X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/0df5f0feeced5bff0adfb806dae2d3811257827f..0596129229750c593066e414d9315f643585bc3e:/sdk/go/arvados/client.go?ds=sidebyside diff --git a/sdk/go/arvados/client.go b/sdk/go/arvados/client.go index cbc2ca72f0..4d140517e5 100644 --- a/sdk/go/arvados/client.go +++ b/sdk/go/arvados/client.go @@ -7,13 +7,17 @@ package arvados import ( "bytes" "context" + "crypto/rand" "crypto/tls" "encoding/json" + "errors" "fmt" "io" + "io/fs" "io/ioutil" "log" - "math" + "math/big" + "net" "net/http" "net/url" "os" @@ -21,7 +25,7 @@ import ( "strings" "time" - "git.curoverse.com/arvados.git/sdk/go/httpserver" + "git.arvados.org/arvados.git/sdk/go/httpserver" ) // A Client is an HTTP client with an API endpoint and a set of @@ -35,6 +39,9 @@ type Client struct { // DefaultSecureClient or InsecureHTTPClient will be used. Client *http.Client `json:"-"` + // Protocol scheme: "http", "https", or "" (https) + Scheme string + // Hostname (or host:port) of Arvados API server. APIHost string @@ -52,22 +59,34 @@ type Client struct { // arvadosclient.ArvadosClient.) KeepServiceURIs []string `json:",omitempty"` + // HTTP headers to add/override in outgoing requests. + SendHeader http.Header + + // Timeout for requests. NewClientFromConfig and + // NewClientFromEnv return a Client with a default 5 minute + // timeout. To disable this timeout and rely on each + // http.Request's context deadline instead, set Timeout to + // zero. + Timeout time.Duration + dd *DiscoveryDocument - ctx context.Context + defaultRequestID string + + // APIHost and AuthToken were loaded from ARVADOS_* env vars + // (used to customize "no host/token" error messages) + loadedFromEnv bool } -// The default http.Client used by a Client with Insecure==true and -// Client==nil. +// InsecureHTTPClient is the default http.Client used by a Client with +// Insecure==true and Client==nil. var InsecureHTTPClient = &http.Client{ Transport: &http.Transport{ TLSClientConfig: &tls.Config{ - InsecureSkipVerify: true}}, - Timeout: 5 * time.Minute} + InsecureSkipVerify: true}}} -// The default http.Client used by a Client otherwise. -var DefaultSecureClient = &http.Client{ - Timeout: 5 * time.Minute} +// DefaultSecureClient is the default http.Client used by a Client otherwise. +var DefaultSecureClient = &http.Client{} // NewClientFromConfig creates a new Client that uses the endpoints in // the given cluster. @@ -78,18 +97,102 @@ func NewClientFromConfig(cluster *Cluster) (*Client, error) { if ctrlURL.Host == "" { return nil, fmt.Errorf("no host in config Services.Controller.ExternalURL: %v", ctrlURL) } + var hc *http.Client + if srvaddr := os.Getenv("ARVADOS_SERVER_ADDRESS"); srvaddr != "" { + // When this client is used to make a request to + // https://{ctrlhost}:port/ (any port), it dials the + // indicated port on ARVADOS_SERVER_ADDRESS instead. + // + // This is invoked by arvados-server boot to ensure + // that server->server traffic (e.g., + // keepproxy->controller) only hits local interfaces, + // even if the Controller.ExternalURL host is a load + // balancer / gateway and not a local interface + // address (e.g., when running on a cloud VM). + // + // This avoids unnecessary delay/cost of routing + // external traffic, and also allows controller to + // recognize other services as internal clients based + // on the connection source address. + divertedHost := (*url.URL)(&cluster.Services.Controller.ExternalURL).Hostname() + var dialer net.Dialer + hc = &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: cluster.TLS.Insecure}, + DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) { + host, port, err := net.SplitHostPort(addr) + if err == nil && network == "tcp" && host == divertedHost { + addr = net.JoinHostPort(srvaddr, port) + } + return dialer.DialContext(ctx, network, addr) + }, + }, + } + } return &Client{ + Client: hc, + Scheme: ctrlURL.Scheme, APIHost: ctrlURL.Host, Insecure: cluster.TLS.Insecure, + Timeout: 5 * time.Minute, }, nil } // NewClientFromEnv creates a new Client that uses the default HTTP -// client with the API endpoint and credentials given by the -// ARVADOS_API_* environment variables. +// client, and loads API endpoint and credentials from ARVADOS_* +// environment variables (if set) and +// $HOME/.config/arvados/settings.conf (if readable). +// +// If a config exists in both locations, the environment variable is +// used. +// +// If there is an error (other than ENOENT) reading settings.conf, +// NewClientFromEnv logs the error to log.Default(), then proceeds as +// if settings.conf did not exist. +// +// Space characters are trimmed when reading the settings file, so +// these are equivalent: +// +// ARVADOS_API_HOST=localhost\n +// ARVADOS_API_HOST=localhost\r\n +// ARVADOS_API_HOST = localhost \n +// \tARVADOS_API_HOST = localhost\n func NewClientFromEnv() *Client { + vars := map[string]string{} + home := os.Getenv("HOME") + conffile := home + "/.config/arvados/settings.conf" + if home == "" { + // no $HOME => just use env vars + } else if settings, err := os.ReadFile(conffile); errors.Is(err, fs.ErrNotExist) { + // no config file => just use env vars + } else if err != nil { + // config file unreadable => log message, then use env vars + log.Printf("continuing without loading %s: %s", conffile, err) + } else { + for _, line := range bytes.Split(settings, []byte{'\n'}) { + kv := bytes.SplitN(line, []byte{'='}, 2) + k := string(bytes.TrimSpace(kv[0])) + if len(kv) != 2 || !strings.HasPrefix(k, "ARVADOS_") { + // Same behavior as python sdk: + // silently skip leading # (comments), + // blank lines, typos, and non-Arvados + // vars. + continue + } + vars[k] = string(bytes.TrimSpace(kv[1])) + } + } + for _, env := range os.Environ() { + if !strings.HasPrefix(env, "ARVADOS_") { + continue + } + kv := strings.SplitN(env, "=", 2) + if len(kv) == 2 { + vars[kv[0]] = kv[1] + } + } var svcs []string - for _, s := range strings.Split(os.Getenv("ARVADOS_KEEP_SERVICES"), " ") { + for _, s := range strings.Split(vars["ARVADOS_KEEP_SERVICES"], " ") { if s == "" { continue } else if u, err := url.Parse(s); err != nil { @@ -101,14 +204,17 @@ func NewClientFromEnv() *Client { } } var insecure bool - if s := strings.ToLower(os.Getenv("ARVADOS_API_HOST_INSECURE")); s == "1" || s == "yes" || s == "true" { + if s := strings.ToLower(vars["ARVADOS_API_HOST_INSECURE"]); s == "1" || s == "yes" || s == "true" { insecure = true } return &Client{ - APIHost: os.Getenv("ARVADOS_API_HOST"), - AuthToken: os.Getenv("ARVADOS_API_TOKEN"), + Scheme: "https", + APIHost: vars["ARVADOS_API_HOST"], + AuthToken: vars["ARVADOS_API_TOKEN"], Insecure: insecure, KeepServiceURIs: svcs, + Timeout: 5 * time.Minute, + loadedFromEnv: true, } } @@ -117,13 +223,19 @@ var reqIDGen = httpserver.IDGenerator{Prefix: "req-"} // Do adds Authorization and X-Request-Id headers and then calls // (*http.Client)Do(). func (c *Client) Do(req *http.Request) (*http.Response, error) { - if c.AuthToken != "" { + if auth, _ := req.Context().Value(contextKeyAuthorization{}).(string); auth != "" { + req.Header.Add("Authorization", auth) + } else if c.AuthToken != "" { req.Header.Add("Authorization", "OAuth2 "+c.AuthToken) } if req.Header.Get("X-Request-Id") == "" { - reqid, _ := c.context().Value(contextKeyRequestID).(string) - if reqid == "" { + var reqid string + if ctxreqid, _ := req.Context().Value(contextKeyRequestID{}).(string); ctxreqid != "" { + reqid = ctxreqid + } else if c.defaultRequestID != "" { + reqid = c.defaultRequestID + } else { reqid = reqIDGen.Next() } if req.Header == nil { @@ -132,12 +244,54 @@ func (c *Client) Do(req *http.Request) (*http.Response, error) { req.Header.Set("X-Request-Id", reqid) } } - return c.httpClient().Do(req) + var cancel context.CancelFunc + if c.Timeout > 0 { + ctx := req.Context() + ctx, cancel = context.WithDeadline(ctx, time.Now().Add(c.Timeout)) + req = req.WithContext(ctx) + } + resp, err := c.httpClient().Do(req) + if err == nil && cancel != nil { + // We need to call cancel() eventually, but we can't + // use "defer cancel()" because the context has to + // stay alive until the caller has finished reading + // the response body. + resp.Body = cancelOnClose{ReadCloser: resp.Body, cancel: cancel} + } else if cancel != nil { + cancel() + } + return resp, err +} + +// cancelOnClose calls a provided CancelFunc when its wrapped +// ReadCloser's Close() method is called. +type cancelOnClose struct { + io.ReadCloser + cancel context.CancelFunc +} + +func (coc cancelOnClose) Close() error { + err := coc.ReadCloser.Close() + coc.cancel() + return err +} + +func isRedirectStatus(code int) bool { + switch code { + case http.StatusMovedPermanently, http.StatusFound, http.StatusSeeOther, http.StatusTemporaryRedirect, http.StatusPermanentRedirect: + return true + default: + return false + } } // DoAndDecode performs req and unmarshals the response (which must be // JSON) into dst. Use this instead of RequestAndDecode if you need // more control of the http.Request object. +// +// If the response status indicates an HTTP redirect, the Location +// header value is unmarshalled to dst as a RedirectLocation +// key/field. func (c *Client) DoAndDecode(dst interface{}, req *http.Request) error { resp, err := c.Do(req) if err != nil { @@ -148,22 +302,39 @@ func (c *Client) DoAndDecode(dst interface{}, req *http.Request) error { if err != nil { return err } - if resp.StatusCode != 200 { - return newTransactionError(req, resp, buf) - } - if dst == nil { + switch { + case resp.StatusCode == http.StatusNoContent: return nil + case resp.StatusCode == http.StatusOK && dst == nil: + return nil + case resp.StatusCode == http.StatusOK: + return json.Unmarshal(buf, dst) + + // If the caller uses a client with a custom CheckRedirect + // func, Do() might return the 3xx response instead of + // following it. + case isRedirectStatus(resp.StatusCode) && dst == nil: + return nil + case isRedirectStatus(resp.StatusCode): + // Copy the redirect target URL to dst.RedirectLocation. + buf, err := json.Marshal(map[string]string{"redirect_location": resp.Header.Get("Location")}) + if err != nil { + return err + } + return json.Unmarshal(buf, dst) + + default: + return newTransactionError(req, resp, buf) } - return json.Unmarshal(buf, dst) } // Convert an arbitrary struct to url.Values. For example, // -// Foo{Bar: []int{1,2,3}, Baz: "waz"} +// Foo{Bar: []int{1,2,3}, Baz: "waz"} // // becomes // -// url.Values{`bar`:`{"a":[1,2,3]}`,`Baz`:`waz`} +// url.Values{`bar`:`{"a":[1,2,3]}`,`Baz`:`waz`} // // params itself is returned if it is already an url.Values. func anythingToValues(params interface{}) (url.Values, error) { @@ -178,7 +349,9 @@ func anythingToValues(params interface{}) (url.Values, error) { return nil, err } var generic map[string]interface{} - err = json.Unmarshal(j, &generic) + dec := json.NewDecoder(bytes.NewBuffer(j)) + dec.UseNumber() + err = dec.Decode(&generic) if err != nil { return nil, err } @@ -188,21 +361,29 @@ func anythingToValues(params interface{}) (url.Values, error) { urlValues.Set(k, v) continue } - if v, ok := v.(float64); ok { - // Unmarshal decodes all numbers as float64, - // which can be written as 1.2345e4 in JSON, - // but this form is not accepted for ints in - // url params. If a number fits in an int64, - // encode it as int64 rather than float64. - if v, frac := math.Modf(v); frac == 0 && v <= math.MaxInt64 && v >= math.MinInt64 { - urlValues.Set(k, fmt.Sprintf("%d", int64(v))) - continue + if v, ok := v.(json.Number); ok { + urlValues.Set(k, v.String()) + continue + } + if v, ok := v.(bool); ok { + if v { + urlValues.Set(k, "true") + } else { + // "foo=false", "foo=0", and "foo=" + // are all taken as true strings, so + // don't send false values at all -- + // rely on the default being false. } + continue } j, err := json.Marshal(v) if err != nil { return nil, err } + if bytes.Equal(j, []byte("null")) { + // don't add it to urlValues at all + continue + } urlValues.Set(k, string(j)) } return urlValues, nil @@ -216,10 +397,21 @@ func anythingToValues(params interface{}) (url.Values, error) { // // path must not contain a query string. func (c *Client) RequestAndDecode(dst interface{}, method, path string, body io.Reader, params interface{}) error { + return c.RequestAndDecodeContext(context.Background(), dst, method, path, body, params) +} + +// RequestAndDecodeContext does the same as RequestAndDecode, but with a context +func (c *Client) RequestAndDecodeContext(ctx context.Context, dst interface{}, method, path string, body io.Reader, params interface{}) error { if body, ok := body.(io.Closer); ok { // Ensure body is closed even if we error out early defer body.Close() } + if c.APIHost == "" { + if c.loadedFromEnv { + return errors.New("ARVADOS_API_HOST and/or ARVADOS_API_TOKEN environment variables are not set") + } + return errors.New("arvados.Client cannot perform request: APIHost is not set") + } urlString := c.apiURL(path) urlValues, err := anythingToValues(params) if err != nil { @@ -227,9 +419,8 @@ func (c *Client) RequestAndDecode(dst interface{}, method, path string, body io. } if urlValues == nil { // Nothing to send - } else if method == "GET" || method == "HEAD" || body != nil { - // Must send params in query part of URL (FIXME: what - // if resulting URL is too long?) + } else if body != nil || ((method == "GET" || method == "HEAD") && len(urlValues.Encode()) < 1000) { + // Send params in query part of URL u, err := url.Parse(urlString) if err != nil { return err @@ -243,7 +434,15 @@ func (c *Client) RequestAndDecode(dst interface{}, method, path string, body io. if err != nil { return err } + if (method == "GET" || method == "HEAD") && body != nil { + req.Header.Set("X-Http-Method-Override", method) + req.Method = "POST" + } + req = req.WithContext(ctx) req.Header.Set("Content-type", "application/x-www-form-urlencoded") + for k, v := range c.SendHeader { + req.Header[k] = v + } return c.DoAndDecode(dst, req) } @@ -265,23 +464,16 @@ func (c *Client) UpdateBody(rsc resource) io.Reader { return bytes.NewBufferString(v.Encode()) } -type contextKey string - -var contextKeyRequestID contextKey = "X-Request-Id" - +// WithRequestID returns a new shallow copy of c that sends the given +// X-Request-Id value (instead of a new randomly generated one) with +// each subsequent request that doesn't provide its own via context or +// header. func (c *Client) WithRequestID(reqid string) *Client { cc := *c - cc.ctx = context.WithValue(cc.context(), contextKeyRequestID, reqid) + cc.defaultRequestID = reqid return &cc } -func (c *Client) context() context.Context { - if c.ctx == nil { - return context.Background() - } - return c.ctx -} - func (c *Client) httpClient() *http.Client { switch { case c.Client != nil: @@ -294,7 +486,11 @@ func (c *Client) httpClient() *http.Client { } func (c *Client) apiURL(path string) string { - return "https://" + c.APIHost + "/" + path + scheme := c.Scheme + if scheme == "" { + scheme = "https" + } + return scheme + "://" + c.APIHost + "/" + path } // DiscoveryDocument is the Arvados server's description of itself. @@ -405,3 +601,13 @@ func (c *Client) PathForUUID(method, uuid string) (string, error) { } return path, nil } + +var maxUUIDInt = (&big.Int{}).Exp(big.NewInt(36), big.NewInt(15), nil) + +func RandomUUID(clusterID, infix string) string { + n, err := rand.Int(rand.Reader, maxUUIDInt) + if err != nil { + panic(err) + } + return clusterID + "-" + infix + "-" + n.Text(36) +}