[nix-cache] Allow use of multiple caches. Split read vs write (#2059)

mikeland73 · gcurtis · web-flow · commit d434bf5ee06e · 2024-05-16T15:58:19.000-07:00
## Summary

* Use new API
* Allow devbox to use multiple caches for read. 
* Split read vs write caches

## How was it tested?

Untested, needs new api to be deployed

---------

Signed-off-by: Mike Landau &lt;mikeland86@gmail.com&gt;
Co-authored-by: Greg Curtis &lt;greg.curtis@jetpack.io&gt;
diff --git a/go.mod b/go.mod
@@ -41,7 +41,7 @@ require (
 	github.com/zealic/go2node v0.1.0
 	go.jetify.com/typeid v1.1.0
 	go.jetpack.io/envsec v0.0.16-0.20240329013200-4174c0acdb00
-	go.jetpack.io/pkg v0.0.0-20240425160511-7b1b3c860422
+	go.jetpack.io/pkg v0.0.0-20240516160739-268b3dd5f65d
 	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
 	golang.org/x/mod v0.16.0
 	golang.org/x/oauth2 v0.19.0
diff --git a/go.sum b/go.sum
@@ -364,6 +364,8 @@ go.jetpack.io/envsec v0.0.16-0.20240329013200-4174c0acdb00 h1:Kb+OlWOntAq+1nF+01
 go.jetpack.io/envsec v0.0.16-0.20240329013200-4174c0acdb00/go.mod h1:dVG2n8fBAGpQczW8yk/6wuXb9uEhzaJF7wGXkGLRRCU=
 go.jetpack.io/pkg v0.0.0-20240425160511-7b1b3c860422 h1:nycOky7HqHwm7yyRy8nM1vnehkPmpSQEjdVSp9oz0to=
 go.jetpack.io/pkg v0.0.0-20240425160511-7b1b3c860422/go.mod h1:+uFriYKQtj7KHG5g+n6EKspEBg4zlwvq7Z/YOmatjQU=
+go.jetpack.io/pkg v0.0.0-20240516160739-268b3dd5f65d h1:r9njTg75ZHdafCFs3kcXy3a3BHzIcvHA75s1HKXUTmQ=
+go.jetpack.io/pkg v0.0.0-20240516160739-268b3dd5f65d/go.mod h1:+uFriYKQtj7KHG5g+n6EKspEBg4zlwvq7Z/YOmatjQU=
 go.jetpack.io/typeid v1.0.1-0.20240410183543-96a4fd53d1e2 h1:w9uWg8BAim374iWzxEuDhf6MJ/cMQVR/0xi/L3DgfT0=
 go.jetpack.io/typeid v1.0.1-0.20240410183543-96a4fd53d1e2/go.mod h1:zqBUNjE3NxAL8wRYW2LcOpH5LxCvTqthm9YSuuu1ic4=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
diff --git a/internal/boxcli/cache.go b/internal/boxcli/cache.go
@@ -7,13 +7,16 @@ import (
 	"encoding/json"
 	"fmt"
 	"os/user"
+	"slices"
 
 	"github.com/MakeNowJust/heredoc/v2"
 	"github.com/pkg/errors"
+	"github.com/samber/lo"
 	"github.com/spf13/cobra"
 	"go.jetpack.io/devbox/internal/devbox"
 	"go.jetpack.io/devbox/internal/devbox/devopt"
 	"go.jetpack.io/devbox/internal/devbox/providers/nixcache"
+	nixv1alpha1 "go.jetpack.io/pkg/api/gen/priv/nix/v1alpha1"
 )
 
 type cacheFlags struct {
@@ -118,16 +121,26 @@ func cacheInfoCmd() *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			// TODO(gcurtis): We can also output info about the daemon config status
 			// here
-			uri, err := nixcache.Get().URI(cmd.Context())
+			caches, err := nixcache.Get().Caches(cmd.Context())
 			if err != nil {
 				return err
 			}
-			if uri == "" {
+			if len(caches) == 0 {
 				fmt.Fprintln(cmd.OutOrStdout(), "No cache configured")
-				return nil
 			}
-			fmt.Fprintln(cmd.OutOrStdout(), "Cache URI:", uri)
-			return err
+			for _, cache := range caches {
+				isReadOnly := !slices.Contains(
+					cache.GetPermissions(),
+					nixv1alpha1.Permission_PERMISSION_WRITE,
+				)
+				fmt.Fprintf(
+					cmd.OutOrStdout(),
+					"* %s %s\n",
+					cache.GetUri(),
+					lo.Ternary(isReadOnly, "(read-only)", ""),
+				)
+			}
+			return nil
 		},
 	}
 }
diff --git a/internal/devbox/cache.go b/internal/devbox/cache.go
@@ -2,11 +2,14 @@ package devbox
 
 import (
 	"context"
+	"errors"
 	"io"
 
 	"go.jetpack.io/devbox/internal/boxcli/usererr"
 	"go.jetpack.io/devbox/internal/devbox/providers/nixcache"
 	"go.jetpack.io/devbox/internal/nix"
+	"go.jetpack.io/devbox/internal/ux"
+	"go.jetpack.io/pkg/auth"
 )
 
 func (d *Devbox) UploadProjectToCache(
@@ -15,17 +18,14 @@ func (d *Devbox) UploadProjectToCache(
 ) error {
 	if cacheURI == "" {
 		var err error
-		cacheURI, err = d.providers.NixCache.URI(ctx)
+		cacheURI, err = getWriteCacheURI(ctx, d.stderr, d.providers.NixCache)
 		if err != nil {
 			return err
 		}
-		if cacheURI == "" {
-			return usererr.New("Your account's organization doesn't have a Nix cache.")
-		}
 	}
 
 	creds, err := d.providers.NixCache.Credentials(ctx)
-	if err != nil {
+	if err != nil && !errors.Is(err, auth.ErrNotLoggedIn) {
 		return err
 	}
 	profilePath, err := d.profilePath()
@@ -50,18 +50,34 @@ func UploadInstallableToCache(
 ) error {
 	if cacheURI == "" {
 		var err error
-		cacheURI, err = nixcache.Get().URI(ctx)
+		cacheURI, err = getWriteCacheURI(ctx, stderr, *nixcache.Get())
 		if err != nil {
 			return err
 		}
-		if cacheURI == "" {
-			return usererr.New("Your account's organization doesn't have a Nix cache.")
-		}
 	}
 
 	creds, err := nixcache.Get().Credentials(ctx)
-	if err != nil {
+	if err != nil && !errors.Is(err, auth.ErrNotLoggedIn) {
 		return err
 	}
 	return nix.CopyInstallableToCache(ctx, stderr, cacheURI, installable, creds.Env())
 }
+
+func getWriteCacheURI(
+	ctx context.Context,
+	w io.Writer,
+	provider nixcache.Provider,
+) (string, error) {
+	caches, err := provider.WriteCaches(ctx)
+	if err != nil {
+		return "", err
+	}
+	if len(caches) == 0 {
+		return "",
+			usererr.New("You don't have permission to write to any Nix caches.")
+	}
+	if len(caches) > 1 {
+		ux.Fwarning(w, "Multiple caches available, using %s.\n", caches[0].GetUri())
+	}
+	return caches[0].GetUri(), nil
+}
diff --git a/internal/devbox/packages.go b/internal/devbox/packages.go
@@ -28,6 +28,7 @@ import (
 	"go.jetpack.io/devbox/internal/redact"
 	"go.jetpack.io/devbox/internal/shellgen"
 	"go.jetpack.io/devbox/internal/telemetry"
+	nixv1alpha1 "go.jetpack.io/pkg/api/gen/priv/nix/v1alpha1"
 
 	"go.jetpack.io/devbox/internal/boxcli/usererr"
 	"go.jetpack.io/devbox/internal/debug"
@@ -444,14 +445,19 @@ func (d *Devbox) installNixPackagesToStore(ctx context.Context, mode installMode
 		Flags:  flags,
 		Writer: d.stderr,
 	}
-	args.ExtraSubstituter, err = d.providers.NixCache.URI(ctx)
+	caches, err := d.providers.NixCache.ReadCaches(ctx)
 	if err != nil {
 		debug.Log("error getting nix cache URI, assuming user doesn't have access: %v", err)
 	}
 
+	args.ExtraSubstituters = lo.Map(
+		caches, func(c *nixv1alpha1.NixBinCache, _ int) string {
+			return c.GetUri()
+		})
+
 	// TODO (Landau): handle errors that are not auth.ErrNotLoggedIn
 	// Only lookup credentials if we have a cache to use
-	if args.ExtraSubstituter != "" {
+	if len(args.ExtraSubstituters) > 0 {
 		creds, err := d.providers.NixCache.Credentials(ctx)
 		if err == nil {
 			args.Env = creds.Env()
@@ -469,7 +475,7 @@ func (d *Devbox) installNixPackagesToStore(ctx context.Context, mode installMode
 			var daemonErr *nix.DaemonError
 			if errors.As(err, &daemonErr) {
 				// Error here to give the user a chance to restart the daemon.
-				return usererr.New("Devbox configured Nix to use %q as a cache. Please restart the Nix daemon and re-run Devbox.", args.ExtraSubstituter)
+				return usererr.New("Devbox configured Nix to use a new cache. Please restart the Nix daemon and re-run Devbox.")
 			}
 			// Other errors indicate we couldn't update nix.conf, so just warn and continue
 			// by building from source if necessary.
diff --git a/internal/devbox/providers/nixcache/nixcache.go b/internal/devbox/providers/nixcache/nixcache.go
@@ -2,8 +2,10 @@ package nixcache
 
 import (
 	"context"
+	"slices"
 	"time"
 
+	"github.com/samber/lo"
 	"go.jetpack.io/devbox/internal/build"
 	"go.jetpack.io/devbox/internal/cachehash"
 	"go.jetpack.io/devbox/internal/devbox/providers/identity"
@@ -55,40 +57,49 @@ func (p *Provider) Credentials(ctx context.Context) (AWSCredentials, error) {
 	return creds, nil
 }
 
-// URI queries the Jetify API for the URI that points to user's private cache.
-// If their account doesn't have access to a cache, it returns an empty string
-// and a nil error.
-func (p *Provider) URI(ctx context.Context) (string, error) {
-	cache := filecache.New[string]("devbox/providers/nixcache")
+func (p *Provider) Caches(
+	ctx context.Context,
+) ([]*nixv1alpha1.NixBinCache, error) {
 	token, err := identity.Get().GenSession(ctx)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
-	// Landau: I think we can probably remove this cache? This endpoint is very
-	// fast and we only use this for build/upload which are slow.
-	uri, err := cache.GetOrSet(
-		"uri-"+getSubOrAccessTokenHash(token),
-		func() (string, time.Duration, error) {
-			client := api.NewClient(ctx, build.JetpackAPIHost(), token)
-			resp, err := client.GetBinCache(ctx)
-			if err != nil {
-				return "", 0, redact.Errorf("nixcache: get uri: %w", redact.Safe(err))
-			}
+	client := api.NewClient(ctx, build.JetpackAPIHost(), token)
+	resp, err := client.GetBinCache(ctx)
+	if err != nil {
+		return nil, redact.Errorf("nixcache: get caches: %w", redact.Safe(err))
+	}
+	return resp.GetCaches(), nil
+}
 
-			// Don't cache negative responses.
-			if resp.GetNixBinCacheUri() == "" {
-				return "", 0, nil
-			}
+func (p *Provider) ReadCaches(
+	ctx context.Context,
+) ([]*nixv1alpha1.NixBinCache, error) {
+	caches, err := p.Caches(ctx)
+	if err != nil {
+		return nil, err
+	}
+	return lo.Filter(caches, func(c *nixv1alpha1.NixBinCache, _ int) bool {
+		return slices.Contains(
+			c.GetPermissions(),
+			nixv1alpha1.Permission_PERMISSION_READ,
+		)
+	}), nil
+}
 
-			// TODO(gcurtis): do a better job of invalidating the URI after
-			// a Nix command fails to query the cache.
-			return resp.GetNixBinCacheUri(), 24 * time.Hour, nil
-		},
-	)
+func (p *Provider) WriteCaches(
+	ctx context.Context,
+) ([]*nixv1alpha1.NixBinCache, error) {
+	caches, err := p.Caches(ctx)
 	if err != nil {
-		return "", redact.Errorf("nixcache: get uri: %w", redact.Safe(err))
+		return nil, err
 	}
-	return uri, nil
+	return lo.Filter(caches, func(c *nixv1alpha1.NixBinCache, _ int) bool {
+		return slices.Contains(
+			c.GetPermissions(),
+			nixv1alpha1.Permission_PERMISSION_WRITE,
+		)
+	}), nil
 }
 
 // AWSCredentials are short-lived credentials that grant access to a private Nix
diff --git a/internal/devpkg/narinfo_cache.go b/internal/devpkg/narinfo_cache.go
@@ -128,7 +128,6 @@ func (p *Package) keyForOutput(output string) string {
 			output = strings.Join(names, ",")
 		}
 	}
-	fmt.Println("output: ", output)
 
 	return fmt.Sprintf("%s^%s", p.Raw, output)
 }
diff --git a/internal/nix/build.go b/internal/nix/build.go
@@ -5,18 +5,19 @@ import (
 	"io"
 	"os"
 	"os/exec"
+	"strings"
 
 	"github.com/pkg/errors"
 	"go.jetpack.io/devbox/internal/debug"
 	"go.jetpack.io/devbox/internal/redact"
 )
 
 type BuildArgs struct {
-	AllowInsecure    bool
-	Env              []string
-	ExtraSubstituter string
-	Flags            []string
-	Writer           io.Writer
+	AllowInsecure     bool
+	Env               []string
+	ExtraSubstituters []string
+	Flags             []string
+	Writer            io.Writer
 }
 
 func Build(ctx context.Context, args *BuildArgs, installables ...string) error {
@@ -26,8 +27,11 @@ func Build(ctx context.Context, args *BuildArgs, installables ...string) error {
 	cmd.Args = append(cmd.Args, installables...)
 	// Adding extra substituters only here to be conservative, but this could also
 	// be added to ExperimentalFlags() in the future.
-	if args.ExtraSubstituter != "" {
-		cmd.Args = append(cmd.Args, "--extra-substituters", args.ExtraSubstituter)
+	if len(args.ExtraSubstituters) > 0 {
+		cmd.Args = append(cmd.Args,
+			"--extra-substituters",
+			strings.Join(args.ExtraSubstituters, " "),
+		)
 	}
 	cmd.Env = append(allowUnfreeEnv(os.Environ()), args.Env...)
 	if args.AllowInsecure {

Original file line number	Diff line number	Diff line change
`@@ -128,7 +128,6 @@ func (p *Package) keyForOutput(output string) string {`
`128`	`128`	`output = strings.Join(names, ",")`
`129`	`129`	`}`
`130`	`130`	`}`
`131`		`- fmt.Println("output: ", output)`
`132`	`131`
`133`	`132`	`return fmt.Sprintf("%s^%s", p.Raw, output)`
`134`	`133`	`}`