oxidecomputer/dropshot oxidecomputer/dropshot

  • Stars
    star
    801
  • Rank 56,644 (Top 2 %)
  • Language
    Rust
  • License
    Apache License 2.0
  • Created over 4 years ago
  • Updated 2 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
oxidecomputer/dropshot
github

oxidecomputer

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

expose REST APIs from a Rust program

Dropshot

Table of Contents
badge

Dropshot is a general-purpose crate for exposing REST APIs from a Rust program. For more, see the online Dropshot documentation. You can build the documentation yourself with:

$ cargo +nightly doc

Contributing

You can build and run the whole test suite with cargo test. The test suite runs cleanly and should remain clean.

You can format the code using cargo fmt. CI checks that code is correctly formatted.

Clippy is used to check for common code issues. (We disable the style checks.) You can run it with cargo clippy --all-targets — --deny warnings --allow clippy::style. CI will run clippy as well.

For maintainers (e.g., publishing new releases and managing dependabot), see MAINTAINERS.adoc.

Configuration reference

Dropshot servers

Dropshot servers use a TOML configuration file. Supported config properties include:

Name Example Required? Description

bind_address

"127.0.0.1:12220"

No

Specifies that the server should bind to the given IP address and TCP port. In general, servers can bind to more than one IP address and port, but this is not (yet?) supported. Defaults to "127.0.0.1:0".

request_body_max_bytes

4096

No

Specifies the maximum number of bytes allowed in a request body. Larger requests will receive a 400 error. Defaults to 1024.

tls.type

"AsFile"

No

Specifies if and how TLS certificate and key information is provided. Valid values include "AsFile" and "AsBytes".

tls.cert_file

"/path/to/cert.pem"

Only if tls.type = AsFile

Specifies the path to a PEM file containing a certificate chain for the server to identify itself with. The first certificate is the end-entity certificate, and the remaining are intermediate certificates on the way to a trusted CA. If specified, the server will only listen for TLS connections.

tls.key_file

"/path/to/key.pem"

Only if tls.type = AsFile

Specifies the path to a PEM-encoded PKCS #8 file containing the private key the server will use. If specified, the server will only listen for TLS connections.

tls.certs

Vec<u8> of certificate data

Only if tls.type = AsBytes

Identical to tls.cert_file, but provided as a buffer.

tls.key

Vec<u8> of key data

Only if tls.type = AsBytes

Identical to tls.key_file, but provided as a buffer.

Logging

Dropshot provides a small wrapper to configure a slog-based Logger. You can use this without using the rest of Dropshot. Logging config properties include:

Name Example Required? Description

mode

"file"

Yes

Controls where server logging will go. Valid modes are "stderr-terminal" and "file". If the mode is `"stderr-terminal", human-readable output, with colors and other terminal formatting if possible, will be sent to stderr. If the mode is "file", Bunyan-format output will be sent to the filesystem path given by log.path. See also log.if_exists, which controls the behavior if the destination path already exists.

level

"info"

Yes

Specifies what severity of log messages should be included in the log. Valid values include "trace", "debug", "info", "warn", "error", and "critical", which are increasing order of severity. Log messages at the specified level and more severe levels will be included in the log.

path

"logs/server.log"

Only if log.mode = "file"

If log.mode is "file", this property determines the path to the log file. See also log.if_exists.

if_exists

"append"

Only if log.mode = "file"

If log.mode is "file", this property specifies what to do if the destination log file already exists. Valid values include "append" (which appends to the existing file), "truncate" (which truncates the existing file and then uses it as though it had just been created), and "fail" (which causes the server to exit immediately with an error).

Design notes

Why is there no way to add an API handler function that runs on every request?

In designing Dropshot, we’ve tried to avoid a few problems we found with frameworks we used in the past. Many (most?) web frameworks, whether in Rust or another language, let you specify a chain of handlers for each route. You can usually specify some handlers that run before or after every request, regardless of the route. We found that after years of evolving a complex API server using this approach, it can get quite hard to follow the control flow for a particular request and to understand the implicit dependencies between different handlers within the chain. This made it time-consuming and error-prone to work on these API servers. (For more details, see the discussion in issue 58.)

With Dropshot, we wanted to try something different: if the primary purpose of these handlers is to share code between handlers, what if we rely instead on existing mechanisms — i.e., function calls. The big risk is that it’s easy for someone to accidentally forget some important function call, like the one that authenticates or authorizes a user. We haven’t gotten far enough in a complex implementation to need this yet, but the plan is to create a pattern of utility functions that return typed values. For example, where in Node.js you might add an early authentication handler that fills in request.auth, with Dropshot you’d have an authentication function that returns an AuthzContext struct. Then anything that needs authentication consumes the AuthzContext as a function argument. As an author of a handler, you know if you’ve got an AuthzContext available and, if not, how to get one (call the utility function). This composes, too: you can have an authorization function that returns an AuthnContext, and the utility function that returns one can consume the AuthzContext. Then anything that requires authorization can consume just the AuthnContext, and you know it’s been authenticated and authorized (possibly with details in that structure).

It’s early, and we may find we need richer facilities in the framework. But we’re hopeful this approach will make it faster and smoother to iterate on complex API servers. If you pick up Dropshot and try this out, let us know how it goes!

Examples

To run the examples in dropshot/examples, clone the repository and run cargo run --example [example_name], e.g. cargo run --example basic. (Do not include the file extension.)

More Repositories

1

hubris

A lightweight, memory-protected, message-passing kernel for deeply embedded systems.
Rust
2,912
star
2

humility

Debugger for Hubris
Rust
452
star
3

progenitor

An OpenAPI client generator
Rust
432
star
4

typify

JSON Schema -> Rust type converter
Rust
366
star
5

helios

Helios: Or, a Vision in a Dream. A Fragment.
Rust
332
star
6

oxide-and-friends

Show notes from Oxide and Friends recordings
Rust
301
star
7

cio

Rust libraries for APIs needed by our automated CIO.
Rust
247
star
8

omicron

Omicron: Oxide control plane
Rust
239
star
9

propolis

VMM userspace for illumos bhyve
Rust
175
star
10

crucible

A storage service.
Rust
155
star
11

console

Oxide Web Console
TypeScript
133
star
12

p4

A P4 compiler
Rust
105
star
13

design-site

We are looking for designers who code to help build a new user experience for computing!
CSS
99
star
14

cobalt

A collection of common Bluespec interfaces/modules.
Bluespec
96
star
15

third-party-api-clients

A place for keeping all our generated third party API clients.
Rust
89
star
16

usdt

Dust your Rust with USDT probes
Rust
81
star
17

steno

distributed sagas
Rust
75
star
18

phbl

Pico Host Boot Loader
Rust
69
star
19

tockilator

Deducing Tock execution flows from Ibex Verilator traces
Rust
68
star
20

serde_tokenstream

serde::Deserializer for proc_macro/proc_macro2::TokenStream
Rust
62
star
21

buildomat

a software build labour-saving device
Rust
53
star
22

opte

packets go in, packets go out, you can't explain that
Rust
36
star
23

fable

TOML deck generator with custom templates and schema validation
CSS
34
star
24

cancel-safe-futures

Alternative future adapters that provide cancel safety.
Rust
33
star
25

oxide.rs

The Oxide Rust SDK and CLI
Rust
31
star
26

pki-playground

Tool for generating non-trivial X.509 certificate chains
Rust
28
star
27

expectorate

I'm especially good at expectorating
Rust
26
star
28

maghemite

A routing stack written in Rust.
Rust
26
star
29

oxide.ts

TypeScript client for the Oxide API
TypeScript
24
star
30

fs3-rs

Extended utilities for working with files and filesystems in Rust.
Rust
22
star
31

aws-wire-lengths

simple command line for various AWS management tasks
Rust
22
star
32

lpc-link2-re

Reverse engineering the LPC-Link2 USB interface
Rust
22
star
33

helios-engvm

Tools for creating and using Helios images on i86pc (classic PC) physical and virtual machines
Rust
22
star
34

lethe

A basic log-structured flash datastore
Rust
20
star
35

poptrie

A poptrie implementation
Rust
17
star
36

terraform-provider-oxide

Oxide Terraform provider
Go
17
star
37

oxide.go

The Go SDK for Oxide.
Go
17
star
38

cli-old

The command line tool for Oxide.
Rust
16
star
39

design-system

Home of reusable design assets and tokens for oxide internal sites
TypeScript
15
star
40

rfsx

A XMODEM sender using libftdi
Rust
15
star
41

rfb

Rust
13
star
42

amd-apcb

AMD Generic Encapsulated Software Architecture Platform Security Processor Configuration Block manipulation library
Rust
13
star
43

async-bb8-diesel

Safe asynchronous access to Diesel and the bb8 connection manager
Rust
12
star
44

xfr

An atomic ring for processing memory-mapped frames.
Rust
11
star
45

idolatry

An experimental IPC interface definition language for Hubris.
Rust
11
star
46

bootleby

Rust
11
star
47

rustfmt-wrapper

A simple wrapper around rustfmt to use it as a library for use when generating code
Rust
11
star
48

dropkick

punt your dropshot service into the cloud
Rust
10
star
49

zone

Rust
10
star
50

hif

HIF: The Hubris/Humility Interchange Format
Rust
10
star
51

bhyve-api

Rust library interface to Bhyve ioctl API
Rust
9
star
52

overwatch

A P4-powered packet tracer.
Rust
9
star
53

react-asciidoc

A React renderer for AsciiDoc. Built on top of Asciidoctor.js.
JavaScript
9
star
54

offline-keystore

yubihsm-setup replacing the yubico cruft with our own cruft!
Rust
9
star
55

openapi-lint

Validate an OpenAPI schema against some rules
Rust
9
star
56

eos

A build tool for illumos.
Rust
8
star
57

ch-oxidase

A port of Cloud Hypervisor to run on Illumos and the Bhyve kernel space
Rust
8
star
58

softnpu

Software Network Processing Unit
Rust
8
star
59

sprockets

Now's the time on sprockets when we dance
Rust
7
star
60

wfm-to-pcap

.wfm to .pcap decoder
Rust
7
star
61

transceiver-control

Crate for controlling optical transceivers over the network
Rust
7
star
62

lpc55_support

Support tooling for flashing the LPC55
Rust
7
star
63

lpc55s69_rompatch_sample

A sample showing issues with the LPC55 mystery rom patch
C
6
star
64

diesel-dtrace

A diesel connection with DTrace probes for connections and queries
Rust
6
star
65

miniz

toy in-memory implementation of Zanzibar data model
Rust
6
star
66

dice-util

utilities for cert template generation and manufacturing / certifying DeviceIds
Rust
6
star
67

sshauth

A library for SSH key based (agents or static files) authentication tokens
Rust
6
star
68

garbage-compactor

terrible build scripts
Shell
6
star
69

slog-dtrace

A slog drain for emitting logging messages to DTrace
Rust
5
star
70

falcon

Fast Assessment Laboratory for Computers On Networks
Rust
5
star
71

smf

Rust
5
star
72

p9fs

A Plan 9 file system crate
Rust
5
star
73

ispf

An Internet packet format Serde implementation
Rust
5
star
74

nixie-tubes

Oxide's collection of assorted NixOS thingamajigs
Nix
5
star
75

tlvc

TLV-C encoding support.
Rust
5
star
76

thouart

Some helpful code for implementing CLI tools for connecting to simulated remote terminals
Rust
5
star
77

reqwest-conditional-middleware

A middleware wrapper that enables (or disables) a wrapped Reqwest middleware on a per-request basis
Rust
5
star
78

clock

wall clock software for the Oxide office
Rust
5
star
79

qemu-systick-bug

Program demonstrating bug in QEMU's SysTick emulation
Rust
4
star
80

tsc-simulator

Rust tool to calculate and simulate the TSC and other time-related values for live migration
Rust
4
star
81

pmbus

A no_std crate for PMBus manipulation
Rust
4
star
82

qorb

Rust
4
star
83

identicon

TypeScript
4
star
84

helios-omicron-brand

A zone brand for Omicron components running under Helios
Rust
4
star
85

serde_human_bytes

Serialize [u8; N] as bytes or as human-readable strings, depending on the format.
Rust
3
star
86

oxide.rs-old

The Rust API client for Oxide.
Rust
3
star
87

sb2_poc

Proof of concept for SB2 exploits
C
3
star
88

dhcpv6

dhpcv6 encoding/decoding
Rust
3
star
89

netadm-sys

A network administration library and CLI for illumos
Rust
3
star
90

tofino

tofino support stuff
Rust
3
star
91

omicron-package

Tools to create Omicron-branded Zones
Rust
3
star
92

partial-struct

Rust
3
star
93

slog-error-chain

Logging Rust errors with context
Rust
3
star
94

renovate-config

Oxide's shared renovate configuration
3
star
95

ordered-toml

toml-rs except preserves table ordering
Rust
3
star
96

management-gateway-service

Crates shared between MGS in omicron and its agent task in hubris
Rust
3
star
97

kstat-rs

Rust interface to illumos libkstat
Rust
3
star
98

tree-sitter-p4

P4 grammar for tree-sitter
JavaScript
3
star
99

helios-omnios-build

Shell
3
star
100

interval_future

Wraps a synchronous, waker-less polling function in an interval-based future
Rust
3
star