internal

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 27, 2023 License: MPL-2.0 Imports: 31 Imported by: 0

Documentation

Overview

Package internal is code only for consumption from within the otf project.

Index

Constants

View Source 
const (
	STX = 0x02 // marks the beginning of logs for a phase
	ETX = 0x03 // marks the end of logs for a phase
)
View Source 
const (
	PendingPhase PhaseType = "pending"
	PlanPhase    PhaseType = "plan"
	ApplyPhase   PhaseType = "apply"
	FinalPhase   PhaseType = "final"
	UnknownPhase PhaseType = "unknown"

	// List all available run statuses supported in otf.
	RunApplied            RunStatus = "applied"
	RunApplyQueued        RunStatus = "apply_queued"
	RunApplying           RunStatus = "applying"
	RunCanceled           RunStatus = "canceled"
	RunForceCanceled      RunStatus = "force_canceled"
	RunConfirmed          RunStatus = "confirmed"
	RunDiscarded          RunStatus = "discarded"
	RunErrored            RunStatus = "errored"
	RunPending            RunStatus = "pending"
	RunPlanQueued         RunStatus = "plan_queued"
	RunPlanned            RunStatus = "planned"
	RunPlannedAndFinished RunStatus = "planned_and_finished"
	RunPlanning           RunStatus = "planning"
)
View Source 
const DefaultSSLCertsDir = "/etc/ssl/certs/ca-certificates.crt"

Variables

View Source 
var (
	// ErrAccessNotPermitted is returned when an authorization check fails.
	ErrAccessNotPermitted = errors.New("access to the resource is not permitted")

	// ErrUnauthorized is returned when a receiving a 401.
	ErrUnauthorized = errors.New("unauthorized")

	// ErrResourceNotFound is returned when a receiving a 404.
	ErrResourceNotFound = errors.New("resource not found")

	// ErrResourceAlreadyExists is returned when attempting to create a resource
	// that already exists.
	ErrResourceAlreadyExists = errors.New("resource already exists")

	// ErrRequiredName is returned when a name option is not present.
	ErrRequiredName = errors.New("name is required")

	// ErrInvalidName is returned when the name option has invalid value.
	ErrInvalidName = errors.New("invalid value for name")

	// ErrUploadTooLarge is returned when a user attempts to upload data that
	// is too large.
	ErrUploadTooLarge = errors.New("upload is too large")
)

Generic errors

View Source 
var (
	// ErrInvalidTerraformVersion is returned when a terraform version string is
	// not a semantic version string (major.minor.patch).
	ErrInvalidTerraformVersion = errors.New("invalid terraform version")

	// ErrInvalidWorkspaceID is returned when the workspace ID is invalid.
	ErrInvalidWorkspaceID = errors.New("invalid value for workspace ID")

	// ErrInvalidWorkspaceValue is returned when workspace value is invalid.
	ErrInvalidWorkspaceValue = errors.New("invalid value for workspace")

	// ErrInvalidOrg is returned when the organization option has an invalid value.
	ErrInvalidOrg = errors.New("invalid value for organization")

	// ErrRequiredOrg is returned when the organization option is not present
	ErrRequiredOrg = errors.New("organization is required")

	ErrStatusTimestampNotFound = errors.New("corresponding status timestamp not found")

	ErrInvalidRepo = errors.New("repository path is invalid")
)

Resource Errors

View Source 
var (
	ErrWorkspaceAlreadyLocked         = errors.New("workspace already locked")
	ErrWorkspaceLockedByDifferentUser = errors.New("workspace locked by different user")
	ErrWorkspaceAlreadyUnlocked       = errors.New("workspace already unlocked")
	ErrWorkspaceUnlockDenied          = errors.New("unauthorized to unlock workspace")
	ErrWorkspaceInvalidLock           = errors.New("invalid workspace lock")
	ErrUnsupportedTerraformVersion    = errors.New("unsupported terraform version")
)

Workspace errors

View Source 
var (
	ErrRunDiscardNotAllowed     = errors.New("run was not paused for confirmation or priority; discard not allowed")
	ErrRunCancelNotAllowed      = errors.New("run was not planning or applying; cancel not allowed")
	ErrRunForceCancelNotAllowed = errors.New("run was not planning or applying, has not been canceled non-forcefully, or the cool-off period has not yet passed")
	//
	ErrPhaseAlreadyStarted = errors.New("phase already started")
)

Run errors

View Source 
var (
	ActiveRun = []RunStatus{
		RunApplyQueued,
		RunApplying,
		RunConfirmed,
		RunPlanQueued,
		RunPlanned,
		RunPlanning,
	}
	IncompleteRun = append(ActiveRun, RunPending)
	CompletedRun  = []RunStatus{
		RunApplied,
		RunErrored,
		RunDiscarded,
		RunCanceled,
		RunForceCanceled,
	}
)
View Source 
var (
	// Build-time parameters set -ldflags
	Version = "unknown"
	Commit  = "unknown"
	Built   = "unknown"
)
View Source 
var DefaultCacheTTL = 10 * time.Minute

DefaultCacheTTL is the default TTL for cached objects

View Source 
var ReStringID = regexp.MustCompile(`^[a-zA-Z0-9\-\._]+$`)

ReStringID is a regular expression used to validate common string ID patterns.

Functions

func AddSubjectToContext 

func AddSubjectToContext(ctx context.Context, subj Subject) context.Context

AddSubjectToContext adds a subject to a context

func Bool 

func Bool(b bool) *bool

func ConvertID 

func ConvertID(id, resource string) string

ConvertID converts an ID for use with a different resource, e.g. convert run-123 to plan-123.

func CredentialEnv 

func CredentialEnv(hostname string, token []byte) string

CredentialEnv returns a host-specific environment variable credential for terraform.

func CredentialEnvKey 

func CredentialEnvKey(hostname string) string

CredentialEnvKey returns the environment variable key for an API token specific to the given hostname.

func CurrentTimestamp 

func CurrentTimestamp() time.Time

CurrentTimestamp is *the* way to get a current timestamps in otf and time.Now() should be avoided.

We want timestamps to be rounded to nearest millisecond so that they can be persisted/serialised and not lose precision thereby making comparisons and testing easier.

We also want timestamps to be in the UTC time zone. Again it makes testing easier because libs such as testify's assert use DeepEqual rather than time.Equal to compare times (and structs containing times). That means the internal representation is compared, including the time zone which may differ even though two times refer to the same instant.

In any case, the time zone of the server is often not of importance, whereas that of the user often is, and conversion to their time zone is necessary regardless.

func Decrypt 

func Decrypt(encrypted string, secret []byte) ([]byte, error)

Decrypt encrypted string using secret key. The encrypted string must be base64-url-encoded.

func DiffStrings 

func DiffStrings(a, b []string) []string

DiffStrings returns the elements in `a` that aren't in `b`.

func Encrypt 

func Encrypt(plaintext, secret []byte) (string, error)

Encrypt plaintext using secret key. The returned string is base64-url-encoded.

func Exists 

func Exists(path string) bool

Exists checks whether a file or directory at the given path exists

func GenerateRandomString 

func GenerateRandomString(size int) string

GenerateRandomString generates a random string composed of alphanumeric characters of length size.

func GenerateToken 

func GenerateToken() (string, error)

func GetID 

func GetID(s any) (string, bool)

GetID retrieves the ID field of a struct contained in s. If s is not a struct, or there is no ID field, then false is returned.

func Int 

func Int(i int) *int

func Int64 

func Int64(i int64) *int64

func NewAllowAllAuthorizer 

func NewAllowAllAuthorizer() *allowAllAuthorizer

func NewHostnameService 

func NewHostnameService(hostname string) *hostnameService

func NewID 

func NewID(rtype string) string

NewID constructs resource IDs, which are composed of the resource type and a random 16 character string, separated by a hyphen.

func NewSigner 

func NewSigner(secret []byte) *surl.Signer

NewSigner constructs a signer for signing and verifying URLs

func NormalizeAddress 

func NormalizeAddress(addr *net.TCPAddr) string

NormalizeAddress takes a host:port and converts it into a host:port appropriate for setting as the addressable hostname of otfd, e.g. converting 0.0.0.0 to 127.0.0.1.

func Pack 

func Pack(src string) ([]byte, error)

Pack a directory into tarball (.tar.gz) and return its contents

func ParseBranchRef 

func ParseBranchRef(ref string) (string, bool)

ParseBranchRef parses a git ref expecting it to be a reference to a branch. If it is not then false is returned, otherwise the branch name along with true is returned.

func ParseRef 

func ParseRef(ref string) (string, bool)

ParseRef parses a git ref of the format refs/[tags|heads]/[name],

func RemoveBackendBlock 

func RemoveBackendBlock(f *hclwrite.File) bool

RemoveBackendBlock is an HCL operation that removes terraform remote backend / cloud configuration

func RewriteHCL 

func RewriteHCL(modulePath string, operations ...hclOperation) error

RewriteHCL performs HCL surgery on a terraform module.

func SSLCertsDir 

func SSLCertsDir() string

SSLCertsDir returns the directory containing CA certificates.

func SafeAppend added in v0.0.51 

func SafeAppend(a []string, b ...string) []string

SafeAppend appends strings to a slice whilst ensuring the slice is not modified.

see: https://yourbasic.org/golang/gotcha-append/

func String 

func String(str string) *string

func Time 

func Time(t time.Time) *time.Time

func UInt 

func UInt(i uint) *uint

func UUID 

func UUID(u uuid.UUID) *uuid.UUID

func Unpack 

func Unpack(r io.Reader, dst string) error

Unpack a .tar.gz byte stream to a directory

func ValidStringID 

func ValidStringID(v *string) bool

ValidStringID checks if the given string pointer is non-nil and contains a typical string identifier.

func VerifySignedURL 

func VerifySignedURL(v Verifier) mux.MiddlewareFunc

VerifySignedURL is middleware that verifies signed URLs

Types

type Authorizer 

type Authorizer interface {
	CanAccess(ctx context.Context, action rbac.Action, id string) (Subject, error)
}

Authorizer is capable of granting or denying access to resources based on the subject contained within the context.

type Cache 

type Cache interface {
	Get(string) ([]byte, error)
	Set(string, []byte) error
}

Cache is a key-value cache.

type Chunk 

type Chunk struct {
	ID     string    `json:"id"`     // Uniquely identifies the chunk.
	RunID  string    `json:"run_id"` // ID of run that generated the chunk
	Phase  PhaseType `json:"phase"`  // Phase that generated the chunk
	Offset int       `json:"offset"` // Position within logs.
	Data   []byte    `json:"data"`   // The log data
}

Chunk is a section of logs for a phase.

func (Chunk) Cut 

func (c Chunk) Cut(opts GetChunkOptions) Chunk

Cut returns a new, smaller chunk.

func (Chunk) IsEnd 

func (c Chunk) IsEnd() bool

func (Chunk) IsStart 

func (c Chunk) IsStart() bool

func (Chunk) NextOffset 

func (c Chunk) NextOffset() int

NextOffset returns the offset for the next chunk

func (Chunk) ToHTML 

func (c Chunk) ToHTML() template.HTML

type FakeHostnameService 

type FakeHostnameService struct {
	Host string

	HostnameService
}

func (FakeHostnameService) Hostname 

func (s FakeHostnameService) Hostname() string

type ForeignKeyError 

type ForeignKeyError struct {
	*pgconn.PgError
}

ForeignKeyError occurs when there is a foreign key violation.

func (*ForeignKeyError) Error 

func (e *ForeignKeyError) Error() string

type GetChunkOptions 

type GetChunkOptions struct {
	RunID  string    `schema:"run_id"`
	Phase  PhaseType `schema:"phase"`
	Limit  int       `schema:"limit"`  // size of the chunk to retrieve
	Offset int       `schema:"offset"` // position in overall data to seek from.
}

type HTTPError 

type HTTPError struct {
	Code    int
	Message string
}

func (*HTTPError) Error 

func (e *HTTPError) Error() string

type Handlers 

type Handlers interface {
	// AddHandlers adds http handlers to the router.
	AddHandlers(*mux.Router)
}

Handlers is an http application with handlers

type HostnameService 

type HostnameService interface {
	Hostname() string
	SetHostname(string)
}

HostnameService provides the OTF user-facing hostname.

type JSONAPIClient 

type JSONAPIClient interface {
	// NewRequest constructs a new json-api request
	NewRequest(method, path string, params any) (*retryablehttp.Request, error)
	// Do sends a json-api request and populates v with a json-api response.
	Do(ctx context.Context, req *retryablehttp.Request, v any) error
}

JSONAPIClient is a client capable of interacting with a json-api API

type MissingParameterError 

type MissingParameterError struct {
	Parameter string
}

MissingParameterError occurs when the caller has failed to provide a required parameter

func (*MissingParameterError) Error 

func (e *MissingParameterError) Error() string

type PhaseType 

type PhaseType string

type PutChunkOptions 

type PutChunkOptions struct {
	RunID  string    `schema:"run_id,required"`
	Phase  PhaseType `schema:"phase,required"`
	Offset int       `schema:"offset,required"`
	Data   []byte
}

type PutChunkService 

type PutChunkService interface {
	PutChunk(ctx context.Context, opts PutChunkOptions) error
}

type RunStatus 

type RunStatus string

RunStatus represents a run state.

func RunStatusPtr 

func RunStatusPtr(s RunStatus) *RunStatus

RunStatusPtr returns a pointer to a run status

func (RunStatus) String 

func (r RunStatus) String() string

type Signer 

type Signer interface {
	Sign(string, time.Duration) (string, error)
}

Signer cryptographically signs URLs with a limited lifespan.

type SiteAuthorizer 

type SiteAuthorizer struct {
	logr.Logger
}

SiteAuthorizer authorizes access to site-wide actions

func (*SiteAuthorizer) CanAccess 

func (a *SiteAuthorizer) CanAccess(ctx context.Context, action rbac.Action, _ string) (Subject, error)

type Subject 

type Subject interface {
	CanAccessSite(action rbac.Action) bool
	CanAccessOrganization(action rbac.Action, name string) bool
	CanAccessWorkspace(action rbac.Action, policy WorkspacePolicy) bool

	IsOwner(organization string) bool
	IsSiteAdmin() bool

	// Organizations returns subject's organization memberships
	Organizations() []string

	String() string
}

Subject is an entity that carries out actions on resources.

func SubjectFromContext 

func SubjectFromContext(ctx context.Context) (Subject, error)

SubjectFromContext retrieves a subject from a context

type Superuser 

type Superuser struct {
	Username string
}

Superuser is a subject with unlimited privileges.

func (*Superuser) CanAccessOrganization 

func (*Superuser) CanAccessOrganization(rbac.Action, string) bool

func (*Superuser) CanAccessSite 

func (*Superuser) CanAccessSite(action rbac.Action) bool

func (*Superuser) CanAccessWorkspace 

func (*Superuser) CanAccessWorkspace(rbac.Action, WorkspacePolicy) bool

func (*Superuser) ID 

func (s *Superuser) ID() string

func (*Superuser) IsOwner 

func (s *Superuser) IsOwner(string) bool

func (*Superuser) IsSiteAdmin 

func (s *Superuser) IsSiteAdmin() bool

func (*Superuser) Organizations 

func (s *Superuser) Organizations() []string

func (*Superuser) String 

func (s *Superuser) String() string

type Verifier 

type Verifier interface {
	Verify(string) error
}

Verifier verifies signed URLs

type WorkspacePermission 

type WorkspacePermission struct {
	Team   string // team name
	TeamID string
	Role   rbac.Role
}

WorkspacePermission binds a role to a team.

type WorkspacePolicy 

type WorkspacePolicy struct {
	Organization string
	WorkspaceID  string
	Permissions  []WorkspacePermission
}

WorkspacePolicy binds workspace permissions to a workspace

Source Files

View all Source files

Directories

Path Synopsis
Package agent provides a daemon capable of running remote operations on behalf of a user.
 Package agent provides a daemon capable of running remote operations on behalf of a user.
api
Package api provides http handlers for the API.
 Package api provides http handlers for the API.
types
Package types provides structs suitable for marshaling to/from json:api
 Package types provides structs suitable for marshaling to/from json:api
Package auth is responsible for authentication
 Package auth is responsible for authentication
Package authenticator is responsible for handling the authentication of users with third party identity providers.
 Package authenticator is responsible for handling the authentication of users with third party identity providers.
Package cli provides the CLI client, i.e.
 Package cli provides the CLI client, i.e.
Package client provides an abstraction for interacting with otf services either remotely or locally.
 Package client provides an abstraction for interacting with otf services either remotely or locally.
Package cloud provides types for use with cloud providers.
 Package cloud provides types for use with cloud providers.
Package configversion handles terraform configurations.
 Package configversion handles terraform configurations.
Package daemon configures and starts the otfd daemon and its subsystems.
 Package daemon configures and starts the otfd daemon and its subsystems.
Package disco implements terraform's "remote service discovery protocol":
 Package disco implements terraform's "remote service discovery protocol":
Package github provides github related code
 Package github provides github related code
Package gitlab provides gitlab related code
 Package gitlab provides gitlab related code
Package hooks implements the observer pattern
 Package hooks implements the observer pattern
Package http provides an HTTP interface allowing HTTP clients to interact with otf.
 Package http provides an HTTP interface allowing HTTP clients to interact with otf.
decode
Package decode contains decoders for various HTTP artefacts
 Package decode contains decoders for various HTTP artefacts
html
Package html contains code relating specifically to the web UI.
 Package html contains code relating specifically to the web UI.
html/paths
Package paths provides rails-style path helpers for use with the web app.
 Package paths provides rails-style path helpers for use with the web app.
Package inmem implements a layer of services in memory using purely Go constructs.
 Package inmem implements a layer of services in memory using purely Go constructs.
Package integration provides inter-service integration tests.
 Package integration provides inter-service integration tests.
Package json provides helpers for the JSON encoding.
 Package json provides helpers for the JSON encoding.
Package loginserver implements a "terraform login protocol" server:
 Package loginserver implements a "terraform login protocol" server:
Package logr provides a logger that implements the logr interface
 Package logr provides a logger that implements the logr interface
Package logs handles log output from a run
 Package logs handles log output from a run
Package module is reponsible for registry modules
 Package module is reponsible for registry modules
Package notifications sends notifications for run state transitions and workspace events.
 Package notifications sends notifications for run state transitions and workspace events.
Package organization is responsible for OTF organizations
 Package organization is responsible for OTF organizations
Package pubsub provides cluster-wide publishing and subscribing of events
 Package pubsub provides cluster-wide publishing and subscribing of events
Package rbac is concerned with authorization
 Package rbac is concerned with authorization
Package repo handles configuration of VCS repositories.
 Package repo handles configuration of VCS repositories.
Package resource contains code common to all resources (orgs, workspaces, runs, etc)
 Package resource contains code common to all resources (orgs, workspaces, runs, etc)
Package run is responsible for OTF runs, the primary mechanism for executing terraform
 Package run is responsible for OTF runs, the primary mechanism for executing terraform
Package scheduler is responsible for the scheduling of runs
 Package scheduler is responsible for the scheduling of runs
Package semver wraps golang.org/x/mod/semver, relaxing the requirement for semantic versions to be prefixed with "v".
 Package semver wraps golang.org/x/mod/semver, relaxing the requirement for semantic versions to be prefixed with "v".
sql
Package sql implements persistent storage using the postgres database.
 Package sql implements persistent storage using the postgres database.
pggen
Package state manages terraform state.
 Package state manages terraform state.
Package testbrowser provisions web browsers for tests
 Package testbrowser provisions web browsers for tests
Package testcompose provides interaction with a docker compose stack of services for testing purposes.
 Package testcompose provides interaction with a docker compose stack of services for testing purposes.
Package testutils provides test helpers.
 Package testutils provides test helpers.
Package tokens manages token authentication
 Package tokens manages token authentication
Package variable manages terraform workspace variables
 Package variable manages terraform workspace variables
Package vcsprovider is responsible for VCS providers
 Package vcsprovider is responsible for VCS providers
Package workspace provides access to terraform workspaces
 Package workspace provides access to terraform workspaces

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.