terraform/remote/atlas.go

package remote

import (
	"bytes"
	"crypto/md5"
	"encoding/base64"
	"fmt"
	"io"
	"net/http"
	"net/url"
	"os"
	"path"
	"strings"
)

const (
	// defaultAtlasServer is used when no address is given
	defaultAtlasServer = "https://atlas.hashicorp.com/"
)

// AtlasRemoteClient implements the RemoteClient interface
// for an Atlas compatible server.
type AtlasRemoteClient struct {
	server      string
	serverURL   *url.URL
	user        string
	name        string
	accessToken string
}

func NewAtlasRemoteClient(conf map[string]string) (*AtlasRemoteClient, error) {
	client := &AtlasRemoteClient{}
	if err := client.validateConfig(conf); err != nil {
		return nil, err
	}
	return client, nil
}

func (c *AtlasRemoteClient) validateConfig(conf map[string]string) error {
	server, ok := conf["address"]
	if !ok || server == "" {
		server = defaultAtlasServer
	}
	url, err := url.Parse(server)
	if err != nil {
		return err
	}
	c.server = server
	c.serverURL = url

	token, ok := conf["access_token"]
	if token == "" {
		token = os.Getenv("ATLAS_TOKEN")
		ok = true
	}
	if !ok || token == "" {
		return fmt.Errorf(
			"missing 'access_token' configuration or ATLAS_TOKEN environmental variable")
	}
	c.accessToken = token

	name, ok := conf["name"]
	if !ok || name == "" {
		return fmt.Errorf("missing 'name' configuration")
	}

	parts := strings.Split(name, "/")
	if len(parts) != 2 {
		return fmt.Errorf("malformed name '%s'", name)
	}
	c.user = parts[0]
	c.name = parts[1]
	return nil
}

func (c *AtlasRemoteClient) GetState() (*RemoteStatePayload, error) {
	// Make the HTTP request
	req, err := http.NewRequest("GET", c.url().String(), nil)
	if err != nil {
		return nil, fmt.Errorf("Failed to make HTTP request: %v", err)
	}

	// Request the url
	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		return nil, err
	}
	defer resp.Body.Close()

	// Handle the common status codes
	switch resp.StatusCode {
	case http.StatusOK:
		// Handled after
	case http.StatusNoContent:
		return nil, nil
	case http.StatusNotFound:
		return nil, nil
	case http.StatusUnauthorized:
		return nil, ErrRequireAuth
	case http.StatusForbidden:
		return nil, ErrInvalidAuth
	case http.StatusInternalServerError:
		return nil, ErrRemoteInternal
	default:
		return nil, fmt.Errorf("Unexpected HTTP response code %d", resp.StatusCode)
	}

	// Read in the body
	buf := bytes.NewBuffer(nil)
	if _, err := io.Copy(buf, resp.Body); err != nil {
		return nil, fmt.Errorf("Failed to read remote state: %v", err)
	}

	// Create the payload
	payload := &RemoteStatePayload{
		State: buf.Bytes(),
	}

	// Check for the MD5
	if raw := resp.Header.Get("Content-MD5"); raw != "" {
		md5, err := base64.StdEncoding.DecodeString(raw)
		if err != nil {
			return nil, fmt.Errorf("Failed to decode Content-MD5 '%s': %v", raw, err)
		}
		payload.MD5 = md5

	} else {
		// Generate the MD5
		hash := md5.Sum(payload.State)
		payload.MD5 = hash[:md5.Size]
	}

	return payload, nil
}

func (c *AtlasRemoteClient) PutState(state []byte, force bool) error {
	// Get the target URL
	base := c.url()

	// Generate the MD5
	hash := md5.Sum(state)
	b64 := base64.StdEncoding.EncodeToString(hash[:md5.Size])

	// Set the force query parameter if needed
	if force {
		values := base.Query()
		values.Set("force", "true")
		base.RawQuery = values.Encode()
	}

	// Make the HTTP client and request
	req, err := http.NewRequest("PUT", base.String(), bytes.NewReader(state))
	if err != nil {
		return fmt.Errorf("Failed to make HTTP request: %v", err)
	}

	// Prepare the request
	req.Header.Set("Content-MD5", b64)
	req.Header.Set("Content-Type", "application/json")
	req.ContentLength = int64(len(state))

	// Make the request
	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		return fmt.Errorf("Failed to upload state: %v", err)
	}
	defer resp.Body.Close()

	// Handle the error codes
	switch resp.StatusCode {
	case http.StatusOK:
		return nil
	case http.StatusConflict:
		return ErrConflict
	case http.StatusPreconditionFailed:
		return ErrServerNewer
	case http.StatusUnauthorized:
		return ErrRequireAuth
	case http.StatusForbidden:
		return ErrInvalidAuth
	case http.StatusInternalServerError:
		return ErrRemoteInternal
	default:
		return fmt.Errorf("Unexpected HTTP response code %d", resp.StatusCode)
	}
}

func (c *AtlasRemoteClient) DeleteState() error {
	// Make the HTTP request
	req, err := http.NewRequest("DELETE", c.url().String(), nil)
	if err != nil {
		return fmt.Errorf("Failed to make HTTP request: %v", err)
	}

	// Make the request
	resp, err := http.DefaultClient.Do(req)
	if err != nil {
		return fmt.Errorf("Failed to delete state: %v", err)
	}
	defer resp.Body.Close()

	// Handle the error codes
	switch resp.StatusCode {
	case http.StatusOK:
		return nil
	case http.StatusNoContent:
		return nil
	case http.StatusNotFound:
		return nil
	case http.StatusUnauthorized:
		return ErrRequireAuth
	case http.StatusForbidden:
		return ErrInvalidAuth
	case http.StatusInternalServerError:
		return ErrRemoteInternal
	}

	return fmt.Errorf("Unexpected HTTP response code %d", resp.StatusCode)
}

func (c *AtlasRemoteClient) url() *url.URL {
	return &url.URL{
		Scheme:   c.serverURL.Scheme,
		Host:     c.serverURL.Host,
		Path:     path.Join("api/v1/terraform/state", c.user, c.name),
		RawQuery: fmt.Sprintf("access_token=%s", c.accessToken),
	}
}