Documentation ¶
Overview ¶
Package internal is code only for consumption from within the otf project.
Index ¶
- Constants
- Variables
- func AddSubjectToContext(ctx context.Context, subj Subject) context.Context
- func Bool(b bool) *bool
- func ConvertID(id, resource string) string
- func CredentialEnv(hostname string, token []byte) string
- func CredentialEnvKey(hostname string) string
- func CurrentTimestamp() time.Time
- func Decrypt(encrypted string, secret []byte) ([]byte, error)
- func DiffStrings(a, b []string) []string
- func Encrypt(plaintext, secret []byte) (string, error)
- func Exists(path string) bool
- func FromStringCSV[T ~string](csv string) (to []T)
- func FromStringSlice[T ~string](from []string) (to []T)
- func GenerateRandomString(size int) string
- func GenerateToken() (string, error)
- func GetID(s any) (string, bool)
- func Int(i int) *int
- func Int64(i int64) *int64
- func NewAllowAllAuthorizer() *allowAllAuthorizer
- func NewHostnameService(hostname string) *hostnameService
- func NewID(rtype string) string
- func NewSigner(secret []byte) *surl.Signer
- func NewStringFromPtr(s *string) string
- func NormalizeAddress(addr *net.TCPAddr) string
- func Pack(src string) ([]byte, error)
- func ParseBranchRef(ref string) (string, bool)
- func ParseRef(ref string) (string, bool)
- func RemoveBackendBlock(f *hclwrite.File) bool
- func RewriteHCL(modulePath string, operations ...hclOperation) error
- func SSLCertsDir() string
- func SafeAppend(a []string, b ...string) []string
- func SplitCSV(csv string) []string
- func String(str string) *string
- func StripAnsi(str string) string
- func Time(t time.Time) *time.Time
- func ToStringSlice[T ~string](from []T) (to []string)
- func UInt(i uint) *uint
- func UUID(u uuid.UUID) *uuid.UUID
- func Unpack(r io.Reader, dst string) error
- func ValidStringID(v *string) bool
- func VerifySignedURL(v Verifier) mux.MiddlewareFunc
- type Authorizer
- type Cache
- type Chunk
- type FakeHostnameService
- type ForeignKeyError
- type GetChunkOptions
- type HTTPError
- type Handlers
- type HostnameService
- type InvalidParameterError
- type JSONAPIClient
- type MissingParameterError
- type PhaseType
- type PutChunkOptions
- type PutChunkService
- type RunStatus
- type Signer
- type SiteAuthorizer
- type Subject
- type Superuser
- func (*Superuser) CanAccessOrganization(rbac.Action, string) bool
- func (*Superuser) CanAccessSite(action rbac.Action) bool
- func (*Superuser) CanAccessWorkspace(rbac.Action, WorkspacePolicy) bool
- func (s *Superuser) ID() string
- func (s *Superuser) IsOwner(string) bool
- func (s *Superuser) IsSiteAdmin() bool
- func (s *Superuser) Organizations() []string
- func (s *Superuser) String() string
- type Verifier
- type WorkspacePermission
- type WorkspacePolicy
Constants ¶
const ( STX = 0x02 // marks the beginning of logs for a phase ETX = 0x03 // marks the end of logs for a phase )
const ( PendingPhase PhaseType = "pending" PlanPhase PhaseType = "plan" ApplyPhase PhaseType = "apply" FinalPhase PhaseType = "final" UnknownPhase PhaseType = "unknown" // List all available run statuses supported in otf. RunApplied RunStatus = "applied" RunApplyQueued RunStatus = "apply_queued" RunApplying RunStatus = "applying" RunCanceled RunStatus = "canceled" RunForceCanceled RunStatus = "force_canceled" RunConfirmed RunStatus = "confirmed" RunDiscarded RunStatus = "discarded" RunErrored RunStatus = "errored" RunPending RunStatus = "pending" RunPlanQueued RunStatus = "plan_queued" RunPlanned RunStatus = "planned" RunPlannedAndFinished RunStatus = "planned_and_finished" RunPlanning RunStatus = "planning" // OTF doesn't support cost estimation but go-tfe API tests expect this // status so it is included expressly to pass the tests. RunCostEstimated RunStatus = "cost_estimated" )
const DefaultSSLCertsDir = "/etc/ssl/certs/ca-certificates.crt"
Variables ¶
var ( // ErrAccessNotPermitted is returned when an authorization check fails. ErrAccessNotPermitted = errors.New("access to the resource is not permitted") ErrUnauthorized = errors.New("unauthorized") // ErrResourceNotFound is returned when a receiving a 404. ErrResourceNotFound = errors.New("resource not found") // ErrResourceAlreadyExists is returned when attempting to create a resource // that already exists. ErrResourceAlreadyExists = errors.New("resource already exists") // ErrRequiredName is returned when a name option is not present. ErrRequiredName = errors.New("name is required") // ErrInvalidName is returned when the name option has invalid value. ErrInvalidName = errors.New("invalid value for name") // ErrEmptyValue is returned when a value is set to an empty string ErrEmptyValue = errors.New("value cannot be empty") // ErrUploadTooLarge is returned when a user attempts to upload data that // is too large. ErrUploadTooLarge = errors.New("upload is too large") )
Generic errors
var ( // ErrInvalidTerraformVersion is returned when a terraform version string is // not a semantic version string (major.minor.patch). ErrInvalidTerraformVersion = errors.New("invalid terraform version") // ErrRequiredOrg is returned when the organization option is not present ErrRequiredOrg = errors.New("organization is required") ErrStatusTimestampNotFound = errors.New("corresponding status timestamp not found") ErrInvalidRepo = errors.New("repository path is invalid") )
Resource Errors
var ( ErrWorkspaceAlreadyLocked = errors.New("workspace already locked") ErrWorkspaceLockedByDifferentUser = errors.New("workspace locked by different user") ErrWorkspaceLockedByRun = errors.New("workspace is locked by Run") ErrWorkspaceAlreadyUnlocked = errors.New("workspace already unlocked") ErrWorkspaceUnlockDenied = errors.New("unauthorized to unlock workspace") ErrWorkspaceInvalidLock = errors.New("invalid workspace lock") ErrUnsupportedTerraformVersion = errors.New("unsupported terraform version") )
Workspace errors
var ( ErrRunDiscardNotAllowed = errors.New("run was not paused for confirmation or priority; discard not allowed") ErrRunCancelNotAllowed = errors.New("run was not planning or applying; cancel not allowed") ErrRunForceCancelNotAllowed = errors.New("run was not planning or applying, has not been canceled non-forcefully, or the cool-off period has not yet passed") // ErrPhaseAlreadyStarted = errors.New("phase already started") )
Run errors
var ( ActiveRun = []RunStatus{ RunApplyQueued, RunApplying, RunConfirmed, RunPlanQueued, RunPlanned, RunPlanning, } IncompleteRun = append(ActiveRun, RunPending) CompletedRun = []RunStatus{ RunApplied, RunErrored, RunDiscarded, RunCanceled, RunForceCanceled, } )
var ( // Build-time parameters set -ldflags Version = "unknown" Commit = "unknown" Built = "unknown" )
var DefaultCacheTTL = 10 * time.Minute
DefaultCacheTTL is the default TTL for cached objects
var ReStringID = regexp.MustCompile(`^[a-zA-Z0-9\-\._]+$`)
ReStringID is a regular expression used to validate common string ID patterns.
Functions ¶
func AddSubjectToContext ¶
AddSubjectToContext adds a subject to a context
func ConvertID ¶
ConvertID converts an ID for use with a different resource, e.g. convert run-123 to plan-123.
func CredentialEnv ¶
CredentialEnv returns a host-specific environment variable credential for terraform.
func CredentialEnvKey ¶
CredentialEnvKey returns the environment variable key for an API token specific to the given hostname.
func CurrentTimestamp ¶
CurrentTimestamp is *the* way to get a current timestamps in otf and time.Now() should be avoided.
We want timestamps to be rounded to nearest millisecond so that they can be persisted/serialised and not lose precision thereby making comparisons and testing easier.
We also want timestamps to be in the UTC time zone. Again it makes testing easier because libs such as testify's assert use DeepEqual rather than time.Equal to compare times (and structs containing times). That means the internal representation is compared, including the time zone which may differ even though two times refer to the same instant.
In any case, the time zone of the server is often not of importance, whereas that of the user often is, and conversion to their time zone is necessary regardless.
func Decrypt ¶
Decrypt encrypted string using secret key. The encrypted string must be base64-url-encoded.
func DiffStrings ¶
DiffStrings returns the elements in `a` that aren't in `b`.
func FromStringCSV ¶ added in v0.1.8
FromStringCSV splits a comma-separated string into a slice of type T
func FromStringSlice ¶ added in v0.1.8
func GenerateRandomString ¶
GenerateRandomString generates a random string composed of alphanumeric characters of length size.
func GenerateToken ¶
func GetID ¶
GetID retrieves the ID field of a struct contained in s. If s is not a struct, or there is no ID field, then false is returned.
func NewAllowAllAuthorizer ¶
func NewAllowAllAuthorizer() *allowAllAuthorizer
func NewHostnameService ¶
func NewHostnameService(hostname string) *hostnameService
func NewID ¶
NewID constructs resource IDs, which are composed of the resource type and a random 16 character string, separated by a hyphen.
func NewStringFromPtr ¶ added in v0.1.9
func NormalizeAddress ¶
NormalizeAddress takes a host:port and converts it into a host:port appropriate for setting as the addressable hostname of otfd, e.g. converting 0.0.0.0 to 127.0.0.1.
func ParseBranchRef ¶
ParseBranchRef parses a git ref expecting it to be a reference to a branch. If it is not then false is returned, otherwise the branch name along with true is returned.
func RemoveBackendBlock ¶
RemoveBackendBlock is an HCL operation that removes terraform remote backend / cloud configuration
func RewriteHCL ¶
RewriteHCL performs HCL surgery on a terraform module.
func SSLCertsDir ¶
func SSLCertsDir() string
SSLCertsDir returns the directory containing CA certificates.
func SafeAppend ¶ added in v0.0.51
SafeAppend appends strings to a slice whilst ensuring the slice is not modified.
func SplitCSV ¶ added in v0.1.8
SplitCSV splits a string with a comma delimited (a "comma-separated-value"). It differs from strings.Split in that if no comma is found an empty slice is returned whereas strings.Split would return a single-element slice containing the original string.
func ToStringSlice ¶ added in v0.1.8
func ValidStringID ¶
ValidStringID checks if the given string pointer is non-nil and contains a typical string identifier.
func VerifySignedURL ¶
func VerifySignedURL(v Verifier) mux.MiddlewareFunc
VerifySignedURL is middleware that verifies signed URLs
Types ¶
type Authorizer ¶
type Authorizer interface {
CanAccess(ctx context.Context, action rbac.Action, id string) (Subject, error)
}
Authorizer is capable of granting or denying access to resources based on the subject contained within the context.
type Chunk ¶
type Chunk struct { ID string `json:"id"` // Uniquely identifies the chunk. RunID string `json:"run_id"` // ID of run that generated the chunk Phase PhaseType `json:"phase"` // Phase that generated the chunk Offset int `json:"offset"` // Position within logs. Data []byte `json:"data"` // The log data }
Chunk is a section of logs for a phase.
func (Chunk) NextOffset ¶
NextOffset returns the offset for the next chunk
type FakeHostnameService ¶
type FakeHostnameService struct { Host string HostnameService }
func (FakeHostnameService) Hostname ¶
func (s FakeHostnameService) Hostname() string
type ForeignKeyError ¶
ForeignKeyError occurs when there is a foreign key violation.
func (*ForeignKeyError) Error ¶
func (e *ForeignKeyError) Error() string
type GetChunkOptions ¶
type Handlers ¶
type Handlers interface { // AddHandlers adds http handlers to the router. AddHandlers(*mux.Router) }
Handlers is an http application with handlers
type HostnameService ¶
HostnameService provides the OTF user-facing hostname.
type InvalidParameterError ¶ added in v0.1.4
type InvalidParameterError string
func (InvalidParameterError) Error ¶ added in v0.1.4
func (e InvalidParameterError) Error() string
type JSONAPIClient ¶
type JSONAPIClient interface { // NewRequest constructs a new json-api request NewRequest(method, path string, params any) (*retryablehttp.Request, error) // Do sends a json-api request and populates v with a json-api response. Do(ctx context.Context, req *retryablehttp.Request, v any) error }
JSONAPIClient is a client capable of interacting with a json-api API
type MissingParameterError ¶
type MissingParameterError struct {
Parameter string
}
MissingParameterError occurs when the caller has failed to provide a required parameter
func (*MissingParameterError) Error ¶
func (e *MissingParameterError) Error() string
type PutChunkOptions ¶
type PutChunkService ¶
type PutChunkService interface {
PutChunk(ctx context.Context, opts PutChunkOptions) error
}
type RunStatus ¶
type RunStatus string
RunStatus represents a run state.
func RunStatusPtr ¶
RunStatusPtr returns a pointer to a run status
type SiteAuthorizer ¶
SiteAuthorizer authorizes access to site-wide actions
type Subject ¶
type Subject interface { CanAccessSite(action rbac.Action) bool CanAccessOrganization(action rbac.Action, name string) bool CanAccessWorkspace(action rbac.Action, policy WorkspacePolicy) bool IsOwner(organization string) bool IsSiteAdmin() bool // Organizations returns subject's organization memberships Organizations() []string String() string }
Subject is an entity that carries out actions on resources.
type Superuser ¶
type Superuser struct {
Username string
}
Superuser is a subject with unlimited privileges.
func (*Superuser) CanAccessOrganization ¶
func (*Superuser) CanAccessWorkspace ¶
func (*Superuser) CanAccessWorkspace(rbac.Action, WorkspacePolicy) bool
func (*Superuser) IsSiteAdmin ¶
func (*Superuser) Organizations ¶
type WorkspacePermission ¶
WorkspacePermission binds a role to a team.
type WorkspacePolicy ¶
type WorkspacePolicy struct { Organization string WorkspaceID string Permissions []WorkspacePermission // Whether workspace permits its state to be consumed by all workspaces in // the organization. GlobalRemoteState bool }
WorkspacePolicy binds workspace permissions to a workspace
Source Files ¶
- authorizer.go
- authorizer_test_helper.go
- authz.go
- cache.go
- chunk.go
- crypto.go
- errors.go
- file.go
- git.go
- hcl_rewriter.go
- hostname.go
- hostname_test_helpers.go
- http.go
- id.go
- internal.go
- jsonapi.go
- pointers.go
- rand.go
- run.go
- signer.go
- site.go
- slices.go
- ssl.go
- strings.go
- strip_ansi.go
- time.go
- unpack.go
- version.go
Directories ¶
Path | Synopsis |
---|---|
Package agent provides a daemon capable of running remote operations on behalf of a user.
|
Package agent provides a daemon capable of running remote operations on behalf of a user. |
Package auth is responsible for authentication
|
Package auth is responsible for authentication |
Package authenticator is responsible for handling the authentication of users with third party identity providers.
|
Package authenticator is responsible for handling the authentication of users with third party identity providers. |
Package cli provides the CLI client, i.e.
|
Package cli provides the CLI client, i.e. |
Package cloud provides types for use with cloud providers.
|
Package cloud provides types for use with cloud providers. |
Package configversion handles terraform configurations.
|
Package configversion handles terraform configurations. |
Package daemon configures and starts the otfd daemon and its subsystems.
|
Package daemon configures and starts the otfd daemon and its subsystems. |
Package disco implements terraform's "remote service discovery protocol":
|
Package disco implements terraform's "remote service discovery protocol": |
Package github provides github related code
|
Package github provides github related code |
Package gitlab provides gitlab related code
|
Package gitlab provides gitlab related code |
Package hooks implements the observer pattern
|
Package hooks implements the observer pattern |
Package http provides an HTTP interface allowing HTTP clients to interact with otf.
|
Package http provides an HTTP interface allowing HTTP clients to interact with otf. |
decode
Package decode contains decoders for various HTTP artefacts
|
Package decode contains decoders for various HTTP artefacts |
html
Package html contains code relating specifically to the web UI.
|
Package html contains code relating specifically to the web UI. |
html/paths
Package paths provides rails-style path helpers for use with the web app.
|
Package paths provides rails-style path helpers for use with the web app. |
Package inmem implements a layer of services in memory using purely Go constructs.
|
Package inmem implements a layer of services in memory using purely Go constructs. |
Package integration provides inter-service integration tests.
|
Package integration provides inter-service integration tests. |
Package json provides helpers for the JSON encoding.
|
Package json provides helpers for the JSON encoding. |
Package loginserver implements a "terraform login protocol" server:
|
Package loginserver implements a "terraform login protocol" server: |
Package logr provides a logger that implements the logr interface
|
Package logr provides a logger that implements the logr interface |
Package logs handles log output from a run
|
Package logs handles log output from a run |
Package module is reponsible for registry modules
|
Package module is reponsible for registry modules |
Package notifications sends notifications for run state transitions and workspace events.
|
Package notifications sends notifications for run state transitions and workspace events. |
Package organization is responsible for OTF organizations
|
Package organization is responsible for OTF organizations |
Package pubsub provides cluster-wide publishing and subscribing of events
|
Package pubsub provides cluster-wide publishing and subscribing of events |
Package rbac is concerned with authorization
|
Package rbac is concerned with authorization |
Package repo handles configuration of VCS repositories.
|
Package repo handles configuration of VCS repositories. |
Package resource contains code common to all resources (orgs, workspaces, runs, etc)
|
Package resource contains code common to all resources (orgs, workspaces, runs, etc) |
Package run is responsible for OTF runs, the primary mechanism for executing terraform
|
Package run is responsible for OTF runs, the primary mechanism for executing terraform |
Package scheduler is responsible for the scheduling of runs
|
Package scheduler is responsible for the scheduling of runs |
Package semver wraps golang.org/x/mod/semver, relaxing the requirement for semantic versions to be prefixed with "v".
|
Package semver wraps golang.org/x/mod/semver, relaxing the requirement for semantic versions to be prefixed with "v". |
Package sql implements persistent storage using the postgres database.
|
Package sql implements persistent storage using the postgres database. |
Package state manages terraform state.
|
Package state manages terraform state. |
Package testbrowser provisions web browsers for tests
|
Package testbrowser provisions web browsers for tests |
Package testcompose provides interaction with a docker compose stack of services for testing purposes.
|
Package testcompose provides interaction with a docker compose stack of services for testing purposes. |
Package testutils provides test helpers.
|
Package testutils provides test helpers. |
Package tfeapi provides common functionality useful for implementation of the Hashicorp TFE/TFC API, which uses the json:api encoding
|
Package tfeapi provides common functionality useful for implementation of the Hashicorp TFE/TFC API, which uses the json:api encoding |
types
Package types provides structs suitable for marshaling to/from json:api
|
Package types provides structs suitable for marshaling to/from json:api |
Package tokens manages token authentication
|
Package tokens manages token authentication |
Package variable manages terraform workspace variables
|
Package variable manages terraform workspace variables |
Package vcsprovider is responsible for VCS providers
|
Package vcsprovider is responsible for VCS providers |
Package workspace provides access to terraform workspaces
|
Package workspace provides access to terraform workspaces |