internal

package
v0.1.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 13, 2023 License: MPL-2.0 Imports: 31 Imported by: 0

Documentation

Overview

Package internal is code only for consumption from within the otf project.

Index

Constants

View Source
const (
	STX = 0x02 // marks the beginning of logs for a phase
	ETX = 0x03 // marks the end of logs for a phase
)
View Source
const (
	PendingPhase PhaseType = "pending"
	PlanPhase    PhaseType = "plan"
	ApplyPhase   PhaseType = "apply"
	FinalPhase   PhaseType = "final"
	UnknownPhase PhaseType = "unknown"

	// List all available run statuses supported in otf.
	RunApplied            RunStatus = "applied"
	RunApplyQueued        RunStatus = "apply_queued"
	RunApplying           RunStatus = "applying"
	RunCanceled           RunStatus = "canceled"
	RunForceCanceled      RunStatus = "force_canceled"
	RunConfirmed          RunStatus = "confirmed"
	RunDiscarded          RunStatus = "discarded"
	RunErrored            RunStatus = "errored"
	RunPending            RunStatus = "pending"
	RunPlanQueued         RunStatus = "plan_queued"
	RunPlanned            RunStatus = "planned"
	RunPlannedAndFinished RunStatus = "planned_and_finished"
	RunPlanning           RunStatus = "planning"

	// OTF doesn't support cost estimation but go-tfe API tests expect this
	// status so it is included expressly to pass the tests.
	RunCostEstimated RunStatus = "cost_estimated"
)
View Source
const DefaultSSLCertsDir = "/etc/ssl/certs/ca-certificates.crt"

Variables

View Source
var (
	// ErrAccessNotPermitted is returned when an authorization check fails.
	ErrAccessNotPermitted = errors.New("access to the resource is not permitted")

	// ErrUnauthorized is returned when a receiving a 401.
	ErrUnauthorized = errors.New("unauthorized")

	// ErrResourceNotFound is returned when a receiving a 404.
	ErrResourceNotFound = errors.New("resource not found")

	// ErrResourceAlreadyExists is returned when attempting to create a resource
	// that already exists.
	ErrResourceAlreadyExists = errors.New("resource already exists")

	// ErrRequiredName is returned when a name option is not present.
	ErrRequiredName = errors.New("name is required")

	// ErrInvalidName is returned when the name option has invalid value.
	ErrInvalidName = errors.New("invalid value for name")

	// ErrUploadTooLarge is returned when a user attempts to upload data that
	// is too large.
	ErrUploadTooLarge = errors.New("upload is too large")
)

Generic errors

View Source
var (
	// ErrInvalidTerraformVersion is returned when a terraform version string is
	// not a semantic version string (major.minor.patch).
	ErrInvalidTerraformVersion = errors.New("invalid terraform version")

	// ErrRequiredOrg is returned when the organization option is not present
	ErrRequiredOrg = errors.New("organization is required")

	ErrStatusTimestampNotFound = errors.New("corresponding status timestamp not found")

	ErrInvalidRepo = errors.New("repository path is invalid")
)

Resource Errors

View Source
var (
	ErrWorkspaceAlreadyLocked         = errors.New("workspace already locked")
	ErrWorkspaceLockedByDifferentUser = errors.New("workspace locked by different user")
	ErrWorkspaceLockedByRun           = errors.New("workspace is locked by Run")
	ErrWorkspaceAlreadyUnlocked       = errors.New("workspace already unlocked")
	ErrWorkspaceUnlockDenied          = errors.New("unauthorized to unlock workspace")
	ErrWorkspaceInvalidLock           = errors.New("invalid workspace lock")
	ErrUnsupportedTerraformVersion    = errors.New("unsupported terraform version")
)

Workspace errors

View Source
var (
	ErrRunDiscardNotAllowed     = errors.New("run was not paused for confirmation or priority; discard not allowed")
	ErrRunCancelNotAllowed      = errors.New("run was not planning or applying; cancel not allowed")
	ErrRunForceCancelNotAllowed = errors.New("run was not planning or applying, has not been canceled non-forcefully, or the cool-off period has not yet passed")
	//
	ErrPhaseAlreadyStarted = errors.New("phase already started")
)

Run errors

View Source
var (
	// Build-time parameters set -ldflags
	Version = "unknown"
	Commit  = "unknown"
	Built   = "unknown"
)
View Source
var DefaultCacheTTL = 10 * time.Minute

DefaultCacheTTL is the default TTL for cached objects

View Source
var ReStringID = regexp.MustCompile(`^[a-zA-Z0-9\-\._]+$`)

ReStringID is a regular expression used to validate common string ID patterns.

Functions

func AddSubjectToContext

func AddSubjectToContext(ctx context.Context, subj Subject) context.Context

AddSubjectToContext adds a subject to a context

func Bool

func Bool(b bool) *bool

func ConvertID

func ConvertID(id, resource string) string

ConvertID converts an ID for use with a different resource, e.g. convert run-123 to plan-123.

func CredentialEnv

func CredentialEnv(hostname string, token []byte) string

CredentialEnv returns a host-specific environment variable credential for terraform.

func CredentialEnvKey

func CredentialEnvKey(hostname string) string

CredentialEnvKey returns the environment variable key for an API token specific to the given hostname.

func CurrentTimestamp

func CurrentTimestamp() time.Time

CurrentTimestamp is *the* way to get a current timestamps in otf and time.Now() should be avoided.

We want timestamps to be rounded to nearest millisecond so that they can be persisted/serialised and not lose precision thereby making comparisons and testing easier.

We also want timestamps to be in the UTC time zone. Again it makes testing easier because libs such as testify's assert use DeepEqual rather than time.Equal to compare times (and structs containing times). That means the internal representation is compared, including the time zone which may differ even though two times refer to the same instant.

In any case, the time zone of the server is often not of importance, whereas that of the user often is, and conversion to their time zone is necessary regardless.

func Decrypt

func Decrypt(encrypted string, secret []byte) ([]byte, error)

Decrypt encrypted string using secret key. The encrypted string must be base64-url-encoded.

func DiffStrings

func DiffStrings(a, b []string) []string

DiffStrings returns the elements in `a` that aren't in `b`.

func Encrypt

func Encrypt(plaintext, secret []byte) (string, error)

Encrypt plaintext using secret key. The returned string is base64-url-encoded.

func Exists

func Exists(path string) bool

Exists checks whether a file or directory at the given path exists

func FromStringCSV added in v0.1.8

func FromStringCSV[T ~string](csv string) (to []T)

FromStringCSV splits a comma-separated string into a slice of type T

func FromStringSlice added in v0.1.8

func FromStringSlice[T ~string](from []string) (to []T)

func GenerateRandomString

func GenerateRandomString(size int) string

GenerateRandomString generates a random string composed of alphanumeric characters of length size.

func GenerateToken

func GenerateToken() (string, error)

func GetID

func GetID(s any) (string, bool)

GetID retrieves the ID field of a struct contained in s. If s is not a struct, or there is no ID field, then false is returned.

func Int

func Int(i int) *int

func Int64

func Int64(i int64) *int64

func NewAllowAllAuthorizer

func NewAllowAllAuthorizer() *allowAllAuthorizer

func NewHostnameService

func NewHostnameService(hostname string) *hostnameService

func NewID

func NewID(rtype string) string

NewID constructs resource IDs, which are composed of the resource type and a random 16 character string, separated by a hyphen.

func NewSigner

func NewSigner(secret []byte) *surl.Signer

NewSigner constructs a signer for signing and verifying URLs

func NormalizeAddress

func NormalizeAddress(addr *net.TCPAddr) string

NormalizeAddress takes a host:port and converts it into a host:port appropriate for setting as the addressable hostname of otfd, e.g. converting 0.0.0.0 to 127.0.0.1.

func Pack

func Pack(src string) ([]byte, error)

Pack a directory into tarball (.tar.gz) and return its contents

func ParseBranchRef

func ParseBranchRef(ref string) (string, bool)

ParseBranchRef parses a git ref expecting it to be a reference to a branch. If it is not then false is returned, otherwise the branch name along with true is returned.

func ParseRef

func ParseRef(ref string) (string, bool)

ParseRef parses a git ref of the format refs/[tags|heads]/[name],

func RemoveBackendBlock

func RemoveBackendBlock(f *hclwrite.File) bool

RemoveBackendBlock is an HCL operation that removes terraform remote backend / cloud configuration

func RewriteHCL

func RewriteHCL(modulePath string, operations ...hclOperation) error

RewriteHCL performs HCL surgery on a terraform module.

func SSLCertsDir

func SSLCertsDir() string

SSLCertsDir returns the directory containing CA certificates.

func SafeAppend added in v0.0.51

func SafeAppend(a []string, b ...string) []string

SafeAppend appends strings to a slice whilst ensuring the slice is not modified.

see: https://yourbasic.org/golang/gotcha-append/

func SplitCSV added in v0.1.8

func SplitCSV(csv string) []string

SplitCSV splits a string with a comma delimited (a "comma-separated-value"). It differs from strings.Split in that if no comma is found an empty slice is returned whereas strings.Split would return a single-element slice containing the original string.

func String

func String(str string) *string

func StripAnsi added in v0.1.8

func StripAnsi(str string) string

func Time

func Time(t time.Time) *time.Time

func ToStringSlice added in v0.1.8

func ToStringSlice[T ~string](from []T) (to []string)

func UInt

func UInt(i uint) *uint

func UUID

func UUID(u uuid.UUID) *uuid.UUID

func Unpack

func Unpack(r io.Reader, dst string) error

Unpack a .tar.gz byte stream to a directory

func ValidStringID

func ValidStringID(v *string) bool

ValidStringID checks if the given string pointer is non-nil and contains a typical string identifier.

func VerifySignedURL

func VerifySignedURL(v Verifier) mux.MiddlewareFunc

VerifySignedURL is middleware that verifies signed URLs

Types

type Authorizer

type Authorizer interface {
	CanAccess(ctx context.Context, action rbac.Action, id string) (Subject, error)
}

Authorizer is capable of granting or denying access to resources based on the subject contained within the context.

type Cache

type Cache interface {
	Get(string) ([]byte, error)
	Set(string, []byte) error
}

Cache is a key-value cache.

type Chunk

type Chunk struct {
	ID     string    `json:"id"`     // Uniquely identifies the chunk.
	RunID  string    `json:"run_id"` // ID of run that generated the chunk
	Phase  PhaseType `json:"phase"`  // Phase that generated the chunk
	Offset int       `json:"offset"` // Position within logs.
	Data   []byte    `json:"data"`   // The log data
}

Chunk is a section of logs for a phase.

func (Chunk) Cut

func (c Chunk) Cut(opts GetChunkOptions) Chunk

Cut returns a new, smaller chunk.

func (Chunk) IsEnd

func (c Chunk) IsEnd() bool

func (Chunk) IsStart

func (c Chunk) IsStart() bool

func (Chunk) NextOffset

func (c Chunk) NextOffset() int

NextOffset returns the offset for the next chunk

func (Chunk) ToHTML

func (c Chunk) ToHTML() template.HTML

type FakeHostnameService

type FakeHostnameService struct {
	Host string

	HostnameService
}

func (FakeHostnameService) Hostname

func (s FakeHostnameService) Hostname() string

type ForeignKeyError

type ForeignKeyError struct {
	*pgconn.PgError
}

ForeignKeyError occurs when there is a foreign key violation.

func (*ForeignKeyError) Error

func (e *ForeignKeyError) Error() string

type GetChunkOptions

type GetChunkOptions struct {
	RunID  string    `schema:"run_id"`
	Phase  PhaseType `schema:"phase"`
	Limit  int       `schema:"limit"`  // size of the chunk to retrieve
	Offset int       `schema:"offset"` // position in overall data to seek from.
}

type HTTPError

type HTTPError struct {
	Code    int
	Message string
}

func (*HTTPError) Error

func (e *HTTPError) Error() string

type Handlers

type Handlers interface {
	// AddHandlers adds http handlers to the router.
	AddHandlers(*mux.Router)
}

Handlers is an http application with handlers

type HostnameService

type HostnameService interface {
	Hostname() string
	SetHostname(string)
}

HostnameService provides the OTF user-facing hostname.

type InvalidParameterError added in v0.1.4

type InvalidParameterError string

func (InvalidParameterError) Error added in v0.1.4

func (e InvalidParameterError) Error() string

type JSONAPIClient

type JSONAPIClient interface {
	// NewRequest constructs a new json-api request
	NewRequest(method, path string, params any) (*retryablehttp.Request, error)
	// Do sends a json-api request and populates v with a json-api response.
	Do(ctx context.Context, req *retryablehttp.Request, v any) error
}

JSONAPIClient is a client capable of interacting with a json-api API

type MissingParameterError

type MissingParameterError struct {
	Parameter string
}

MissingParameterError occurs when the caller has failed to provide a required parameter

func (*MissingParameterError) Error

func (e *MissingParameterError) Error() string

type PhaseType

type PhaseType string

type PutChunkOptions

type PutChunkOptions struct {
	RunID  string    `schema:"run_id,required"`
	Phase  PhaseType `schema:"phase,required"`
	Offset int       `schema:"offset,required"`
	Data   []byte
}

type PutChunkService

type PutChunkService interface {
	PutChunk(ctx context.Context, opts PutChunkOptions) error
}

type RunStatus

type RunStatus string

RunStatus represents a run state.

func RunStatusPtr

func RunStatusPtr(s RunStatus) *RunStatus

RunStatusPtr returns a pointer to a run status

func (RunStatus) String

func (r RunStatus) String() string

type Signer

type Signer interface {
	Sign(string, time.Duration) (string, error)
}

Signer cryptographically signs URLs with a limited lifespan.

type SiteAuthorizer

type SiteAuthorizer struct {
	logr.Logger
}

SiteAuthorizer authorizes access to site-wide actions

func (*SiteAuthorizer) CanAccess

func (a *SiteAuthorizer) CanAccess(ctx context.Context, action rbac.Action, _ string) (Subject, error)

type Subject

type Subject interface {
	CanAccessSite(action rbac.Action) bool
	CanAccessOrganization(action rbac.Action, name string) bool
	CanAccessWorkspace(action rbac.Action, policy WorkspacePolicy) bool

	IsOwner(organization string) bool
	IsSiteAdmin() bool

	// Organizations returns subject's organization memberships
	Organizations() []string

	String() string
}

Subject is an entity that carries out actions on resources.

func SubjectFromContext

func SubjectFromContext(ctx context.Context) (Subject, error)

SubjectFromContext retrieves a subject from a context

type Superuser

type Superuser struct {
	Username string
}

Superuser is a subject with unlimited privileges.

func (*Superuser) CanAccessOrganization

func (*Superuser) CanAccessOrganization(rbac.Action, string) bool

func (*Superuser) CanAccessSite

func (*Superuser) CanAccessSite(action rbac.Action) bool

func (*Superuser) CanAccessWorkspace

func (*Superuser) CanAccessWorkspace(rbac.Action, WorkspacePolicy) bool

func (*Superuser) ID

func (s *Superuser) ID() string

func (*Superuser) IsOwner

func (s *Superuser) IsOwner(string) bool

func (*Superuser) IsSiteAdmin

func (s *Superuser) IsSiteAdmin() bool

func (*Superuser) Organizations

func (s *Superuser) Organizations() []string

func (*Superuser) String

func (s *Superuser) String() string

type Verifier

type Verifier interface {
	Verify(string) error
}

Verifier verifies signed URLs

type WorkspacePermission

type WorkspacePermission struct {
	Team   string // team name
	TeamID string
	Role   rbac.Role
}

WorkspacePermission binds a role to a team.

type WorkspacePolicy

type WorkspacePolicy struct {
	Organization string
	WorkspaceID  string
	Permissions  []WorkspacePermission

	// Whether workspace permits its state to be consumed by all workspaces in
	// the organization.
	GlobalRemoteState bool
}

WorkspacePolicy binds workspace permissions to a workspace

Directories

Path Synopsis
Package agent provides a daemon capable of running remote operations on behalf of a user.
Package agent provides a daemon capable of running remote operations on behalf of a user.
api
Package api provides http handlers for the API.
Package api provides http handlers for the API.
types
Package types provides structs suitable for marshaling to/from json:api
Package types provides structs suitable for marshaling to/from json:api
Package auth is responsible for authentication
Package auth is responsible for authentication
Package authenticator is responsible for handling the authentication of users with third party identity providers.
Package authenticator is responsible for handling the authentication of users with third party identity providers.
Package cli provides the CLI client, i.e.
Package cli provides the CLI client, i.e.
Package client provides an abstraction for interacting with otf services either remotely or locally.
Package client provides an abstraction for interacting with otf services either remotely or locally.
Package cloud provides types for use with cloud providers.
Package cloud provides types for use with cloud providers.
Package configversion handles terraform configurations.
Package configversion handles terraform configurations.
Package daemon configures and starts the otfd daemon and its subsystems.
Package daemon configures and starts the otfd daemon and its subsystems.
Package disco implements terraform's "remote service discovery protocol":
Package disco implements terraform's "remote service discovery protocol":
Package github provides github related code
Package github provides github related code
Package gitlab provides gitlab related code
Package gitlab provides gitlab related code
Package hooks implements the observer pattern
Package hooks implements the observer pattern
Package http provides an HTTP interface allowing HTTP clients to interact with otf.
Package http provides an HTTP interface allowing HTTP clients to interact with otf.
decode
Package decode contains decoders for various HTTP artefacts
Package decode contains decoders for various HTTP artefacts
html
Package html contains code relating specifically to the web UI.
Package html contains code relating specifically to the web UI.
html/paths
Package paths provides rails-style path helpers for use with the web app.
Package paths provides rails-style path helpers for use with the web app.
Package inmem implements a layer of services in memory using purely Go constructs.
Package inmem implements a layer of services in memory using purely Go constructs.
Package integration provides inter-service integration tests.
Package integration provides inter-service integration tests.
Package json provides helpers for the JSON encoding.
Package json provides helpers for the JSON encoding.
Package loginserver implements a "terraform login protocol" server:
Package loginserver implements a "terraform login protocol" server:
Package logr provides a logger that implements the logr interface
Package logr provides a logger that implements the logr interface
Package logs handles log output from a run
Package logs handles log output from a run
Package module is reponsible for registry modules
Package module is reponsible for registry modules
Package notifications sends notifications for run state transitions and workspace events.
Package notifications sends notifications for run state transitions and workspace events.
Package organization is responsible for OTF organizations
Package organization is responsible for OTF organizations
Package pubsub provides cluster-wide publishing and subscribing of events
Package pubsub provides cluster-wide publishing and subscribing of events
Package rbac is concerned with authorization
Package rbac is concerned with authorization
Package repo handles configuration of VCS repositories.
Package repo handles configuration of VCS repositories.
Package resource contains code common to all resources (orgs, workspaces, runs, etc)
Package resource contains code common to all resources (orgs, workspaces, runs, etc)
Package run is responsible for OTF runs, the primary mechanism for executing terraform
Package run is responsible for OTF runs, the primary mechanism for executing terraform
Package scheduler is responsible for the scheduling of runs
Package scheduler is responsible for the scheduling of runs
Package semver wraps golang.org/x/mod/semver, relaxing the requirement for semantic versions to be prefixed with "v".
Package semver wraps golang.org/x/mod/semver, relaxing the requirement for semantic versions to be prefixed with "v".
sql
Package sql implements persistent storage using the postgres database.
Package sql implements persistent storage using the postgres database.
Package state manages terraform state.
Package state manages terraform state.
Package testbrowser provisions web browsers for tests
Package testbrowser provisions web browsers for tests
Package testcompose provides interaction with a docker compose stack of services for testing purposes.
Package testcompose provides interaction with a docker compose stack of services for testing purposes.
Package testutils provides test helpers.
Package testutils provides test helpers.
Package tokens manages token authentication
Package tokens manages token authentication
Package variable manages terraform workspace variables
Package variable manages terraform workspace variables
Package vcsprovider is responsible for VCS providers
Package vcsprovider is responsible for VCS providers
Package workspace provides access to terraform workspaces
Package workspace provides access to terraform workspaces

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL