Documentation ¶
Overview ¶
Package internal is code only for consumption from within the otf project.
Index ¶
- Constants
- Variables
- func AddSkipAuthz(ctx context.Context) context.Context
- func AddSubjectToContext(ctx context.Context, subj Subject) context.Context
- func Bool(b bool) *bool
- func ConvertID(id, resource string) string
- func CredentialEnv(hostname string, token []byte) string
- func CredentialEnvKey(hostname string) string
- func CurrentTimestamp(now *time.Time) time.Time
- func Decrypt(encrypted string, secret []byte) ([]byte, error)
- func DiffStrings(a, b []string) []string
- func Encrypt(plaintext, secret []byte) (string, error)
- func Exists(path string) bool
- func FromStringCSV[T ~string](csv string) (to []T)
- func FromStringSlice[T ~string](from []string) (to []T)
- func GenerateRandomString(size int) string
- func GenerateToken() (string, error)
- func GetID(s any) (string, bool)
- func GetOutboundIP() (net.IP, error)
- func Int(i int) *int
- func Int64(i int64) *int64
- func NewAllowAllAuthorizer() *allowAllAuthorizer
- func NewHostnameService(hostname string) *hostnameService
- func NewID(rtype string) string
- func NewSigner(secret []byte) *surl.Signer
- func NewStringFromPtr(s *string) string
- func NormalizeAddress(addr *net.TCPAddr) string
- func Pack(src string) ([]byte, error)
- func ParseBranchRef(ref string) (string, bool)
- func ParseRef(ref string) (string, bool)
- func RemoveBackendBlock(f *hclwrite.File) bool
- func RewriteHCL(modulePath string, operations ...hclOperation) error
- func SSLCertsDir() string
- func SafeAppend(a []string, b ...string) []string
- func SkipAuthz(ctx context.Context) bool
- func SplitCSV(csv string) []string
- func String(str string) *string
- func StripAnsi(str string) string
- func Time(t time.Time) *time.Time
- func ToStringSlice[T ~string](from []T) (to []string)
- func UInt(i uint) *uint
- func UUID(u uuid.UUID) *uuid.UUID
- func Unpack(r io.Reader, dst string) error
- func ValidStringID(v *string) bool
- func VerifySignedURL(v Verifier) mux.MiddlewareFunc
- type Authorizer
- type Cache
- type Chunk
- type ForeignKeyError
- type GetChunkOptions
- type HTTPError
- type Handlers
- type HostnameService
- type InvalidParameterError
- type MissingParameterError
- type Nobody
- func (*Nobody) CanAccessOrganization(rbac.Action, string) bool
- func (*Nobody) CanAccessSite(action rbac.Action) bool
- func (*Nobody) CanAccessTeam(rbac.Action, string) bool
- func (*Nobody) CanAccessWorkspace(rbac.Action, WorkspacePolicy) bool
- func (s *Nobody) ID() string
- func (s *Nobody) IsOwner(string) bool
- func (s *Nobody) IsSiteAdmin() bool
- func (s *Nobody) Organizations() []string
- func (s *Nobody) String() string
- type PhaseType
- type PutChunkOptions
- type PutChunkService
- type SafeMap
- type Signer
- type SiteAuthorizer
- type Subject
- type Superuser
- func (*Superuser) CanAccessOrganization(rbac.Action, string) bool
- func (*Superuser) CanAccessSite(action rbac.Action) bool
- func (*Superuser) CanAccessTeam(rbac.Action, string) bool
- func (*Superuser) CanAccessWorkspace(rbac.Action, WorkspacePolicy) bool
- func (s *Superuser) ID() string
- func (s *Superuser) IsOwner(string) bool
- func (s *Superuser) IsSiteAdmin() bool
- func (s *Superuser) Organizations() []string
- func (s *Superuser) String() string
- type Verifier
- type WorkspacePermission
- type WorkspacePolicy
Constants ¶
const ( STX = 0x02 // marks the beginning of logs for a phase ETX = 0x03 // marks the end of logs for a phase )
const DefaultSSLCertsDir = "/etc/ssl/certs/ca-certificates.crt"
Variables ¶
var ( // ErrAccessNotPermitted is returned when an authorization check fails. ErrAccessNotPermitted = errors.New("access to the resource is not permitted") ErrUnauthorized = errors.New("unauthorized") // ErrResourceNotFound is returned when a receiving a 404. ErrResourceNotFound = errors.New("resource not found") // ErrResourceAlreadyExists is returned when attempting to create a resource // that already exists. ErrResourceAlreadyExists = errors.New("resource already exists") // ErrRequiredName is returned when a name option is not present. ErrRequiredName = errors.New("name is required") // ErrInvalidName is returned when the name option has invalid value. ErrInvalidName = errors.New("invalid value for name") // ErrEmptyValue is returned when a value is set to an empty string ErrEmptyValue = errors.New("value cannot be empty") // ErrUploadTooLarge is returned when a user attempts to upload data that // is too large. ErrUploadTooLarge = errors.New("upload is too large") // ErrTimeout is returned when a request exceeds a timeout. ErrTimeout = errors.New("request timed out") // ErrConflict is returned when a requests attempts to either create a // resource with an identifier that already exists, or if an invalid state // transition is attempted ErrConflict = errors.New("resource conflict detected") )
Generic errors
var ( // ErrInvalidTerraformVersion is returned when a terraform version string is // not a semantic version string (major.minor.patch). ErrInvalidTerraformVersion = errors.New("invalid terraform version") // ErrRequiredOrg is returned when the organization option is not present ErrRequiredOrg = errors.New("organization is required") ErrStatusTimestampNotFound = errors.New("corresponding status timestamp not found") ErrInvalidRepo = errors.New("repository path is invalid") )
Resource Errors
var ( ErrWorkspaceAlreadyLocked = errors.New("workspace already locked") ErrWorkspaceLockedByDifferentUser = errors.New("workspace locked by different user") ErrWorkspaceLockedByRun = errors.New("workspace is locked by Run") ErrWorkspaceAlreadyUnlocked = errors.New("workspace already unlocked") ErrWorkspaceUnlockDenied = errors.New("unauthorized to unlock workspace") ErrWorkspaceInvalidLock = errors.New("invalid workspace lock") ErrUnsupportedTerraformVersion = errors.New("unsupported terraform version") )
Workspace errors
var ( ErrRunDiscardNotAllowed = errors.New("run was not paused for confirmation or priority; discard not allowed") ErrRunCancelNotAllowed = errors.New("run was not planning or applying; cancel not allowed") ErrRunForceCancelNotAllowed = errors.New("run was not planning or applying, has not been canceled non-forcefully, or the cool-off period has not yet passed") // ErrPhaseAlreadyStarted = errors.New("phase already started") )
Run errors
var ( // Build-time parameters set -ldflags Version = "unknown" Commit = "unknown" Built = "unknown" )
var DefaultCacheTTL = 10 * time.Minute
DefaultCacheTTL is the default TTL for cached objects
var ReStringID = regexp.MustCompile(`^[a-zA-Z0-9\-\._]+$`)
ReStringID is a regular expression used to validate common string ID patterns.
Functions ¶
func AddSkipAuthz ¶ added in v0.2.0
AddSkipAuthz adds to the context an instruction to skip authorization. Authorizers should obey this instruction using SkipAuthz
func AddSubjectToContext ¶
AddSubjectToContext adds a subject to a context
func ConvertID ¶
ConvertID converts an ID for use with a different resource, e.g. convert run-123 to plan-123.
func CredentialEnv ¶
CredentialEnv returns a host-specific environment variable credential for terraform.
func CredentialEnvKey ¶
CredentialEnvKey returns the environment variable key for an API token specific to the given hostname.
func CurrentTimestamp ¶
CurrentTimestamp is *the* way to get a current timestamps in OTF and time.Now() should be avoided.
We want timestamps to be rounded to nearest millisecond so that they can be persisted/serialised and not lose precision thereby making comparisons and testing easier.
We also want timestamps to be in the UTC time zone. Again it makes testing easier because libs such as testify's assert use DeepEqual rather than time.Equal to compare times (and structs containing times). That means the internal representation is compared, including the time zone which may differ even though two times refer to the same instant.
In any case, the time zone of the server is often not of importance, whereas that of the user often is, and conversion to their time zone is necessary regardless.
And the optional now arg gives tests the opportunity to swap out time.Now() with a deterministic time. If it's nil then time.Now() is used.
func Decrypt ¶
Decrypt encrypted string using secret key. The encrypted string must be base64-url-encoded.
func DiffStrings ¶
DiffStrings returns the elements in `a` that aren't in `b`.
func FromStringCSV ¶ added in v0.1.8
FromStringCSV splits a comma-separated string into a slice of type T
func FromStringSlice ¶ added in v0.1.8
func GenerateRandomString ¶
GenerateRandomString generates a random string composed of alphanumeric characters of length size.
func GenerateToken ¶
func GetID ¶
GetID retrieves the ID field of a struct contained in s. If s is not a struct, or there is no ID field, then false is returned.
func GetOutboundIP ¶ added in v0.2.0
GetOutboundIP gets the preferred outbound IP address of this machine.
Credit to: https://stackoverflow.com/a/37382208
func NewAllowAllAuthorizer ¶
func NewAllowAllAuthorizer() *allowAllAuthorizer
func NewHostnameService ¶
func NewHostnameService(hostname string) *hostnameService
func NewID ¶
NewID constructs resource IDs, which are composed of the resource type and a random 16 character string, separated by a hyphen.
func NewStringFromPtr ¶ added in v0.1.9
func NormalizeAddress ¶
NormalizeAddress takes a host:port and converts it into a host:port appropriate for setting as the addressable hostname of otfd, e.g. converting 0.0.0.0 to 127.0.0.1.
func ParseBranchRef ¶
ParseBranchRef parses a git ref expecting it to be a reference to a branch. If it is not then false is returned, otherwise the branch name along with true is returned.
func RemoveBackendBlock ¶
RemoveBackendBlock is an HCL operation that removes terraform remote backend / cloud configuration
func RewriteHCL ¶
RewriteHCL performs HCL surgery on a terraform module.
func SSLCertsDir ¶
func SSLCertsDir() string
SSLCertsDir returns the directory containing CA certificates.
func SafeAppend ¶ added in v0.0.51
SafeAppend appends strings to a slice whilst ensuring the slice is not modified.
func SkipAuthz ¶ added in v0.2.0
SkipAuthz determines whether the context contains an instruction to skip authorization.
func SplitCSV ¶ added in v0.1.8
SplitCSV splits a string with a comma delimited (a "comma-separated-value"). It differs from strings.Split in that if no comma is found an empty slice is returned whereas strings.Split would return a single-element slice containing the original string.
func ToStringSlice ¶ added in v0.1.8
func ValidStringID ¶
ValidStringID checks if the given string pointer is non-nil and contains a typical string identifier.
func VerifySignedURL ¶
func VerifySignedURL(v Verifier) mux.MiddlewareFunc
VerifySignedURL is middleware that verifies signed URLs
Types ¶
type Authorizer ¶
type Authorizer interface {
CanAccess(ctx context.Context, action rbac.Action, id string) (Subject, error)
}
Authorizer is capable of granting or denying access to resources based on the subject contained within the context.
type Chunk ¶
type Chunk struct { ID string `json:"id"` // Uniquely identifies the chunk. RunID string `json:"run_id"` // ID of run that generated the chunk Phase PhaseType `json:"phase"` // Phase that generated the chunk Offset int `json:"offset"` // Position within logs. Data []byte `json:"data"` // The log data }
Chunk is a section of logs for a phase.
func (Chunk) NextOffset ¶
NextOffset returns the offset for the next chunk
type ForeignKeyError ¶
ForeignKeyError occurs when there is a foreign key violation.
func (*ForeignKeyError) Error ¶
func (e *ForeignKeyError) Error() string
type GetChunkOptions ¶
type Handlers ¶
type Handlers interface { // AddHandlers adds http handlers to the router. AddHandlers(*mux.Router) }
Handlers is an http application with handlers
type HostnameService ¶
type HostnameService interface { // Return the OTF hostname. Hostname() string // Set the OTF hostname. SetHostname(string) // Return OTF URL with the given path URL(path string) string }
HostnameService is registry of hostnames
type InvalidParameterError ¶ added in v0.1.4
type InvalidParameterError string
func (InvalidParameterError) Error ¶ added in v0.1.4
func (e InvalidParameterError) Error() string
type MissingParameterError ¶
type MissingParameterError struct {
Parameter string
}
MissingParameterError occurs when the caller has failed to provide a required parameter
func (*MissingParameterError) Error ¶
func (e *MissingParameterError) Error() string
type Nobody ¶ added in v0.2.0
type Nobody struct {
Username string
}
Nobody is a subject with no privileges.
func (*Nobody) CanAccessOrganization ¶ added in v0.2.0
func (*Nobody) CanAccessSite ¶ added in v0.2.0
func (*Nobody) CanAccessTeam ¶ added in v0.2.0
func (*Nobody) CanAccessWorkspace ¶ added in v0.2.0
func (*Nobody) CanAccessWorkspace(rbac.Action, WorkspacePolicy) bool
func (*Nobody) IsSiteAdmin ¶ added in v0.2.0
func (*Nobody) Organizations ¶ added in v0.2.0
type PutChunkOptions ¶
type PutChunkService ¶
type PutChunkService interface {
PutChunk(ctx context.Context, opts PutChunkOptions) error
}
type SafeMap ¶ added in v0.1.14
type SafeMap[K comparable, V any] struct { // contains filtered or unexported fields }
SafeMap is a concurrency-safe map
func NewSafeMap ¶ added in v0.1.14
func NewSafeMap[K comparable, V any]() *SafeMap[K, V]
NewSafeMap constructs an empty SafeMap, with the given key and value types.
type SiteAuthorizer ¶
SiteAuthorizer authorizes access to site-wide actions
type Subject ¶
type Subject interface { CanAccessSite(action rbac.Action) bool CanAccessTeam(action rbac.Action, id string) bool CanAccessOrganization(action rbac.Action, name string) bool CanAccessWorkspace(action rbac.Action, policy WorkspacePolicy) bool IsOwner(organization string) bool IsSiteAdmin() bool // Organizations returns subject's organization memberships Organizations() []string String() string }
Subject is an entity that carries out actions on resources.
type Superuser ¶
type Superuser struct {
Username string
}
Superuser is a subject with unlimited privileges.
func (*Superuser) CanAccessOrganization ¶
func (*Superuser) CanAccessTeam ¶ added in v0.1.15
func (*Superuser) CanAccessWorkspace ¶
func (*Superuser) CanAccessWorkspace(rbac.Action, WorkspacePolicy) bool
func (*Superuser) IsSiteAdmin ¶
func (*Superuser) Organizations ¶
type WorkspacePermission ¶
WorkspacePermission binds a role to a team.
type WorkspacePolicy ¶
type WorkspacePolicy struct { Organization string WorkspaceID string Permissions []WorkspacePermission // Whether workspace permits its state to be consumed by all workspaces in // the organization. GlobalRemoteState bool }
WorkspacePolicy binds workspace permissions to a workspace
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package agent contains code related to agents
|
Package agent contains code related to agents |
Package api provides commmon functionality for the OTF API
|
Package api provides commmon functionality for the OTF API |
Package authenticator is responsible for handling the authentication of users with third party identity providers.
|
Package authenticator is responsible for handling the authentication of users with third party identity providers. |
Package cli provides the CLI client, i.e.
|
Package cli provides the CLI client, i.e. |
Package configversion handles terraform configurations.
|
Package configversion handles terraform configurations. |
Package connections manages connections between VCS repositories and OTF resources, e.g.
|
Package connections manages connections between VCS repositories and OTF resources, e.g. |
Package daemon configures and starts the otfd daemon and its subsystems.
|
Package daemon configures and starts the otfd daemon and its subsystems. |
Package disco implements terraform's "remote service discovery protocol":
|
Package disco implements terraform's "remote service discovery protocol": |
Package ghapphandler provides a handler for the github app webhook endpoint.
|
Package ghapphandler provides a handler for the github app webhook endpoint. |
Package github provides github related code
|
Package github provides github related code |
Package gitlab provides gitlab related code
|
Package gitlab provides gitlab related code |
Package http provides an HTTP interface allowing HTTP clients to interact with otf.
|
Package http provides an HTTP interface allowing HTTP clients to interact with otf. |
decode
Package decode contains decoders for various HTTP artefacts
|
Package decode contains decoders for various HTTP artefacts |
html
Package html contains code relating specifically to the web UI.
|
Package html contains code relating specifically to the web UI. |
html/paths
Package paths provides rails-style path helpers for use with the web app.
|
Package paths provides rails-style path helpers for use with the web app. |
Package inmem implements a layer of services in memory using purely Go constructs.
|
Package inmem implements a layer of services in memory using purely Go constructs. |
Package integration provides inter-service integration tests.
|
Package integration provides inter-service integration tests. |
Package json provides helpers for the JSON encoding.
|
Package json provides helpers for the JSON encoding. |
Package loginserver implements a "terraform login protocol" server:
|
Package loginserver implements a "terraform login protocol" server: |
Package logr provides a logger that implements the logr interface
|
Package logr provides a logger that implements the logr interface |
Package logs handles log output from a run
|
Package logs handles log output from a run |
Package module is reponsible for registry modules
|
Package module is reponsible for registry modules |
Package notifications sends notifications for run state transitions and workspace events.
|
Package notifications sends notifications for run state transitions and workspace events. |
Package organization is responsible for OTF organizations
|
Package organization is responsible for OTF organizations |
Package pubsub provides cluster-wide publishing and subscribing of events
|
Package pubsub provides cluster-wide publishing and subscribing of events |
Package rbac is concerned with authorization
|
Package rbac is concerned with authorization |
Package releases manages terraform releases.
|
Package releases manages terraform releases. |
Package repohooks manages webhooks for VCS events
|
Package repohooks manages webhooks for VCS events |
Package resource contains code common to all resources (orgs, workspaces, runs, etc)
|
Package resource contains code common to all resources (orgs, workspaces, runs, etc) |
Package run is responsible for OTF runs, the primary mechanism for executing terraform
|
Package run is responsible for OTF runs, the primary mechanism for executing terraform |
Package scheduler is responsible for the scheduling of runs
|
Package scheduler is responsible for the scheduling of runs |
Package semver wraps golang.org/x/mod/semver, relaxing the requirement for semantic versions to be prefixed with "v".
|
Package semver wraps golang.org/x/mod/semver, relaxing the requirement for semantic versions to be prefixed with "v". |
Package sql implements persistent storage using the postgres database.
|
Package sql implements persistent storage using the postgres database. |
Package state manages terraform state.
|
Package state manages terraform state. |
Package team manages teams, which are groups of users with shared privileges.
|
Package team manages teams, which are groups of users with shared privileges. |
Package testbrowser provisions web browsers for tests
|
Package testbrowser provisions web browsers for tests |
Package testcompose provides interaction with a docker compose stack of services for testing purposes.
|
Package testcompose provides interaction with a docker compose stack of services for testing purposes. |
Package testutils provides test helpers.
|
Package testutils provides test helpers. |
Package tfeapi provides common functionality useful for implementation of the Hashicorp TFE/TFC API, which uses the json:api encoding
|
Package tfeapi provides common functionality useful for implementation of the Hashicorp TFE/TFC API, which uses the json:api encoding |
types
Package types provides structs suitable for marshaling to/from json:api
|
Package types provides structs suitable for marshaling to/from json:api |
Package tokens manages token authentication
|
Package tokens manages token authentication |
Package user manages user accounts and their team membership.
|
Package user manages user accounts and their team membership. |
Package variable manages terraform workspace variables
|
Package variable manages terraform workspace variables |
Package vcs handles version control system stuff.
|
Package vcs handles version control system stuff. |
Package vcsprovider is responsible for VCS providers
|
Package vcsprovider is responsible for VCS providers |
Package workspace provides access to terraform workspaces
|
Package workspace provides access to terraform workspaces |