Cleanup internal API endpoints

cmd/incusd/api_cluster.go

@@ -79,36 +79,6 @@ var clusterNodeStateCmd = APIEndpoint{
 	Post: APIEndpointAction{Handler: clusterNodeStatePost, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
-var internalClusterAcceptCmd = APIEndpoint{
-	Path: "cluster/accept",
-
-	Post: APIEndpointAction{Handler: internalClusterPostAccept, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
-}
-
-var internalClusterRebalanceCmd = APIEndpoint{
-	Path: "cluster/rebalance",
-
-	Post: APIEndpointAction{Handler: internalClusterPostRebalance, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
-}
-
-var internalClusterAssignCmd = APIEndpoint{
-	Path: "cluster/assign",
-
-	Post: APIEndpointAction{Handler: internalClusterPostAssign, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
-}
-
-var internalClusterHandoverCmd = APIEndpoint{
-	Path: "cluster/handover",
-
-	Post: APIEndpointAction{Handler: internalClusterPostHandover, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
-}
-
-var internalClusterRaftNodeCmd = APIEndpoint{
-	Path: "cluster/raft-node/{address}",
-
-	Delete: APIEndpointAction{Handler: internalClusterRaftNodeDelete, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
-}
-
 // swagger:operation GET /1.0/cluster cluster cluster_get
 //
 //	Get the cluster configuration

cmd/incusd/api_internal.go

@@ -69,18 +69,71 @@ var apiInternal = []APIEndpoint{
 	internalWarningCreateCmd,
 }
 
+// Daemon management internal commands.
+var internalReadyCmd = APIEndpoint{
+	Path: "ready",
+
+	Get: APIEndpointAction{Handler: internalWaitReady, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+}
+
 var internalShutdownCmd = APIEndpoint{
 	Path: "shutdown",
 
 	Put: APIEndpointAction{Handler: internalShutdown, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
-var internalReadyCmd = APIEndpoint{
-	Path: "ready",
+// Internal managemnt traffic.
+var internalImageOptimizeCmd = APIEndpoint{
+	Path: "image-optimize",
 
-	Get: APIEndpointAction{Handler: internalWaitReady, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+	Post: APIEndpointAction{Handler: internalOptimizeImage, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+}
+
+var internalRebalanceLoadCmd = APIEndpoint{
+	Path: "rebalance",
+
+	Get: APIEndpointAction{Handler: internalRebalanceLoad, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+}
+
+var internalSQLCmd = APIEndpoint{
+	Path: "sql",
+
+	Get:  APIEndpointAction{Handler: internalSQLGet, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+	Post: APIEndpointAction{Handler: internalSQLPost, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+}
+
+// Internal cluster traffic.
+var internalClusterAcceptCmd = APIEndpoint{
+	Path: "cluster/accept",
+
+	Post: APIEndpointAction{Handler: internalClusterPostAccept, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+}
+
+var internalClusterAssignCmd = APIEndpoint{
+	Path: "cluster/assign",
+
+	Post: APIEndpointAction{Handler: internalClusterPostAssign, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+}
+
+var internalClusterHandoverCmd = APIEndpoint{
+	Path: "cluster/handover",
+
+	Post: APIEndpointAction{Handler: internalClusterPostHandover, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
+var internalClusterRaftNodeCmd = APIEndpoint{
+	Path: "cluster/raft-node/{address}",
+
+	Delete: APIEndpointAction{Handler: internalClusterRaftNodeDelete, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+}
+
+var internalClusterRebalanceCmd = APIEndpoint{
+	Path: "cluster/rebalance",
+
+	Post: APIEndpointAction{Handler: internalClusterPostRebalance, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+}
+
+// Container hooks.
 var internalContainerOnStartCmd = APIEndpoint{
 	Path: "containers/{instanceRef}/onstart",
 
@@ -99,61 +152,44 @@ var internalContainerOnStopCmd = APIEndpoint{
 	Get: APIEndpointAction{Handler: internalContainerOnStop, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
+// Virtual machine hooks.
 var internalVirtualMachineOnResizeCmd = APIEndpoint{
 	Path: "virtual-machines/{instanceRef}/onresize",
 
 	Get: APIEndpointAction{Handler: internalVirtualMachineOnResize, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
-var internalSQLCmd = APIEndpoint{
-	Path: "sql",
+// Debugging.
+var internalBGPStateCmd = APIEndpoint{
+	Path: "debug/bgp",
 
-	Get:  APIEndpointAction{Handler: internalSQLGet, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
-	Post: APIEndpointAction{Handler: internalSQLPost, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+	Get: APIEndpointAction{Handler: internalBGPState, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
 var internalGarbageCollectorCmd = APIEndpoint{
-	Path: "gc",
+	Path: "debug/gc",
 
 	Get: APIEndpointAction{Handler: internalGC, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
-var internalRAFTSnapshotCmd = APIEndpoint{
-	Path: "raft-snapshot",
-
-	Get: APIEndpointAction{Handler: internalRAFTSnapshot, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
-}
-
 var internalImageRefreshCmd = APIEndpoint{
-	Path: "testing/image-refresh",
+	Path: "debug/image-refresh",
 
 	Get: APIEndpointAction{Handler: internalRefreshImage, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
-var internalImageOptimizeCmd = APIEndpoint{
-	Path: "image-optimize",
+var internalRAFTSnapshotCmd = APIEndpoint{
+	Path: "debug/raft-snapshot",
 
-	Post: APIEndpointAction{Handler: internalOptimizeImage, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
+	Get: APIEndpointAction{Handler: internalRAFTSnapshot, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
 var internalWarningCreateCmd = APIEndpoint{
-	Path: "testing/warnings",
+	Path: "debug/warnings",
 
 	Post: APIEndpointAction{Handler: internalCreateWarning, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
 }
 
-var internalBGPStateCmd = APIEndpoint{
-	Path: "testing/bgp",
-
-	Get: APIEndpointAction{Handler: internalBGPState, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
-}
-
-var internalRebalanceLoadCmd = APIEndpoint{
-	Path: "rebalance",
-
-	Get: APIEndpointAction{Handler: internalRebalanceLoad, AccessHandler: allowPermission(auth.ObjectTypeServer, auth.EntitlementCanEdit)},
-}
-
 type internalImageOptimizePost struct {
 	Image api.Image `json:"image" yaml:"image"`
 	Pool  string    `json:"pool"  yaml:"pool"`

test/suites/clustering.sh

@@ -2782,7 +2782,7 @@ test_clustering_image_refresh() {
 
   # Trigger image refresh on all nodes
   for incus_dir in "${INCUS_ONE_DIR}" "${INCUS_TWO_DIR}" "${INCUS_THREE_DIR}"; do
-    INCUS_DIR="${incus_dir}" incus query /internal/testing/image-refresh &
+    INCUS_DIR="${incus_dir}" incus query /internal/debug/image-refresh &
     pids="$! ${pids}"
   done
 
@@ -2820,7 +2820,7 @@ test_clustering_image_refresh() {
   # Trigger image refresh on all nodes. This shouldn't do anything as the image
   # is already up-to-date.
   for incus_dir in "${INCUS_ONE_DIR}" "${INCUS_TWO_DIR}" "${INCUS_THREE_DIR}"; do
-    INCUS_DIR="${incus_dir}" incus query /internal/testing/image-refresh &
+    INCUS_DIR="${incus_dir}" incus query /internal/debug/image-refresh &
     pids="$! ${pids}"
   done
 
@@ -2846,7 +2846,7 @@ test_clustering_image_refresh() {
 
   # Trigger image refresh on all nodes
   for incus_dir in "${INCUS_ONE_DIR}" "${INCUS_TWO_DIR}" "${INCUS_THREE_DIR}"; do
-    INCUS_DIR="${incus_dir}" incus query /internal/testing/image-refresh &
+    INCUS_DIR="${incus_dir}" incus query /internal/debug/image-refresh &
     pids="$! ${pids}"
   done
 

test/suites/fdleak.sh

@@ -22,7 +22,7 @@ test_fdleak() {
     done
 
     incus list
-    incus query /internal/gc
+    incus query /internal/debug/gc
 
     exit 0
   )

test/suites/network_forward.sh

@@ -30,12 +30,12 @@ test_network_forward() {
   incus network forward show "${netName}" 198.51.100.1 | grep -q -F "description: Test network forward"
 
   # Check forward is exported via BGP prefixes.
-  incus query /internal/testing/bgp | grep "198.51.100.1/32"
+  incus query /internal/debug/bgp | grep "198.51.100.1/32"
 
   incus network forward delete "${netName}" 198.51.100.1
 
   # Check deleting network forward removes forward BGP prefix.
-  ! incus query /internal/testing/bgp | grep "198.51.100.1/32" || false
+  ! incus query /internal/debug/bgp | grep "198.51.100.1/32" || false
 
   # Check creating forward with default target creates valid firewall rules.
   incus network forward create "${netName}" 198.51.100.1 target_address=192.0.2.2
@@ -140,13 +140,13 @@ test_network_forward() {
   fi
 
   # Check forward is exported via BGP prefixes before network delete.
-  incus query /internal/testing/bgp | grep "198.51.100.1/32"
+  incus query /internal/debug/bgp | grep "198.51.100.1/32"
 
   # Check deleting the network clears the forward firewall rules.
   incus network delete "${netName}"
 
   # Check deleting network removes forward BGP prefix.
-  ! incus query /internal/testing/bgp | grep "198.51.100.1/32" || false
+  ! incus query /internal/debug/bgp | grep "198.51.100.1/32" || false
 
   if [ "$firewallDriver" = "xtables" ]; then
     ! iptables -w -t nat -S | grep -c "generated for Incus network-forward ${netName}" || false

test/suites/warnings.sh

@@ -3,13 +3,13 @@ test_warnings() {
     incus query --wait /1.0/warnings\?recursion=1 | jq -r '.[].uuid' | xargs -n1 incus warning delete
 
     # Create a global warning (no node and no project)
-    incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\"}' /internal/testing/warnings
+    incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\"}' /internal/debug/warnings
 
     # More valid queries
-    incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"project\": \"default\"}' /internal/testing/warnings
+    incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"project\": \"default\"}' /internal/debug/warnings
 
     # Update the last warning. This will not create a new warning.
-    incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning 2\", \"project\": \"default\"}' /internal/testing/warnings
+    incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning 2\", \"project\": \"default\"}' /internal/debug/warnings
 
     # There should be two warnings now.
     count=$(incus query --wait /1.0/warnings | jq 'length')
@@ -19,21 +19,21 @@ test_warnings() {
     [ "${count}" -eq 2 ] || false
 
     # Invalid query (unknown project)
-    ! incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"project\": \"foo\"}' /internal/testing/warnings || false
+    ! incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"project\": \"foo\"}' /internal/debug/warnings || false
 
     # Invalid query (unknown type code)
-    ! incus query --wait -X POST -d '{\"type_code\": 999, \"message\": \"global warning\"}' /internal/testing/warnings || false
+    ! incus query --wait -X POST -d '{\"type_code\": 999, \"message\": \"global warning\"}' /internal/debug/warnings || false
 
     # Both entity type code as entity ID need to be valid otherwise no warning will be created. Note that empty/null values are valid as well.
-    ! incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"entity_type_code\": 0, \"entity_id\": 0}' /internal/testing/warnings || false
+    ! incus query --wait -X POST -d '{\"type_code\": 0, \"message\": \"global warning\", \"entity_type_code\": 0, \"entity_id\": 0}' /internal/debug/warnings || false
 
     ensure_import_testimage
 
     # Get image ID from database instead of assuming it
     image_id=$(echo 'select image_id from images_aliases where name="testimage"' | incus admin sql global - | grep -Eo '[[:digit:]]+')
 
     # Create a warning with entity type "image" and entity ID ${image_id} (the imported testimage)
-    incus query --wait -X POST -d "{\\\"type_code\\\": 0, \\\"message\\\": \\\"global warning\\\", \\\"entity_type_code\\\": 1, \\\"entity_id\\\": ${image_id}}" /internal/testing/warnings
+    incus query --wait -X POST -d "{\\\"type_code\\\": 0, \\\"message\\\": \\\"global warning\\\", \\\"entity_type_code\\\": 1, \\\"entity_id\\\": ${image_id}}" /internal/debug/warnings
 
     # There should be three warnings now.
     count=$(incus warning list --format json | jq 'length')