Affected by GO-2024-3010 and 2 other vulnerabilities

GO-2024-3010: CVE-2024-6984 in github.com/juju/juju

GO-2024-3040: Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm in github.com/juju/juju

GO-2024-3175: Vulnerable juju introspection abstract UNIX domain socket in github.com/juju/juju

lxd

package

v0.0.0-...-6dcaeb9 Latest Latest Go to latest Published: Nov 26, 2024 License: AGPL-3.0 Imports: 66 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/juju/juju

Documentation ¶

Index ¶

func IsAuthorisationFailure(err error) bool
func NewProvider() environs.CloudEnvironProvider
func ReadLegacyCloudCredentials(readFile func(string) ([]byte, error)) (cloud.Credential, error)
func ValidateAPIVersion(version string) error
type CertificateGenerator
type CertificateReadWriter
type CloudSpec
type InterfaceAddress
type LXCConfig
type LXCConfigReader
type LXCRemoteConfig
type NewHTTPClientFunc
type Server
type ServerFactory
- func NewServerFactory(newHttpFn NewHTTPClientFunc) ServerFactory

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func IsAuthorisationFailure ¶

func IsAuthorisationFailure(err error) bool

IsAuthorisationFailure determines if the given error has an authorisation failure.

func NewProvider ¶

func NewProvider() environs.CloudEnvironProvider

NewProvider returns a new LXD EnvironProvider.

func ReadLegacyCloudCredentials ¶

func ReadLegacyCloudCredentials(readFile func(string) ([]byte, error)) (cloud.Credential, error)

ReadLegacyCloudCredentials reads cloud credentials off disk for an old LXD controller, and returns them as a cloud.Credential with the certificate auth-type.

If the credential files are missing from the filesystem, an error satisfying errors.IsNotFound will be returned.

func ValidateAPIVersion ¶

func ValidateAPIVersion(version string) error

ValidateAPIVersion validates the LXD version.

Types ¶

type CertificateGenerator ¶

type CertificateGenerator interface {
	// Generate creates client or server certificate and key pair,
	// returning them as byte arrays in memory.
	Generate(client bool, addHosts bool) (certPEM, keyPEM []byte, err error)
}

CertificateGenerator groups methods for generating a new certificate

type CertificateReadWriter ¶

type CertificateReadWriter interface {
	// Read takes a path and returns both a cert and key PEM.
	// Returns an error if there was an issue reading the certs.
	Read(path string) (certPEM, keyPEM []byte, err error)

	// Write takes a path and cert, key PEM and stores them.
	// Returns an error if there was an issue writing the certs.
	Write(path string, certPEM, keyPEM []byte) error
}

CertificateReadWriter groups methods that is required to read and write certificates at a given path.

type CloudSpec ¶

type CloudSpec struct {
	environscloudspec.CloudSpec

	// Project specifies the LXD project to target.
	Project string
}

CloudSpec describes the cloud configuration for use with the LXD provider.

type InterfaceAddress ¶

type InterfaceAddress interface {

	// InterfaceAddress looks for the network interface
	// and returns the IPv4 address from the possible addresses.
	// Returns an error if there is an issue locating the interface name or
	// the address associated with it.
	InterfaceAddress(string) (string, error)
}

InterfaceAddress groups methods that is required to find addresses for a given interface

type LXCConfig ¶

type LXCConfig struct {
	DefaultRemote string                     `yaml:"local"`
	Remotes       map[string]LXCRemoteConfig `yaml:"remotes"`
}

LXCConfig represents a configuration setup of a LXC configuration file. The LXCConfig expects the configuration file to be in a yaml representation.

type LXCConfigReader ¶

type LXCConfigReader interface {
	// ReadConfig takes a path and returns a LXCConfig.
	// Returns an error if there is an error with the location of the config
	// file, or there was an error parsing the file.
	ReadConfig(path string) (LXCConfig, error)

	// ReadCert takes a path and returns a raw certificate, there is no
	// validation of the certificate.
	// Returns an error if there is an error with the location of the
	// certificate.
	ReadCert(path string) ([]byte, error)
}

LXCConfigReader reads files required for the LXC configuration.

type LXCRemoteConfig ¶

type LXCRemoteConfig struct {
	Addr     string `yaml:"addr"`
	Public   bool   `yaml:"public"`
	Protocol string `yaml:"protocol"`
	AuthType string `yaml:"auth_type"`
}

LXCRemoteConfig defines a the remote servers of a LXC configuration.

type NewHTTPClientFunc ¶

type NewHTTPClientFunc func() *http.Client

NewHTTPClientFunc is responsible for generating a new http client every time it is called.

type Server ¶

type Server interface {
	FindImage(context.Context, corebase.Base, string, instance.VirtType, []lxd.ServerSpec, bool, environs.StatusCallbackFunc) (lxd.SourcedImage, error)
	GetServer() (server *lxdapi.Server, ETag string, err error)
	ServerVersion() string
	GetConnectionInfo() (info *lxdclient.ConnectionInfo, err error)
	UpdateServerConfig(map[string]string) error
	UpdateContainerConfig(string, map[string]string) error
	CreateCertificate(lxdapi.CertificatesPost) error
	GetCertificate(fingerprint string) (certificate *lxdapi.Certificate, ETag string, err error)
	DeleteCertificate(fingerprint string) (err error)
	CreateClientCertificate(certificate *lxd.Certificate) error
	LocalBridgeName() string
	AliveContainers(prefix string) ([]lxd.Container, error)
	ContainerAddresses(name string) ([]network.ProviderAddress, error)
	RemoveContainer(name string) error
	RemoveContainers(names []string) error
	FilterContainers(prefix string, statuses ...string) ([]lxd.Container, error)
	CreateContainerFromSpec(spec lxd.ContainerSpec) (*lxd.Container, error)
	WriteContainer(*lxd.Container) error
	CreateProfileWithConfig(string, map[string]string) error
	GetProfile(string) (*lxdapi.Profile, string, error)
	GetContainerProfiles(string) ([]string, error)
	HasProfile(string) (bool, error)
	CreateProfile(post lxdapi.ProfilesPost) (err error)
	DeleteProfile(string) (err error)
	ReplaceOrAddContainerProfile(string, string, string) error
	UpdateContainerProfiles(name string, profiles []string) error
	VerifyNetworkDevice(*lxdapi.Profile, string) error
	EnsureDefaultStorage(*lxdapi.Profile, string) error
	StorageSupported() bool
	GetStoragePool(name string) (pool *lxdapi.StoragePool, ETag string, err error)
	GetStoragePools() (pools []lxdapi.StoragePool, err error)
	CreatePool(name, driver string, attrs map[string]string) error
	GetStoragePoolVolume(pool string, volType string, name string) (*lxdapi.StorageVolume, string, error)
	GetStoragePoolVolumes(pool string) (volumes []lxdapi.StorageVolume, err error)
	CreateVolume(pool, name string, config map[string]string) error
	UpdateStoragePoolVolume(pool string, volType string, name string, volume lxdapi.StorageVolumePut, ETag string) error
	DeleteStoragePoolVolume(pool string, volType string, name string) (err error)
	ServerCertificate() string
	HostArch() string
	SupportedArches() []string
	EnableHTTPSListener() error
	GetNICsFromProfile(profName string) (map[string]map[string]string, error)
	IsClustered() bool
	UseTargetServer(name string) (*lxd.Server, error)
	GetClusterMembers() (members []lxdapi.ClusterMember, err error)
	Name() string
	HasExtension(extension string) (exists bool)
	GetNetworks() ([]lxdapi.Network, error)
	GetNetworkState(name string) (*lxdapi.NetworkState, error)
	GetInstance(name string) (*lxdapi.Instance, string, error)
	GetInstanceState(name string) (*lxdapi.InstanceState, string, error)

	// UseProject ensures that this server will use the input project.
	// See: https://documentation.ubuntu.com/lxd/en/latest/projects.
	UseProject(string)
}

Server defines an interface of all localized methods that the environment and provider utilizes.

type ServerFactory ¶

type ServerFactory interface {
	// LocalServer creates a new lxd server and augments and wraps the lxd
	// server, by ensuring sane defaults exist with network, storage.
	LocalServer() (Server, error)

	// LocalServerAddress returns the local servers address from the factory.
	LocalServerAddress() (string, error)

	// RemoteServer creates a new server that connects to a remote lxd server.
	// If the cloudSpec endpoint is nil or empty, it will assume that you want
	// to connection to a local server and will instead use that one.
	RemoteServer(CloudSpec) (Server, error)

	// InsecureRemoteServer creates a new server that connect to a remote lxd
	// server in a insecure manner.
	// If the cloudSpec endpoint is nil or empty, it will assume that you want
	// to connection to a local server and will instead use that one.
	InsecureRemoteServer(CloudSpec) (Server, error)
}

ServerFactory creates a new factory for creating servers that are required by the server.

func NewServerFactory ¶

func NewServerFactory(newHttpFn NewHTTPClientFunc) ServerFactory

NewServerFactory creates a new ServerFactory with sane defaults. A NewHTTPClientFunc is taken as an argument to address LP2003135. Previously we reused the same http client for all LXD connections. This can't happen as the LXD client code modifies the HTTP server.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
lxdnames Package lxdnames provides names for the LXD provider.	Package lxdnames provides names for the LXD provider.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL