16 "git.curoverse.com/arvados.git/sdk/go/arvadosclient"
17 "git.curoverse.com/arvados.git/sdk/go/keepclient"
21 err := doMain(os.Args[1:])
27 func doMain(args []string) error {
28 flags := flag.NewFlagSet("keep-block-check", flag.ExitOnError)
30 configFile := flags.String(
33 "Configuration filename. May be either a pathname to a config file, or (for example) 'foo' as shorthand for $HOME/.config/arvados/foo.conf file. This file is expected to specify the values for ARVADOS_API_TOKEN, ARVADOS_API_HOST, ARVADOS_API_HOST_INSECURE, and ARVADOS_BLOB_SIGNING_KEY for the source.")
35 keepServicesJSON := flags.String(
38 "An optional list of available keepservices. "+
39 "If not provided, this list is obtained from api server configured in config-file.")
41 locatorFile := flags.String(
44 "Filename containing the block hashes to be checked. This is required. "+
45 "This file contains the block hashes one per line.")
47 prefix := flags.String(
50 "Block hash prefix. When a prefix is specified, only hashes listed in the file with this prefix will be checked.")
52 blobSignatureTTLFlag := flags.Duration(
55 "Lifetime of blob permission signatures on the keepservers. If not provided, this will be retrieved from the API server's discovery document.")
57 verbose := flags.Bool(
60 "Log progress of each block verification")
62 // Parse args; omit the first arg which is the command name
65 config, blobSigningKey, err := loadConfig(*configFile)
67 return fmt.Errorf("Error loading configuration from file: %s", err.Error())
70 // get list of block locators to be checked
71 blockLocators, err := getBlockLocators(*locatorFile, *prefix)
73 return fmt.Errorf("Error reading block hashes to be checked from file: %s", err.Error())
77 kc, blobSignatureTTL, err := setupKeepClient(config, *keepServicesJSON, *blobSignatureTTLFlag)
79 return fmt.Errorf("Error configuring keepclient: %s", err.Error())
82 return performKeepBlockCheck(kc, blobSignatureTTL, blobSigningKey, blockLocators, *verbose)
85 type apiConfig struct {
92 // Load config from given file
93 func loadConfig(configFile string) (config apiConfig, blobSigningKey string, err error) {
95 err = errors.New("Client config file not specified")
99 config, blobSigningKey, err = readConfigFromFile(configFile)
103 var matchTrue = regexp.MustCompile("^(?i:1|yes|true)$")
105 // Read config from file
106 func readConfigFromFile(filename string) (config apiConfig, blobSigningKey string, err error) {
107 if !strings.Contains(filename, "/") {
108 filename = os.Getenv("HOME") + "/.config/arvados/" + filename + ".conf"
111 content, err := ioutil.ReadFile(filename)
117 lines := strings.Split(string(content), "\n")
118 for _, line := range lines {
123 kv := strings.SplitN(line, "=", 2)
125 key := strings.TrimSpace(kv[0])
126 value := strings.TrimSpace(kv[1])
129 case "ARVADOS_API_TOKEN":
130 config.APIToken = value
131 case "ARVADOS_API_HOST":
132 config.APIHost = value
133 case "ARVADOS_API_HOST_INSECURE":
134 config.APIHostInsecure = matchTrue.MatchString(value)
135 case "ARVADOS_EXTERNAL_CLIENT":
136 config.ExternalClient = matchTrue.MatchString(value)
137 case "ARVADOS_BLOB_SIGNING_KEY":
138 blobSigningKey = value
146 // setup keepclient using the config provided
147 func setupKeepClient(config apiConfig, keepServicesJSON string, blobSignatureTTL time.Duration) (kc *keepclient.KeepClient, ttl time.Duration, err error) {
148 arv := arvadosclient.ArvadosClient{
149 ApiToken: config.APIToken,
150 ApiServer: config.APIHost,
151 ApiInsecure: config.APIHostInsecure,
152 Client: &http.Client{Transport: &http.Transport{
153 TLSClientConfig: &tls.Config{InsecureSkipVerify: config.APIHostInsecure}}},
154 External: config.ExternalClient,
157 // If keepServicesJSON is provided, use it instead of service discovery
158 if keepServicesJSON == "" {
159 kc, err = keepclient.MakeKeepClient(&arv)
164 kc = keepclient.New(&arv)
165 err = kc.LoadKeepServicesFromJSON(keepServicesJSON)
171 // Get if blobSignatureTTL is not provided
172 ttl = blobSignatureTTL
173 if blobSignatureTTL == 0 {
174 value, err := arv.Discovery("blobSignatureTtl")
176 ttl = time.Duration(int(value.(float64))) * time.Second
185 // Get list of unique block locators from the given file
186 func getBlockLocators(locatorFile, prefix string) (locators []string, err error) {
187 if locatorFile == "" {
188 err = errors.New("block-hash-file not specified")
192 content, err := ioutil.ReadFile(locatorFile)
197 locatorMap := make(map[string]bool)
198 for _, line := range strings.Split(string(content), "\n") {
199 line = strings.TrimSpace(line)
200 if line == "" || !strings.HasPrefix(line, prefix) || locatorMap[line] {
203 locators = append(locators, line)
204 locatorMap[line] = true
210 // Get block headers from keep. Log any errors.
211 func performKeepBlockCheck(kc *keepclient.KeepClient, blobSignatureTTL time.Duration, blobSigningKey string, blockLocators []string, verbose bool) error {
212 totalBlocks := len(blockLocators)
215 for _, locator := range blockLocators {
218 log.Printf("Verifying block %d of %d: %v", current, totalBlocks, locator)
220 getLocator := locator
221 if blobSigningKey != "" {
222 expiresAt := time.Now().AddDate(0, 0, 1)
223 getLocator = keepclient.SignLocator(locator, kc.Arvados.ApiToken, expiresAt, blobSignatureTTL, []byte(blobSigningKey))
226 _, _, err := kc.Ask(getLocator)
229 log.Printf("Error verifying block %v: %v", locator, err)
233 log.Printf("Verify block totals: %d attempts, %d successes, %d errors", totalBlocks, totalBlocks-notFoundBlocks, notFoundBlocks)
235 if notFoundBlocks > 0 {
236 return fmt.Errorf("Block verification failed for %d out of %d blocks with matching prefix.", notFoundBlocks, totalBlocks)