built-in uuids could be valid v4 uuids

oxidecomputer · Dec 7, 2021 · 539e538 · 539e538
1 parent 9f562e9
commit 539e538
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 13 deletions.
diff --git a/common/src/sql/dbinit.sql b/common/src/sql/dbinit.sql
@@ -681,7 +681,7 @@ INSERT INTO omicron.public.user_builtin (
     time_modified
 ) VALUES (
     /* NOTE: this uuid and name are duplicated in nexus::authn. */
-    '001de000-05e4-0000-0000-000000000001',
+    '001de000-05e4-4000-8000-000000000001',
     'db-init',
     'user used for database initialization',
     NOW(),

diff --git a/nexus/src/authn/mod.rs b/nexus/src/authn/mod.rs
@@ -36,15 +36,19 @@ use uuid::Uuid;
 // Here's a proposed convention for choosing uuids that we hardcode into
 // Omicron.
 //
-//   001de000-05e4-0000-0000-000000000000
-//   ^^^^^^^^ ^^^^
-//       +-----|----------------------------- prefix used for all reserved uuids
-//             |                              (looks a bit like "oxide")
-//             +----------------------------- says what kind of resource it is
-//                                            ("05e4" looks a bit like "user")
+//   001de000-05e4-4000-8000-000000000000
+//   ^^^^^^^^ ^^^^ ^    ^
+//       +-----|---|----|-------------------- prefix used for all reserved uuids
+//             |   |    |                     (looks a bit like "oxide")
+//             +---|----|-------------------- says what kind of resource it is
+//                 |    |                     ("05e4" looks a bit like "user")
+//                 +----|-------------------- v4
+//                      +-------------------- variant 1 (most common for v4)
 //
 // This way, the uuids stand out a bit.  It's not clear if this convention will
-// be very useful, but it beats a random uuid.
+// be very useful, but it beats a random uuid.  (Is it safe to do this?  Well,
+// these are valid v4 uuids, and they're as unlikely to collide with a future
+// uuid as any random uuid is.)
 //
 
 pub struct UserBuiltinConfig {
@@ -74,7 +78,7 @@ lazy_static! {
         UserBuiltinConfig::new_static(
             // "0001" is the first possible user that wouldn't be confused with
             // 0, or root.
-            "001de000-05e4-0000-0000-000000000001",
+            "001de000-05e4-4000-8000-000000000001",
             "db-init",
             "used for seeding initial database data",
         );
@@ -83,7 +87,7 @@ lazy_static! {
     pub static ref USER_SAGA_RECOVERY: UserBuiltinConfig =
         UserBuiltinConfig::new_static(
             // "3a8a" looks a bit like "saga".
-            "001de000-05e4-0000-0000-000000003a8a",
+            "001de000-05e4-4000-8000-000000003a8a",
             "saga-recovery",
             "used by Nexus when recovering sagas",
         );
@@ -95,7 +99,7 @@ lazy_static! {
     pub static ref USER_TEST_PRIVILEGED: UserBuiltinConfig =
         UserBuiltinConfig::new_static(
             // "4007" looks a bit like "root".
-            "001de000-05e4-0000-0000-000000004007",
+            "001de000-05e4-4000-8000-000000004007",
             "test-privileged",
             "used for testing with all privileges",
         );
@@ -104,7 +108,7 @@ lazy_static! {
     pub static ref USER_TEST_UNPRIVILEGED: UserBuiltinConfig =
         UserBuiltinConfig::new_static(
             // 60001 is the decimal uid for "nobody" on Helios.
-            "001de000-05e4-0000-0000-000000060001",
+            "001de000-05e4-4000-8000-000000060001",
             "test-unprivileged",
             "used for testing with no privileges",
         );
@@ -186,9 +190,34 @@ impl Context {
 #[cfg(test)]
 mod test {
     use super::Context;
+    use super::UserBuiltinConfig;
     use super::USER_DB_INIT;
     use super::USER_SAGA_RECOVERY;
     use super::USER_TEST_PRIVILEGED;
+    use super::USER_TEST_UNPRIVILEGED;
+
+    #[test]
+    fn test_builtin_ids_are_valid() {
+        assert_user_has_valid_id(&*USER_DB_INIT);
+        assert_user_has_valid_id(&*USER_SAGA_RECOVERY);
+        assert_user_has_valid_id(&*USER_TEST_PRIVILEGED);
+        assert_user_has_valid_id(&*USER_TEST_UNPRIVILEGED);
+    }
+
+    fn assert_user_has_valid_id(user: &UserBuiltinConfig) {
+        match user.id.get_version() {
+            Some(uuid::Version::Random) => (),
+            _ => panic!("built-in user's uuid is not v4: {:?}", user.name),
+        };
+
+        match user.id.get_variant() {
+            Some(uuid::Variant::RFC4122) => (),
+            _ => panic!(
+                "built-in user's uuid has unexpected variant: {:?}",
+                user.name
+            ),
+        };
+    }
 
     #[test]
     fn test_internal_users() {

diff --git a/tools/oxapi_demo b/tools/oxapi_demo
@@ -143,7 +143,7 @@ function do_curl_authn
 		do_curl "$@"
 	else
 		do_curl "$@" \
-			-H "oxide-authn-spoof: 001de000-05e4-0000-0000-000000004007"
+			-H "oxide-authn-spoof: 001de000-05e4-4000-8000-000000004007"
 	fi
 }