resilien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
terraform/internal/getproviders/registry_client.go

567 lines
17 KiB
Go
Raw Normal View History

internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
package getproviders
import (
internal/getproviders: Tidy up some confusion about package hashes Earlier on in the stubbing of this package we realized that it wasn't going to be possible to populate the authentication-related bits for all packages because the relevant metadata just isn't available for packages that are already local. However, we just moved ahead with that awkward design at the time because we needed to get other work done, and so we've been mostly producing PackageMeta values with all-zeros hashes and just ignoring them entirely as a temporary workaround. This is a first step towards what is hopefully a more intuitive model: authentication is an optional thing in a PackageMeta that is currently populated only for packages coming from a registry. So far this still just models checking a SHA256 hash, which is not a sufficient set of checks for a real release but hopefully the "real" implementation is a natural iteration of this starting point, and if not then at least this interim step is a bit more honest about the fact that Authentication will not be populated on every PackageMeta.
2020-04-03 21:11:57 +02:00
"crypto/sha256"
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
"encoding/hex"
"encoding/json"
"errors"
"fmt"
internal: Verify provider signatures on install Providers installed from the registry are accompanied by a list of checksums (the "SHA256SUMS" file), which is cryptographically signed to allow package authentication. The process of verifying this has multiple steps: - First we must verify that the SHA256 hash of the package archive matches the expected hash. This could be done for local installations too, in the future. - Next we ensure that the expected hash returned as part of the registry API response matches an entry in the checksum list. - Finally we verify the cryptographic signature of the checksum list, using the public keys provided by the registry. Each of these steps is implemented as a separate PackageAuthentication type. The local archive installation mechanism uses only the archive checksum authenticator, and the HTTP installation uses all three in the order given. The package authentication system now also returns a result value, which is used by command/init to display the result of the authentication process. There are three tiers of signature, each of which is presented differently to the user: - Signatures from the embedded HashiCorp public key indicate that the provider is officially supported by HashiCorp; - If the signing key is not from HashiCorp, it may have an associated trust signature, which indicates that the provider is from one of HashiCorp's trusted partners; - Otherwise, if the signature is valid, this is a community provider.
2020-04-08 22:22:07 +02:00
"io/ioutil"
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
"log"
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
"net/http"
"net/url"
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
"os"
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
"path"
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
"strconv"
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
"time"
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
"github.com/hashicorp/go-retryablehttp"
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
svchost "github.com/hashicorp/terraform-svchost"
svcauth "github.com/hashicorp/terraform-svchost/auth"
"github.com/hashicorp/terraform/addrs"
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
"github.com/hashicorp/terraform/helper/logging"
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
"github.com/hashicorp/terraform/httpclient"
"github.com/hashicorp/terraform/version"
)
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
const (
terraformVersionHeader = "X-Terraform-Version"
// registryDiscoveryRetryEnvName is the name of the environment variable that
// can be configured to customize number of retries for module and provider
// discovery requests with the remote registry.
registryDiscoveryRetryEnvName = "TF_REGISTRY_DISCOVERY_RETRY"
defaultRetry = 1
// registryClientTimeoutEnvName is the name of the environment variable that
// can be configured to customize the timeout duration (seconds) for module
// and provider discovery with the remote registry.
registryClientTimeoutEnvName = "TF_REGISTRY_CLIENT_TIMEOUT"
// defaultRequestTimeout is the default timeout duration for requests to the
// remote registry.
defaultRequestTimeout = 10 * time.Second
)
var (
discoveryRetry int
requestTimeout time.Duration
)
func init() {
configureDiscoveryRetry()
configureRequestTimeout()
}
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
var SupportedPluginProtocols = MustParseVersionConstraints("~> 5")
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
// registryClient is a client for the provider registry protocol that is
// specialized only for the needs of this package. It's not intended as a
// general registry API client.
type registryClient struct {
baseURL *url.URL
creds svcauth.HostCredentials
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
httpClient *retryablehttp.Client
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
func newRegistryClient(baseURL *url.URL, creds svcauth.HostCredentials) *registryClient {
httpClient := httpclient.New()
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
httpClient.Timeout = requestTimeout
retryableClient := retryablehttp.NewClient()
retryableClient.HTTPClient = httpClient
retryableClient.RetryMax = discoveryRetry
retryableClient.RequestLogHook = requestLogHook
retryableClient.ErrorHandler = maxRetryErrorHandler
logOutput, err := logging.LogOutput()
if err != nil {
log.Printf("[WARN] Failed to set up registry client logger, "+
"continuing without client logging: %s", err)
}
retryableClient.Logger = log.New(logOutput, "", log.Flags())
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
return &registryClient{
baseURL: baseURL,
creds: creds,
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
httpClient: retryableClient,
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
}
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
// ProviderVersions returns the raw version and protocol strings produced by the
// registry for the given provider.
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
//
getproviders: add a registry-specific error and modify output when a provider is not found. Previously a user would see the following error even if terraform was only searching the local filesystem: "provider registry registry.terraform.io does not have a provider named ...." This PR adds a registry-specific error type and modifies the MultiSource installer to check for registry errors. It will return the registry-specific error message if there is one, but if not the error message will list all locations searched.
2020-05-14 20:04:13 +02:00
// The returned error will be ErrRegistryProviderNotKnown if the registry responds with
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
// 404 Not Found to indicate that the namespace or provider type are not known,
// ErrUnauthorized if the registry responds with 401 or 403 status codes, or
// ErrQueryFailed for any other protocol or operational problem.
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
func (c *registryClient) ProviderVersions(addr addrs.Provider) (map[string][]string, []string, error) {
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
endpointPath, err := url.Parse(path.Join(addr.Namespace, addr.Type, "versions"))
if err != nil {
// Should never happen because we're constructing this from
// already-validated components.
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
return nil, nil, err
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
endpointURL := c.baseURL.ResolveReference(endpointPath)
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
req, err := retryablehttp.NewRequest("GET", endpointURL.String(), nil)
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
if err != nil {
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
return nil, nil, err
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
c.addHeadersToRequest(req.Request)
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
resp, err := c.httpClient.Do(req)
if err != nil {
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
return nil, nil, c.errQueryFailed(addr, err)
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
defer resp.Body.Close()
switch resp.StatusCode {
case http.StatusOK:
// Great!
case http.StatusNotFound:
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
return nil, nil, ErrRegistryProviderNotKnown{
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
Provider: addr,
}
case http.StatusUnauthorized, http.StatusForbidden:
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
return nil, nil, c.errUnauthorized(addr.Hostname)
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
default:
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
return nil, nil, c.errQueryFailed(addr, errors.New(resp.Status))
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
// We ignore the platforms portion of the response body, because the
// installer verifies the platform compatibility after pulling a provider
// versions' metadata.
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
type ResponseBody struct {
Versions []struct {
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
Version string `json:"version"`
Protocols []string `json:"protocols"`
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
} `json:"versions"`
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
Warnings []string `json:"warnings"`
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
var body ResponseBody
dec := json.NewDecoder(resp.Body)
if err := dec.Decode(&body); err != nil {
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
return nil, nil, c.errQueryFailed(addr, err)
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
if len(body.Versions) == 0 {
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
return nil, body.Warnings, nil
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
ret := make(map[string][]string, len(body.Versions))
for _, v := range body.Versions {
ret[v.Version] = v.Protocols
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
return ret, body.Warnings, nil
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
// PackageMeta returns metadata about a distribution package for a provider.
//
// The returned error will be one of the following:
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
//
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
// - ErrPlatformNotSupported if the registry responds with 404 Not Found,
// under the assumption that the caller previously checked that the provider
// and version are valid.
// - ErrProtocolNotSupported if the requested provider version's protocols are not
// supported by this version of terraform.
// - ErrUnauthorized if the registry responds with 401 or 403 status codes
// - ErrQueryFailed for any other operational problem.
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
func (c *registryClient) PackageMeta(provider addrs.Provider, version Version, target Platform) (PackageMeta, error) {
endpointPath, err := url.Parse(path.Join(
provider.Namespace,
provider.Type,
version.String(),
"download",
target.OS,
target.Arch,
))
if err != nil {
// Should never happen because we're constructing this from
// already-validated components.
return PackageMeta{}, err
}
endpointURL := c.baseURL.ResolveReference(endpointPath)
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
req, err := retryablehttp.NewRequest("GET", endpointURL.String(), nil)
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
if err != nil {
return PackageMeta{}, err
}
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
c.addHeadersToRequest(req.Request)
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
resp, err := c.httpClient.Do(req)
if err != nil {
return PackageMeta{}, c.errQueryFailed(provider, err)
}
defer resp.Body.Close()
switch resp.StatusCode {
case http.StatusOK:
// Great!
case http.StatusNotFound:
return PackageMeta{}, ErrPlatformNotSupported{
Provider: provider,
Version: version,
Platform: target,
}
case http.StatusUnauthorized, http.StatusForbidden:
return PackageMeta{}, c.errUnauthorized(provider.Hostname)
default:
return PackageMeta{}, c.errQueryFailed(provider, errors.New(resp.Status))
}
internal: Verify provider signatures on install Providers installed from the registry are accompanied by a list of checksums (the "SHA256SUMS" file), which is cryptographically signed to allow package authentication. The process of verifying this has multiple steps: - First we must verify that the SHA256 hash of the package archive matches the expected hash. This could be done for local installations too, in the future. - Next we ensure that the expected hash returned as part of the registry API response matches an entry in the checksum list. - Finally we verify the cryptographic signature of the checksum list, using the public keys provided by the registry. Each of these steps is implemented as a separate PackageAuthentication type. The local archive installation mechanism uses only the archive checksum authenticator, and the HTTP installation uses all three in the order given. The package authentication system now also returns a result value, which is used by command/init to display the result of the authentication process. There are three tiers of signature, each of which is presented differently to the user: - Signatures from the embedded HashiCorp public key indicate that the provider is officially supported by HashiCorp; - If the signing key is not from HashiCorp, it may have an associated trust signature, which indicates that the provider is from one of HashiCorp's trusted partners; - Otherwise, if the signature is valid, this is a community provider.
2020-04-08 22:22:07 +02:00
type SigningKeyList struct {
GPGPublicKeys []*SigningKey `json:"gpg_public_keys"`
}
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
type ResponseBody struct {
Protocols []string `json:"protocols"`
OS string `json:"os"`
Arch string `json:"arch"`
Filename string `json:"filename"`
DownloadURL string `json:"download_url"`
SHA256Sum string `json:"shasum"`
internal: Verify provider signatures on install Providers installed from the registry are accompanied by a list of checksums (the "SHA256SUMS" file), which is cryptographically signed to allow package authentication. The process of verifying this has multiple steps: - First we must verify that the SHA256 hash of the package archive matches the expected hash. This could be done for local installations too, in the future. - Next we ensure that the expected hash returned as part of the registry API response matches an entry in the checksum list. - Finally we verify the cryptographic signature of the checksum list, using the public keys provided by the registry. Each of these steps is implemented as a separate PackageAuthentication type. The local archive installation mechanism uses only the archive checksum authenticator, and the HTTP installation uses all three in the order given. The package authentication system now also returns a result value, which is used by command/init to display the result of the authentication process. There are three tiers of signature, each of which is presented differently to the user: - Signatures from the embedded HashiCorp public key indicate that the provider is officially supported by HashiCorp; - If the signing key is not from HashiCorp, it may have an associated trust signature, which indicates that the provider is from one of HashiCorp's trusted partners; - Otherwise, if the signature is valid, this is a community provider.
2020-04-08 22:22:07 +02:00
SHA256SumsURL string `json:"shasums_url"`
SHA256SumsSignatureURL string `json:"shasums_signature_url"`
SigningKeys SigningKeyList `json:"signing_keys"`
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
var body ResponseBody
dec := json.NewDecoder(resp.Body)
if err := dec.Decode(&body); err != nil {
return PackageMeta{}, c.errQueryFailed(provider, err)
}
var protoVersions VersionList
for _, versionStr := range body.Protocols {
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
v, err := ParseVersion(versionStr)
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
if err != nil {
return PackageMeta{}, c.errQueryFailed(
provider,
fmt.Errorf("registry response includes invalid version string %q: %s", versionStr, err),
)
}
protoVersions = append(protoVersions, v)
}
protoVersions.Sort()
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
// Verify that this version of terraform supports the providers' protocol
// version(s)
if len(protoVersions) > 0 {
supportedProtos := MeetingConstraints(SupportedPluginProtocols)
protoErr := ErrProtocolNotSupported{
Provider: provider,
Version: version,
}
match := false
for _, version := range protoVersions {
if supportedProtos.Has(version) {
match = true
}
}
if match == false {
// If the protocol version is not supported, try to find the closest
// matching version.
closest, err := c.findClosestProtocolCompatibleVersion(provider, version)
if err != nil {
return PackageMeta{}, err
}
protoErr.Suggestion = closest
return PackageMeta{}, protoErr
}
}
internal/getproviders: Package URL should always be absolute Registries backed by static files are likely to use relative paths to their archives for simplicity's sake, but we'll normalize them to be absolute before returning because the caller wouldn't otherwise know what to resolve the URLs relative to.
2020-01-09 01:47:49 +01:00
downloadURL, err := url.Parse(body.DownloadURL)
if err != nil {
return PackageMeta{}, fmt.Errorf("registry response includes invalid download URL: %s", err)
}
downloadURL = resp.Request.URL.ResolveReference(downloadURL)
if downloadURL.Scheme != "http" && downloadURL.Scheme != "https" {
return PackageMeta{}, fmt.Errorf("registry response includes invalid download URL: must use http or https scheme")
}
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
ret := PackageMeta{
internal/getproviders: Include Provider and Version in PackageMeta Although we tend to return these in contexts where at least one of these values is implied, being explicit means that PackageMeta values are self-contained and less reliant on such external context.
2020-02-21 02:53:11 +01:00
Provider: provider,
Version: version,
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
ProtocolVersions: protoVersions,
TargetPlatform: Platform{
OS: body.OS,
Arch: body.Arch,
},
internal/getproviders: Source interface for generalization We intend to support installation both directly from origin registries and from mirrors in the local filesystem or over the network. This Source interface will serve as our abstraction over those three options, allowing calling code to treat them all the same.
2020-01-09 01:24:41 +01:00
Filename: body.Filename,
internal/getproviders: Package URL should always be absolute Registries backed by static files are likely to use relative paths to their archives for simplicity's sake, but we'll normalize them to be absolute before returning because the caller wouldn't otherwise know what to resolve the URLs relative to.
2020-01-09 01:47:49 +01:00
Location: PackageHTTPURL(downloadURL.String()),
internal/getproviders: Tidy up some confusion about package hashes Earlier on in the stubbing of this package we realized that it wasn't going to be possible to populate the authentication-related bits for all packages because the relevant metadata just isn't available for packages that are already local. However, we just moved ahead with that awkward design at the time because we needed to get other work done, and so we've been mostly producing PackageMeta values with all-zeros hashes and just ignoring them entirely as a temporary workaround. This is a first step towards what is hopefully a more intuitive model: authentication is an optional thing in a PackageMeta that is currently populated only for packages coming from a registry. So far this still just models checking a SHA256 hash, which is not a sufficient set of checks for a real release but hopefully the "real" implementation is a natural iteration of this starting point, and if not then at least this interim step is a bit more honest about the fact that Authentication will not be populated on every PackageMeta.
2020-04-03 21:11:57 +02:00
// "Authentication" is populated below
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
}
internal/getproviders: Tidy up some confusion about package hashes Earlier on in the stubbing of this package we realized that it wasn't going to be possible to populate the authentication-related bits for all packages because the relevant metadata just isn't available for packages that are already local. However, we just moved ahead with that awkward design at the time because we needed to get other work done, and so we've been mostly producing PackageMeta values with all-zeros hashes and just ignoring them entirely as a temporary workaround. This is a first step towards what is hopefully a more intuitive model: authentication is an optional thing in a PackageMeta that is currently populated only for packages coming from a registry. So far this still just models checking a SHA256 hash, which is not a sufficient set of checks for a real release but hopefully the "real" implementation is a natural iteration of this starting point, and if not then at least this interim step is a bit more honest about the fact that Authentication will not be populated on every PackageMeta.
2020-04-03 21:11:57 +02:00
if len(body.SHA256Sum) != sha256.Size*2 { // *2 because it's hex-encoded
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
return PackageMeta{}, c.errQueryFailed(
provider,
fmt.Errorf("registry response includes invalid SHA256 hash %q: %s", body.SHA256Sum, err),
)
}
internal: Verify provider signatures on install Providers installed from the registry are accompanied by a list of checksums (the "SHA256SUMS" file), which is cryptographically signed to allow package authentication. The process of verifying this has multiple steps: - First we must verify that the SHA256 hash of the package archive matches the expected hash. This could be done for local installations too, in the future. - Next we ensure that the expected hash returned as part of the registry API response matches an entry in the checksum list. - Finally we verify the cryptographic signature of the checksum list, using the public keys provided by the registry. Each of these steps is implemented as a separate PackageAuthentication type. The local archive installation mechanism uses only the archive checksum authenticator, and the HTTP installation uses all three in the order given. The package authentication system now also returns a result value, which is used by command/init to display the result of the authentication process. There are three tiers of signature, each of which is presented differently to the user: - Signatures from the embedded HashiCorp public key indicate that the provider is officially supported by HashiCorp; - If the signing key is not from HashiCorp, it may have an associated trust signature, which indicates that the provider is from one of HashiCorp's trusted partners; - Otherwise, if the signature is valid, this is a community provider.
2020-04-08 22:22:07 +02:00
internal/getproviders: Tidy up some confusion about package hashes Earlier on in the stubbing of this package we realized that it wasn't going to be possible to populate the authentication-related bits for all packages because the relevant metadata just isn't available for packages that are already local. However, we just moved ahead with that awkward design at the time because we needed to get other work done, and so we've been mostly producing PackageMeta values with all-zeros hashes and just ignoring them entirely as a temporary workaround. This is a first step towards what is hopefully a more intuitive model: authentication is an optional thing in a PackageMeta that is currently populated only for packages coming from a registry. So far this still just models checking a SHA256 hash, which is not a sufficient set of checks for a real release but hopefully the "real" implementation is a natural iteration of this starting point, and if not then at least this interim step is a bit more honest about the fact that Authentication will not be populated on every PackageMeta.
2020-04-03 21:11:57 +02:00
var checksum [sha256.Size]byte
_, err = hex.Decode(checksum[:], []byte(body.SHA256Sum))
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
if err != nil {
return PackageMeta{}, c.errQueryFailed(
provider,
fmt.Errorf("registry response includes invalid SHA256 hash %q: %s", body.SHA256Sum, err),
)
}
internal: Verify provider signatures on install Providers installed from the registry are accompanied by a list of checksums (the "SHA256SUMS" file), which is cryptographically signed to allow package authentication. The process of verifying this has multiple steps: - First we must verify that the SHA256 hash of the package archive matches the expected hash. This could be done for local installations too, in the future. - Next we ensure that the expected hash returned as part of the registry API response matches an entry in the checksum list. - Finally we verify the cryptographic signature of the checksum list, using the public keys provided by the registry. Each of these steps is implemented as a separate PackageAuthentication type. The local archive installation mechanism uses only the archive checksum authenticator, and the HTTP installation uses all three in the order given. The package authentication system now also returns a result value, which is used by command/init to display the result of the authentication process. There are three tiers of signature, each of which is presented differently to the user: - Signatures from the embedded HashiCorp public key indicate that the provider is officially supported by HashiCorp; - If the signing key is not from HashiCorp, it may have an associated trust signature, which indicates that the provider is from one of HashiCorp's trusted partners; - Otherwise, if the signature is valid, this is a community provider.
2020-04-08 22:22:07 +02:00
shasumsURL, err := url.Parse(body.SHA256SumsURL)
if err != nil {
return PackageMeta{}, fmt.Errorf("registry response includes invalid SHASUMS URL: %s", err)
}
shasumsURL = resp.Request.URL.ResolveReference(shasumsURL)
if shasumsURL.Scheme != "http" && shasumsURL.Scheme != "https" {
return PackageMeta{}, fmt.Errorf("registry response includes invalid SHASUMS URL: must use http or https scheme")
}
document, err := c.getFile(shasumsURL)
if err != nil {
return PackageMeta{}, c.errQueryFailed(
provider,
fmt.Errorf("failed to retrieve authentication checksums for provider: %s", err),
)
}
signatureURL, err := url.Parse(body.SHA256SumsSignatureURL)
if err != nil {
return PackageMeta{}, fmt.Errorf("registry response includes invalid SHASUMS signature URL: %s", err)
}
signatureURL = resp.Request.URL.ResolveReference(signatureURL)
if signatureURL.Scheme != "http" && signatureURL.Scheme != "https" {
return PackageMeta{}, fmt.Errorf("registry response includes invalid SHASUMS signature URL: must use http or https scheme")
}
signature, err := c.getFile(signatureURL)
if err != nil {
return PackageMeta{}, c.errQueryFailed(
provider,
fmt.Errorf("failed to retrieve cryptographic signature for provider: %s", err),
)
}
keys := make([]SigningKey, len(body.SigningKeys.GPGPublicKeys))
for i, key := range body.SigningKeys.GPGPublicKeys {
keys[i] = *key
}
ret.Authentication = PackageAuthenticationAll(
NewMatchingChecksumAuthentication(document, body.Filename, checksum),
NewArchiveChecksumAuthentication(checksum),
NewSignatureAuthentication(document, signature, keys),
)
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
return ret, nil
}
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
// findClosestProtocolCompatibleVersion searches for the provider version with the closest protocol match.
func (c *registryClient) findClosestProtocolCompatibleVersion(provider addrs.Provider, version Version) (Version, error) {
var match Version
internal/getproviders: decode and return any registry warnings (#25337) * internal/getproviders: decode and return any registry warnings The public registry may include a list of warnings in the "versions" response for any given provider. This PR adds support for warnings from the registry and an installer event to return those warnings to the user.
2020-06-25 16:49:48 +02:00
available, _, err := c.ProviderVersions(provider)
getproviders: move protocol compatibility functions into registry client (#24846) * internal/registry source: return error if requested provider version protocols are not supported * getproviders: move responsibility for protocol compatibility checks into the registry client The original implementation had the providercache checking the provider metadata for protocol compatibility, but this is only relevant for the registry source so it made more sense to move the logic into getproviders. This also addresses an issue where we were pulling the metadata for every provider version until we found one that was supported. I've extended the registry client to unmarshal the protocols in `ProviderVersions` so we can filter through that list, instead of pulling each version's metadata.
2020-05-11 19:49:12 +02:00
if err != nil {
return UnspecifiedVersion, err
}
// extract the maps keys so we can make a sorted list of available versions.
versionList := make(VersionList, 0, len(available))
for versionStr := range available {
v, err := ParseVersion(versionStr)
if err != nil {
return UnspecifiedVersion, ErrQueryFailed{
Provider: provider,
Wrapped: fmt.Errorf("registry response includes invalid version string %q: %s", versionStr, err),
}
}
versionList = append(versionList, v)
}
versionList.Sort() // lowest precedence first, preserving order when equal precedence
protoVersions := MeetingConstraints(SupportedPluginProtocols)
FindMatch:
// put the versions in increasing order of precedence
for index := len(versionList) - 1; index >= 0; index-- { // walk backwards to consider newer versions first
for _, protoStr := range available[versionList[index].String()] {
p, err := ParseVersion(protoStr)
if err != nil {
return UnspecifiedVersion, ErrQueryFailed{
Provider: provider,
Wrapped: fmt.Errorf("registry response includes invalid protocol string %q: %s", protoStr, err),
}
}
if protoVersions.Has(p) {
match = versionList[index]
break FindMatch
}
}
}
return match, nil
}
getproviders: add a registry-specific error and modify output when a provider is not found. Previously a user would see the following error even if terraform was only searching the local filesystem: "provider registry registry.terraform.io does not have a provider named ...." This PR adds a registry-specific error type and modifies the MultiSource installer to check for registry errors. It will return the registry-specific error message if there is one, but if not the error message will list all locations searched.
2020-05-14 20:04:13 +02:00
// LegacyProviderDefaultNamespace returns the raw address strings produced by
internal/getproviders: LookupLegacyProvider This is a temporary helper so that we can potentially ship the new provider installer without making a breaking change by relying on the old default namespace lookup API on the default registry to find a proper FQN for a legacy provider provider address during installation. If it's given a non-legacy provider address then it just returns the given address verbatim, so any codepath using it will also correctly handle explicit full provider addresses. This also means it will automatically self-disable once we stop using addrs.NewLegacyProvider in the config loader, because there will therefore no longer be any legacy provider addresses in the config to resolve. (They'll be "default" provider addresses instead, assumed to be under registry.terraform.io/hashicorp/* ) It's not decided yet whether we will actually introduce the new provider in a minor release, but even if we don't this API function will likely be useful for a hypothetical automatic upgrade tool to introduce explicit full provider addresses into existing modules that currently rely on the equivalent to this lookup in the current provider installer. This is dead code for now, but my intent is that it would either be called as part of new provider installation to produce an address suitable to pass to Source.AvailableVersions, or it would be called from the aforementioned hypothetical upgrade tool. Whatever happens, these functions can be removed no later than one whole major release after the new provider installer is introduced, when everyone's had the opportunity to update their legacy unqualified addresses.
2020-01-22 01:01:49 +01:00
// the registry when asked about the given unqualified provider type name.
// The returned namespace string is taken verbatim from the registry's response.
//
// This method exists only to allow compatibility with unqualified names
// in older configurations. New configurations should be written so as not to
// depend on it.
func (c *registryClient) LegacyProviderDefaultNamespace(typeName string) (string, error) {
internal: Fix LookupLegacyProvider When looking up the namespace for a legacy provider source, we need to use the /v1/providers/-/{name}/versions endpoint. For non-HashiCorp providers, the /v1/providers/-/{name} endpoint returns a 404. This commit updates the LegacyProviderDefaultNamespace method and the mock registry servers accordingly.
2020-05-08 17:40:55 +02:00
endpointPath, err := url.Parse(path.Join("-", typeName, "versions"))
internal/getproviders: LookupLegacyProvider This is a temporary helper so that we can potentially ship the new provider installer without making a breaking change by relying on the old default namespace lookup API on the default registry to find a proper FQN for a legacy provider provider address during installation. If it's given a non-legacy provider address then it just returns the given address verbatim, so any codepath using it will also correctly handle explicit full provider addresses. This also means it will automatically self-disable once we stop using addrs.NewLegacyProvider in the config loader, because there will therefore no longer be any legacy provider addresses in the config to resolve. (They'll be "default" provider addresses instead, assumed to be under registry.terraform.io/hashicorp/* ) It's not decided yet whether we will actually introduce the new provider in a minor release, but even if we don't this API function will likely be useful for a hypothetical automatic upgrade tool to introduce explicit full provider addresses into existing modules that currently rely on the equivalent to this lookup in the current provider installer. This is dead code for now, but my intent is that it would either be called as part of new provider installation to produce an address suitable to pass to Source.AvailableVersions, or it would be called from the aforementioned hypothetical upgrade tool. Whatever happens, these functions can be removed no later than one whole major release after the new provider installer is introduced, when everyone's had the opportunity to update their legacy unqualified addresses.
2020-01-22 01:01:49 +01:00
if err != nil {
// Should never happen because we're constructing this from
// already-validated components.
return "", err
}
endpointURL := c.baseURL.ResolveReference(endpointPath)
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
req, err := retryablehttp.NewRequest("GET", endpointURL.String(), nil)
internal/getproviders: LookupLegacyProvider This is a temporary helper so that we can potentially ship the new provider installer without making a breaking change by relying on the old default namespace lookup API on the default registry to find a proper FQN for a legacy provider provider address during installation. If it's given a non-legacy provider address then it just returns the given address verbatim, so any codepath using it will also correctly handle explicit full provider addresses. This also means it will automatically self-disable once we stop using addrs.NewLegacyProvider in the config loader, because there will therefore no longer be any legacy provider addresses in the config to resolve. (They'll be "default" provider addresses instead, assumed to be under registry.terraform.io/hashicorp/* ) It's not decided yet whether we will actually introduce the new provider in a minor release, but even if we don't this API function will likely be useful for a hypothetical automatic upgrade tool to introduce explicit full provider addresses into existing modules that currently rely on the equivalent to this lookup in the current provider installer. This is dead code for now, but my intent is that it would either be called as part of new provider installation to produce an address suitable to pass to Source.AvailableVersions, or it would be called from the aforementioned hypothetical upgrade tool. Whatever happens, these functions can be removed no later than one whole major release after the new provider installer is introduced, when everyone's had the opportunity to update their legacy unqualified addresses.
2020-01-22 01:01:49 +01:00
if err != nil {
return "", err
}
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
c.addHeadersToRequest(req.Request)
internal/getproviders: LookupLegacyProvider This is a temporary helper so that we can potentially ship the new provider installer without making a breaking change by relying on the old default namespace lookup API on the default registry to find a proper FQN for a legacy provider provider address during installation. If it's given a non-legacy provider address then it just returns the given address verbatim, so any codepath using it will also correctly handle explicit full provider addresses. This also means it will automatically self-disable once we stop using addrs.NewLegacyProvider in the config loader, because there will therefore no longer be any legacy provider addresses in the config to resolve. (They'll be "default" provider addresses instead, assumed to be under registry.terraform.io/hashicorp/* ) It's not decided yet whether we will actually introduce the new provider in a minor release, but even if we don't this API function will likely be useful for a hypothetical automatic upgrade tool to introduce explicit full provider addresses into existing modules that currently rely on the equivalent to this lookup in the current provider installer. This is dead code for now, but my intent is that it would either be called as part of new provider installation to produce an address suitable to pass to Source.AvailableVersions, or it would be called from the aforementioned hypothetical upgrade tool. Whatever happens, these functions can be removed no later than one whole major release after the new provider installer is introduced, when everyone's had the opportunity to update their legacy unqualified addresses.
2020-01-22 01:01:49 +01:00
// This is just to give us something to return in error messages. It's
// not a proper provider address.
placeholderProviderAddr := addrs.NewLegacyProvider(typeName)
resp, err := c.httpClient.Do(req)
if err != nil {
return "", c.errQueryFailed(placeholderProviderAddr, err)
}
defer resp.Body.Close()
switch resp.StatusCode {
case http.StatusOK:
// Great!
case http.StatusNotFound:
getproviders: add a registry-specific error and modify output when a provider is not found. Previously a user would see the following error even if terraform was only searching the local filesystem: "provider registry registry.terraform.io does not have a provider named ...." This PR adds a registry-specific error type and modifies the MultiSource installer to check for registry errors. It will return the registry-specific error message if there is one, but if not the error message will list all locations searched.
2020-05-14 20:04:13 +02:00
return "", ErrProviderNotFound{
internal/getproviders: LookupLegacyProvider This is a temporary helper so that we can potentially ship the new provider installer without making a breaking change by relying on the old default namespace lookup API on the default registry to find a proper FQN for a legacy provider provider address during installation. If it's given a non-legacy provider address then it just returns the given address verbatim, so any codepath using it will also correctly handle explicit full provider addresses. This also means it will automatically self-disable once we stop using addrs.NewLegacyProvider in the config loader, because there will therefore no longer be any legacy provider addresses in the config to resolve. (They'll be "default" provider addresses instead, assumed to be under registry.terraform.io/hashicorp/* ) It's not decided yet whether we will actually introduce the new provider in a minor release, but even if we don't this API function will likely be useful for a hypothetical automatic upgrade tool to introduce explicit full provider addresses into existing modules that currently rely on the equivalent to this lookup in the current provider installer. This is dead code for now, but my intent is that it would either be called as part of new provider installation to produce an address suitable to pass to Source.AvailableVersions, or it would be called from the aforementioned hypothetical upgrade tool. Whatever happens, these functions can be removed no later than one whole major release after the new provider installer is introduced, when everyone's had the opportunity to update their legacy unqualified addresses.
2020-01-22 01:01:49 +01:00
Provider: placeholderProviderAddr,
}
case http.StatusUnauthorized, http.StatusForbidden:
return "", c.errUnauthorized(placeholderProviderAddr.Hostname)
default:
return "", c.errQueryFailed(placeholderProviderAddr, errors.New(resp.Status))
}
type ResponseBody struct {
internal: Fix LookupLegacyProvider When looking up the namespace for a legacy provider source, we need to use the /v1/providers/-/{name}/versions endpoint. For non-HashiCorp providers, the /v1/providers/-/{name} endpoint returns a 404. This commit updates the LegacyProviderDefaultNamespace method and the mock registry servers accordingly.
2020-05-08 17:40:55 +02:00
Id string
internal/getproviders: LookupLegacyProvider This is a temporary helper so that we can potentially ship the new provider installer without making a breaking change by relying on the old default namespace lookup API on the default registry to find a proper FQN for a legacy provider provider address during installation. If it's given a non-legacy provider address then it just returns the given address verbatim, so any codepath using it will also correctly handle explicit full provider addresses. This also means it will automatically self-disable once we stop using addrs.NewLegacyProvider in the config loader, because there will therefore no longer be any legacy provider addresses in the config to resolve. (They'll be "default" provider addresses instead, assumed to be under registry.terraform.io/hashicorp/* ) It's not decided yet whether we will actually introduce the new provider in a minor release, but even if we don't this API function will likely be useful for a hypothetical automatic upgrade tool to introduce explicit full provider addresses into existing modules that currently rely on the equivalent to this lookup in the current provider installer. This is dead code for now, but my intent is that it would either be called as part of new provider installation to produce an address suitable to pass to Source.AvailableVersions, or it would be called from the aforementioned hypothetical upgrade tool. Whatever happens, these functions can be removed no later than one whole major release after the new provider installer is introduced, when everyone's had the opportunity to update their legacy unqualified addresses.
2020-01-22 01:01:49 +01:00
}
var body ResponseBody
dec := json.NewDecoder(resp.Body)
if err := dec.Decode(&body); err != nil {
return "", c.errQueryFailed(placeholderProviderAddr, err)
}
internal: Fix LookupLegacyProvider When looking up the namespace for a legacy provider source, we need to use the /v1/providers/-/{name}/versions endpoint. For non-HashiCorp providers, the /v1/providers/-/{name} endpoint returns a 404. This commit updates the LegacyProviderDefaultNamespace method and the mock registry servers accordingly.
2020-05-08 17:40:55 +02:00
provider, diags := addrs.ParseProviderSourceString(body.Id)
if diags.HasErrors() {
return "", fmt.Errorf("Error parsing provider ID from Registry: %s", diags.Err())
}
if provider.Type != typeName {
return "", fmt.Errorf("Registry returned provider with type %q, expected %q", provider.Type, typeName)
}
return provider.Namespace, nil
internal/getproviders: LookupLegacyProvider This is a temporary helper so that we can potentially ship the new provider installer without making a breaking change by relying on the old default namespace lookup API on the default registry to find a proper FQN for a legacy provider provider address during installation. If it's given a non-legacy provider address then it just returns the given address verbatim, so any codepath using it will also correctly handle explicit full provider addresses. This also means it will automatically self-disable once we stop using addrs.NewLegacyProvider in the config loader, because there will therefore no longer be any legacy provider addresses in the config to resolve. (They'll be "default" provider addresses instead, assumed to be under registry.terraform.io/hashicorp/* ) It's not decided yet whether we will actually introduce the new provider in a minor release, but even if we don't this API function will likely be useful for a hypothetical automatic upgrade tool to introduce explicit full provider addresses into existing modules that currently rely on the equivalent to this lookup in the current provider installer. This is dead code for now, but my intent is that it would either be called as part of new provider installation to produce an address suitable to pass to Source.AvailableVersions, or it would be called from the aforementioned hypothetical upgrade tool. Whatever happens, these functions can be removed no later than one whole major release after the new provider installer is introduced, when everyone's had the opportunity to update their legacy unqualified addresses.
2020-01-22 01:01:49 +01:00
}
internal/getproviders: Query a provider registry Our existing provider installer was originally built to work with releases.hashicorp.com and later retrofitted to talk to the official Terraform Registry. It also assumes a flat namespace of providers. We're starting a new one here, copying and adapting code from the old one as necessary, so that we can build out this new API while retaining all of the existing functionality and then cut over to this new implementation in a later step. Here we're creating a foundational component for the new installer, which is a mechanism to query for the available versions and download locations of a particular provider. Subsequent commits in this package will introduce other Source implementations for installing from network and filesystem mirrors.
2019-12-20 02:24:14 +01:00
func (c *registryClient) addHeadersToRequest(req *http.Request) {
if c.creds != nil {
c.creds.PrepareRequest(req)
}
req.Header.Set(terraformVersionHeader, version.String())
}
func (c *registryClient) errQueryFailed(provider addrs.Provider, err error) error {
return ErrQueryFailed{
Provider: provider,
Wrapped: err,
}
}
func (c *registryClient) errUnauthorized(hostname svchost.Hostname) error {
return ErrUnauthorized{
Hostname: hostname,
HaveCredentials: c.creds != nil,
}
}
internal: Verify provider signatures on install Providers installed from the registry are accompanied by a list of checksums (the "SHA256SUMS" file), which is cryptographically signed to allow package authentication. The process of verifying this has multiple steps: - First we must verify that the SHA256 hash of the package archive matches the expected hash. This could be done for local installations too, in the future. - Next we ensure that the expected hash returned as part of the registry API response matches an entry in the checksum list. - Finally we verify the cryptographic signature of the checksum list, using the public keys provided by the registry. Each of these steps is implemented as a separate PackageAuthentication type. The local archive installation mechanism uses only the archive checksum authenticator, and the HTTP installation uses all three in the order given. The package authentication system now also returns a result value, which is used by command/init to display the result of the authentication process. There are three tiers of signature, each of which is presented differently to the user: - Signatures from the embedded HashiCorp public key indicate that the provider is officially supported by HashiCorp; - If the signing key is not from HashiCorp, it may have an associated trust signature, which indicates that the provider is from one of HashiCorp's trusted partners; - Otherwise, if the signature is valid, this is a community provider.
2020-04-08 22:22:07 +02:00
func (c *registryClient) getFile(url *url.URL) ([]byte, error) {
resp, err := c.httpClient.Get(url.String())
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("%s", resp.Status)
}
data, err := ioutil.ReadAll(resp.Body)
if err != nil {
return data, err
}
return data, nil
}
internal/getproviders: Retry failed HTTP requests This is a port of the retry/timeout logic added in #24260 and #24259, using the same environment variables to configure the retry and timeout settings.
2020-05-11 16:05:33 +02:00
// configureDiscoveryRetry configures the number of retries the registry client
// will attempt for requests with retryable errors, like 502 status codes
func configureDiscoveryRetry() {
discoveryRetry = defaultRetry
if v := os.Getenv(registryDiscoveryRetryEnvName); v != "" {
retry, err := strconv.Atoi(v)
if err == nil && retry > 0 {
discoveryRetry = retry
}
}
}
func requestLogHook(logger retryablehttp.Logger, req *http.Request, i int) {
if i > 0 {
logger.Printf("[INFO] Previous request to the remote registry failed, attempting retry.")
}
}
func maxRetryErrorHandler(resp *http.Response, err error, numTries int) (*http.Response, error) {
// Close the body per library instructions
if resp != nil {
resp.Body.Close()
}
// Additional error detail: if we have a response, use the status code;
// if we have an error, use that; otherwise nothing. We will never have
// both response and error.
var errMsg string
if resp != nil {
errMsg = fmt.Sprintf(": %d", resp.StatusCode)
} else if err != nil {
errMsg = fmt.Sprintf(": %s", err)
}
// This function is always called with numTries=RetryMax+1. If we made any
// retry attempts, include that in the error message.
if numTries > 1 {
return resp, fmt.Errorf("the request failed after %d attempts, please try again later%s",
numTries, errMsg)
}
return resp, fmt.Errorf("the request failed, please try again later%s", errMsg)
}
// configureRequestTimeout configures the registry client request timeout from
// environment variables
func configureRequestTimeout() {
requestTimeout = defaultRequestTimeout
if v := os.Getenv(registryClientTimeoutEnvName); v != "" {
timeout, err := strconv.Atoi(v)
if err == nil && timeout > 0 {
requestTimeout = time.Duration(timeout) * time.Second
}
}
}