diff options
Diffstat (limited to 'vendor/github.com/hashicorp/terraform/svchost/disco')
-rw-r--r-- | vendor/github.com/hashicorp/terraform/svchost/disco/disco.go | 259 | ||||
-rw-r--r-- | vendor/github.com/hashicorp/terraform/svchost/disco/host.go | 264 |
2 files changed, 523 insertions, 0 deletions
diff --git a/vendor/github.com/hashicorp/terraform/svchost/disco/disco.go b/vendor/github.com/hashicorp/terraform/svchost/disco/disco.go new file mode 100644 index 0000000..1963cbd --- /dev/null +++ b/vendor/github.com/hashicorp/terraform/svchost/disco/disco.go | |||
@@ -0,0 +1,259 @@ | |||
1 | // Package disco handles Terraform's remote service discovery protocol. | ||
2 | // | ||
3 | // This protocol allows mapping from a service hostname, as produced by the | ||
4 | // svchost package, to a set of services supported by that host and the | ||
5 | // endpoint information for each supported service. | ||
6 | package disco | ||
7 | |||
8 | import ( | ||
9 | "encoding/json" | ||
10 | "errors" | ||
11 | "fmt" | ||
12 | "io" | ||
13 | "io/ioutil" | ||
14 | "log" | ||
15 | "mime" | ||
16 | "net/http" | ||
17 | "net/url" | ||
18 | "time" | ||
19 | |||
20 | cleanhttp "github.com/hashicorp/go-cleanhttp" | ||
21 | "github.com/hashicorp/terraform/httpclient" | ||
22 | "github.com/hashicorp/terraform/svchost" | ||
23 | "github.com/hashicorp/terraform/svchost/auth" | ||
24 | ) | ||
25 | |||
26 | const ( | ||
27 | // Fixed path to the discovery manifest. | ||
28 | discoPath = "/.well-known/terraform.json" | ||
29 | |||
30 | // Arbitrary-but-small number to prevent runaway redirect loops. | ||
31 | maxRedirects = 3 | ||
32 | |||
33 | // Arbitrary-but-small time limit to prevent UI "hangs" during discovery. | ||
34 | discoTimeout = 11 * time.Second | ||
35 | |||
36 | // 1MB - to prevent abusive services from using loads of our memory. | ||
37 | maxDiscoDocBytes = 1 * 1024 * 1024 | ||
38 | ) | ||
39 | |||
40 | // httpTransport is overridden during tests, to skip TLS verification. | ||
41 | var httpTransport = cleanhttp.DefaultPooledTransport() | ||
42 | |||
43 | // Disco is the main type in this package, which allows discovery on given | ||
44 | // hostnames and caches the results by hostname to avoid repeated requests | ||
45 | // for the same information. | ||
46 | type Disco struct { | ||
47 | hostCache map[svchost.Hostname]*Host | ||
48 | credsSrc auth.CredentialsSource | ||
49 | |||
50 | // Transport is a custom http.RoundTripper to use. | ||
51 | Transport http.RoundTripper | ||
52 | } | ||
53 | |||
54 | // New returns a new initialized discovery object. | ||
55 | func New() *Disco { | ||
56 | return NewWithCredentialsSource(nil) | ||
57 | } | ||
58 | |||
59 | // NewWithCredentialsSource returns a new discovery object initialized with | ||
60 | // the given credentials source. | ||
61 | func NewWithCredentialsSource(credsSrc auth.CredentialsSource) *Disco { | ||
62 | return &Disco{ | ||
63 | hostCache: make(map[svchost.Hostname]*Host), | ||
64 | credsSrc: credsSrc, | ||
65 | Transport: httpTransport, | ||
66 | } | ||
67 | } | ||
68 | |||
69 | // SetCredentialsSource provides a credentials source that will be used to | ||
70 | // add credentials to outgoing discovery requests, where available. | ||
71 | // | ||
72 | // If this method is never called, no outgoing discovery requests will have | ||
73 | // credentials. | ||
74 | func (d *Disco) SetCredentialsSource(src auth.CredentialsSource) { | ||
75 | d.credsSrc = src | ||
76 | } | ||
77 | |||
78 | // CredentialsForHost returns a non-nil HostCredentials if the embedded source has | ||
79 | // credentials available for the host, and a nil HostCredentials if it does not. | ||
80 | func (d *Disco) CredentialsForHost(hostname svchost.Hostname) (auth.HostCredentials, error) { | ||
81 | if d.credsSrc == nil { | ||
82 | return nil, nil | ||
83 | } | ||
84 | return d.credsSrc.ForHost(hostname) | ||
85 | } | ||
86 | |||
87 | // ForceHostServices provides a pre-defined set of services for a given | ||
88 | // host, which prevents the receiver from attempting network-based discovery | ||
89 | // for the given host. Instead, the given services map will be returned | ||
90 | // verbatim. | ||
91 | // | ||
92 | // When providing "forced" services, any relative URLs are resolved against | ||
93 | // the initial discovery URL that would have been used for network-based | ||
94 | // discovery, yielding the same results as if the given map were published | ||
95 | // at the host's default discovery URL, though using absolute URLs is strongly | ||
96 | // recommended to make the configured behavior more explicit. | ||
97 | func (d *Disco) ForceHostServices(hostname svchost.Hostname, services map[string]interface{}) { | ||
98 | if services == nil { | ||
99 | services = map[string]interface{}{} | ||
100 | } | ||
101 | |||
102 | d.hostCache[hostname] = &Host{ | ||
103 | discoURL: &url.URL{ | ||
104 | Scheme: "https", | ||
105 | Host: string(hostname), | ||
106 | Path: discoPath, | ||
107 | }, | ||
108 | hostname: hostname.ForDisplay(), | ||
109 | services: services, | ||
110 | transport: d.Transport, | ||
111 | } | ||
112 | } | ||
113 | |||
114 | // Discover runs the discovery protocol against the given hostname (which must | ||
115 | // already have been validated and prepared with svchost.ForComparison) and | ||
116 | // returns an object describing the services available at that host. | ||
117 | // | ||
118 | // If a given hostname supports no Terraform services at all, a non-nil but | ||
119 | // empty Host object is returned. When giving feedback to the end user about | ||
120 | // such situations, we say "host <name> does not provide a <service> service", | ||
121 | // regardless of whether that is due to that service specifically being absent | ||
122 | // or due to the host not providing Terraform services at all, since we don't | ||
123 | // wish to expose the detail of whole-host discovery to an end-user. | ||
124 | func (d *Disco) Discover(hostname svchost.Hostname) (*Host, error) { | ||
125 | if host, cached := d.hostCache[hostname]; cached { | ||
126 | return host, nil | ||
127 | } | ||
128 | |||
129 | host, err := d.discover(hostname) | ||
130 | if err != nil { | ||
131 | return nil, err | ||
132 | } | ||
133 | d.hostCache[hostname] = host | ||
134 | |||
135 | return host, nil | ||
136 | } | ||
137 | |||
138 | // DiscoverServiceURL is a convenience wrapper for discovery on a given | ||
139 | // hostname and then looking up a particular service in the result. | ||
140 | func (d *Disco) DiscoverServiceURL(hostname svchost.Hostname, serviceID string) (*url.URL, error) { | ||
141 | host, err := d.Discover(hostname) | ||
142 | if err != nil { | ||
143 | return nil, err | ||
144 | } | ||
145 | return host.ServiceURL(serviceID) | ||
146 | } | ||
147 | |||
148 | // discover implements the actual discovery process, with its result cached | ||
149 | // by the public-facing Discover method. | ||
150 | func (d *Disco) discover(hostname svchost.Hostname) (*Host, error) { | ||
151 | discoURL := &url.URL{ | ||
152 | Scheme: "https", | ||
153 | Host: hostname.String(), | ||
154 | Path: discoPath, | ||
155 | } | ||
156 | |||
157 | client := &http.Client{ | ||
158 | Transport: d.Transport, | ||
159 | Timeout: discoTimeout, | ||
160 | |||
161 | CheckRedirect: func(req *http.Request, via []*http.Request) error { | ||
162 | log.Printf("[DEBUG] Service discovery redirected to %s", req.URL) | ||
163 | if len(via) > maxRedirects { | ||
164 | return errors.New("too many redirects") // this error will never actually be seen | ||
165 | } | ||
166 | return nil | ||
167 | }, | ||
168 | } | ||
169 | |||
170 | req := &http.Request{ | ||
171 | Header: make(http.Header), | ||
172 | Method: "GET", | ||
173 | URL: discoURL, | ||
174 | } | ||
175 | req.Header.Set("Accept", "application/json") | ||
176 | req.Header.Set("User-Agent", httpclient.UserAgentString()) | ||
177 | |||
178 | creds, err := d.CredentialsForHost(hostname) | ||
179 | if err != nil { | ||
180 | log.Printf("[WARN] Failed to get credentials for %s: %s (ignoring)", hostname, err) | ||
181 | } | ||
182 | if creds != nil { | ||
183 | // Update the request to include credentials. | ||
184 | creds.PrepareRequest(req) | ||
185 | } | ||
186 | |||
187 | log.Printf("[DEBUG] Service discovery for %s at %s", hostname, discoURL) | ||
188 | |||
189 | resp, err := client.Do(req) | ||
190 | if err != nil { | ||
191 | return nil, fmt.Errorf("Failed to request discovery document: %v", err) | ||
192 | } | ||
193 | defer resp.Body.Close() | ||
194 | |||
195 | host := &Host{ | ||
196 | // Use the discovery URL from resp.Request in | ||
197 | // case the client followed any redirects. | ||
198 | discoURL: resp.Request.URL, | ||
199 | hostname: hostname.ForDisplay(), | ||
200 | transport: d.Transport, | ||
201 | } | ||
202 | |||
203 | // Return the host without any services. | ||
204 | if resp.StatusCode == 404 { | ||
205 | return host, nil | ||
206 | } | ||
207 | |||
208 | if resp.StatusCode != 200 { | ||
209 | return nil, fmt.Errorf("Failed to request discovery document: %s", resp.Status) | ||
210 | } | ||
211 | |||
212 | contentType := resp.Header.Get("Content-Type") | ||
213 | mediaType, _, err := mime.ParseMediaType(contentType) | ||
214 | if err != nil { | ||
215 | return nil, fmt.Errorf("Discovery URL has a malformed Content-Type %q", contentType) | ||
216 | } | ||
217 | if mediaType != "application/json" { | ||
218 | return nil, fmt.Errorf("Discovery URL returned an unsupported Content-Type %q", mediaType) | ||
219 | } | ||
220 | |||
221 | // This doesn't catch chunked encoding, because ContentLength is -1 in that case. | ||
222 | if resp.ContentLength > maxDiscoDocBytes { | ||
223 | // Size limit here is not a contractual requirement and so we may | ||
224 | // adjust it over time if we find a different limit is warranted. | ||
225 | return nil, fmt.Errorf( | ||
226 | "Discovery doc response is too large (got %d bytes; limit %d)", | ||
227 | resp.ContentLength, maxDiscoDocBytes, | ||
228 | ) | ||
229 | } | ||
230 | |||
231 | // If the response is using chunked encoding then we can't predict its | ||
232 | // size, but we'll at least prevent reading the entire thing into memory. | ||
233 | lr := io.LimitReader(resp.Body, maxDiscoDocBytes) | ||
234 | |||
235 | servicesBytes, err := ioutil.ReadAll(lr) | ||
236 | if err != nil { | ||
237 | return nil, fmt.Errorf("Error reading discovery document body: %v", err) | ||
238 | } | ||
239 | |||
240 | var services map[string]interface{} | ||
241 | err = json.Unmarshal(servicesBytes, &services) | ||
242 | if err != nil { | ||
243 | return nil, fmt.Errorf("Failed to decode discovery document as a JSON object: %v", err) | ||
244 | } | ||
245 | host.services = services | ||
246 | |||
247 | return host, nil | ||
248 | } | ||
249 | |||
250 | // Forget invalidates any cached record of the given hostname. If the host | ||
251 | // has no cache entry then this is a no-op. | ||
252 | func (d *Disco) Forget(hostname svchost.Hostname) { | ||
253 | delete(d.hostCache, hostname) | ||
254 | } | ||
255 | |||
256 | // ForgetAll is like Forget, but for all of the hostnames that have cache entries. | ||
257 | func (d *Disco) ForgetAll() { | ||
258 | d.hostCache = make(map[svchost.Hostname]*Host) | ||
259 | } | ||
diff --git a/vendor/github.com/hashicorp/terraform/svchost/disco/host.go b/vendor/github.com/hashicorp/terraform/svchost/disco/host.go new file mode 100644 index 0000000..ab9514c --- /dev/null +++ b/vendor/github.com/hashicorp/terraform/svchost/disco/host.go | |||
@@ -0,0 +1,264 @@ | |||
1 | package disco | ||
2 | |||
3 | import ( | ||
4 | "encoding/json" | ||
5 | "fmt" | ||
6 | "log" | ||
7 | "net/http" | ||
8 | "net/url" | ||
9 | "os" | ||
10 | "strconv" | ||
11 | "strings" | ||
12 | "time" | ||
13 | |||
14 | "github.com/hashicorp/go-version" | ||
15 | "github.com/hashicorp/terraform/httpclient" | ||
16 | ) | ||
17 | |||
18 | const versionServiceID = "versions.v1" | ||
19 | |||
20 | // Host represents a service discovered host. | ||
21 | type Host struct { | ||
22 | discoURL *url.URL | ||
23 | hostname string | ||
24 | services map[string]interface{} | ||
25 | transport http.RoundTripper | ||
26 | } | ||
27 | |||
28 | // Constraints represents the version constraints of a service. | ||
29 | type Constraints struct { | ||
30 | Service string `json:"service"` | ||
31 | Product string `json:"product"` | ||
32 | Minimum string `json:"minimum"` | ||
33 | Maximum string `json:"maximum"` | ||
34 | Excluding []string `json:"excluding"` | ||
35 | } | ||
36 | |||
37 | // ErrServiceNotProvided is returned when the service is not provided. | ||
38 | type ErrServiceNotProvided struct { | ||
39 | hostname string | ||
40 | service string | ||
41 | } | ||
42 | |||
43 | // Error returns a customized error message. | ||
44 | func (e *ErrServiceNotProvided) Error() string { | ||
45 | if e.hostname == "" { | ||
46 | return fmt.Sprintf("host does not provide a %s service", e.service) | ||
47 | } | ||
48 | return fmt.Sprintf("host %s does not provide a %s service", e.hostname, e.service) | ||
49 | } | ||
50 | |||
51 | // ErrVersionNotSupported is returned when the version is not supported. | ||
52 | type ErrVersionNotSupported struct { | ||
53 | hostname string | ||
54 | service string | ||
55 | version string | ||
56 | } | ||
57 | |||
58 | // Error returns a customized error message. | ||
59 | func (e *ErrVersionNotSupported) Error() string { | ||
60 | if e.hostname == "" { | ||
61 | return fmt.Sprintf("host does not support %s version %s", e.service, e.version) | ||
62 | } | ||
63 | return fmt.Sprintf("host %s does not support %s version %s", e.hostname, e.service, e.version) | ||
64 | } | ||
65 | |||
66 | // ErrNoVersionConstraints is returned when checkpoint was disabled | ||
67 | // or the endpoint to query for version constraints was unavailable. | ||
68 | type ErrNoVersionConstraints struct { | ||
69 | disabled bool | ||
70 | } | ||
71 | |||
72 | // Error returns a customized error message. | ||
73 | func (e *ErrNoVersionConstraints) Error() string { | ||
74 | if e.disabled { | ||
75 | return "checkpoint disabled" | ||
76 | } | ||
77 | return "unable to contact versions service" | ||
78 | } | ||
79 | |||
80 | // ServiceURL returns the URL associated with the given service identifier, | ||
81 | // which should be of the form "servicename.vN". | ||
82 | // | ||
83 | // A non-nil result is always an absolute URL with a scheme of either HTTPS | ||
84 | // or HTTP. | ||
85 | func (h *Host) ServiceURL(id string) (*url.URL, error) { | ||
86 | svc, ver, err := parseServiceID(id) | ||
87 | if err != nil { | ||
88 | return nil, err | ||
89 | } | ||
90 | |||
91 | // No services supported for an empty Host. | ||
92 | if h == nil || h.services == nil { | ||
93 | return nil, &ErrServiceNotProvided{service: svc} | ||
94 | } | ||
95 | |||
96 | urlStr, ok := h.services[id].(string) | ||
97 | if !ok { | ||
98 | // See if we have a matching service as that would indicate | ||
99 | // the service is supported, but not the requested version. | ||
100 | for serviceID := range h.services { | ||
101 | if strings.HasPrefix(serviceID, svc+".") { | ||
102 | return nil, &ErrVersionNotSupported{ | ||
103 | hostname: h.hostname, | ||
104 | service: svc, | ||
105 | version: ver.Original(), | ||
106 | } | ||
107 | } | ||
108 | } | ||
109 | |||
110 | // No discovered services match the requested service. | ||
111 | return nil, &ErrServiceNotProvided{hostname: h.hostname, service: svc} | ||
112 | } | ||
113 | |||
114 | u, err := url.Parse(urlStr) | ||
115 | if err != nil { | ||
116 | return nil, fmt.Errorf("Failed to parse service URL: %v", err) | ||
117 | } | ||
118 | |||
119 | // Make relative URLs absolute using our discovery URL. | ||
120 | if !u.IsAbs() { | ||
121 | u = h.discoURL.ResolveReference(u) | ||
122 | } | ||
123 | |||
124 | if u.Scheme != "https" && u.Scheme != "http" { | ||
125 | return nil, fmt.Errorf("Service URL is using an unsupported scheme: %s", u.Scheme) | ||
126 | } | ||
127 | if u.User != nil { | ||
128 | return nil, fmt.Errorf("Embedded username/password information is not permitted") | ||
129 | } | ||
130 | |||
131 | // Fragment part is irrelevant, since we're not a browser. | ||
132 | u.Fragment = "" | ||
133 | |||
134 | return h.discoURL.ResolveReference(u), nil | ||
135 | } | ||
136 | |||
137 | // VersionConstraints returns the contraints for a given service identifier | ||
138 | // (which should be of the form "servicename.vN") and product. | ||
139 | // | ||
140 | // When an exact (service and version) match is found, the constraints for | ||
141 | // that service are returned. | ||
142 | // | ||
143 | // When the requested version is not provided but the service is, we will | ||
144 | // search for all alternative versions. If mutliple alternative versions | ||
145 | // are found, the contrains of the latest available version are returned. | ||
146 | // | ||
147 | // When a service is not provided at all an error will be returned instead. | ||
148 | // | ||
149 | // When checkpoint is disabled or when a 404 is returned after making the | ||
150 | // HTTP call, an ErrNoVersionConstraints error will be returned. | ||
151 | func (h *Host) VersionConstraints(id, product string) (*Constraints, error) { | ||
152 | svc, _, err := parseServiceID(id) | ||
153 | if err != nil { | ||
154 | return nil, err | ||
155 | } | ||
156 | |||
157 | // Return early if checkpoint is disabled. | ||
158 | if disabled := os.Getenv("CHECKPOINT_DISABLE"); disabled != "" { | ||
159 | return nil, &ErrNoVersionConstraints{disabled: true} | ||
160 | } | ||
161 | |||
162 | // No services supported for an empty Host. | ||
163 | if h == nil || h.services == nil { | ||
164 | return nil, &ErrServiceNotProvided{service: svc} | ||
165 | } | ||
166 | |||
167 | // Try to get the service URL for the version service and | ||
168 | // return early if the service isn't provided by the host. | ||
169 | u, err := h.ServiceURL(versionServiceID) | ||
170 | if err != nil { | ||
171 | return nil, err | ||
172 | } | ||
173 | |||
174 | // Check if we have an exact (service and version) match. | ||
175 | if _, ok := h.services[id].(string); !ok { | ||
176 | // If we don't have an exact match, we search for all matching | ||
177 | // services and then use the service ID of the latest version. | ||
178 | var services []string | ||
179 | for serviceID := range h.services { | ||
180 | if strings.HasPrefix(serviceID, svc+".") { | ||
181 | services = append(services, serviceID) | ||
182 | } | ||
183 | } | ||
184 | |||
185 | if len(services) == 0 { | ||
186 | // No discovered services match the requested service. | ||
187 | return nil, &ErrServiceNotProvided{hostname: h.hostname, service: svc} | ||
188 | } | ||
189 | |||
190 | // Set id to the latest service ID we found. | ||
191 | var latest *version.Version | ||
192 | for _, serviceID := range services { | ||
193 | if _, ver, err := parseServiceID(serviceID); err == nil { | ||
194 | if latest == nil || latest.LessThan(ver) { | ||
195 | id = serviceID | ||
196 | latest = ver | ||
197 | } | ||
198 | } | ||
199 | } | ||
200 | } | ||
201 | |||
202 | // Set a default timeout of 1 sec for the versions request (in milliseconds) | ||
203 | timeout := 1000 | ||
204 | if v, err := strconv.Atoi(os.Getenv("CHECKPOINT_TIMEOUT")); err == nil { | ||
205 | timeout = v | ||
206 | } | ||
207 | |||
208 | client := &http.Client{ | ||
209 | Transport: h.transport, | ||
210 | Timeout: time.Duration(timeout) * time.Millisecond, | ||
211 | } | ||
212 | |||
213 | // Prepare the service URL by setting the service and product. | ||
214 | v := u.Query() | ||
215 | v.Set("product", product) | ||
216 | u.Path += id | ||
217 | u.RawQuery = v.Encode() | ||
218 | |||
219 | // Create a new request. | ||
220 | req, err := http.NewRequest("GET", u.String(), nil) | ||
221 | if err != nil { | ||
222 | return nil, fmt.Errorf("Failed to create version constraints request: %v", err) | ||
223 | } | ||
224 | req.Header.Set("Accept", "application/json") | ||
225 | req.Header.Set("User-Agent", httpclient.UserAgentString()) | ||
226 | |||
227 | log.Printf("[DEBUG] Retrieve version constraints for service %s and product %s", id, product) | ||
228 | |||
229 | resp, err := client.Do(req) | ||
230 | if err != nil { | ||
231 | return nil, fmt.Errorf("Failed to request version constraints: %v", err) | ||
232 | } | ||
233 | defer resp.Body.Close() | ||
234 | |||
235 | if resp.StatusCode == 404 { | ||
236 | return nil, &ErrNoVersionConstraints{disabled: false} | ||
237 | } | ||
238 | |||
239 | if resp.StatusCode != 200 { | ||
240 | return nil, fmt.Errorf("Failed to request version constraints: %s", resp.Status) | ||
241 | } | ||
242 | |||
243 | // Parse the constraints from the response body. | ||
244 | result := &Constraints{} | ||
245 | if err := json.NewDecoder(resp.Body).Decode(result); err != nil { | ||
246 | return nil, fmt.Errorf("Error parsing version constraints: %v", err) | ||
247 | } | ||
248 | |||
249 | return result, nil | ||
250 | } | ||
251 | |||
252 | func parseServiceID(id string) (string, *version.Version, error) { | ||
253 | parts := strings.SplitN(id, ".", 2) | ||
254 | if len(parts) != 2 { | ||
255 | return "", nil, fmt.Errorf("Invalid service ID format (i.e. service.vN): %s", id) | ||
256 | } | ||
257 | |||
258 | version, err := version.NewVersion(parts[1]) | ||
259 | if err != nil { | ||
260 | return "", nil, fmt.Errorf("Invalid service version: %v", err) | ||
261 | } | ||
262 | |||
263 | return parts[0], version, nil | ||
264 | } | ||