1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: Apache-2.0
29 "git.arvados.org/arvados.git/sdk/go/httpserver"
30 "github.com/hashicorp/go-retryablehttp"
33 // A Client is an HTTP client with an API endpoint and a set of
34 // Arvados credentials.
36 // It offers methods for accessing individual Arvados APIs, and
37 // methods that implement common patterns like fetching multiple pages
38 // of results using List APIs.
40 // HTTP client used to make requests. If nil,
41 // DefaultSecureClient or InsecureHTTPClient will be used.
42 Client *http.Client `json:"-"`
44 // Protocol scheme: "http", "https", or "" (https)
47 // Hostname (or host:port) of Arvados API server.
50 // User authentication token.
53 // Accept unverified certificates. This works only if the
54 // Client field is nil: otherwise, it has no effect.
57 // Override keep service discovery with a list of base
58 // URIs. (Currently there are no Client methods for
59 // discovering keep services so this is just a convenience for
60 // callers who use a Client to initialize an
61 // arvadosclient.ArvadosClient.)
62 KeepServiceURIs []string `json:",omitempty"`
64 // HTTP headers to add/override in outgoing requests.
65 SendHeader http.Header
67 // Timeout for requests. NewClientFromConfig and
68 // NewClientFromEnv return a Client with a default 5 minute
69 // timeout. Within this time, retryable errors are
70 // automatically retried with exponential backoff.
72 // To disable automatic retries, set Timeout to zero and use a
73 // context deadline to establish a maximum request time.
78 defaultRequestID string
80 // APIHost and AuthToken were loaded from ARVADOS_* env vars
81 // (used to customize "no host/token" error messages)
84 // Track/limit concurrent outgoing API calls. Note this
85 // differs from an outgoing connection limit (a feature
86 // provided by http.Transport) when concurrent calls are
87 // multiplexed on a single http2 connection.
88 requestLimiter requestLimiter
93 // InsecureHTTPClient is the default http.Client used by a Client with
94 // Insecure==true and Client==nil.
95 var InsecureHTTPClient = &http.Client{
96 Transport: &http.Transport{
97 TLSClientConfig: &tls.Config{
98 InsecureSkipVerify: true}}}
100 // DefaultSecureClient is the default http.Client used by a Client otherwise.
101 var DefaultSecureClient = &http.Client{}
103 // NewClientFromConfig creates a new Client that uses the endpoints in
104 // the given cluster.
106 // AuthToken is left empty for the caller to populate.
107 func NewClientFromConfig(cluster *Cluster) (*Client, error) {
108 ctrlURL := cluster.Services.Controller.ExternalURL
109 if ctrlURL.Host == "" {
110 return nil, fmt.Errorf("no host in config Services.Controller.ExternalURL: %v", ctrlURL)
113 if srvaddr := os.Getenv("ARVADOS_SERVER_ADDRESS"); srvaddr != "" {
114 // When this client is used to make a request to
115 // https://{ctrlhost}:port/ (any port), it dials the
116 // indicated port on ARVADOS_SERVER_ADDRESS instead.
118 // This is invoked by arvados-server boot to ensure
119 // that server->server traffic (e.g.,
120 // keepproxy->controller) only hits local interfaces,
121 // even if the Controller.ExternalURL host is a load
122 // balancer / gateway and not a local interface
123 // address (e.g., when running on a cloud VM).
125 // This avoids unnecessary delay/cost of routing
126 // external traffic, and also allows controller to
127 // recognize other services as internal clients based
128 // on the connection source address.
129 divertedHost := (*url.URL)(&cluster.Services.Controller.ExternalURL).Hostname()
130 var dialer net.Dialer
132 Transport: &http.Transport{
133 TLSClientConfig: &tls.Config{InsecureSkipVerify: cluster.TLS.Insecure},
134 DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
135 host, port, err := net.SplitHostPort(addr)
136 if err == nil && network == "tcp" && host == divertedHost {
137 addr = net.JoinHostPort(srvaddr, port)
139 return dialer.DialContext(ctx, network, addr)
146 Scheme: ctrlURL.Scheme,
147 APIHost: ctrlURL.Host,
148 Insecure: cluster.TLS.Insecure,
149 Timeout: 5 * time.Minute,
153 // NewClientFromEnv creates a new Client that uses the default HTTP
154 // client, and loads API endpoint and credentials from ARVADOS_*
155 // environment variables (if set) and
156 // $HOME/.config/arvados/settings.conf (if readable).
158 // If a config exists in both locations, the environment variable is
161 // If there is an error (other than ENOENT) reading settings.conf,
162 // NewClientFromEnv logs the error to log.Default(), then proceeds as
163 // if settings.conf did not exist.
165 // Space characters are trimmed when reading the settings file, so
166 // these are equivalent:
168 // ARVADOS_API_HOST=localhost\n
169 // ARVADOS_API_HOST=localhost\r\n
170 // ARVADOS_API_HOST = localhost \n
171 // \tARVADOS_API_HOST = localhost\n
172 func NewClientFromEnv() *Client {
173 vars := map[string]string{}
174 home := os.Getenv("HOME")
175 conffile := home + "/.config/arvados/settings.conf"
177 // no $HOME => just use env vars
178 } else if settings, err := os.ReadFile(conffile); errors.Is(err, fs.ErrNotExist) {
179 // no config file => just use env vars
180 } else if err != nil {
181 // config file unreadable => log message, then use env vars
182 log.Printf("continuing without loading %s: %s", conffile, err)
184 for _, line := range bytes.Split(settings, []byte{'\n'}) {
185 kv := bytes.SplitN(line, []byte{'='}, 2)
186 k := string(bytes.TrimSpace(kv[0]))
187 if len(kv) != 2 || !strings.HasPrefix(k, "ARVADOS_") {
188 // Same behavior as python sdk:
189 // silently skip leading # (comments),
190 // blank lines, typos, and non-Arvados
194 vars[k] = string(bytes.TrimSpace(kv[1]))
197 for _, env := range os.Environ() {
198 if !strings.HasPrefix(env, "ARVADOS_") {
201 kv := strings.SplitN(env, "=", 2)
207 for _, s := range strings.Split(vars["ARVADOS_KEEP_SERVICES"], " ") {
210 } else if u, err := url.Parse(s); err != nil {
211 log.Printf("ARVADOS_KEEP_SERVICES: %q: %s", s, err)
212 } else if !u.IsAbs() {
213 log.Printf("ARVADOS_KEEP_SERVICES: %q: not an absolute URI", s)
215 svcs = append(svcs, s)
219 if s := strings.ToLower(vars["ARVADOS_API_HOST_INSECURE"]); s == "1" || s == "yes" || s == "true" {
224 APIHost: vars["ARVADOS_API_HOST"],
225 AuthToken: vars["ARVADOS_API_TOKEN"],
227 KeepServiceURIs: svcs,
228 Timeout: 5 * time.Minute,
233 var reqIDGen = httpserver.IDGenerator{Prefix: "req-"}
235 var nopCancelFunc context.CancelFunc = func() {}
237 // Do augments (*http.Client)Do(): adds Authorization and X-Request-Id
238 // headers, delays in order to comply with rate-limiting restrictions,
239 // and retries failed requests when appropriate.
240 func (c *Client) Do(req *http.Request) (*http.Response, error) {
242 if auth, _ := ctx.Value(contextKeyAuthorization{}).(string); auth != "" {
243 req.Header.Add("Authorization", auth)
244 } else if c.AuthToken != "" {
245 req.Header.Add("Authorization", "OAuth2 "+c.AuthToken)
248 if req.Header.Get("X-Request-Id") == "" {
250 if ctxreqid, _ := ctx.Value(contextKeyRequestID{}).(string); ctxreqid != "" {
252 } else if c.defaultRequestID != "" {
253 reqid = c.defaultRequestID
255 reqid = reqIDGen.Next()
257 if req.Header == nil {
258 req.Header = http.Header{"X-Request-Id": {reqid}}
260 req.Header.Set("X-Request-Id", reqid)
264 rreq, err := retryablehttp.FromRequest(req)
269 cancel := nopCancelFunc
270 var lastResp *http.Response
271 var lastRespBody io.ReadCloser
274 rclient := retryablehttp.NewClient()
275 rclient.HTTPClient = c.httpClient()
277 rclient.RetryWaitMax = c.Timeout / 10
278 rclient.RetryMax = 32
279 ctx, cancel = context.WithDeadline(ctx, time.Now().Add(c.Timeout))
280 rreq = rreq.WithContext(ctx)
284 rclient.CheckRetry = func(ctx context.Context, resp *http.Response, respErr error) (bool, error) {
285 if c.requestLimiter.Report(resp, respErr) {
286 c.last503.Store(time.Now())
291 retrying, err := retryablehttp.DefaultRetryPolicy(ctx, resp, respErr)
293 lastResp, lastRespBody, lastErr = resp, nil, respErr
295 // Save the response and body so we
296 // can return it instead of "deadline
297 // exceeded". retryablehttp.Client
298 // will drain and discard resp.body,
299 // so we need to stash it separately.
300 buf, err := ioutil.ReadAll(resp.Body)
302 lastRespBody = io.NopCloser(bytes.NewReader(buf))
304 lastResp, lastErr = nil, err
312 c.requestLimiter.Acquire(ctx)
313 if ctx.Err() != nil {
314 c.requestLimiter.Release()
316 return nil, ctx.Err()
318 resp, err := rclient.Do(rreq)
319 if (errors.Is(err, context.DeadlineExceeded) || errors.Is(err, context.Canceled)) && (lastResp != nil || lastErr != nil) {
320 resp, err = lastResp, lastErr
322 resp.Body = lastRespBody
326 c.requestLimiter.Release()
330 // We need to call cancel() eventually, but we can't use
331 // "defer cancel()" because the context has to stay alive
332 // until the caller has finished reading the response body.
333 resp.Body = cancelOnClose{
334 ReadCloser: resp.Body,
336 c.requestLimiter.Release()
343 // Last503 returns the time of the most recent HTTP 503 (Service
344 // Unavailable) response. Zero time indicates never.
345 func (c *Client) Last503() time.Time {
346 t, _ := c.last503.Load().(time.Time)
350 // cancelOnClose calls a provided CancelFunc when its wrapped
351 // ReadCloser's Close() method is called.
352 type cancelOnClose struct {
354 cancel context.CancelFunc
357 func (coc cancelOnClose) Close() error {
358 err := coc.ReadCloser.Close()
363 func isRedirectStatus(code int) bool {
365 case http.StatusMovedPermanently, http.StatusFound, http.StatusSeeOther, http.StatusTemporaryRedirect, http.StatusPermanentRedirect:
372 // DoAndDecode performs req and unmarshals the response (which must be
373 // JSON) into dst. Use this instead of RequestAndDecode if you need
374 // more control of the http.Request object.
376 // If the response status indicates an HTTP redirect, the Location
377 // header value is unmarshalled to dst as a RedirectLocation
379 func (c *Client) DoAndDecode(dst interface{}, req *http.Request) error {
380 resp, err := c.Do(req)
384 defer resp.Body.Close()
385 buf, err := ioutil.ReadAll(resp.Body)
390 case resp.StatusCode == http.StatusNoContent:
392 case resp.StatusCode == http.StatusOK && dst == nil:
394 case resp.StatusCode == http.StatusOK:
395 return json.Unmarshal(buf, dst)
397 // If the caller uses a client with a custom CheckRedirect
398 // func, Do() might return the 3xx response instead of
400 case isRedirectStatus(resp.StatusCode) && dst == nil:
402 case isRedirectStatus(resp.StatusCode):
403 // Copy the redirect target URL to dst.RedirectLocation.
404 buf, err := json.Marshal(map[string]string{"redirect_location": resp.Header.Get("Location")})
408 return json.Unmarshal(buf, dst)
411 return newTransactionError(req, resp, buf)
415 // Convert an arbitrary struct to url.Values. For example,
417 // Foo{Bar: []int{1,2,3}, Baz: "waz"}
421 // url.Values{`bar`:`{"a":[1,2,3]}`,`Baz`:`waz`}
423 // params itself is returned if it is already an url.Values.
424 func anythingToValues(params interface{}) (url.Values, error) {
425 if v, ok := params.(url.Values); ok {
428 // TODO: Do this more efficiently, possibly using
429 // json.Decode/Encode, so the whole thing doesn't have to get
430 // encoded, decoded, and re-encoded.
431 j, err := json.Marshal(params)
435 var generic map[string]interface{}
436 dec := json.NewDecoder(bytes.NewBuffer(j))
438 err = dec.Decode(&generic)
442 urlValues := url.Values{}
443 for k, v := range generic {
444 if v, ok := v.(string); ok {
448 if v, ok := v.(json.Number); ok {
449 urlValues.Set(k, v.String())
452 if v, ok := v.(bool); ok {
454 urlValues.Set(k, "true")
456 // "foo=false", "foo=0", and "foo="
457 // are all taken as true strings, so
458 // don't send false values at all --
459 // rely on the default being false.
463 j, err := json.Marshal(v)
467 if bytes.Equal(j, []byte("null")) {
468 // don't add it to urlValues at all
471 urlValues.Set(k, string(j))
473 return urlValues, nil
476 // RequestAndDecode performs an API request and unmarshals the
477 // response (which must be JSON) into dst. Method and body arguments
478 // are the same as for http.NewRequest(). The given path is added to
479 // the server's scheme/host/port to form the request URL. The given
480 // params are passed via POST form or query string.
482 // path must not contain a query string.
483 func (c *Client) RequestAndDecode(dst interface{}, method, path string, body io.Reader, params interface{}) error {
484 return c.RequestAndDecodeContext(context.Background(), dst, method, path, body, params)
487 // RequestAndDecodeContext does the same as RequestAndDecode, but with a context
488 func (c *Client) RequestAndDecodeContext(ctx context.Context, dst interface{}, method, path string, body io.Reader, params interface{}) error {
489 if body, ok := body.(io.Closer); ok {
490 // Ensure body is closed even if we error out early
495 return errors.New("ARVADOS_API_HOST and/or ARVADOS_API_TOKEN environment variables are not set")
497 return errors.New("arvados.Client cannot perform request: APIHost is not set")
499 urlString := c.apiURL(path)
500 urlValues, err := anythingToValues(params)
504 if urlValues == nil {
506 } else if body != nil || ((method == "GET" || method == "HEAD") && len(urlValues.Encode()) < 1000) {
507 // Send params in query part of URL
508 u, err := url.Parse(urlString)
512 u.RawQuery = urlValues.Encode()
513 urlString = u.String()
515 body = strings.NewReader(urlValues.Encode())
517 req, err := http.NewRequest(method, urlString, body)
521 if (method == "GET" || method == "HEAD") && body != nil {
522 req.Header.Set("X-Http-Method-Override", method)
525 req = req.WithContext(ctx)
526 req.Header.Set("Content-type", "application/x-www-form-urlencoded")
527 for k, v := range c.SendHeader {
530 return c.DoAndDecode(dst, req)
533 type resource interface {
534 resourceName() string
537 // UpdateBody returns an io.Reader suitable for use as an http.Request
538 // Body for a create or update API call.
539 func (c *Client) UpdateBody(rsc resource) io.Reader {
540 j, err := json.Marshal(rsc)
542 // Return a reader that returns errors.
544 w.CloseWithError(err)
547 v := url.Values{rsc.resourceName(): {string(j)}}
548 return bytes.NewBufferString(v.Encode())
551 // WithRequestID returns a new shallow copy of c that sends the given
552 // X-Request-Id value (instead of a new randomly generated one) with
553 // each subsequent request that doesn't provide its own via context or
555 func (c *Client) WithRequestID(reqid string) *Client {
557 cc.defaultRequestID = reqid
561 func (c *Client) httpClient() *http.Client {
563 case c.Client != nil:
566 return InsecureHTTPClient
568 return DefaultSecureClient
572 func (c *Client) apiURL(path string) string {
577 return scheme + "://" + c.APIHost + "/" + path
580 // DiscoveryDocument is the Arvados server's description of itself.
581 type DiscoveryDocument struct {
582 BasePath string `json:"basePath"`
583 DefaultCollectionReplication int `json:"defaultCollectionReplication"`
584 BlobSignatureTTL int64 `json:"blobSignatureTtl"`
585 GitURL string `json:"gitUrl"`
586 Schemas map[string]Schema `json:"schemas"`
587 Resources map[string]Resource `json:"resources"`
590 type Resource struct {
591 Methods map[string]ResourceMethod `json:"methods"`
594 type ResourceMethod struct {
595 HTTPMethod string `json:"httpMethod"`
596 Path string `json:"path"`
597 Response MethodResponse `json:"response"`
600 type MethodResponse struct {
601 Ref string `json:"$ref"`
605 UUIDPrefix string `json:"uuidPrefix"`
608 // DiscoveryDocument returns a *DiscoveryDocument. The returned object
609 // should not be modified: the same object may be returned by
611 func (c *Client) DiscoveryDocument() (*DiscoveryDocument, error) {
615 var dd DiscoveryDocument
616 err := c.RequestAndDecode(&dd, "GET", "discovery/v1/apis/arvados/v1/rest", nil, nil)
624 var pdhRegexp = regexp.MustCompile(`^[0-9a-f]{32}\+\d+$`)
626 func (c *Client) modelForUUID(dd *DiscoveryDocument, uuid string) (string, error) {
627 if pdhRegexp.MatchString(uuid) {
628 return "Collection", nil
631 return "", fmt.Errorf("invalid UUID: %q", uuid)
635 for m, s := range dd.Schemas {
636 if s.UUIDPrefix == infix {
642 return "", fmt.Errorf("unrecognized type portion %q in UUID %q", infix, uuid)
647 func (c *Client) KindForUUID(uuid string) (string, error) {
648 dd, err := c.DiscoveryDocument()
652 model, err := c.modelForUUID(dd, uuid)
656 return "arvados#" + strings.ToLower(model[:1]) + model[1:], nil
659 func (c *Client) PathForUUID(method, uuid string) (string, error) {
660 dd, err := c.DiscoveryDocument()
664 model, err := c.modelForUUID(dd, uuid)
669 for r, rsc := range dd.Resources {
670 if rsc.Methods["get"].Response.Ref == model {
676 return "", fmt.Errorf("no resource for model: %q", model)
678 m, ok := dd.Resources[resource].Methods[method]
680 return "", fmt.Errorf("no method %q for resource %q", method, resource)
682 path := dd.BasePath + strings.Replace(m.Path, "{uuid}", uuid, -1)
689 var maxUUIDInt = (&big.Int{}).Exp(big.NewInt(36), big.NewInt(15), nil)
691 func RandomUUID(clusterID, infix string) string {
692 n, err := rand.Int(rand.Reader, maxUUIDInt)
700 return clusterID + "-" + infix + "-" + nstr