deps: github.com/hashicorp/terraform@sdk-v0.11-with-go-modules

[github/fretlink/terraform-provider-statuscake.git] / vendor / github.com / hashicorp / terraform / svchost / disco / disco.go

// Package disco handles Terraform's remote service discovery protocol.
//
// This protocol allows mapping from a service hostname, as produced by the
// svchost package, to a set of services supported by that host and the
// endpoint information for each supported service.
package disco

import (
        "encoding/json"
        "errors"
        "fmt"
        "io"
        "io/ioutil"
        "log"
        "mime"
        "net/http"
        "net/url"
        "time"

        cleanhttp "github.com/hashicorp/go-cleanhttp"
        "github.com/hashicorp/terraform/httpclient"
        "github.com/hashicorp/terraform/svchost"
        "github.com/hashicorp/terraform/svchost/auth"
)

const (
        // Fixed path to the discovery manifest.
        discoPath = "/.well-known/terraform.json"

        // Arbitrary-but-small number to prevent runaway redirect loops.
        maxRedirects = 3

        // Arbitrary-but-small time limit to prevent UI "hangs" during discovery.
        discoTimeout = 11 * time.Second

        // 1MB - to prevent abusive services from using loads of our memory.
        maxDiscoDocBytes = 1 * 1024 * 1024
)

// httpTransport is overridden during tests, to skip TLS verification.
var httpTransport = cleanhttp.DefaultPooledTransport()

// Disco is the main type in this package, which allows discovery on given
// hostnames and caches the results by hostname to avoid repeated requests
// for the same information.
type Disco struct {
        hostCache map[svchost.Hostname]*Host
        credsSrc  auth.CredentialsSource

        // Transport is a custom http.RoundTripper to use.
        Transport http.RoundTripper
}

// New returns a new initialized discovery object.
func New() *Disco {
        return NewWithCredentialsSource(nil)
}

// NewWithCredentialsSource returns a new discovery object initialized with
// the given credentials source.
func NewWithCredentialsSource(credsSrc auth.CredentialsSource) *Disco {
        return &Disco{
                hostCache: make(map[svchost.Hostname]*Host),
                credsSrc:  credsSrc,
                Transport: httpTransport,
        }
}

// SetCredentialsSource provides a credentials source that will be used to
// add credentials to outgoing discovery requests, where available.
//
// If this method is never called, no outgoing discovery requests will have
// credentials.
func (d *Disco) SetCredentialsSource(src auth.CredentialsSource) {
        d.credsSrc = src
}

// CredentialsForHost returns a non-nil HostCredentials if the embedded source has
// credentials available for the host, and a nil HostCredentials if it does not.
func (d *Disco) CredentialsForHost(hostname svchost.Hostname) (auth.HostCredentials, error) {
        if d.credsSrc == nil {
                return nil, nil
        }
        return d.credsSrc.ForHost(hostname)
}

// ForceHostServices provides a pre-defined set of services for a given
// host, which prevents the receiver from attempting network-based discovery
// for the given host. Instead, the given services map will be returned
// verbatim.
//
// When providing "forced" services, any relative URLs are resolved against
// the initial discovery URL that would have been used for network-based
// discovery, yielding the same results as if the given map were published
// at the host's default discovery URL, though using absolute URLs is strongly
// recommended to make the configured behavior more explicit.
func (d *Disco) ForceHostServices(hostname svchost.Hostname, services map[string]interface{}) {
        if services == nil {
                services = map[string]interface{}{}
        }

        d.hostCache[hostname] = &Host{
                discoURL: &url.URL{
                        Scheme: "https",
                        Host:   string(hostname),
                        Path:   discoPath,
                },
                hostname:  hostname.ForDisplay(),
                services:  services,
                transport: d.Transport,
        }
}

// Discover runs the discovery protocol against the given hostname (which must
// already have been validated and prepared with svchost.ForComparison) and
// returns an object describing the services available at that host.
//
// If a given hostname supports no Terraform services at all, a non-nil but
// empty Host object is returned. When giving feedback to the end user about
// such situations, we say "host <name> does not provide a <service> service",
// regardless of whether that is due to that service specifically being absent
// or due to the host not providing Terraform services at all, since we don't
// wish to expose the detail of whole-host discovery to an end-user.
func (d *Disco) Discover(hostname svchost.Hostname) (*Host, error) {
        if host, cached := d.hostCache[hostname]; cached {
                return host, nil
        }

        host, err := d.discover(hostname)
        if err != nil {
                return nil, err
        }
        d.hostCache[hostname] = host

        return host, nil
}

// DiscoverServiceURL is a convenience wrapper for discovery on a given
// hostname and then looking up a particular service in the result.
func (d *Disco) DiscoverServiceURL(hostname svchost.Hostname, serviceID string) (*url.URL, error) {
        host, err := d.Discover(hostname)
        if err != nil {
                return nil, err
        }
        return host.ServiceURL(serviceID)
}

// discover implements the actual discovery process, with its result cached
// by the public-facing Discover method.
func (d *Disco) discover(hostname svchost.Hostname) (*Host, error) {
        discoURL := &url.URL{
                Scheme: "https",
                Host:   hostname.String(),
                Path:   discoPath,
        }

        client := &http.Client{
                Transport: d.Transport,
                Timeout:   discoTimeout,

                CheckRedirect: func(req *http.Request, via []*http.Request) error {
                        log.Printf("[DEBUG] Service discovery redirected to %s", req.URL)
                        if len(via) > maxRedirects {
                                return errors.New("too many redirects") // this error will never actually be seen
                        }
                        return nil
                },
        }

        req := &http.Request{
                Header: make(http.Header),
                Method: "GET",
                URL:    discoURL,
        }
        req.Header.Set("Accept", "application/json")
        req.Header.Set("User-Agent", httpclient.UserAgentString())

        creds, err := d.CredentialsForHost(hostname)
        if err != nil {
                log.Printf("[WARN] Failed to get credentials for %s: %s (ignoring)", hostname, err)
        }
        if creds != nil {
                // Update the request to include credentials.
                creds.PrepareRequest(req)
        }

        log.Printf("[DEBUG] Service discovery for %s at %s", hostname, discoURL)

        resp, err := client.Do(req)
        if err != nil {
                return nil, fmt.Errorf("Failed to request discovery document: %v", err)
        }
        defer resp.Body.Close()

        host := &Host{
                // Use the discovery URL from resp.Request in
                // case the client followed any redirects.
                discoURL:  resp.Request.URL,
                hostname:  hostname.ForDisplay(),
                transport: d.Transport,
        }

        // Return the host without any services.
        if resp.StatusCode == 404 {
                return host, nil
        }

        if resp.StatusCode != 200 {
                return nil, fmt.Errorf("Failed to request discovery document: %s", resp.Status)
        }

        contentType := resp.Header.Get("Content-Type")
        mediaType, _, err := mime.ParseMediaType(contentType)
        if err != nil {
                return nil, fmt.Errorf("Discovery URL has a malformed Content-Type %q", contentType)
        }
        if mediaType != "application/json" {
                return nil, fmt.Errorf("Discovery URL returned an unsupported Content-Type %q", mediaType)
        }

        // This doesn't catch chunked encoding, because ContentLength is -1 in that case.
        if resp.ContentLength > maxDiscoDocBytes {
                // Size limit here is not a contractual requirement and so we may
                // adjust it over time if we find a different limit is warranted.
                return nil, fmt.Errorf(
                        "Discovery doc response is too large (got %d bytes; limit %d)",
                        resp.ContentLength, maxDiscoDocBytes,
                )
        }

        // If the response is using chunked encoding then we can't predict its
        // size, but we'll at least prevent reading the entire thing into memory.
        lr := io.LimitReader(resp.Body, maxDiscoDocBytes)

        servicesBytes, err := ioutil.ReadAll(lr)
        if err != nil {
                return nil, fmt.Errorf("Error reading discovery document body: %v", err)
        }

        var services map[string]interface{}
        err = json.Unmarshal(servicesBytes, &services)
        if err != nil {
                return nil, fmt.Errorf("Failed to decode discovery document as a JSON object: %v", err)
        }
        host.services = services

        return host, nil
}

// Forget invalidates any cached record of the given hostname. If the host
// has no cache entry then this is a no-op.
func (d *Disco) Forget(hostname svchost.Hostname) {
        delete(d.hostCache, hostname)
}

// ForgetAll is like Forget, but for all of the hostnames that have cache entries.
func (d *Disco) ForgetAll() {
        d.hostCache = make(map[svchost.Hostname]*Host)
}