1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
21 "git.arvados.org/arvados.git/lib/controller/api"
22 "git.arvados.org/arvados.git/lib/controller/federation"
23 "git.arvados.org/arvados.git/lib/controller/localdb"
24 "git.arvados.org/arvados.git/lib/controller/railsproxy"
25 "git.arvados.org/arvados.git/lib/controller/router"
26 "git.arvados.org/arvados.git/lib/ctrlctx"
27 "git.arvados.org/arvados.git/sdk/go/arvados"
28 "git.arvados.org/arvados.git/sdk/go/ctxlog"
29 "git.arvados.org/arvados.git/sdk/go/health"
30 "git.arvados.org/arvados.git/sdk/go/httpserver"
32 // sqlx needs lib/pq to talk to PostgreSQL
37 Cluster *arvados.Cluster
38 BackgroundContext context.Context
41 federation *federation.Conn
42 handlerStack http.Handler
44 secureClient *http.Client
45 insecureClient *http.Client
46 dbConnector ctrlctx.DBConnector
47 limitLogCreate chan struct{}
49 cache map[string]*cacheEnt
52 func (h *Handler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
53 h.setupOnce.Do(h.setup)
54 if req.Method != "GET" && req.Method != "HEAD" {
55 // http.ServeMux returns 301 with a cleaned path if
56 // the incoming request has a double slash. Some
57 // clients (including the Go standard library) change
58 // the request method to GET when following a 301
59 // redirect if the original method was not HEAD
60 // (RFC7231 6.4.2 specifically allows this in the case
61 // of POST). Thus "POST //foo" gets misdirected to
62 // "GET /foo". To avoid this, eliminate double slashes
63 // before passing the request to ServeMux.
64 for strings.Contains(req.URL.Path, "//") {
65 req.URL.Path = strings.Replace(req.URL.Path, "//", "/", -1)
68 h.handlerStack.ServeHTTP(w, req)
71 func (h *Handler) CheckHealth() error {
72 h.setupOnce.Do(h.setup)
73 _, err := h.dbConnector.GetDB(context.TODO())
77 _, _, err = railsproxy.FindRailsAPI(h.Cluster)
81 if h.Cluster.API.VocabularyPath != "" {
82 req, err := http.NewRequest("GET", "/arvados/v1/vocabulary", nil)
86 var resp httptest.ResponseRecorder
87 h.handlerStack.ServeHTTP(&resp, req)
88 if resp.Result().StatusCode != http.StatusOK {
89 return fmt.Errorf("%d %s", resp.Result().StatusCode, resp.Result().Status)
95 func (h *Handler) Done() <-chan struct{} {
99 func neverRedirect(*http.Request, []*http.Request) error { return http.ErrUseLastResponse }
101 func (h *Handler) setup() {
102 mux := http.NewServeMux()
103 healthFuncs := make(map[string]health.Func)
105 h.dbConnector = ctrlctx.DBConnector{PostgreSQL: h.Cluster.PostgreSQL}
107 <-h.BackgroundContext.Done()
108 h.dbConnector.Close()
110 oidcAuthorizer := localdb.OIDCAccessTokenAuthorizer(h.Cluster, h.dbConnector.GetDB)
111 h.federation = federation.New(h.BackgroundContext, h.Cluster, &healthFuncs, h.dbConnector.GetDB)
112 rtr := router.New(h.federation, router.Config{
113 MaxRequestSize: h.Cluster.API.MaxRequestSize,
114 WrapCalls: api.ComposeWrappers(
115 ctrlctx.WrapCallsInTransactions(h.dbConnector.GetDB),
116 oidcAuthorizer.WrapCalls,
117 ctrlctx.WrapCallsWithAuth(h.Cluster)),
120 healthRoutes := health.Routes{"ping": func() error { _, err := h.dbConnector.GetDB(context.TODO()); return err }}
121 for name, f := range healthFuncs {
122 healthRoutes[name] = f
124 mux.Handle("/_health/", &health.Handler{
125 Token: h.Cluster.ManagementToken,
127 Routes: healthRoutes,
129 mux.Handle("/arvados/v1/config", rtr)
130 mux.Handle("/arvados/v1/vocabulary", rtr)
131 mux.Handle("/"+arvados.EndpointUserAuthenticate.Path, rtr) // must come before .../users/
132 mux.Handle("/arvados/v1/collections", rtr)
133 mux.Handle("/arvados/v1/collections/", rtr)
134 mux.Handle("/arvados/v1/users", rtr)
135 mux.Handle("/arvados/v1/users/", rtr)
136 mux.Handle("/arvados/v1/connect/", rtr)
137 mux.Handle("/arvados/v1/container_requests", rtr)
138 mux.Handle("/arvados/v1/container_requests/", rtr)
139 mux.Handle("/arvados/v1/groups", rtr)
140 mux.Handle("/arvados/v1/groups/", rtr)
141 mux.Handle("/arvados/v1/links", rtr)
142 mux.Handle("/arvados/v1/links/", rtr)
143 mux.Handle("/arvados/v1/authorized_keys", rtr)
144 mux.Handle("/arvados/v1/authorized_keys/", rtr)
145 mux.Handle("/login", rtr)
146 mux.Handle("/logout", rtr)
147 mux.Handle("/arvados/v1/api_client_authorizations", rtr)
148 mux.Handle("/arvados/v1/api_client_authorizations/", rtr)
150 hs := http.NotFoundHandler()
151 hs = prepend(hs, h.proxyRailsAPI)
152 hs = prepend(hs, h.routeContainerEndpoints(rtr))
153 hs = prepend(hs, h.limitLogCreateRequests)
154 hs = h.setupProxyRemoteCluster(hs)
155 hs = prepend(hs, oidcAuthorizer.Middleware)
159 sc := *arvados.DefaultSecureClient
160 sc.CheckRedirect = neverRedirect
163 ic := *arvados.InsecureHTTPClient
164 ic.CheckRedirect = neverRedirect
165 h.insecureClient = &ic
167 logCreateLimit := int(float64(h.Cluster.API.MaxConcurrentRequests) * h.Cluster.API.LogCreateRequestFraction)
168 if logCreateLimit == 0 && h.Cluster.API.LogCreateRequestFraction > 0 {
171 h.limitLogCreate = make(chan struct{}, logCreateLimit)
174 Name: "arvados-controller",
176 h.cache = map[string]*cacheEnt{
177 "/discovery/v1/apis/arvados/v1/rest": &cacheEnt{validate: validateDiscoveryDoc},
180 go h.trashSweepWorker()
181 go h.containerLogSweepWorker()
184 type middlewareFunc func(http.ResponseWriter, *http.Request, http.Handler)
186 func prepend(next http.Handler, middleware middlewareFunc) http.Handler {
187 return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
188 middleware(w, req, next)
192 func (h *Handler) localClusterRequest(req *http.Request) (*http.Response, error) {
193 urlOut, insecure, err := railsproxy.FindRailsAPI(h.Cluster)
198 Scheme: urlOut.Scheme,
201 RawPath: req.URL.RawPath,
202 RawQuery: req.URL.RawQuery,
204 client := h.secureClient
206 client = h.insecureClient
208 return h.proxy.Do(req, urlOut, client)
211 // Route /arvados/v1/containers/{uuid}/log*, .../ssh, and
212 // .../gateway_tunnel to rtr, pass everything else to next.
214 // (http.ServeMux doesn't let us route these without also routing
215 // everything under /containers/, which we don't want yet.)
216 func (h *Handler) routeContainerEndpoints(rtr http.Handler) middlewareFunc {
217 return func(w http.ResponseWriter, req *http.Request, next http.Handler) {
218 trim := strings.TrimPrefix(req.URL.Path, "/arvados/v1/containers/")
219 if trim != req.URL.Path && (strings.Index(trim, "/log") == 27 ||
220 strings.Index(trim, "/ssh") == 27 ||
221 strings.Index(trim, "/gateway_tunnel") == 27) {
222 rtr.ServeHTTP(w, req)
224 next.ServeHTTP(w, req)
229 func (h *Handler) limitLogCreateRequests(w http.ResponseWriter, req *http.Request, next http.Handler) {
230 if cap(h.limitLogCreate) > 0 && req.Method == http.MethodPost && strings.HasPrefix(req.URL.Path, "/arvados/v1/logs") {
232 case h.limitLogCreate <- struct{}{}:
233 defer func() { <-h.limitLogCreate }()
234 next.ServeHTTP(w, req)
236 http.Error(w, "Excess log messages", http.StatusServiceUnavailable)
240 next.ServeHTTP(w, req)
243 // cacheEnt implements a basic stale-while-revalidate cache, suitable
244 // for the Arvados discovery document.
245 type cacheEnt struct {
246 validate func(body []byte) error
250 expireAfter time.Time
251 refreshAfter time.Time
252 refreshLock sync.Mutex
256 cacheTTL = 5 * time.Minute
257 cacheExpire = 24 * time.Hour
260 func (ent *cacheEnt) refresh(path string, do func(*http.Request) (*http.Response, error)) (http.Header, []byte, error) {
261 ent.refreshLock.Lock()
262 defer ent.refreshLock.Unlock()
263 if header, body, needRefresh := ent.response(); !needRefresh {
264 // another goroutine refreshed successfully while we
265 // were waiting for refreshLock
266 return header, body, nil
267 } else if body != nil {
268 // Cache is present, but expired. We'll try to refresh
269 // below. Meanwhile, other refresh() calls will queue
270 // up for refreshLock -- and we don't want them to
271 // turn into N upstream requests, even if upstream is
272 // failing. (If we succeed we'll update the expiry
273 // time again below with the real cacheTTL -- this
274 // just takes care of the error case.)
276 ent.refreshAfter = time.Now().Add(time.Second)
280 ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(time.Minute))
282 // 0.0.0.0:0 is just a placeholder here -- do(), which is
283 // localClusterRequest(), will replace the scheme and host
284 // parts with the real proxy destination.
285 req, err := http.NewRequestWithContext(ctx, http.MethodGet, "http://0.0.0.0:0/"+path, nil)
293 if resp.StatusCode != http.StatusOK {
294 return nil, nil, fmt.Errorf("HTTP status %d", resp.StatusCode)
296 body, err := ioutil.ReadAll(resp.Body)
298 return nil, nil, fmt.Errorf("Read error: %w", err)
300 header := http.Header{}
301 for k, v := range resp.Header {
302 if !dropHeaders[k] && k != "X-Request-Id" {
306 if ent.validate != nil {
307 if err := ent.validate(body); err != nil {
310 } else if mediatype, _, err := mime.ParseMediaType(header.Get("Content-Type")); err == nil && mediatype == "application/json" {
311 if !json.Valid(body) {
312 return nil, nil, errors.New("invalid JSON encoding in response")
316 defer ent.mtx.Unlock()
319 ent.refreshAfter = time.Now().Add(cacheTTL)
320 ent.expireAfter = time.Now().Add(cacheExpire)
321 return ent.header, ent.body, nil
324 func (ent *cacheEnt) response() (http.Header, []byte, bool) {
326 defer ent.mtx.Unlock()
327 if ent.expireAfter.Before(time.Now()) {
328 ent.header, ent.body, ent.refreshAfter = nil, nil, time.Time{}
330 return ent.header, ent.body, ent.refreshAfter.Before(time.Now())
333 func (ent *cacheEnt) ServeHTTP(ctx context.Context, w http.ResponseWriter, path string, do func(*http.Request) (*http.Response, error)) {
334 header, body, needRefresh := ent.response()
336 // need to fetch before we can return anything
338 header, body, err = ent.refresh(path, do)
340 http.Error(w, err.Error(), http.StatusBadGateway)
343 } else if needRefresh {
344 // re-fetch in background
346 _, _, err := ent.refresh(path, do)
348 ctxlog.FromContext(ctx).WithError(err).WithField("path", path).Warn("error refreshing cache")
352 for k, v := range header {
355 w.WriteHeader(http.StatusOK)
359 func (h *Handler) proxyRailsAPI(w http.ResponseWriter, req *http.Request, next http.Handler) {
360 if ent, ok := h.cache[req.URL.Path]; ok && req.Method == http.MethodGet {
361 ent.ServeHTTP(req.Context(), w, req.URL.Path, h.localClusterRequest)
364 resp, err := h.localClusterRequest(req)
365 n, err := h.proxy.ForwardResponse(w, resp, err)
367 httpserver.Logger(req).WithError(err).WithField("bytesCopied", n).Error("error copying response body")
371 // Use a localhost entry from Services.RailsAPI.InternalURLs if one is
372 // present, otherwise choose an arbitrary entry.
373 func findRailsAPI(cluster *arvados.Cluster) (*url.URL, bool, error) {
375 for target := range cluster.Services.RailsAPI.InternalURLs {
376 target := url.URL(target)
378 if strings.HasPrefix(target.Host, "localhost:") || strings.HasPrefix(target.Host, "127.0.0.1:") || strings.HasPrefix(target.Host, "[::1]:") {
383 return nil, false, fmt.Errorf("Services.RailsAPI.InternalURLs is empty")
385 return best, cluster.TLS.Insecure, nil
388 func validateDiscoveryDoc(body []byte) error {
389 var dd arvados.DiscoveryDocument
390 err := json.Unmarshal(body, &dd)
392 return fmt.Errorf("error decoding JSON response: %w", err)
394 if dd.BasePath == "" {
395 return errors.New("error in discovery document: no value for basePath")