Add list of layers file to spfs run command (#1136)

Adds support for list of layer references file (a runspec) to spfs EnvSpec items

There are now 2 kinds of .spfs.yaml file that can be given to spfs run
as environment spec items. This adds parsing and enums to support
both, and moves LiveLayers to their own source code file.

Signed-off-by: David Gilligan-Cook <[email protected]>

Author: dcookspi

Cargo.lock

@@ -57,9 +57,7 @@ impl CmdLs {
                 self.username = tag.username_without_org().to_string();
                 self.last_modified = tag.time.format("%b %e %H:%M").to_string();
             }
-            EnvSpecItem::PartialDigest(_)
-            | EnvSpecItem::Digest(_)
-            | EnvSpecItem::LiveLayerFile(_) => (),
+            EnvSpecItem::PartialDigest(_) | EnvSpecItem::Digest(_) | EnvSpecItem::SpecFile(_) => (),
         }
 
         let item = repo.read_ref(&self.reference.to_string()).await?;

crates/spfs-cli/main/src/cmd_ls.rs

@@ -210,7 +210,7 @@ impl CmdRun {
 
             self.exec_runtime_command(&mut runtime, &start_time).await
         } else if let Some(reference) = &self.reference {
-            let live_layers = reference.load_live_layers()?;
+            let live_layers = reference.load_live_layers();
             if !live_layers.is_empty() {
                 tracing::debug!("with live layers: {live_layers:?}");
             };
@@ -305,7 +305,7 @@ impl CmdRun {
                 let repo = spfs::storage::ProxyRepository::from_config(proxy_config)
                     .await
                     .wrap_err("Failed to build proxy repository for environment resolution")?;
-                for item in reference.iter().filter(|i| !i.is_livelayerfile()) {
+                for item in reference.iter().filter(|i| !i.is_livelayer()) {
                     let digest = item.resolve_digest(&repo).await?;
                     runtime.push_digest(digest);
                 }

crates/spfs-cli/main/src/cmd_run.rs

@@ -15,6 +15,7 @@ workspace = true
 [dependencies]
 data-encoding = { workspace = true }
 ring = { workspace = true }
+serde = { workspace = true, features = ["derive"] }
 spfs-proto = { path = "../spfs-proto" }
 tokio = { version = "1.20", features = ["io-util", "io-std"] }
 thiserror = { workspace = true }

crates/spfs-encoding/Cargo.toml

@@ -10,6 +10,7 @@ use std::task::Poll;
 
 use data_encoding::BASE32;
 use ring::digest::{Context, SHA256};
+use serde::Deserialize;
 use tokio::io::{AsyncRead, AsyncWrite};
 
 use super::{binary, Digest};
@@ -259,7 +260,7 @@ impl Decodable for String {
 }
 
 /// The first N bytes of a digest that may still be unambiguous as a reference
-#[derive(Debug, Hash, Eq, PartialEq, Ord, PartialOrd, Clone)]
+#[derive(Deserialize, Debug, Hash, Eq, PartialEq, Ord, PartialOrd, Clone)]
 pub struct PartialDigest(Vec<u8>);
 
 impl PartialDigest {

crates/spfs-encoding/src/hash.rs

@@ -161,7 +161,7 @@ where
                 .check_tag_spec(tag_spec)
                 .await
                 .map(CheckEnvItemResult::Tag)?,
-            tracking::EnvSpecItem::LiveLayerFile(_) => {
+            tracking::EnvSpecItem::SpecFile(_) => {
                 // These items do not need checking, they can be ignored.
                 // They do no represent spfs objects in a repo.
                 CheckEnvItemResult::Object(CheckObjectResult::Ignorable)

crates/spfs/src/check.rs

@@ -3,6 +3,7 @@
 // https://github.com/spkenv/spk
 
 use std::io;
+use std::path::PathBuf;
 use std::str::Utf8Error;
 
 use miette::Diagnostic;
@@ -165,6 +166,9 @@ pub enum Error {
     #[error("OverlayFS mount backend is not supported on windows.")]
     OverlayFsUnsupportedOnWindows,
 
+    #[error("Found duplicate spec file ({0}). Spec files can only be given once and must not contain circular references.")]
+    DuplicateSpecFileReference(PathBuf),
+
     #[error("{context}")]
     Wrapped {
         context: String,

crates/spfs/src/error.rs

@@ -146,9 +146,9 @@ pub async fn compute_environment_manifest(
             tracking::EnvSpecItem::TagSpec(t) => {
                 Some(repo.resolve_tag(t).map_ok(|t| t.target).boxed())
             }
-            // LiveLayers are stored in the runtime, not as spfs
+            // SpfsSpecFiles are stored in the runtime, not as spfs
             // objects/layers, so this filters them out.
-            tracking::EnvSpecItem::LiveLayerFile(_) => None,
+            tracking::EnvSpecItem::SpecFile(_) => None,
         })
         .collect();
     let stack = stack_futures.try_collect().await?;

crates/spfs/src/resolve.rs

@@ -0,0 +1,148 @@
+// Copyright (c) Contributors to the SPK project.
+// SPDX-License-Identifier: Apache-2.0
+// https://github.com/spkenv/spk
+
+//! Definition and persistent storage of runtimes.
+
+use std::fmt::Display;
+use std::path::PathBuf;
+
+use serde::{Deserialize, Serialize};
+
+use super::spec_api_version::SpecApiVersion;
+use crate::{Error, Result};
+
+#[cfg(test)]
+#[path = "./live_layer_test.rs"]
+mod live_layer_test;
+
+/// Data needed to bind mount a path onto an /spfs backend that uses
+/// overlayfs.
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]
+pub struct BindMount {
+    /// Path to the source dir, or file, to bind mount into /spfs at
+    /// the destination.
+    #[serde(alias = "bind")]
+    pub src: PathBuf,
+    /// Where to attach the dir, or file, inside /spfs
+    pub dest: String,
+}
+
+impl BindMount {
+    /// Checks the bind mount is valid for use in /spfs with the given parent directory
+    pub(crate) fn validate(&self, parent: PathBuf) -> Result<()> {
+        if !self.src.starts_with(parent.clone()) {
+            return Err(Error::String(format!(
+                "Bind mount is not valid: {} is not under the live layer's directory: {}",
+                self.src.display(),
+                parent.display()
+            )));
+        }
+
+        if !self.src.exists() {
+            return Err(Error::String(format!(
+                "Bind mount is not valid: {} does not exist",
+                self.src.display()
+            )));
+        }
+
+        Ok(())
+    }
+}
+
+impl Display for BindMount {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}:{}", self.src.display(), self.dest)
+    }
+}
+
+/// The kinds of contents that can be part of a live layer
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]
+#[serde(untagged)]
+pub enum LiveLayerContents {
+    /// A directory or file that will be bind mounted over /spfs
+    BindMount(BindMount),
+}
+
+/// Data needed to add a live layer onto an /spfs overlayfs.
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq)]
+pub struct LiveLayer {
+    /// The api format version of the live layer data
+    pub api: SpecApiVersion,
+    /// The contents that the live layer will put into /spfs
+    pub contents: Vec<LiveLayerContents>,
+}
+
+impl LiveLayer {
+    /// Returns a list of the BindMounts in this LiveLayer
+    pub fn bind_mounts(&self) -> Vec<BindMount> {
+        self.contents
+            .iter()
+            .map(|c| match c {
+                LiveLayerContents::BindMount(bm) => bm.clone(),
+            })
+            .collect::<Vec<_>>()
+    }
+
+    /// Updates the live layer's contents entries using given parent
+    /// directory. This will error if the resulting paths do not exist.
+    ///
+    /// This should be called before validate()
+    fn set_parent(&mut self, parent: PathBuf) -> Result<()> {
+        let mut new_contents = Vec::new();
+
+        for entry in self.contents.iter() {
+            let new_entry = match entry {
+                LiveLayerContents::BindMount(bm) => {
+                    let full_path = match parent.join(bm.src.clone()).canonicalize() {
+                        Ok(abs_path) => abs_path.clone(),
+                        Err(err) => {
+                            return Err(Error::InvalidPath(parent.join(bm.src.clone()), err))
+                        }
+                    };
+
+                    LiveLayerContents::BindMount(BindMount {
+                        src: full_path,
+                        dest: bm.dest.clone(),
+                    })
+                }
+            };
+
+            new_contents.push(new_entry);
+        }
+        self.contents = new_contents;
+
+        Ok(())
+    }
+
+    /// Validates the live layer's contents are under the given parent
+    /// directory and accessible by the current user.
+    ///
+    /// This should be called after set_parent()
+    fn validate(&self, parent: PathBuf) -> Result<()> {
+        for entry in self.contents.iter() {
+            match entry {
+                LiveLayerContents::BindMount(bm) => bm.validate(parent.clone())?,
+            }
+        }
+        Ok(())
+    }
+
+    /// Sets the live layer's parent directory, which updates its
+    /// contents, and then validates its contents.
+    pub fn set_parent_and_validate(&mut self, parent: PathBuf) -> Result<()> {
+        let abs_parent = match parent.canonicalize() {
+            Ok(abs_path) => abs_path.clone(),
+            Err(err) => return Err(Error::InvalidPath(parent.clone(), err)),
+        };
+
+        self.set_parent(parent.clone())?;
+        self.validate(abs_parent)
+    }
+}
+
+impl Display for LiveLayer {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}:{:?}", self.api, self.contents)
+    }
+}

crates/spfs/src/runtime/live_layer.rs

@@ -0,0 +1,138 @@
+// Copyright (c) Contributors to the SPK project.
+// SPDX-License-Identifier: Apache-2.0
+// https://github.com/spkenv/spk
+
+use std::fs::File;
+use std::io::Write;
+use std::path::PathBuf;
+use std::str::FromStr;
+
+use rstest::rstest;
+
+use crate::fixtures::*;
+use crate::runtime::{BindMount, LiveLayer, SpecApiVersion};
+use crate::tracking::SpecFile;
+
+#[rstest]
+fn test_bindmount_creation() {
+    let dir = "/some/dir/some/where";
+    let mountpoint = "tests/tests/tests".to_string();
+    let expected = format!("{dir}:{mountpoint}");
+
+    let mount = BindMount {
+        src: PathBuf::from(dir),
+        dest: mountpoint,
+    };
+
+    assert_eq!(mount.to_string(), expected);
+}
+
+#[rstest]
+fn test_bindmount_validate(tmpdir: tempfile::TempDir) {
+    let path = tmpdir.path();
+    let subdir = path.join("somedir");
+    std::fs::create_dir(subdir.clone()).unwrap();
+
+    let mountpoint = "tests/tests/tests".to_string();
+
+    let mount = BindMount {
+        src: subdir,
+        dest: mountpoint,
+    };
+
+    assert!(mount.validate(path.to_path_buf()).is_ok());
+}
+
+#[rstest]
+fn test_bindmount_validate_fail_not_under_parent(tmpdir: tempfile::TempDir) {
+    let path = tmpdir.path();
+    let subdir = path.join("somedir");
+    std::fs::create_dir(subdir.clone()).unwrap();
+
+    let mountpoint = "tests/tests/tests".to_string();
+
+    let mount = BindMount {
+        src: subdir,
+        dest: mountpoint,
+    };
+
+    assert!(mount
+        .validate(PathBuf::from_str("/tmp/no/its/parent/").unwrap())
+        .is_err());
+}
+
+#[rstest]
+fn test_bindmount_validate_fail_not_exists(tmpdir: tempfile::TempDir) {
+    let path = tmpdir.path();
+    let subdir = path.join("somedir");
+    std::fs::create_dir(subdir.clone()).unwrap();
+
+    let mountpoint = "tests/tests/tests".to_string();
+
+    let missing_subdir = subdir.join("not_made");
+
+    let mount = BindMount {
+        src: missing_subdir,
+        dest: mountpoint,
+    };
+
+    assert!(mount.validate(path.to_path_buf()).is_err());
+}
+
+#[rstest]
+fn test_live_layer_file_load(tmpdir: tempfile::TempDir) {
+    let dir = tmpdir.path();
+
+    let subdir = dir.join("testing");
+    std::fs::create_dir(subdir.clone()).unwrap();
+
+    let yaml = format!(
+        "# test live layer\napi: v0/livelayer\ncontents:\n - bind: {}\n   dest: /spfs/test\n",
+        subdir.display()
+    );
+
+    let file_path = dir.join("layer.spfs.yaml");
+    let mut tmp_file = File::create(file_path).unwrap();
+    writeln!(tmp_file, "{}", yaml).unwrap();
+
+    let ll = SpecFile::parse(&dir.display().to_string()).unwrap();
+
+    if let SpecFile::LiveLayer(live_layer) = ll {
+        assert!(live_layer.api == SpecApiVersion::V0Layer);
+        assert!(!live_layer.contents.is_empty());
+        assert!(live_layer.contents.len() == 1);
+    } else {
+        panic!("The test yaml should have parsed as a live layer, but it didn't")
+    }
+}
+
+#[rstest]
+fn test_live_layer_minimal_deserialize() {
+    // Test a minimal yaml string that represents a LiveLayer. Note:
+    // if more LiveLayer fields are added in future, they should have
+    // #[serde(default)] set or be optional, so they are backwards
+    // compatible with existing live layer configurations.
+    let yaml: &str = "api: v0/livelayer\ncontents:\n";
+
+    let layer: LiveLayer = serde_yaml::from_str(yaml).unwrap();
+
+    assert!(layer.api == SpecApiVersion::V0Layer);
+}
+
+#[rstest]
+#[should_panic]
+fn test_live_layer_deserialize_fail_no_contents_field() {
+    let yaml: &str = "api: v0/livelayer\n";
+
+    // This should panic because the contents: field is missing
+    let _layer: LiveLayer = serde_yaml::from_str(yaml).unwrap();
+}
+
+#[rstest]
+#[should_panic]
+fn test_live_layer_deserialize_unknown_version() {
+    let yaml: &str = "api: v9999999999999/invalidapi\ncontents:\n";
+
+    // This should panic because the api value is invalid
+    let _layer: LiveLayer = serde_yaml::from_str(yaml).unwrap();
+}