.is_err());
    }

    #[test]
    fn test_should_parse_squib_network_mode() {
        let json = r#"{"squib":{"network":"shared"}}"#;
        let cfg: ConfigFile = serde_json::from_str(json).unwrap();
        assert_eq!(cfg.squib.network, Some(SquibNetworkMode::Shared));
    }

    #[test]
    fn test_should_parse_full_envelope() {
        let json = r#"{
            "boot-source": {"kernel_image_path":"/tmp/k","boot_args":"console=ttyAMA0"},
            "machine-config": {"vcpu_count":2,"mem_size_mib":256},
            "drives": [{"drive_id":"rootfs","path_on_host":"/tmp/r.img","is_root_device":true}],
            "network-interfaces": [{"iface_id":"eth0","host_dev_name":"tap0"}],
            "logger": {"log_path":"/tmp/squib.log"},
            "squib": {"network":"userspace","vsock_tsi":false}
        }"#;
        let cfg: ConfigFile = serde_json::from_str(json).unwrap();
        assert_eq!(cfg.machine_config.as_ref().unwrap().vcpu_count, 2);
        assert_eq!(cfg.drives.len(), 1);
        assert_eq!(cfg.network_interfaces.len(), 1);
        assert_eq!(cfg.squib.network, Some(SquibNetworkMode::Userspace));
    }
}