Documentation ¶
Index ¶
- Constants
- Variables
- func CleanupClients()
- func Serve(opts *ServeConfig)
- type Client
- type ClientConfig
- type ClientProtocol
- type GRPCBroker
- func (b *GRPCBroker) Accept(id uint32) (net.Listener, error)
- func (b *GRPCBroker) AcceptAndServe(id uint32, s func([]grpc.ServerOption) *grpc.Server)
- func (b *GRPCBroker) Close() error
- func (b *GRPCBroker) Dial(id uint32) (conn *grpc.ClientConn, err error)
- func (m *GRPCBroker) NextId() uint32
- func (m *GRPCBroker) Run()
- type GRPCClient
- type GRPCServer
- type GRPCServerConfig
- type HandshakeConfig
- type Plugin
- type PluginSet
- type ReattachConfig
- type SecureConfig
- type ServeConfig
- type ServerProtocol
- type UnixSocketConfig
Constants ¶
const ( // EnvUnixSocketDir specifies the directory that _plugins_ should create unix // sockets in. Does not affect client behavior. EnvUnixSocketDir = "PLUGIN_UNIX_SOCKET_DIR" // EnvUnixSocketGroup specifies the owning, writable group to set for Unix // sockets created by _plugins_. Does not affect client behavior. EnvUnixSocketGroup = "PLUGIN_UNIX_SOCKET_GROUP" )
const CoreProtocolVersion = 1
CoreProtocolVersion is the ProtocolVersion of the plugin system itself. We will increment this whenever we change any protocol behavior. This will invalidate any prior plugins but will at least allow us to iterate on the core in a safe way. We will do our best to do this very infrequently.
const GRPCServiceName = "plugin"
GRPCServiceName is the name of the service that the health check should return as passing.
Variables ¶
var ( // ErrProcessNotFound is returned when a client is instantiated to // reattach to an existing process and it isn't found. ErrProcessNotFound = cmdrunner.ErrProcessNotFound // ErrChecksumsDoNotMatch is returned when binary's checksum doesn't match // the one provided in the SecureConfig. ErrChecksumsDoNotMatch = errors.New("checksums did not match") // ErrSecureNoChecksum is returned when an empty checksum is provided to the // SecureConfig. ErrSecureConfigNoChecksum = errors.New("no checksum provided") // ErrSecureNoHash is returned when a nil Hash object is provided to the // SecureConfig. ErrSecureConfigNoHash = errors.New("no hash implementation provided") // ErrSecureConfigAndReattach is returned when both Reattach and // SecureConfig are set. ErrSecureConfigAndReattach = errors.New("only one of Reattach or SecureConfig can be set") )
Error types
var Killed uint32 = 0
If this is 1, then we've called CleanupClients. This can be used by plugin RPC implementations to change error behavior since you can expected network connection errors at this point. This should be read by using sync/atomic.
Functions ¶
func CleanupClients ¶
func CleanupClients()
This makes sure all the managed subprocesses are killed and properly logged. This should be called before the parent process running the plugins exits.
This must only be called _once_.
func Serve ¶
func Serve(opts *ServeConfig)
Serve serves the plugins given by ServeConfig.
Serve doesn't return until the plugin is done being executed. Any fixable errors will be output to os.Stderr and the process will exit with a status code of 1. Serve will panic for unexpected conditions where a user's fix is unknown.
This is the method that plugins should call in their main() functions.
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client handles the lifecycle of a plugin application. It launches plugins, connects to them, dispenses interface implementations, and handles killing the process.
Plugin hosts should use one Client for each plugin executable. To dispense a plugin type, use the `Client.Client` function, and then cal `Dispense`. This awkward API is mostly historical but is used to split the client that deals with subprocess management and the client that does RPC management.
See NewClient and ClientConfig for using a Client.
func NewClient ¶
func NewClient(config *ClientConfig) (c *Client)
Creates a new plugin client which manages the lifecycle of an external plugin and gets the address for the RPC connection.
The client must be cleaned up at some point by calling Kill(). If the client is a managed client (created with ClientConfig.Managed) you can just call CleanupClients at the end of your program and they will be properly cleaned.
func (*Client) Client ¶
func (c *Client) Client() (ClientProtocol, error)
Client returns the protocol client for this connection.
Subsequent calls to this will return the same client.
func (*Client) ID ¶
ID returns a unique ID for the running plugin. By default this is the process ID (pid), but it could take other forms if RunnerFunc was provided.
func (*Client) Kill ¶
func (c *Client) Kill()
End the executing subprocess (if it is running) and perform any cleanup tasks necessary such as capturing any remaining logs and so on.
This method blocks until the process successfully exits.
This method can safely be called multiple times.
func (*Client) NegotiatedVersion ¶
NegotiatedVersion returns the protocol version negotiated with the server. This is only valid after Start() is called.
func (*Client) Start ¶
Start the underlying subprocess, communicating with it to negotiate a port for RPC connections, and returning the address to connect via RPC.
This method is safe to call multiple times. Subsequent calls have no effect. Once a client has been started once, it cannot be started again, even if it was killed.
type ClientConfig ¶
type ClientConfig struct { // HandshakeConfig is the configuration that must match servers. HandshakeConfig // VersionedPlugins is a map of PluginSets for specific protocol versions. // These can be used to negotiate a compatible version between client and // server. If this is set, Handshake.ProtocolVersion is not required. VersionedPlugins map[int]PluginSet // One of the following must be set, but not both. // // Cmd is the unstarted subprocess for starting the plugin. If this is // set, then the Client starts the plugin process on its own and connects // to it. // // Reattach is configuration for reattaching to an existing plugin process // that is already running. This isn't common. Cmd *exec.Cmd Reattach *ReattachConfig // RunnerFunc allows consumers to provide their own implementation of // runner.Runner and control the context within which a plugin is executed. // The cmd argument will have been copied from the config and populated with // environment variables that a go-plugin server expects to read such as // AutoMTLS certs and the magic cookie key. RunnerFunc func(l *slog.Logger, cmd *exec.Cmd, tmpDir string) (runner.Runner, error) // SecureConfig is configuration for verifying the integrity of the // executable. It can not be used with Reattach. SecureConfig *SecureConfig // TLSConfig is used to enable TLS on the RPC client. TLSConfig *tls.Config // Managed represents if the client should be managed by the // plugin package or not. If true, then by calling CleanupClients, // it will automatically be cleaned up. Otherwise, the client // user is fully responsible for making sure to Kill all plugin // clients. By default the client is _not_ managed. Managed bool // The minimum and maximum port to use for communicating with // the subprocess. If not set, this defaults to 10,000 and 25,000 // respectively. MinPort, MaxPort uint // StartTimeout is the timeout to wait for the plugin to say it // has started successfully. StartTimeout time.Duration // If non-nil, then the stderr of the client will be written to here // (as well as the log). This is the original os.Stderr of the subprocess. // This isn't the output of synced stderr. Stderr io.Writer // SyncStdout, SyncStderr can be set to override the // respective os.Std* values in the plugin. Care should be taken to // avoid races here. If these are nil, then this will be set to // ioutil.Discard. SyncStdout io.Writer SyncStderr io.Writer // Logger is the logger that the client will used. If none is provided, // it will default to hclog's default logger. Logger *slog.Logger // AutoMTLS has the client and server automatically negotiate mTLS for // transport authentication. This ensures that only the original client will // be allowed to connect to the server, and all other connections will be // rejected. The client will also refuse to connect to any server that isn't // the original instance started by the client. // // In this mode of operation, the client generates a one-time use tls // certificate, sends the public x.509 certificate to the new server, and // the server generates a one-time use tls certificate, and sends the public // x.509 certificate back to the client. These are used to authenticate all // rpc connections between the client and server. // // Setting AutoMTLS to true implies that the server must support the // protocol, and correctly negotiate the tls certificates, or a connection // failure will result. // // The client should not set TLSConfig, nor should the server set a // TLSProvider, because AutoMTLS implies that a new certificate and tls // configuration will be generated at startup. // // You cannot Reattach to a server with this option enabled. AutoMTLS bool // GRPCDialOptions allows plugin users to pass custom grpc.DialOption // to create gRPC connections. This only affects plugins using the gRPC // protocol. GRPCDialOptions []grpc.DialOption // SkipHostEnv allows plugins to run without inheriting the parent process' // environment variables. SkipHostEnv bool // UnixSocketConfig configures additional options for any Unix sockets // that are created. Not normally required. Not supported on Windows. UnixSocketConfig *UnixSocketConfig }
ClientConfig is the configuration used to initialize a new plugin client. After being used to initialize a plugin client, that configuration must not be modified again.
type ClientProtocol ¶
type ClientProtocol interface { io.Closer // Dispense dispenses a new instance of the plugin with the given name. Dispense(string) (interface{}, error) // Ping checks that the client connection is still healthy. Ping() error }
ClientProtocol is an interface that must be implemented for new plugin protocols to be clients.
type GRPCBroker ¶
GRPCBroker is responsible for brokering connections by unique ID.
It is used by plugins to create multiple gRPC connections and data streams between the plugin process and the host process.
This allows a plugin to request a channel with a specific ID to connect to or accept a connection from, and the broker handles the details of holding these channels open while they're being negotiated.
The Plugin interface has access to these for both Server and Client. The broker can be used by either (optionally) to reserve and connect to new streams. This is useful for complex args and return values, or anything else you might need a data stream for.
func (*GRPCBroker) Accept ¶
func (b *GRPCBroker) Accept(id uint32) (net.Listener, error)
Accept accepts a connection by ID.
This should not be called multiple times with the same ID at one time.
func (*GRPCBroker) AcceptAndServe ¶
func (b *GRPCBroker) AcceptAndServe(id uint32, s func([]grpc.ServerOption) *grpc.Server)
AcceptAndServe is used to accept a specific stream ID and immediately serve a gRPC server on that stream ID. This is used to easily serve complex arguments. Each AcceptAndServe call opens a new listener socket and sends the connection info down the stream to the dialer. Since a new connection is opened every call, these calls should be used sparingly. Multiple gRPC server implementations can be registered to a single AcceptAndServe call.
func (*GRPCBroker) Close ¶
func (b *GRPCBroker) Close() error
Close closes the stream and all servers.
func (*GRPCBroker) Dial ¶
func (b *GRPCBroker) Dial(id uint32) (conn *grpc.ClientConn, err error)
Dial opens a connection by ID.
func (*GRPCBroker) NextId ¶
func (m *GRPCBroker) NextId() uint32
NextId returns a unique ID to use next.
It is possible for very long-running plugin hosts to wrap this value, though it would require a very large amount of calls. In practice we've never seen it happen.
func (*GRPCBroker) Run ¶
func (m *GRPCBroker) Run()
Run starts the brokering and should be executed in a goroutine, since it blocks forever, or until the session closes.
Uses of GRPCBroker never need to call this. It is called internally by the plugin host/client.
type GRPCClient ¶
type GRPCClient struct { Conn *grpc.ClientConn Plugins map[string]Plugin // contains filtered or unexported fields }
GRPCClient connects to a GRPCServer over gRPC to dispense plugin types.
func (*GRPCClient) Dispense ¶
func (c *GRPCClient) Dispense(name string) (interface{}, error)
ClientProtocol impl.
type GRPCServer ¶
type GRPCServer struct { // Plugins are the list of plugins to serve. Plugins map[string]Plugin // Server is the actual server that will accept connections. This // will be used for plugin registration as well. Server func([]grpc.ServerOption) *grpc.Server // TLS should be the TLS configuration if available. If this is nil, // the connection will not have transport security. TLS *tls.Config // DoneCh is the channel that is closed when this server has exited. DoneCh chan struct{} // Stdout/StderrLis are the readers for stdout/stderr that will be copied // to the stdout/stderr connection that is output. Stdout io.Reader Stderr io.Reader // contains filtered or unexported fields }
GRPCServer is a ServerType implementation that serves plugins over gRPC. This allows plugins to easily be written for other languages.
The GRPCServer outputs a custom configuration as a base64-encoded JSON structure represented by the GRPCServerConfig config structure.
func (*GRPCServer) Config ¶
func (s *GRPCServer) Config() string
Config is the GRPCServerConfig encoded as JSON then base64.
func (*GRPCServer) GracefulStop ¶
func (s *GRPCServer) GracefulStop()
GracefulStop calls GracefulStop on the underlying grpc.Server and Close on the underlying grpc.Broker if present.
func (*GRPCServer) Serve ¶
func (s *GRPCServer) Serve(lis net.Listener)
func (*GRPCServer) Stop ¶
func (s *GRPCServer) Stop()
Stop calls Stop on the underlying grpc.Server and Close on the underlying grpc.Broker if present.
type GRPCServerConfig ¶
type GRPCServerConfig struct { StdoutAddr string `json:"stdout_addr"` StderrAddr string `json:"stderr_addr"` }
GRPCServerConfig is the extra configuration passed along for consumers to facilitate using GRPC plugins.
type HandshakeConfig ¶
type HandshakeConfig struct { // MagicCookieKey and value are used as a very basic verification // that a plugin is intended to be launched. This is not a security // measure, just a UX feature. If the magic cookie doesn't match, // we show human-friendly output. MagicCookieKey string MagicCookieValue string }
HandshakeConfig is the configuration used by client and servers to handshake before starting a plugin connection. This is embedded by both ServeConfig and ClientConfig.
In practice, the plugin host creates a HandshakeConfig that is exported and plugins then can easily consume it.
type Plugin ¶
type Plugin interface { // GRPCServer should register this plugin for serving with the // given GRPCServer. Unlike Plugin.Server, this is only called once // since gRPC plugins serve singletons. GRPCServer(*GRPCBroker, *grpc.Server) error // GRPCClient should return the interface implementation for the plugin // you're serving via gRPC. The provided context will be canceled by // go-plugin in the event of the plugin process exiting. GRPCClient(context.Context, *GRPCBroker, *grpc.ClientConn) (interface{}, error) }
Plugin is the interface that is implemented to serve/connect to a plugin over gRPC.
type ReattachConfig ¶
type ReattachConfig struct { ProtocolVersion int Addr net.Addr Pid int // ReattachFunc allows consumers to provide their own implementation of // runner.AttachedRunner and attach to something other than a plain process. // At least one of Pid or ReattachFunc must be set. ReattachFunc runner.ReattachFunc // Test is set to true if this is reattaching to to a plugin in "test mode" // (see ServeConfig.Test). In this mode, client.Kill will NOT kill the // process and instead will rely on the plugin to terminate itself. This // should not be used in non-test environments. Test bool }
ReattachConfig is used to configure a client to reattach to an already-running plugin process. You can retrieve this information by calling ReattachConfig on Client.
type SecureConfig ¶
SecureConfig is used to configure a client to verify the integrity of an executable before running. It does this by verifying the checksum is expected. Hash is used to specify the hashing method to use when checksumming the file. The configuration is verified by the client by calling the SecureConfig.Check() function.
The host process should ensure the checksum was provided by a trusted and authoritative source. The binary should be installed in such a way that it can not be modified by an unauthorized user between the time of this check and the time of execution.
type ServeConfig ¶
type ServeConfig struct { // HandshakeConfig is the configuration that must match clients. HandshakeConfig // TLSProvider is a function that returns a configured tls.Config. TLSProvider func() (*tls.Config, error) // VersionedPlugins is a map of PluginSets for specific protocol versions. // These can be used to negotiate a compatible version between client and // server. If this is set, Handshake.ProtocolVersion is not required. VersionedPlugins map[int]PluginSet // GRPCServer should be non-nil to enable serving the plugins over // gRPC. This is a function to create the server when needed with the // given server options. The server options populated by go-plugin will // be for TLS if set. You may modify the input slice. // // Note that the grpc.Server will automatically be registered with // the gRPC health checking service. This is not optional since go-plugin // relies on this to implement Ping(). GRPCServer func([]grpc.ServerOption) *grpc.Server // Logger is used to pass a logger into the server. If none is provided the // server will create a default logger. Logger *slog.Logger }
ServeConfig configures what sorts of plugins are served.
type ServerProtocol ¶
type ServerProtocol interface { // Init is called once to configure and initialize the protocol, but // not start listening. This is the point at which all validation should // be done and errors returned. Init() error // Config is extra configuration to be outputted to stdout. This will // be automatically base64 encoded to ensure it can be parsed properly. // This can be an empty string if additional configuration is not needed. Config() string // Serve is called to serve connections on the given listener. This should // continue until the listener is closed. Serve(net.Listener) }
ServerProtocol is an interface that must be implemented for new plugin protocols to be servers.
type UnixSocketConfig ¶
type UnixSocketConfig struct { // If set, go-plugin will change the owner of any Unix sockets created to // this group, and set them as group-writable. Can be a name or gid. The // client process must be a member of this group or chown will fail. Group string // TempDir specifies the base directory to use when creating a plugin-specific // temporary directory. It is expected to already exist and be writable. If // not set, defaults to the directory chosen by os.MkdirTemp. TempDir string // contains filtered or unexported fields }